diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php index 3525601..5291a4f 100644 --- a/Admin/Routes/Web/Api.php +++ b/Admin/Routes/Web/Api.php @@ -1,16 +1,29 @@ [ [ 'dest' => '\Modules\Admin\Controller:apiSettingsSet', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::SETTINGS, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiSettingsGet', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::SETTINGS, + ], ], ], @@ -18,18 +31,38 @@ return [ [ 'dest' => '\Modules\Admin\Controller:apiGroupCreate', 'verb' => RouteVerb::PUT, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::GROUP, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiGroupUpdate', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::GROUP, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiGroupDelete', 'verb' => RouteVerb::DELETE, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::DELETE, + 'state' => PermissionState::GROUP, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiGroupGet', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::GROUP, + ], ], ], @@ -38,6 +71,11 @@ return [ [ 'dest' => '\Modules\Admin\Controller:apiAccountFind', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::ACCOUNT, + ], ], ], @@ -45,18 +83,38 @@ return [ [ 'dest' => '\Modules\Admin\Controller:apiAccountCreate', 'verb' => RouteVerb::PUT, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::ACCOUNT, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiAccountUpdate', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::ACCOUNT, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiAccountDelete', 'verb' => RouteVerb::DELETE, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::DELETE, + 'state' => PermissionState::ACCOUNT, + ], ], [ 'dest' => '\Modules\Admin\Controller:apiAccountGet', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::ACCOUNT, + ], ], ], @@ -64,6 +122,11 @@ return [ [ 'dest' => '\Modules\Admin\Controller:apiModuleStatusUpdate', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::MODULE, + ], ], ], ]; diff --git a/Admin/Routes/Web/Backend.php b/Admin/Routes/Web/Backend.php index 7001a03..2aa5d92 100644 --- a/Admin/Routes/Web/Backend.php +++ b/Admin/Routes/Web/Backend.php @@ -1,60 +1,108 @@ [ [ 'dest' => '\Modules\Admin\Controller:viewSettingsGeneral', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::SETTINGS, + ], ], ], '^.*/backend/admin/account/list.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewAccountList', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::ACCOUNT, + ], ], ], '^.*/backend/admin/account/settings.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewAccountSettings', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::ACCOUNT, + ], ], ], '^.*/backend/admin/account/create.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewAccountCreate', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::ACCOUNT, + ], ], ], '^.*/backend/admin/group/list.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewGroupList', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::GROUP, + ], ], ], '^.*/backend/admin/group/settings.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewGroupSettings', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::GROUP, + ], ], ], '^.*/backend/admin/group/create.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewGroupCreate', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::GROUP, + ], ], ], '^.*/backend/admin/module/list.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewModuleList', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::MODULE, + ], ], ], '^.*/backend/admin/module/settings.*$' => [ [ 'dest' => '\Modules\Admin\Controller:viewModuleProfile', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::MODULE, + ], ], ], ]; diff --git a/Controller.php b/Controller.php index 5c5fdcc..991a595 100644 --- a/Controller.php +++ b/Controller.php @@ -119,16 +119,7 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function viewSettingsGeneral(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { - $view = new View($this->app, $request, $response); - - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::SETTINGS) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - + $view = new View($this->app, $request, $response); $settings = $this->app->appSettings->get([1000000009, 1000000019, 1000000020, 1000000021, 1000000022, 1000000023, 1000000027, 1000000028,]); $view->setTemplate('/Modules/Admin/Theme/Backend/settings-general'); @@ -165,14 +156,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - /*if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::SETTINGS) - ) { - //$view->setTemplate('/Web/Backend/Error/403_inline'); - //$response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - }*/ - $view->setTemplate('/Modules/Admin/Theme/Console/empty-command'); return $view; @@ -194,14 +177,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/accounts-list'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000104001, $request, $response)); $view->setData('list:elements', AccountMapper::getNewest(50, null, RelationType::NONE)); @@ -226,14 +201,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/accounts-single'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000104001, $request, $response)); $view->addData('account', AccountMapper::get((int) $request->getData('id'), RelationType::ALL, null, 2)); @@ -267,14 +234,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/accounts-create'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000104001, $request, $response)); @@ -297,14 +256,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/groups-list'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000103001, $request, $response)); $view->setData('list:elements', GroupMapper::getAll(RelationType::NONE)); @@ -328,14 +279,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/groups-single'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000103001, $request, $response)); $view->addData('group', GroupMapper::get((int) $request->getData('id'), RelationType::ALL, null, 2)); @@ -369,14 +312,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/groups-create'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000103001, $request, $response)); @@ -399,14 +334,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::MODULE) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/modules-list'); return $view; @@ -428,14 +355,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::MODULE) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Admin/Theme/Backend/modules-single'); return $view; @@ -456,15 +375,12 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiSettingsGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::SETTINGS) - ) { - $response->set('settings_read', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - - $response->set($request->getUri()->__toString(), ['response' => $this->app->appSettings->get((int) $request->getData('id'))]); + $response->set( + $request->getUri()->__toString(), + [ + 'response' => $this->app->appSettings->get((int) $request->getData('id')) + ] + ); } /** @@ -482,14 +398,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiSettingsSet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::SETTINGS) - ) { - $response->set('settings_update', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $this->app->appSettings->set( \json_decode((string) $request->getData('settings'), true), true @@ -513,14 +421,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiGroupGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $response->set('group_read', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $group = GroupMapper::get((int) $request->getData('id')); $response->set($request->getUri()->__toString(), [ 'status' => NotificationLevel::OK, @@ -545,14 +445,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiGroupUpdate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $response->set('group_update', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $group = $this->updateGroupFromRequest($request); GroupMapper::update($group); @@ -624,14 +516,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiGroupCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $response->set('group_create', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - if (!empty($val = $this->validateGroupCreate($request))) { $response->set('group_create', new FormValidation($val)); @@ -689,14 +573,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiGroupDelete(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::DELETE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::GROUP) - ) { - $response->set('group_delete', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $group = GroupMapper::get((int) $request->getData('id')); $this->app->eventManager->trigger('PRE:Module:Admin-groupdelete', '', $group); @@ -727,14 +603,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiAccountGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $response->set('account_read', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $account = AccountMapper::get((int) $request->getData('id')); $response->getHeader()->set('Content-Type', MimeType::M_JSON, true); @@ -761,16 +629,13 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiAccountFind(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $response->set('account_find', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $response->getHeader()->set('Content-Type', MimeType::M_JSON . '; charset=utf-8', true); - $response->set($request->getUri()->__toString(), array_values(AccountMapper::find((string) ($request->getData('search') ?? '')))); + $response->set( + $request->getUri()->__toString(), + \array_values( + AccountMapper::find((string) ($request->getData('search') ?? '')) + ) + ); } /** @@ -812,14 +677,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiAccountCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $response->set('account_create', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - if (!empty($val = $this->validateAccountCreate($request))) { $response->set('account_create', new FormValidation($val)); @@ -882,14 +739,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiAccountDelete(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::DELETE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $response->set('account_delete', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $account = AccountMapper::get((int) ($request->getData('id'))); $this->app->eventManager->trigger('PRE:Module:Admin-accountdelete', '', $account); @@ -920,14 +769,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiAccountUpdate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT) - ) { - $response->set('account_update', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $account = $this->updateAccountFromRequest($request, true); $status = AccountMapper::update($account);