From 6d1d7dd84f00cbc50930a9ceaf1e750e3b680eab Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sat, 16 Sep 2017 11:11:51 +0200
Subject: [PATCH] More permission managing

---
 Controller.php             | 43 +++++++++++++++++++++++++++++++++++++-
 Models/PermissionState.php | 33 +++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 1 deletion(-)
 create mode 100644 Models/PermissionState.php

diff --git a/Controller.php b/Controller.php
index 78f702a..2097355 100644
--- a/Controller.php
+++ b/Controller.php
@@ -17,6 +17,7 @@ namespace Modules\Draw;
 use Model\Message\FormValidation;
 use Modules\Draw\Models\DrawImage;
 use Modules\Draw\Models\DrawImageMapper;
+use Modules\Draw\Models\PermissionState;
 use Modules\Media\Models\UploadStatus;
 use phpOMS\Asset\AssetType;
 use phpOMS\Message\RequestAbstract;
@@ -28,6 +29,7 @@ use Modules\Media\Controller as MediaController;
 use phpOMS\System\File\Local\File;
 use phpOMS\Utils\ImageUtils;
 use phpOMS\Views\View;
+use phpOMS\Account\PermissionType;
 
 /**
  * Calendar controller class.
@@ -120,6 +122,15 @@ class Controller extends ModuleAbstract implements WebInterface
     public function viewDrawCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable
     {
         $view = new View($this->app, $request, $response);
+
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::DRAW)
+        ) {
+            $view->setTemplate('/Web/Backend/Error/403_inline');
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return $view;
+        }
+
         $view->setTemplate('/Modules/Draw/Theme/Backend/draw-create');
         $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005201001, $request, $response));
 
@@ -139,10 +150,23 @@ class Controller extends ModuleAbstract implements WebInterface
     public function viewDrawSingle(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable
     {
         $view = new View($this->app, $request, $response);
+
+        $draw      = DrawImageMapper::get($request->getData('id'));
+        $accountId = $request->getHeader()->getAccount();
+
+        if (!$draw->getCreatedBy()->getId() === $accountId
+            || !$this->app->accountManager->get($accountId)->hasPermission(
+                PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DRAW, $draw->getId())
+        ) {
+            $view->setTemplate('/Web/Backend/Error/403_inline');
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return $view;
+        }
+
         $view->setTemplate('/Modules/Draw/Theme/Backend/draw-single');
         $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005201001, $request, $response));
 
-        $view->addData('image', DrawImageMapper::get($request->getData('id')));
+        $view->addData('image', $draw);
 
         return $view;
     }
@@ -159,6 +183,15 @@ class Controller extends ModuleAbstract implements WebInterface
     public function viewDrawList(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable
     {
         $view = new View($this->app, $request, $response);
+
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD)
+        ) {
+            $view->setTemplate('/Web/Backend/Error/403_inline');
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return $view;
+        }
+
         $view->setTemplate('/Modules/Draw/Theme/Backend/draw-list');
         $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005201001, $request, $response));
 
@@ -190,6 +223,14 @@ class Controller extends ModuleAbstract implements WebInterface
      */
     public function apiDrawCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
     {
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::DRAW)
+        ) {
+            $response->set('draw_create', null);
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return;
+        }
+
         if (!empty($val = $this->validateDrawCreate($request))) {
             $response->set('draw_create', new FormValidation($val));
 
diff --git a/Models/PermissionState.php b/Models/PermissionState.php
new file mode 100644
index 0000000..82532a2
--- /dev/null
+++ b/Models/PermissionState.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Orange Management
+ *
+ * PHP Version 7.1
+ *
+ * @category   TBD
+ * @package    TBD
+ * @copyright  Dennis Eichhorn
+ * @license    OMS License 1.0
+ * @version    1.0.0
+ * @link       http://orange-management.com
+ */
+declare(strict_types=1);
+
+namespace Modules\Draw\Models;
+
+use phpOMS\Stdlib\Base\Enum;
+
+/**
+ * Permision state enum.
+ *
+ * @category   Tasks
+ * @package    Modules
+ * @license    OMS License 1.0
+ * @link       http://orange-management.com
+ * @since      1.0.0
+ */
+abstract class PermissionState extends Enum
+{
+    /* public */ const DASHBOARD = 1;
+    /* public */ const DRAW = 2;
+}