From 49d9b27863219126fd6290dbd526d4f223ab8ace Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sat, 16 Sep 2017 11:11:51 +0200
Subject: [PATCH] More permission managing

---
 Controller.php             | 43 ++++++++++++++++++++++++++++++++++++--
 Models/PermissionState.php | 33 +++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 Models/PermissionState.php

diff --git a/Controller.php b/Controller.php
index 13ac2be..100277c 100644
--- a/Controller.php
+++ b/Controller.php
@@ -19,6 +19,7 @@ use Modules\Navigation\Models\Navigation;
 use Modules\Navigation\Views\NavigationView;
 use Modules\Editor\Models\EditorDoc;
 use Modules\Editor\Models\EditorDocMapper;
+use Modules\Editor\Models\PermissionState;
 use phpOMS\Asset\AssetType;
 use phpOMS\Contract\RenderableInterface;
 use phpOMS\Message\RequestAbstract;
@@ -27,6 +28,7 @@ use phpOMS\Module\ModuleAbstract;
 use phpOMS\Module\WebInterface;
 use phpOMS\Views\View;
 use phpOMS\Views\ViewLayout;
+use phpOMS\Account\PermissionType;
 
 /**
  * Calendar controller class.
@@ -117,6 +119,15 @@ class Controller extends ModuleAbstract implements WebInterface
     public function viewEditorCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable
     {
         $view = new View($this->app, $request, $response);
+
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::DOC)
+        ) {
+            $view->setTemplate('/Web/Backend/Error/403_inline');
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return $view;
+        }
+
         $view->setTemplate('/Modules/Editor/Theme/Backend/editor-create');
         $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005301001, $request, $response));
 
@@ -138,6 +149,15 @@ class Controller extends ModuleAbstract implements WebInterface
     public function viewEditorList(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable
     {
         $view = new View($this->app, $request, $response);
+
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD)
+        ) {
+            $view->setTemplate('/Web/Backend/Error/403_inline');
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return $view;
+        }
+
         $view->setTemplate('/Modules/Editor/Theme/Backend/editor-list');
         $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005301001, $request, $response));
 
@@ -159,10 +179,21 @@ class Controller extends ModuleAbstract implements WebInterface
     public function viewEditorSingle(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable
     {
         $view = new View($this->app, $request, $response);
-        $view->setTemplate('/Modules/Editor/Theme/Backend/editor-single');
-        $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005301001, $request, $response));
 
         $doc = EditorDocMapper::get((int) $request->getData('id'));
+        $accountId = $request->getHeader()->getAccount();
+        
+        if (!$doc->getCreatedBy()->getId() === $accountId
+            || !$this->app->accountManager->get($accountId)->hasPermission(
+                PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DOC, $doc->getId())
+        ) {
+            $view->setTemplate('/Web/Backend/Error/403_inline');
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return $view;
+        }
+
+        $view->setTemplate('/Modules/Editor/Theme/Backend/editor-single');
+        $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005301001, $request, $response));
         $view->addData('doc', $doc);
 
         return $view;
@@ -190,6 +221,14 @@ class Controller extends ModuleAbstract implements WebInterface
      */
     public function apiEditorCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
     {
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::DOC)
+        ) {
+            $response->set('editor_create', null);
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+            return;
+        }
+
         if (!empty($val = $this->validateEditorCreate($request))) {
             $response->set('editor_create', new FormValidation($val));
 
diff --git a/Models/PermissionState.php b/Models/PermissionState.php
new file mode 100644
index 0000000..ad17409
--- /dev/null
+++ b/Models/PermissionState.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Orange Management
+ *
+ * PHP Version 7.1
+ *
+ * @category   TBD
+ * @package    TBD
+ * @copyright  Dennis Eichhorn
+ * @license    OMS License 1.0
+ * @version    1.0.0
+ * @link       http://orange-management.com
+ */
+declare(strict_types=1);
+
+namespace Modules\Editor\Models;
+
+use phpOMS\Stdlib\Base\Enum;
+
+/**
+ * Permision state enum.
+ *
+ * @category   Tasks
+ * @package    Modules
+ * @license    OMS License 1.0
+ * @link       http://orange-management.com
+ * @since      1.0.0
+ */
+abstract class PermissionState extends Enum
+{
+    /* public */ const DASHBOARD = 1;
+    /* public */ const DOC = 2;
+}