fix #96 fix #97

2026-01-11 17:18:42 +00:00 · 2018-08-17 20:02:29 +02:00 · 2018-08-17 20:02:29 +02:00 · c8e6301621
commit c8e6301621
parent d02166ad3a
4 changed files with 32 additions and 26 deletions
--- a/Admin/Routes/Web/Api.php
+++ b/Admin/Routes/Web/Api.php
@ -1,12 +1,20 @@
 <?php

 use phpOMS\Router\RouteVerb;
+use phpOMS\Account\PermissionType;
+use Modules\Editor\Models\PermissionState;
+use Modules\Editor\Controller;

 return [
    '^.*/api/editor.*$' => [
        [
            'dest' => '\Modules\Editor\Controller:apiEditorCreate',
            'verb' => RouteVerb::SET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::CREATE,
+                'state' => PermissionState::DOC,
+            ],
        ],
    ],
 ];
--- a/Admin/Routes/Web/Backend.php
+++ b/Admin/Routes/Web/Backend.php
@ -1,28 +1,51 @@
 <?php

 use phpOMS\Router\RouteVerb;
+use phpOMS\Account\PermissionType;
+use Modules\Editor\Models\PermissionState;
+use Modules\Editor\Controller;

 return [
    '^.*/backend/editor/create.*$' => [
        [
            'dest' => '\Modules\Editor\Controller:setUpEditorEditor',
            'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::CREATE,
+                'state' => PermissionState::DOC,
+            ],
        ],
        [
            'dest' => '\Modules\Editor\Controller:viewEditorCreate',
            'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::CREATE,
+                'state' => PermissionState::DOC,
+            ],
        ],
    ],
    '^.*/backend/editor/list.*$' => [
        [
            'dest' => '\Modules\Editor\Controller:viewEditorList',
            'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::READ,
+                'state' => PermissionState::DOC,
+            ],
        ],
    ],
    '^.*/backend/editor/single.*$' => [
        [
            'dest' => '\Modules\Editor\Controller:viewEditorSingle',
            'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::READ,
+                'state' => PermissionState::DOC,
+            ],
        ],
    ],
 ];
--- a/Controller.php
+++ b/Controller.php
@ -122,14 +122,6 @@ final class Controller extends ModuleAbstract implements WebInterface
    {
        $view = new View($this->app, $request, $response);

-        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
-            PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::DOC)
-        ) {
-            $view->setTemplate('/Web/Backend/Error/403_inline');
-            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
-            return $view;
-        }
-
        $view->setTemplate('/Modules/Editor/Theme/Backend/editor-create');
        $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005301001, $request, $response));

@ -153,14 +145,6 @@ final class Controller extends ModuleAbstract implements WebInterface
    {
        $view = new View($this->app, $request, $response);

-        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
-            PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::DASHBOARD)
-        ) {
-            $view->setTemplate('/Web/Backend/Error/403_inline');
-            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
-            return $view;
-        }
-
        $view->setTemplate('/Modules/Editor/Theme/Backend/editor-list');
        $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005301001, $request, $response));

@ -228,14 +212,6 @@ final class Controller extends ModuleAbstract implements WebInterface
     */
    public function apiEditorCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
    {
-        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
-            PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::DOC)
-        ) {
-            $response->set('editor_create', null);
-            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
-            return;
-        }
-
        if (!empty($val = $this->validateEditorCreate($request))) {
            $response->set('editor_create', new FormValidation($val));

--- a/Models/PermissionState.php
+++ b/Models/PermissionState.php
@ -26,6 +26,5 @@ use phpOMS\Stdlib\Base\Enum;
 */
 abstract class PermissionState extends Enum
 {
-    public const DASHBOARD = 1;
-    public const DOC       = 2;
+    public const DOC = 1;
 }