diff --git a/Controller/ApiEquipmentAttributeController.php b/Controller/ApiEquipmentAttributeController.php index 5c1042e..c830435 100755 --- a/Controller/ApiEquipmentAttributeController.php +++ b/Controller/ApiEquipmentAttributeController.php @@ -377,7 +377,7 @@ final class ApiEquipmentAttributeController extends Controller * * @api * - * @todo: implement + * @todo Implement API function * * @since 1.0.0 */ @@ -448,7 +448,7 @@ final class ApiEquipmentAttributeController extends Controller */ public function apiEquipmentAttributeValueDelete(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void { - // @todo: I don't think values can be deleted? Only Attributes + // @todo I don't think values can be deleted? Only Attributes // However, It should be possible to remove UNUSED default values // either here or other function? // if (!empty($val = $this->validateAttributeValueDelete($request))) { diff --git a/Controller/ApiEquipmentController.php b/Controller/ApiEquipmentController.php index bf1d0e9..1b587c2 100755 --- a/Controller/ApiEquipmentController.php +++ b/Controller/ApiEquipmentController.php @@ -18,12 +18,14 @@ use Modules\Admin\Models\NullAccount; use Modules\EquipmentManagement\Models\Equipment; use Modules\EquipmentManagement\Models\EquipmentMapper; use Modules\EquipmentManagement\Models\EquipmentStatus; +use Modules\EquipmentManagement\Models\PermissionCategory; use Modules\Media\Models\CollectionMapper; use Modules\Media\Models\MediaMapper; use Modules\Media\Models\NullMedia; use Modules\Media\Models\PathSettings; use Modules\Media\Models\Reference; use Modules\Media\Models\ReferenceMapper; +use phpOMS\Account\PermissionType; use phpOMS\Localization\NullBaseStringL11nType; use phpOMS\Message\Http\RequestStatusCode; use phpOMS\Message\NotificationLevel; @@ -489,7 +491,7 @@ final class ApiEquipmentController extends Controller * * @return Equipment * - * @todo: implement + * @todo Implement API update function * * @since 1.0.0 */ @@ -511,7 +513,7 @@ final class ApiEquipmentController extends Controller * * @return array * - * @todo: implement + * @todo Implement API validation function * * @since 1.0.0 */ @@ -560,7 +562,7 @@ final class ApiEquipmentController extends Controller * * @return array * - * @todo: implement + * @todo Implement API validation function * * @since 1.0.0 */ @@ -589,8 +591,17 @@ final class ApiEquipmentController extends Controller */ public function apiNoteUpdate(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void { - // @todo: check permissions - $this->app->moduleManager->get('Editor', 'Api')->apiEditorDocUpdate($request, $response, $data); + $accountId = $request->header->account; + if (!$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::MODIFY, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::EQUIPMENT_NOTE, $request->getDataInt('id')) + ) { + $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $response->header->status = RequestStatusCode::R_403; + + return; + } + + $this->app->moduleManager->get('Editor', 'Api')->apiEditorUpdate($request, $response, $data); } /** @@ -608,7 +619,16 @@ final class ApiEquipmentController extends Controller */ public function apiNoteDelete(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void { - // @todo: check permissions - $this->app->moduleManager->get('Editor', 'Api')->apiEditorDocDelete($request, $response, $data); + $accountId = $request->header->account; + if (!$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::DELETE, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::EQUIPMENT_NOTE, $request->getDataInt('id')) + ) { + $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $response->header->status = RequestStatusCode::R_403; + + return; + } + + $this->app->moduleManager->get('Editor', 'Api')->apiEditorDelete($request, $response, $data); } } diff --git a/Controller/ApiEquipmentTypeController.php b/Controller/ApiEquipmentTypeController.php index aadafa4..45afc22 100755 --- a/Controller/ApiEquipmentTypeController.php +++ b/Controller/ApiEquipmentTypeController.php @@ -206,7 +206,7 @@ final class ApiEquipmentTypeController extends Controller * * @return BaseStringL11nType * - * @todo: implement + * @todo Implement API update function * * @since 1.0.0 */ @@ -224,7 +224,7 @@ final class ApiEquipmentTypeController extends Controller * * @return array * - * @todo: implement + * @todo Implement API validation function * * @since 1.0.0 */ diff --git a/Controller/ApiInspectionTypeController.php b/Controller/ApiInspectionTypeController.php index c9d99eb..b743a7f 100755 --- a/Controller/ApiInspectionTypeController.php +++ b/Controller/ApiInspectionTypeController.php @@ -206,7 +206,7 @@ final class ApiInspectionTypeController extends Controller * * @return BaseStringL11nType * - * @todo: implement + * @todo Implement API update function * * @since 1.0.0 */ @@ -224,7 +224,7 @@ final class ApiInspectionTypeController extends Controller * * @return array * - * @todo: implement + * @todo Implement API validation function * * @since 1.0.0 */ diff --git a/Controller/BackendController.php b/Controller/BackendController.php index b6a032e..47637ac 100755 --- a/Controller/BackendController.php +++ b/Controller/BackendController.php @@ -187,7 +187,7 @@ final class BackendController extends Controller $view->setTemplate('/Modules/EquipmentManagement/Theme/Backend/equipment-profile'); $view->data['nav'] = $this->app->moduleManager->get('Navigation')->createNavigationMid(1008402001, $request, $response); - // @todo: This langauge filtering doesn't work. But it was working with the old mappers. Maybe there is a bug in the where() definition. Need to inspect the actual query. + // @todo This langauge filtering doesn't work. But it was working with the old mappers. Maybe there is a bug in the where() definition. Need to inspect the actual query. $equipment = EquipmentMapper::get() ->with('attributes') ->with('attributes/type') diff --git a/ICAL.txt b/ICAL.txt index 019045f..f1b55ed 100755 --- a/ICAL.txt +++ b/ICAL.txt @@ -1,6 +1,6 @@ # Individual Contributor License Agreement ("CLA") 1.0 -Thank you for your interest in Karaka-Management (the "Company"). In order to clarify the intellectual property license granted with Contributions from any person or entity, the Company must provide a Contributor License Agreement ("CLA") on file that has been made available to each Contributor. This license is for your protection as a Contributor as well as the protection of the Company and its users; it does not change your rights to use your own Contributions for any other purpose. +Thank you for your interest in Jingga e. K. (the "Company"). In order to clarify the intellectual property license granted with Contributions from any person or entity, the Company must provide a Contributor License Agreement ("CLA") on file that has been made available to each Contributor. This license is for your protection as a Contributor as well as the protection of the Company and its users; it does not change your rights to use your own Contributions for any other purpose. By contributing to the Company You accept and agree to the following terms and conditions for Your present and future Contributions submitted to the Company. In return, the Company shall not use Your Contributions in a way that is contrary to the public benefit or inconsistent with its bylaws in effect at the time of the Contribution. Except for the license granted herein to the Company and recipients of software distributed by the Company, You reserve all right, title, and interest in and to Your Contributions. diff --git a/Models/PermissionCategory.php b/Models/PermissionCategory.php index cc7f905..dd25c8a 100755 --- a/Models/PermissionCategory.php +++ b/Models/PermissionCategory.php @@ -35,4 +35,6 @@ abstract class PermissionCategory extends Enum public const EQUIPMENT_INSPECTION = 5; public const EQUIPMENT_ATTRIBUTE_TYPE = 6; + + public const EQUIPMENT_NOTE = 7; }