From d53ecf17bb43f6a60e2d0f9c0fce1b986db8b661 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Fri, 17 Aug 2018 20:02:29 +0200 Subject: [PATCH] fix #96 fix #97 --- Admin/Routes/Web/Api.php | 13 +++++++++++++ Admin/Routes/Web/Backend.php | 28 ++++++++++++++++++++++++++++ Controller.php | 8 -------- Models/PermissionState.php | 5 +++-- 4 files changed, 44 insertions(+), 10 deletions(-) diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php index 089381c..42368d4 100644 --- a/Admin/Routes/Web/Api.php +++ b/Admin/Routes/Web/Api.php @@ -1,18 +1,31 @@ [ [ 'dest' => '\Modules\Exchange\Controller:apiExchangeImport', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::IMPORT, + ], ], ], '^.*/api/admin/exchange/export/profile.*$' => [ [ 'dest' => '\Modules\Exchange\Controller:apiExchangeExport', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::EXPORT, + ], ], ], ]; diff --git a/Admin/Routes/Web/Backend.php b/Admin/Routes/Web/Backend.php index 5a507de..e534e8b 100644 --- a/Admin/Routes/Web/Backend.php +++ b/Admin/Routes/Web/Backend.php @@ -1,36 +1,64 @@ [ [ 'dest' => '\Modules\Exchange\Controller:viewExchangeImportList', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::IMPORT, + ], ], ], '^.*/backend/admin/exchange/export/list.*$' => [ [ 'dest' => '\Modules\Exchange\Controller:viewExchangeExportList', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::EXPORT, + ], ], ], '^.*/backend/admin/exchange/import/profile.*$' => [ [ 'dest' => '\Modules\Exchange\Controller:viewExchangeImport', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::IMPORT, + ], ], ], '^.*/backend/admin/exchange/export/profile.*$' => [ [ 'dest' => '\Modules\Exchange\Controller:viewExchangeExport', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::EXPORT, + ], ], ], '^.*/backend/admin/exchange/dashboard.*$' => [ [ 'dest' => '\Modules\Exchange\Controller:viewExchangeDashboard', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::DASHBOARD, + ], ], ], ]; diff --git a/Controller.php b/Controller.php index 974dd8b..97c48ba 100644 --- a/Controller.php +++ b/Controller.php @@ -227,14 +227,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiExchangeImport(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::IMPORT) - ) { - $response->set('exchange_import', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $import = $this->importDataFromRequest($request); $status = NotificationLevel::ERROR; $message = 'Import failed.'; diff --git a/Models/PermissionState.php b/Models/PermissionState.php index bdb0298..34e7d80 100644 --- a/Models/PermissionState.php +++ b/Models/PermissionState.php @@ -26,6 +26,7 @@ use phpOMS\Stdlib\Base\Enum; */ abstract class PermissionState extends Enum { - public const IMPORT = 1; - public const EXPORT = 2; + public const IMPORT = 1; + public const EXPORT = 2; + public const DASHBOARD = 3; }