From 84cd20e8132d2bf2d50ecf45ba8d10c072740495 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Sat, 16 Sep 2017 12:15:55 +0200 Subject: [PATCH] Create more permission handling --- Controller.php | 50 ++++++++++++++++++++++++++++++++++++-- Models/PermissionState.php | 35 ++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 Models/PermissionState.php diff --git a/Controller.php b/Controller.php index d13cf7e..15a452d 100644 --- a/Controller.php +++ b/Controller.php @@ -20,6 +20,7 @@ use phpOMS\Module\ModuleAbstract; use phpOMS\Module\WebInterface; use phpOMS\Views\View; use phpOMS\Asset\AssetType; +use phpOMS\Account\PermissionType; use Modules\Knowledgebase\Models\WikiCategoryMapper; use Modules\Knowledgebase\Models\NullWikiCategory; @@ -30,6 +31,7 @@ use Modules\Knowledgebase\Models\WikiStatusMapper; use Modules\Knowledgebase\Models\WikiDoc; use Modules\Knowledgebase\Models\WikiCategory; use Modules\Knowledgebase\Models\WikiBadge; +use Modules\Knowledgebase\Models\PermissionState; /** * Task class. @@ -110,6 +112,14 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKnowledgebaseDashboard(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + return $view; + } + $view->setTemplate('/Modules/Knowledgebase/Theme/Backend/wiki-dashboard'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005901001, $request, $response)); @@ -131,6 +141,14 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKnowledgebaseCategoryList(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + return $view; + } + $view->setTemplate('/Modules/Knowledgebase/Theme/Backend/wiki-category-list'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005901001, $request, $response)); @@ -152,6 +170,7 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKnowledgebaseCategory(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + $view->setTemplate('/Modules/Knowledgebase/Theme/Backend/wiki-category-single'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005901001, $request, $response)); @@ -193,10 +212,20 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKnowledgebaseDoc(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); - $view->setTemplate('/Modules/Knowledgebase/Theme/Backend/wiki-category-single'); - $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005901001, $request, $response)); $category = WikiDocMapper::get((int) $request->getData('id')); + $accountId = $request->getHeader()->getAccount(); + + if (!$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DOC, $category->getId()) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return $view; + } + + $view->setTemplate('/Modules/Knowledgebase/Theme/Backend/wiki-category-single'); + $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005901001, $request, $response)); $view->setData('category', $category); return $view; @@ -214,6 +243,15 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKnowledgebaseDocCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::DOC) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return $view; + } + $view->setTemplate('/Modules/Knowledgebase/Theme/Backend/wiki-category-single'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005901001, $request, $response)); @@ -224,6 +262,14 @@ class Controller extends ModuleAbstract implements WebInterface public function apiWikiDocCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) { + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::DOC) + ) { + $response->set('wiki_doc_create', null); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return; + } + if (!empty($val = $this->validateWikiDocCreate($request))) { $response->set('wiki_doc_create', new FormValidation($val)); diff --git a/Models/PermissionState.php b/Models/PermissionState.php new file mode 100644 index 0000000..99280a2 --- /dev/null +++ b/Models/PermissionState.php @@ -0,0 +1,35 @@ +