From 09e3081588cd95cb327a67d6bc5dffe6dc691c61 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Fri, 17 Aug 2018 20:02:29 +0200 Subject: [PATCH] fix #96 fix #97 --- Admin/Routes/Web/Api.php | 23 ++++++++++++ Admin/Routes/Web/Backend.php | 28 ++++++++++++++ Controller.php | 72 ------------------------------------ Models/PermissionState.php | 5 +-- 4 files changed, 52 insertions(+), 76 deletions(-) diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php index 0ee36d7..2ebdf73 100644 --- a/Admin/Routes/Web/Api.php +++ b/Admin/Routes/Web/Api.php @@ -1,24 +1,47 @@ [ [ 'dest' => '\Modules\News\Controller:apiNewsCreate', 'verb' => RouteVerb::PUT, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::NEWS, + ], ], [ 'dest' => '\Modules\News\Controller:apiNewsUpdate', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::NEWS, + ], ], [ 'dest' => '\Modules\News\Controller:apiNewsGet', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::NEWS, + ], ], [ 'dest' => '\Modules\News\Controller:apiNewsDelete', 'verb' => RouteVerb::DELETE, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::DELETE, + 'state' => PermissionState::NEWS, + ], ], ], ]; diff --git a/Admin/Routes/Web/Backend.php b/Admin/Routes/Web/Backend.php index 92fbaf9..b689893 100644 --- a/Admin/Routes/Web/Backend.php +++ b/Admin/Routes/Web/Backend.php @@ -1,34 +1,62 @@ [ [ 'dest' => '\Modules\News\Controller:viewNewsDashboard', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::NEWS, + ], ], ], '^.*/backend/news/article.*$' => [ [ 'dest' => '\Modules\News\Controller:viewNewsArticle', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::NEWS, + ], ], ], '^.*/backend/news/archive.*$' => [ [ 'dest' => '\Modules\News\Controller:viewNewsArchive', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::NEWS, + ], ], ], '^.*/backend/news/create.*$' => [ [ 'dest' => '\Modules\Editor\Controller:setUpEditorEditor', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::NEWS, + ], ], [ 'dest' => '\Modules\News\Controller:viewNewsCreate', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::NEWS, + ], ], ], ]; diff --git a/Controller.php b/Controller.php index 45c6205..321b205 100644 --- a/Controller.php +++ b/Controller.php @@ -109,14 +109,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::DASHBOARD) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/News/Theme/Backend/news-dashboard'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response)); @@ -193,14 +185,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARCHIVE) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/News/Theme/Backend/news-archive'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response)); @@ -224,14 +208,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/News/Theme/Backend/news-create'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response)); @@ -289,14 +265,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiNewsUpdate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE) - ) { - $response->set('news_update', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $news = $this->updateNewsFromRequest($request); NewsArticleMapper::update($news); @@ -347,14 +315,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiNewsCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE) - ) { - $response->set('news_create', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - if (!empty($val = $this->validateNewsCreate($request))) { $response->set('news_create', new FormValidation($val)); @@ -407,14 +367,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiNewsGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE) - ) { - $response->set('news_read', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $news = NewsArticleMapper::get((int) $request->getData('id')); $response->set($request->getUri()->__toString(), [ 'status' => NotificationLevel::OK, @@ -459,14 +411,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiBadgeCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::BADGE) - ) { - $response->set('badge_create', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - if (!empty($val = $this->validateBadgeCreate($request))) { $response->set('badge_create', new FormValidation($val)); @@ -563,14 +507,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiNewsDelete(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::DELETE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE) - ) { - $response->set('news_delete', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $news = NewsArticleMapper::get((int) $request->getData('id')); $status = NewsArticleMapper::delete($news); @@ -597,14 +533,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiDeleteNewsBadge(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::DELETE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::BADGE) - ) { - $response->set('badge_delete', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - BadgeMapper::delete((int) $request->getData('id')); $response->set('badge_delete', (int) $request->getData('id')); } diff --git a/Models/PermissionState.php b/Models/PermissionState.php index 9f53fde..feb974f 100644 --- a/Models/PermissionState.php +++ b/Models/PermissionState.php @@ -26,8 +26,5 @@ use phpOMS\Stdlib\Base\Enum; */ abstract class PermissionState extends Enum { - public const DASHBOARD = 1; - public const ARCHIVE = 2; - public const ARTICLE = 3; - public const BADGE = 4; + public const NEWS = 1; }