Jingga/oms-News
1
0
Fork 0
mirror of https://github.com/Karaka-Management/oms-News.git synced 2026-02-14 23:58:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix #96 fix #97

Browse Source
This commit is contained in:
Dennis Eichhorn 2018-08-17 20:02:29 +02:00
parent 5d2312e010
commit 09e3081588
4 changed files with 52 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Admin/Routes/Web/Api.php
View File

@ -1,24 +1,47 @@
<?php <?php
use phpOMS\Router\RouteVerb; use phpOMS\Router\RouteVerb;
use phpOMS\Account\PermissionType;
use Modules\News\Models\PermissionState;
use Modules\News\Controller;
return [ return [
'^.*/api/news.*$' => [ '^.*/api/news.*$' => [
[ [
'dest' => '\Modules\News\Controller:apiNewsCreate', 'dest' => '\Modules\News\Controller:apiNewsCreate',
'verb' => RouteVerb::PUT, 'verb' => RouteVerb::PUT,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::CREATE,
'state' => PermissionState::NEWS,
],
], ],
[ [
'dest' => '\Modules\News\Controller:apiNewsUpdate', 'dest' => '\Modules\News\Controller:apiNewsUpdate',
'verb' => RouteVerb::SET, 'verb' => RouteVerb::SET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::MODIFY,
'state' => PermissionState::NEWS,
],
], ],
[ [
'dest' => '\Modules\News\Controller:apiNewsGet', 'dest' => '\Modules\News\Controller:apiNewsGet',
'verb' => RouteVerb::GET, 'verb' => RouteVerb::GET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::READ,
'state' => PermissionState::NEWS,
],
], ],
[ [
'dest' => '\Modules\News\Controller:apiNewsDelete', 'dest' => '\Modules\News\Controller:apiNewsDelete',
'verb' => RouteVerb::DELETE, 'verb' => RouteVerb::DELETE,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::DELETE,
'state' => PermissionState::NEWS,
],
], ],
], ],
]; ];

28
Admin/Routes/Web/Backend.php
View File

@ -1,34 +1,62 @@
<?php <?php
use phpOMS\Router\RouteVerb; use phpOMS\Router\RouteVerb;
use phpOMS\Account\PermissionType;
use Modules\News\Models\PermissionState;
use Modules\News\Controller;
return [ return [
'^.*/backend/news/dashboard.*$' => [ '^.*/backend/news/dashboard.*$' => [
[ [
'dest' => '\Modules\News\Controller:viewNewsDashboard', 'dest' => '\Modules\News\Controller:viewNewsDashboard',
'verb' => RouteVerb::GET, 'verb' => RouteVerb::GET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::READ,
'state' => PermissionState::NEWS,
],
], ],
], ],
'^.*/backend/news/article.*$' => [ '^.*/backend/news/article.*$' => [
[ [
'dest' => '\Modules\News\Controller:viewNewsArticle', 'dest' => '\Modules\News\Controller:viewNewsArticle',
'verb' => RouteVerb::GET, 'verb' => RouteVerb::GET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::READ,
'state' => PermissionState::NEWS,
],
], ],
], ],
'^.*/backend/news/archive.*$' => [ '^.*/backend/news/archive.*$' => [
[ [
'dest' => '\Modules\News\Controller:viewNewsArchive', 'dest' => '\Modules\News\Controller:viewNewsArchive',
'verb' => RouteVerb::GET, 'verb' => RouteVerb::GET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::READ,
'state' => PermissionState::NEWS,
],
], ],
], ],
'^.*/backend/news/create.*$' => [ '^.*/backend/news/create.*$' => [
[ [
'dest' => '\Modules\Editor\Controller:setUpEditorEditor', 'dest' => '\Modules\Editor\Controller:setUpEditorEditor',
'verb' => RouteVerb::GET, 'verb' => RouteVerb::GET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::CREATE,
'state' => PermissionState::NEWS,
],
], ],
[ [
'dest' => '\Modules\News\Controller:viewNewsCreate', 'dest' => '\Modules\News\Controller:viewNewsCreate',
'verb' => RouteVerb::GET, 'verb' => RouteVerb::GET,
'permission' => [
'module' => Controller::MODULE_NAME,
'type' => PermissionType::CREATE,
'state' => PermissionState::NEWS,
],
], ],
], ],
]; ];

72
Controller.php
View File

@ -109,14 +109,6 @@ final class Controller extends ModuleAbstract implements WebInterface
{ {
$view = new View($this->app, $request, $response); $view = new View($this->app, $request, $response);
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::DASHBOARD)
) {
$view->setTemplate('/Web/Backend/Error/403_inline');
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return $view;
}
$view->setTemplate('/Modules/News/Theme/Backend/news-dashboard'); $view->setTemplate('/Modules/News/Theme/Backend/news-dashboard');
$view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response)); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response));
@ -193,14 +185,6 @@ final class Controller extends ModuleAbstract implements WebInterface
{ {
$view = new View($this->app, $request, $response); $view = new View($this->app, $request, $response);
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARCHIVE)
) {
$view->setTemplate('/Web/Backend/Error/403_inline');
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return $view;
}
$view->setTemplate('/Modules/News/Theme/Backend/news-archive'); $view->setTemplate('/Modules/News/Theme/Backend/news-archive');
$view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response)); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response));
@ -224,14 +208,6 @@ final class Controller extends ModuleAbstract implements WebInterface
{ {
$view = new View($this->app, $request, $response); $view = new View($this->app, $request, $response);
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE)
) {
$view->setTemplate('/Web/Backend/Error/403_inline');
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return $view;
}
$view->setTemplate('/Modules/News/Theme/Backend/news-create'); $view->setTemplate('/Modules/News/Theme/Backend/news-create');
$view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response)); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1000701001, $request, $response));
@ -289,14 +265,6 @@ final class Controller extends ModuleAbstract implements WebInterface
*/ */
public function apiNewsUpdate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void public function apiNewsUpdate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
{ {
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE)
) {
$response->set('news_update', null);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
$news = $this->updateNewsFromRequest($request); $news = $this->updateNewsFromRequest($request);
NewsArticleMapper::update($news); NewsArticleMapper::update($news);
@ -347,14 +315,6 @@ final class Controller extends ModuleAbstract implements WebInterface
*/ */
public function apiNewsCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void public function apiNewsCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
{ {
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE)
) {
$response->set('news_create', null);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
if (!empty($val = $this->validateNewsCreate($request))) { if (!empty($val = $this->validateNewsCreate($request))) {
$response->set('news_create', new FormValidation($val)); $response->set('news_create', new FormValidation($val));
@ -407,14 +367,6 @@ final class Controller extends ModuleAbstract implements WebInterface
*/ */
public function apiNewsGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void public function apiNewsGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
{ {
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE)
) {
$response->set('news_read', null);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
$news = NewsArticleMapper::get((int) $request->getData('id')); $news = NewsArticleMapper::get((int) $request->getData('id'));
$response->set($request->getUri()->__toString(), [ $response->set($request->getUri()->__toString(), [
'status' => NotificationLevel::OK, 'status' => NotificationLevel::OK,
@ -459,14 +411,6 @@ final class Controller extends ModuleAbstract implements WebInterface
*/ */
public function apiBadgeCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void public function apiBadgeCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
{ {
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::BADGE)
) {
$response->set('badge_create', null);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
if (!empty($val = $this->validateBadgeCreate($request))) { if (!empty($val = $this->validateBadgeCreate($request))) {
$response->set('badge_create', new FormValidation($val)); $response->set('badge_create', new FormValidation($val));
@ -563,14 +507,6 @@ final class Controller extends ModuleAbstract implements WebInterface
*/ */
public function apiNewsDelete(RequestAbstract $request, ResponseAbstract $response, $data = null) : void public function apiNewsDelete(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
{ {
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::DELETE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ARTICLE)
) {
$response->set('news_delete', null);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
$news = NewsArticleMapper::get((int) $request->getData('id')); $news = NewsArticleMapper::get((int) $request->getData('id'));
$status = NewsArticleMapper::delete($news); $status = NewsArticleMapper::delete($news);
@ -597,14 +533,6 @@ final class Controller extends ModuleAbstract implements WebInterface
*/ */
public function apiDeleteNewsBadge(RequestAbstract $request, ResponseAbstract $response, $data = null) : void public function apiDeleteNewsBadge(RequestAbstract $request, ResponseAbstract $response, $data = null) : void
{ {
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
PermissionType::DELETE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::BADGE)
) {
$response->set('badge_delete', null);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
BadgeMapper::delete((int) $request->getData('id')); BadgeMapper::delete((int) $request->getData('id'));
$response->set('badge_delete', (int) $request->getData('id')); $response->set('badge_delete', (int) $request->getData('id'));
} }

5
Models/PermissionState.php
View File

@ -26,8 +26,5 @@ use phpOMS\Stdlib\Base\Enum;
*/ */
abstract class PermissionState extends Enum abstract class PermissionState extends Enum
{ {
public const DASHBOARD = 1; public const NEWS = 1;
public const ARCHIVE = 2;
public const ARTICLE = 3;
public const BADGE = 4;
} }