mirror of
https://github.com/Karaka-Management/oms-News.git
synced 2026-02-13 23:28:40 +00:00
Implement organization permission
This commit is contained in:
parent
091913de60
commit
fe29ee3ac7
|
|
@ -107,7 +107,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
$view = new View($this->app, $request, $response);
|
$view = new View($this->app, $request, $response);
|
||||||
|
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD)
|
PermissionType::READ, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD)
|
||||||
) {
|
) {
|
||||||
$view->setTemplate('/Web/Backend/Error/403_inline');
|
$view->setTemplate('/Web/Backend/Error/403_inline');
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -152,7 +152,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
|
|
||||||
if ($article->getCreatedBy()->getId() !== $accountId
|
if ($article->getCreatedBy()->getId() !== $accountId
|
||||||
&& !$this->app->accountManager->get($accountId)->hasPermission(
|
&& !$this->app->accountManager->get($accountId)->hasPermission(
|
||||||
PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE, $article->getId())
|
PermissionType::READ, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE, $article->getId())
|
||||||
) {
|
) {
|
||||||
$view->setTemplate('/Web/Backend/Error/403_inline');
|
$view->setTemplate('/Web/Backend/Error/403_inline');
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -181,7 +181,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
$view = new View($this->app, $request, $response);
|
$view = new View($this->app, $request, $response);
|
||||||
|
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::ARCHIVE)
|
PermissionType::READ, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::ARCHIVE)
|
||||||
) {
|
) {
|
||||||
$view->setTemplate('/Web/Backend/Error/403_inline');
|
$view->setTemplate('/Web/Backend/Error/403_inline');
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -211,7 +211,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
$view = new View($this->app, $request, $response);
|
$view = new View($this->app, $request, $response);
|
||||||
|
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE)
|
PermissionType::CREATE, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE)
|
||||||
) {
|
) {
|
||||||
$view->setTemplate('/Web/Backend/Error/403_inline');
|
$view->setTemplate('/Web/Backend/Error/403_inline');
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -262,7 +262,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
public function apiNewsCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
public function apiNewsCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
||||||
{
|
{
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE)
|
PermissionType::CREATE, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE)
|
||||||
) {
|
) {
|
||||||
$response->set('news_create', null);
|
$response->set('news_create', null);
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -322,7 +322,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
public function apiBadgeCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
public function apiBadgeCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
||||||
{
|
{
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::BADGE)
|
PermissionType::CREATE, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::BADGE)
|
||||||
) {
|
) {
|
||||||
$response->set('badge_create', null);
|
$response->set('badge_create', null);
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -404,7 +404,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
public function apiDeleteNewsArticle(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
public function apiDeleteNewsArticle(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
||||||
{
|
{
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::DELETE, 1, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE)
|
PermissionType::DELETE, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::ARTICLE)
|
||||||
) {
|
) {
|
||||||
$response->set('news_delete', null);
|
$response->set('news_delete', null);
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
@ -418,7 +418,7 @@ class Controller extends ModuleAbstract implements WebInterface
|
||||||
public function apiDeleteNewsBadge(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
public function apiDeleteNewsBadge(RequestAbstract $request, ResponseAbstract $response, $data = null)
|
||||||
{
|
{
|
||||||
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
|
||||||
PermissionType::DELETE, 1, $this->app->appName, self::MODULE_ID, PermissionState::BADGE)
|
PermissionType::DELETE, $this->app->appId, $this->app->appName, self::MODULE_ID, PermissionState::BADGE)
|
||||||
) {
|
) {
|
||||||
$response->set('badge_delete', null);
|
$response->set('badge_delete', null);
|
||||||
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user