From 3e74268f812c7c535f34febd9d3445cfefda77c8 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Fri, 17 Aug 2018 20:02:29 +0200
Subject: [PATCH] fix #96 fix #97

---
 Admin/Routes/Web/Backend.php | 18 ++++++++++++++++++
 Controller.php               | 16 ----------------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/Admin/Routes/Web/Backend.php b/Admin/Routes/Web/Backend.php
index a943599..6c851d6 100644
--- a/Admin/Routes/Web/Backend.php
+++ b/Admin/Routes/Web/Backend.php
@@ -1,24 +1,42 @@
 <?php
 
 use phpOMS\Router\RouteVerb;
+use phpOMS\Account\PermissionType;
+use Modules\Profile\Models\PermissionState;
+use Modules\Profile\Controller;
 
 return [
     '^.*/backend/profile.*$' => [
         [
             'dest' => '\Modules\Profile\Controller:setupProfileStyles',
             'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::READ,
+                'state' => PermissionState::PROFILE,
+            ],
         ],
     ],
     '^.*/backend/profile/list.*$' => [
         [
             'dest' => '\Modules\Profile\Controller:viewProfileList',
             'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::READ,
+                'state' => PermissionState::PROFILE,
+            ],
         ],
     ],
     '^.*/backend/profile/single.*$' => [
         [
             'dest' => '\Modules\Profile\Controller:viewProfileSingle',
             'verb' => RouteVerb::GET,
+            'permission' => [
+                'module' => Controller::MODULE_NAME,
+                'type'  => PermissionType::READ,
+                'state' => PermissionState::PROFILE,
+            ],
         ],
     ],
 ];
diff --git a/Controller.php b/Controller.php
index 24b0c0a..ffb69c9 100644
--- a/Controller.php
+++ b/Controller.php
@@ -115,14 +115,6 @@ final class Controller extends ModuleAbstract implements WebInterface
     {
         $view = new View($this->app, $request, $response);
 
-        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
-            PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::PROFILE)
-        ) {
-            $view->setTemplate('/Web/Backend/Error/403_inline');
-            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
-            return $view;
-        }
-
         $view->setTemplate('/Modules/Profile/Theme/Backend/profile-list');
 
         $view->setData('accounts', ProfileMapper::getNewest(25));
@@ -144,14 +136,6 @@ final class Controller extends ModuleAbstract implements WebInterface
     {
         $view = new View($this->app, $request, $response);
 
-        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
-            PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::PROFILE)
-        ) {
-            $view->setTemplate('/Web/Backend/Error/403_inline');
-            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
-            return $view;
-        }
-
         /** @var Head $head */
         $head = $response->get('Content')->getData('head');
         $head->addAsset(AssetType::CSS, '/Modules/Calendar/Theme/Backend/css/styles.css');