From 4e121896ae58243494b3b6fee14c3c3dd41caa52 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Fri, 17 Aug 2018 20:02:29 +0200 Subject: [PATCH] fix #96 fix #97 --- Admin/Routes/Web/Api.php | 33 +++++++++++++++++++ Admin/Routes/Web/Backend.php | 23 +++++++++++++ Controller.php | 64 ------------------------------------ Models/PermissionState.php | 6 ++-- 4 files changed, 59 insertions(+), 67 deletions(-) diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php index 80ea159..b654382 100644 --- a/Admin/Routes/Web/Api.php +++ b/Admin/Routes/Web/Api.php @@ -1,34 +1,67 @@ [ [ 'dest' => '\Modules\Tasks\Controller:apiTaskCreate', 'verb' => RouteVerb::PUT, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::TASK, + ], ], [ 'dest' => '\Modules\Tasks\Controller:apiTaskSet', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::TASK, + ], ], [ 'dest' => '\Modules\Tasks\Controller:apiTaskGet', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::TASK, + ], ], ], '^.*/api/task/element.*$' => [ [ 'dest' => '\Modules\Tasks\Controller:apiTaskElementCreate', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::ELEMENT, + ], ], [ 'dest' => '\Modules\Tasks\Controller:apiTaskElementSet', 'verb' => RouteVerb::SET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionState::ELEMENT, + ], ], [ 'dest' => '\Modules\Tasks\Controller:apiTaskElementGet', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::ELEMENT, + ], ], ], ]; diff --git a/Admin/Routes/Web/Backend.php b/Admin/Routes/Web/Backend.php index 841cc37..eaf4908 100644 --- a/Admin/Routes/Web/Backend.php +++ b/Admin/Routes/Web/Backend.php @@ -1,30 +1,53 @@ [ [ 'dest' => '\Modules\Tasks\Controller:viewTaskDashboard', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::TASK, + ], ], ], '^.*/backend/task/single.*$' => [ [ 'dest' => '\Modules\Tasks\Controller:viewTaskView', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::TASK, + ], ], ], '^.*/backend/task/create.*$' => [ [ 'dest' => '\Modules\Tasks\Controller:viewTaskCreate', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionState::TASK, + ], ], ], '^.*/backend/task/analysis.*$' => [ [ 'dest' => '\Modules\Tasks\Controller:viewTaskAnalysis', 'verb' => RouteVerb::GET, + 'permission' => [ + 'module' => Controller::MODULE_NAME, + 'type' => PermissionType::READ, + 'state' => PermissionState::ANALYSIS, + ], ], ], ]; diff --git a/Controller.php b/Controller.php index 3420ecb..d5339f2 100644 --- a/Controller.php +++ b/Controller.php @@ -113,14 +113,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::DASHBOARD) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Tasks/Theme/Backend/task-dashboard'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1001101001, $request, $response)); @@ -213,14 +205,6 @@ final class Controller extends ModuleAbstract implements WebInterface { $view = new View($this->app, $request, $response); - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $view->setTemplate('/Web/Backend/Error/403_inline'); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return $view; - } - $view->setTemplate('/Modules/Tasks/Theme/Backend/task-create'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1001101001, $request, $response)); @@ -302,14 +286,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiTaskCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $response->set('task_create', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - if (!empty($val = $this->validateTaskCreate($request))) { $response->set('task_create', new FormValidation($val)); @@ -369,14 +345,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiTaskGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $response->set('task_read', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $task = TaskMapper::get((int) $request->getData('id')); $response->set($request->getUri()->__toString(), [ 'status' => NotificationLevel::OK, @@ -401,14 +369,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiTaskSet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $response->set('task_update', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $task = $this->updateTaskFromRequest($request); $status = TaskMapper::update($task); @@ -479,14 +439,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiTaskElementCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::CREATE, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $response->set('task_element_create', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - if (!empty($val = $this->validateTaskElementCreate($request))) { $response->set('task_element_create', new FormValidation($val)); @@ -541,14 +493,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiTaskElementGet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::READ, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $response->set('task_read', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $task = TaskElementMapper::get((int) $request->getData('id')); $response->set($request->getUri()->__toString(), [ 'status' => NotificationLevel::OK, @@ -573,14 +517,6 @@ final class Controller extends ModuleAbstract implements WebInterface */ public function apiTaskElementSet(RequestAbstract $request, ResponseAbstract $response, $data = null) : void { - if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( - PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::TASK) - ) { - $response->set('task_update', null); - $response->getHeader()->setStatusCode(RequestStatusCode::R_403); - return; - } - $task = $this->updateTaskElementFromRequest($request); $status = TaskElementMapper::update($task); diff --git a/Models/PermissionState.php b/Models/PermissionState.php index 9d2d243..314c989 100644 --- a/Models/PermissionState.php +++ b/Models/PermissionState.php @@ -26,7 +26,7 @@ use phpOMS\Stdlib\Base\Enum; */ abstract class PermissionState extends Enum { - public const DASHBOARD = 1; - public const TASK = 2; - public const TASKELEMENT = 3; + public const TASK = 1; + public const ELEMENT = 2; + public const ANALYSIS = 3; }