From b1fdcd3c7f1d8257238d51c5e4579d05c9f12f88 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Fri, 15 Sep 2017 19:09:52 +0200
Subject: [PATCH] More permission implementations

---
 Controller.php             | 24 +++++++++++++++++++-----
 Models/PermissionState.php |  1 +
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/Controller.php b/Controller.php
index 5e6a80f..0ae2014 100644
--- a/Controller.php
+++ b/Controller.php
@@ -24,6 +24,7 @@ use Modules\Tasks\Models\TaskMapper;
 use Modules\Tasks\Models\TaskStatus;
 use Modules\Tasks\Models\TaskType;
 use Modules\Tasks\Models\PermissionState;
+use phpOMS\Message\Http\RequestStatusCode;
 use phpOMS\Message\RequestAbstract;
 use phpOMS\Message\ResponseAbstract;
 use phpOMS\Module\ModuleAbstract;
@@ -69,9 +70,9 @@ class Controller extends ModuleAbstract implements WebInterface
     /* public */ const MODULE_NAME = 'Tasks';
 
     /**
-     * Module name.
+     * Module id.
      *
-     * @var string
+     * @var int
      * @since 1.0.0
      */
     /* public */ const MODULE_ID = 1001100000;
@@ -158,9 +159,7 @@ class Controller extends ModuleAbstract implements WebInterface
     {
         $view = new View($this->app, $request, $response);
 
-        $task = TaskMapper::get((int) $request->getData('id'));
-        $view->addData('task', $task);
-
+        $task      = TaskMapper::get((int) $request->getData('id'));
         $accountId = $request->getHeader()->getAccount();
 
         if (!($task->getCreatedBy()->getId() === $accountId
@@ -174,6 +173,7 @@ class Controller extends ModuleAbstract implements WebInterface
         }
 
         $view->setTemplate('/Modules/Tasks/Theme/Backend/task-single');
+        $view->addData('task', $task);
         $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1001101001, $request, $response));
 
         return $view;
@@ -252,6 +252,13 @@ class Controller extends ModuleAbstract implements WebInterface
      */
     public function apiTaskCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
     {
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::TASK)
+        ) {
+            $response->set('task_create', null);
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+        }
+
         if (!empty($val = $this->validateTaskCreate($request))) {
             $response->set('task_create', new FormValidation($val));
 
@@ -313,6 +320,13 @@ class Controller extends ModuleAbstract implements WebInterface
      */
     public function apiTaskElementCreate(RequestAbstract $request, ResponseAbstract $response, $data = null)
     {
+        if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission(
+            PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::TASK)
+        ) {
+            $response->set('task_element_create', null);
+            $response->getHeader()->setStatusCode(RequestStatusCode::R_403);
+        }
+
         if (!empty($val = $this->validateTaskElementCreate($request))) {
             $response->set('task_element_create', new FormValidation($val));
 
diff --git a/Models/PermissionState.php b/Models/PermissionState.php
index e364f80..8564b6a 100644
--- a/Models/PermissionState.php
+++ b/Models/PermissionState.php
@@ -29,4 +29,5 @@ abstract class PermissionState extends Enum
 {
     /* public */ const DASHBOARD = 1;
     /* public */ const TASK = 2;
+    /* public */ const TASKELEMENT = 3;
 }