Check permissions

application/core/FHC_Model.php

@@ -8,6 +8,7 @@ class FHC_Model extends CI_Model
 	{
 		parent::__construct();
 		$this->load->helper('language');
+		$this->load->helper('fhc_db_acl');
 		$this->lang->load('fhcomplete');
 	}
 
@@ -84,15 +85,6 @@ class DB_Model extends FHC_Model
 		);
 	}
 	
-	/**
-	 * TODO
-	 */
-	protected function _checkPermissions()
-	{
-		// If _addonID is NOT set (core) or if _addonID is set (API call) and has permissions
-		return !isset($this->_addonID) || (isset($this->_addonID) && TRUE);
-	}
-	
 	/**
 	 * Method setAddonID
 	 * 

application/helpers/fhc_db_acl_helper.php

@@ -0,0 +1,12 @@
+<?php
+
+//require_once(FCPATH.'include/benutzerberechtigung.class.php');
+
+function isAllowed($uid, $berechtigung_kurzbz, $art = NULL, $oe_kurzbz = NULL, $kostenstelle_id = NULL)
+{
+	/*$bb = benutzerberechtigung();
+	$bb->getBerechtigungen($uid);
+	return $bb->isBerechtigt($berechtigung_kurzbz, $art, $oe_kurzbz, $kostenstelle_id);*/
+	
+	return TRUE;
+}

application/models/Nation_model.php

@@ -21,7 +21,7 @@ class Nation_model extends DB_Model
 		
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			$result = $this->db->query($this->_getNationQuery($notLocked, $orderEnglish));
 		}
@@ -61,7 +61,7 @@ class Nation_model extends DB_Model
 		
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			$result = $this->db->query($this->_federalStateQuery);
 		}

application/models/person/Person_model.php

@@ -54,7 +54,7 @@ class Person_model extends DB_Model
 		
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			if((isset($code)) && (isset($email)))
 			{
@@ -135,7 +135,7 @@ class Person_model extends DB_Model
 		
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			if($this->_validate($person))
 			{
@@ -331,7 +331,7 @@ class Person_model extends DB_Model
 	{
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			return $this->_saveInterestedStudent($interestedStudent);
 		}

application/models/studies/Course_model.php

@@ -33,7 +33,7 @@ class Course_model extends DB_Model
 		
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			$result = $this->db->query($this->_enabledCoursesQuery);
 		}

application/models/studies/Plan_model.php

@@ -24,7 +24,7 @@ class Plan_model extends DB_Model
 		
 		// Checks if the operation is permitted by the API caller
 		// All the code should be put inside this if statement
-		if($this->_checkPermissions())
+		if(isAllowed($this->_addonID, 'person'))
 		{
 			$result = $this->db->query($this->_planQuery, array($courseOfStudiesID));
 		}

ci_hack.php

@@ -347,6 +347,11 @@ if (isset($assign_to_config) && is_array($assign_to_config))
  */
 $LANG =& load_class('Lang', 'core');
 
+define('FHC_INTEGER',1);
+define('FHC_STRING',2);
+define('FHC_BOOLEAN',3);
+define('FHC_LANG_ARRAY',4);
+
 function &get_instance()
 {
 	return CI_Controller::get_instance();

tests/codeception/api/v1/NationCept.php

@@ -1,7 +1,7 @@
 <?php
 
 $I = new ApiTester($scenario);
-$I->wantTo('Test API call v1/nation/All');
+$I->wantTo('Test API call v1/nation All and FederalState');
 $I->amHttpAuthenticated("wu11e001", "1Q2W3E4R");
 $I->haveHttpHeader('FHC-API-KEY', 'testapikey@fhcomplete.org');
 $I->sendGET('v1/nation/All');

tests/codeception/api/v1/PersonCept.php

@@ -1,7 +1,7 @@
 <?php
 
 $I = new ApiTester($scenario);
-$I->wantTo('Test API call v1/person/person/Person by person_id');
+$I->wantTo('Test API call v1/person/person/Person');
 $I->amHttpAuthenticated("wu11e001", "1Q2W3E4R");
 $I->haveHttpHeader('FHC-API-KEY', 'testapikey@fhcomplete.org');
 $I->sendGET('v1/person/person/Person', array('person_id' => 62788));