blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-01 12:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

- phpC(d)I

Browse Source 
- Renamed method chkRights to _isEntitled in model DB_Model
- Updated models where it was needed
This commit is contained in:
bison-paolo
2016-10-20 16:37:52 +02:00
parent 39b4c8057d
commit 5087826891
20 changed files with 152 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/config/fhcomplete.php
+3 -1
View File
@@ -238,7 +238,9 @@ $config['fhc_acl'] = array
DMS_PATH => 'fs/dms', DMS_PATH => 'fs/dms',
'public.tbl_sprache' => 'admin' 'public.tbl_sprache' => 'admin',
'PhrasesLib.getPhrase' => 'system/PhrasesLib'
); );
$config['addons_aufnahme_url'] = 'http://debian.dev/build/addons/aufnahme/cis/index.php'; $config['addons_aufnahme_url'] = 'http://debian.dev/build/addons/aufnahme/cis/index.php';
application/core/DB_Model.php
+10 -10
View File
@@ -36,7 +36,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NODBTABLE); return error(FHC_MODEL_ERROR, FHC_NODBTABLE);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::INSERT_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::INSERT_RIGHT)) return $isEntitled;
// DB-INSERT // DB-INSERT
if ($this->db->insert($this->dbTable, $data)) if ($this->db->insert($this->dbTable, $data))
@@ -80,7 +80,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NODBTABLE); return error(FHC_MODEL_ERROR, FHC_NODBTABLE);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::REPLACE_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::REPLACE_RIGHT)) return $isEntitled;
// DB-REPLACE // DB-REPLACE
if ($this->db->replace($this->dbTable, $data)) if ($this->db->replace($this->dbTable, $data))
@@ -105,7 +105,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NOPK); return error(FHC_MODEL_ERROR, FHC_NOPK);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::UPDATE_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::UPDATE_RIGHT)) return $isEntitled;
// DB-UPDATE // DB-UPDATE
// Check for composite Primary Key // Check for composite Primary Key
@@ -139,7 +139,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NOPK); return error(FHC_MODEL_ERROR, FHC_NOPK);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::DELETE_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::DELETE_RIGHT)) return $isEntitled;
// DB-DELETE // DB-DELETE
// Check for composite Primary Key // Check for composite Primary Key
@@ -173,7 +173,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NOPK); return error(FHC_MODEL_ERROR, FHC_NOPK);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::SELECT_RIGHT)) return $isEntitled;
// DB-SELECT // DB-SELECT
// Check for composite Primary Key // Check for composite Primary Key
@@ -207,7 +207,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NODBTABLE); return error(FHC_MODEL_ERROR, FHC_NODBTABLE);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::SELECT_RIGHT)) return $isEntitled;
// Execute query // Execute query
$result = $this->db->get_where($this->dbTable, $where); $result = $this->db->get_where($this->dbTable, $where);
@@ -235,7 +235,7 @@ class DB_Model extends FHC_Model
return error(FHC_MODEL_ERROR, FHC_NODBTABLE); return error(FHC_MODEL_ERROR, FHC_NODBTABLE);
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if ($isEntitled = $this->_isEntitled(PermissionLib::SELECT_RIGHT)) return $isEntitled;
// List of tables on which it will work // List of tables on which it will work
$tables = array_merge(array($mainTable), $sideTables); $tables = array_merge(array($mainTable), $sideTables);
@@ -609,7 +609,7 @@ class DB_Model extends FHC_Model
/** /**
* Checks if the caller is entitled to perform this operation with this right * Checks if the caller is entitled to perform this operation with this right
*/ */
protected function chkRights($permission) private function _isEntitled($permission)
{ {
// If the caller is _not_ a model _and_ tries to read data, then avoids to check permissions // If the caller is _not_ a model _and_ tries to read data, then avoids to check permissions
// Otherwise checks always the permissions // Otherwise checks always the permissions
@@ -617,9 +617,9 @@ class DB_Model extends FHC_Model
substr(get_called_class(), -6) == DB_Model::MODEL_POSTFIX) || substr(get_called_class(), -6) == DB_Model::MODEL_POSTFIX) ||
$permission != PermissionLib::SELECT_RIGHT) $permission != PermissionLib::SELECT_RIGHT)
{ {
if (($chkRights = $this->isEntitled($this->dbTable, $permission, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled($this->dbTable, $permission, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
{ {
return $chkRights; return $isEntitled;
} }
} }
} }
application/models/codex/Orgform_model.php
+2 -1
View File
@@ -15,7 +15,8 @@ class Orgform_model extends DB_Model
public function getOrgformLV() public function getOrgformLV()
{ {
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $isEntitled;
$query = "SELECT * $query = "SELECT *
FROM bis.tbl_orgform FROM bis.tbl_orgform
application/models/crm/Akte_model.php
+14 -14
View File
@@ -18,14 +18,14 @@ class Akte_model extends DB_Model
public function getAkten($person_id, $dokument_kurzbz = null, $stg_kz = null, $prestudent_id = null) public function getAkten($person_id, $dokument_kurzbz = null, $stg_kz = null, $prestudent_id = null)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_dokument', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_dokument', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_dokumentstudiengang', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_dokumentstudiengang', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$query = 'SELECT akte_id, $query = 'SELECT akte_id,
person_id, person_id,
@@ -84,12 +84,12 @@ class Akte_model extends DB_Model
public function getAktenAccepted($person_id, $dokument_kurzbz = null) public function getAktenAccepted($person_id, $dokument_kurzbz = null)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_prestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_prestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$query = 'SELECT a.akte_id, $query = 'SELECT a.akte_id,
a.person_id, a.person_id,
application/models/crm/Dokumentprestudent_model.php
+4 -4
View File
@@ -14,8 +14,8 @@ class Dokumentprestudent_model extends DB_Model
public function setAccepted($prestudent_id, $studiengang_kz) public function setAccepted($prestudent_id, $studiengang_kz)
{ {
if (($chkRights = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::INSERT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::INSERT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$result = null; $result = null;
@@ -43,8 +43,8 @@ class Dokumentprestudent_model extends DB_Model
public function setAcceptedDocuments($prestudent_id, $dokument_kurzbz) public function setAcceptedDocuments($prestudent_id, $dokument_kurzbz)
{ {
if (($chkRights = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::INSERT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_dokumentprestudent', PermissionLib::INSERT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$result = null; $result = null;
application/models/crm/Dokumentstudiengang_model.php
+2 -2
View File
@@ -15,8 +15,8 @@ class Dokumentstudiengang_model extends DB_Model
public function getDokumentstudiengangByStudiengang_kz($studiengang_kz, $onlinebewerbung, $pflicht) public function getDokumentstudiengangByStudiengang_kz($studiengang_kz, $onlinebewerbung, $pflicht)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled("public.tbl_dokument", "s", FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled("public.tbl_dokument", "s", FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$this->addJoin("public.tbl_dokument", "dokument_kurzbz"); $this->addJoin("public.tbl_dokument", "dokument_kurzbz");
application/models/crm/Prestudentstatus_model.php
+6 -6
View File
@@ -19,12 +19,12 @@ class Prestudentstatus_model extends DB_Model
public function getLastStatus($prestudent_id, $studiensemester_kurzbz = '', $status_kurzbz = '') public function getLastStatus($prestudent_id, $studiensemester_kurzbz = '', $status_kurzbz = '')
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.tbl_prestudentstatus', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_prestudentstatus', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('lehre.tbl_studienplan', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('lehre.tbl_studienplan', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$query = 'SELECT tbl_prestudentstatus.*, $query = 'SELECT tbl_prestudentstatus.*,
bezeichnung AS studienplan_bezeichnung, bezeichnung AS studienplan_bezeichnung,
application/models/organisation/Studiengang_model.php
+4 -4
View File
@@ -18,10 +18,10 @@ class Studiengang_model extends DB_Model
public function getAllForBewerbung() public function getAllForBewerbung()
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('lehre.vw_studienplan', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('lehre.vw_studienplan', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('bis.tbl_lgartcode', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('bis.tbl_lgartcode', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$allForBewerbungQuery = 'SELECT DISTINCT studiengang_kz, $allForBewerbungQuery = 'SELECT DISTINCT studiengang_kz,
typ, typ,
application/models/organisation/Studiensemester_model.php
+6 -4
View File
@@ -15,7 +15,8 @@ class Studiensemester_model extends DB_Model
public function getLastOrAktSemester($days = 60) public function getLastOrAktSemester($days = 60)
{ {
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $isEntitled;
if (!is_numeric($days)) if (!is_numeric($days))
{ {
@@ -34,7 +35,8 @@ class Studiensemester_model extends DB_Model
public function getNextFrom($studiensemester_kurzbz) public function getNextFrom($studiensemester_kurzbz)
{ {
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $isEntitled;
$query = 'SELECT studiensemester_kurzbz, $query = 'SELECT studiensemester_kurzbz,
start, start,
@@ -57,8 +59,8 @@ class Studiensemester_model extends DB_Model
public function getNearest($semester = '') public function getNearest($semester = '')
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.vw_studiensemester', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.vw_studiensemester', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$query = 'SELECT studiensemester_kurzbz, $query = 'SELECT studiensemester_kurzbz,
start, start,
application/models/person/Person_model.php
+10 -10
View File
@@ -24,16 +24,16 @@ class Person_model extends DB_Model
*/ */
public function checkBewerbung($email, $studiensemester_kurzbz = null) public function checkBewerbung($email, $studiensemester_kurzbz = null)
{ {
if (($chkRights = $this->isEntitled('public.tbl_person', 's', FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_kontakt', 's', FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_kontakt', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_benutzer', 's', FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_benutzer', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_prestudent', 's', FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_prestudent', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_prestudentstatus', 's', FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_prestudentstatus', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$checkBewerbungQuery = ''; $checkBewerbungQuery = '';
$parametersArray = array($email, $email, $email); $parametersArray = array($email, $email, $email);
application/models/system/Message_model.php
+6 -6
View File
@@ -20,12 +20,12 @@ class Message_model extends DB_Model
public function getMessagesByPerson($person_id, $all) public function getMessagesByPerson($person_id, $all)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$sql = 'SELECT m.message_id, $sql = 'SELECT m.message_id,
m.person_id, m.person_id,
application/models/system/Phrase_model.php
+4 -4
View File
@@ -18,10 +18,10 @@ class Phrase_model extends DB_Model
public function getPhrases($app, $sprache, $phrase = null, $orgeinheit_kurzbz = null, $orgform_kurzbz = null) public function getPhrases($app, $sprache, $phrase = null, $orgeinheit_kurzbz = null, $orgform_kurzbz = null)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('system.tbl_phrase', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('system.tbl_phrase', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('system.tbl_phrasentext', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('system.tbl_phrasentext', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$parametersArray = array('app' => $app, 'sprache' => $sprache); $parametersArray = array('app' => $app, 'sprache' => $sprache);
application/models/system/Recipient_model.php
+32 -32
View File
@@ -19,14 +19,14 @@ class Recipient_model extends DB_Model
public function getMessage($message_id, $person_id) public function getMessage($message_id, $person_id)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_kontakt', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_kontakt', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$query = 'SELECT mr.message_id, $query = 'SELECT mr.message_id,
mr.person_id, mr.person_id,
@@ -56,12 +56,12 @@ class Recipient_model extends DB_Model
public function getMessageByToken($token) public function getMessageByToken($token)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$sql = 'SELECT r.message_id, $sql = 'SELECT r.message_id,
m.person_id as sender_id, m.person_id as sender_id,
@@ -90,14 +90,14 @@ class Recipient_model extends DB_Model
public function getMessagesByPerson($person_id, $all) public function getMessagesByPerson($person_id, $all)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_person', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_status', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$sql = 'SELECT DISTINCT ON (r.message_id) r.message_id, $sql = 'SELECT DISTINCT ON (r.message_id) r.message_id,
m.person_id, m.person_id,
@@ -152,14 +152,14 @@ class Recipient_model extends DB_Model
// if same user // if same user
if ($uid === getAuthUID()) if ($uid === getAuthUID())
{ {
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
} }
// if different user, for reading messages from other users // if different user, for reading messages from other users
else else
{ {
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
} }
// get Data // get Data
@@ -208,12 +208,12 @@ class Recipient_model extends DB_Model
public function getMessages($kontaktType, $sent, $limit = null, $message_id = null) public function getMessages($kontaktType, $sent, $limit = null, $message_id = null)
{ {
// Checks if the operation is permitted by the API caller // Checks if the operation is permitted by the API caller
if (($chkRights = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_recipient', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_msg_message', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
if (($chkRights = $this->isEntitled('public.tbl_kontakt', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true) if (($isEntitled = $this->isEntitled('public.tbl_kontakt', PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $chkRights; return $isEntitled;
$query = 'SELECT mm.message_id, $query = 'SELECT mm.message_id,
ks.kontakt as sender, ks.kontakt as sender,
application/models/system/Vorlage_model.php
+2 -1
View File
@@ -15,7 +15,8 @@ class Vorlage_model extends DB_Model
public function getMimeTypes() public function getMimeTypes()
{ {
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $isEntitled;
$query = 'SELECT DISTINCT mimetype FROM public.tbl_vorlage ORDER BY mimetype'; $query = 'SELECT DISTINCT mimetype FROM public.tbl_vorlage ORDER BY mimetype';
application/models/system/Vorlagedokument_model.php
+2 -1
View File
@@ -18,7 +18,8 @@ class Vorlagedokument_model extends DB_Model
public function loadDokumenteFromVorlagestudiengang($vorlagestudiengang_id) public function loadDokumenteFromVorlagestudiengang($vorlagestudiengang_id)
{ {
// Checks rights // Checks rights
if ($chkRights = $this->chkRights(PermissionLib::SELECT_RIGHT)) return $chkRights; if (($isEntitled = $this->isEntitled($this->dbTable, PermissionLib::SELECT_RIGHT, FHC_NORIGHT, FHC_MODEL_ERROR)) !== true)
return $isEntitled;
$qry = 'SELECT vorlagedokument_id, $qry = 'SELECT vorlagedokument_id,
sort, sort,
tests/codeception/_data/dump.sql
+6 -2
View File
@@ -425,7 +425,8 @@ DELETE FROM system.tbl_rolleberechtigung WHERE berechtigung_kurzbz IN (
'system/phrase', 'system/phrase',
'system/vorlagestudiengang', 'system/vorlagestudiengang',
'system/vorlage', 'system/vorlage',
'system/appdaten' 'system/appdaten',
'system/PhrasesLib'
); );
-- DELETE FROM system.tbl_berechtigung -- DELETE FROM system.tbl_berechtigung
@@ -656,7 +657,8 @@ DELETE FROM system.tbl_berechtigung WHERE berechtigung_kurzbz IN (
'system/phrase', 'system/phrase',
'system/vorlagestudiengang', 'system/vorlagestudiengang',
'system/vorlage', 'system/vorlage',
'system/appdaten' 'system/appdaten',
'system/PhrasesLib'
); );
-- INSERT Permissions -- INSERT Permissions
@@ -887,6 +889,7 @@ INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('
INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/vorlagestudiengang', ''); INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/vorlagestudiengang', '');
INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/vorlage', ''); INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/vorlage', '');
INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/appdaten', ''); INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/appdaten', '');
INSERT INTO system.tbl_berechtigung (berechtigung_kurzbz, beschreibung) VALUES('system/PhrasesLib', '');
-- INSERT link between user admin and permissions -- INSERT link between user admin and permissions
INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('basis/archiv', 'admin', 'suid'); INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('basis/archiv', 'admin', 'suid');
@@ -1116,6 +1119,7 @@ INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art
INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/vorlagestudiengang', 'admin', 'suid'); INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/vorlagestudiengang', 'admin', 'suid');
INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/vorlage', 'admin', 'suid'); INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/vorlage', 'admin', 'suid');
INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/appdaten', 'admin', 'suid'); INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/appdaten', 'admin', 'suid');
INSERT INTO system.tbl_rolleberechtigung (berechtigung_kurzbz, rolle_kurzbz, art) VALUES('system/PhrasesLib', 'admin', 'suid');
-- EMPTY public.tbl_statistik -- EMPTY public.tbl_statistik
DELETE FROM public.tbl_statistik; DELETE FROM public.tbl_statistik;
tests/codeception/tests/api.suite.dist.yml
+1 -1
View File
@@ -4,7 +4,7 @@ modules:
- Db - Db
- REST: - REST:
# API URL # API URL
url: http://demo.fhcomplete.org/index.ci.php/api/ url: http://debian.dev/build/index.ci.php/api/
# Can also be a framework module name # Can also be a framework module name
depends: PhpBrowser depends: PhpBrowser
# Limits PhpBrowser to JSON or XML # Limits PhpBrowser to JSON or XML
tests/codeception/tests/api/v1/CallerLibraryCept.php
+19
View File
@@ -0,0 +1,19 @@
<?php
$I = new ApiTester($scenario);
$I->wantTo("Test API call v1/system/CallerLibrary/Call");
$I->amHttpAuthenticated("admin", "1q2w3");
$I->haveHttpHeader("FHC-API-KEY", "testapikey@fhcomplete.org");
$I->sendGET(
"v1/system/CallerLibrary/Call",
array(
"resource" => "PhrasesLib",
"function" => "getPhrase",
"phrase_id" => 1
)
);
$I->seeResponseCodeIs(200);
$I->seeResponseIsJson();
$I->seeResponseContainsJson(["error" => 0]);
$I->wait();
tests/codeception/tests/api/v1/CallerModelCept.php
+19
View File
@@ -0,0 +1,19 @@
<?php
$I = new ApiTester($scenario);
$I->wantTo("Test API call v1/system/CallerModel/Call");
$I->amHttpAuthenticated("admin", "1q2w3");
$I->haveHttpHeader("FHC-API-KEY", "testapikey@fhcomplete.org");
$I->sendGET(
"v1/system/CallerModel/Call",
array(
"resource" => "codex/Bundesland_model",
"function" => "load",
"bundesland_code" => "1"
)
);
$I->seeResponseCodeIs(200);
$I->seeResponseIsJson();
$I->seeResponseContainsJson(["error" => 0]);
$I->wait();
tests/codeception/tests/api/v1/PCRMCept.php
-23
View File
@@ -1,23 +0,0 @@
<?php
$I = new ApiTester($scenario);
$I->wantTo("Test API call v1/system/PCRM/Call");
$I->amHttpAuthenticated("admin", "1q2w3");
$I->haveHttpHeader("FHC-API-KEY", "testapikey@fhcomplete.org");
$I->sendGET("v1/system/PCRM/Call", array(
"resource" => "codex/Bundesland_model", "function" => "load", "bundesland_code" => "1")
);
$I->seeResponseCodeIs(200);
$I->seeResponseIsJson();
$I->seeResponseContainsJson(["error" => 0]);
$I->wait();
$I->sendGET("v1/system/PCRM/Call", array(
"resource" => "PermissionLib", "function" => "hasPermission",
"sn" => "bis.tbl_archiv", "pt" => "s")
);
$I->seeResponseCodeIs(200);
$I->seeResponseIsJson();
$I->seeResponseContainsJson(["error" => 0]);
$I->wait();