mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-06-01 12:19:28 +00:00
Kontakt component permission: possible to check if a person is neither student nor employee
This commit is contained in:
Alexei Karpenko
@@ -50,6 +50,7 @@ class Kontakt extends FHCAPI_Controller
|
||||
// Extra Permissionchecks
|
||||
$permsMa = [];
|
||||
$permsStud = [];
|
||||
$permsDefault = null;
|
||||
switch ($this->router->method) {
|
||||
case 'getBankverbindung':
|
||||
case 'loadBankverbindung':
|
||||
@@ -66,7 +67,7 @@ class Kontakt extends FHCAPI_Controller
|
||||
case 'getKontakte':
|
||||
case 'loadAddress':
|
||||
case 'loadContact':
|
||||
$permsMa = $permsStud = ['admin:r', 'assistenz:r'];
|
||||
$permsMa = $permsStud = $permsDefault = ['admin:r', 'assistenz:r'];
|
||||
break;
|
||||
case 'addNewAddress':
|
||||
case 'addNewContact':
|
||||
@@ -74,7 +75,7 @@ class Kontakt extends FHCAPI_Controller
|
||||
case 'updateContact':
|
||||
case 'deleteAddress':
|
||||
case 'deleteContact':
|
||||
$permsMa = $permsStud = ['admin:rw', 'assistenz:rw'];
|
||||
$permsMa = $permsStud = $permsDefault = ['admin:rw', 'assistenz:rw'];
|
||||
break;
|
||||
}
|
||||
if ($this->router->method == 'getAdressen'
|
||||
@@ -89,7 +90,7 @@ class Kontakt extends FHCAPI_Controller
|
||||
if (is_null($person_id) || !ctype_digit((string)$person_id))
|
||||
$this->terminateWithError( $this->p->t('ui', 'ungueltigeParameter'), self::ERROR_TYPE_GENERAL);
|
||||
|
||||
$this->checkPermissionsForPerson($person_id, $permsMa, $permsStud);
|
||||
$this->checkPermissionsForPerson($person_id, $permsMa, $permsStud, $permsDefault);
|
||||
} elseif ($this->router->method == 'loadAddress'
|
||||
|| $this->router->method == 'loadContact'
|
||||
|| $this->router->method == 'loadBankverbindung'
|
||||
@@ -133,7 +134,7 @@ class Kontakt extends FHCAPI_Controller
|
||||
|
||||
$person_id = current($data)->person_id;
|
||||
|
||||
$this->checkPermissionsForPerson($person_id, $permsMa, $permsStud);
|
||||
$this->checkPermissionsForPerson($person_id, $permsMa, $permsStud, $permsDefault);
|
||||
}
|
||||
}
|
||||
public function getAdressen($person_id)
|
||||
|
||||
@@ -70,20 +70,22 @@ abstract class Auth_Controller extends FHC_Controller
|
||||
/**
|
||||
* Checks for Permissions depending if the given person is a
|
||||
* Mitarbeiter and/or Student
|
||||
* If neither Student nor Mitarbeiter, default permissions are checked
|
||||
* and exits/outputs an error if they are not met.
|
||||
*
|
||||
* @param integer $person_id
|
||||
* @param array $permMa Perms if the person is a Mitarbeiter
|
||||
* @param array $permStud Perms if the person is a Student
|
||||
* @param array $permDefault Perms if the person is neither a Student nor a Mitarbeiter
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function checkPermissionsForPerson($person_id, $permMa, $permStud)
|
||||
protected function checkPermissionsForPerson($person_id, $permMa, $permStud, $permDefault = null)
|
||||
{
|
||||
$res = $this->hasPermissionsForPerson($person_id, $permMa, $permStud);
|
||||
$res = $this->hasPermissionsForPerson($person_id, $permMa, $permStud, $permDefault);
|
||||
|
||||
if ($res) {
|
||||
$perm = array_keys(array_flip(array_merge($res|1 ? $permMa : [], $res|2 ? $permStud : [])));
|
||||
$perm = array_keys(array_flip(array_merge($res&1 ? $permMa : [], $res&2 ? $permStud : [], $res&4 ? $permDefault : [])));
|
||||
$this->_outputAuthError([$this->router->method => $perm]);
|
||||
}
|
||||
}
|
||||
@@ -108,16 +110,19 @@ abstract class Auth_Controller extends FHC_Controller
|
||||
* Checks for Permissions depending if the given person is a
|
||||
* Mitarbeiter and/or Student
|
||||
* and returns the result.
|
||||
* If neither Student nor Mitarbeiter, default permissions are checked
|
||||
*
|
||||
* @param integer $person_id
|
||||
* @param array $permMa Perms if the person is a Mitarbeiter
|
||||
* @param array $permStud Perms if the person is a Student
|
||||
*
|
||||
* @param array $permDefault Perms if the person is neither a Student nor a Mitarbeiter
|
||||
* @return integer 0 if permission is granted
|
||||
*/
|
||||
protected function hasPermissionsForPerson($person_id, $permMa, $permStud)
|
||||
protected function hasPermissionsForPerson($person_id, $permMa, $permStud, $permDefault)
|
||||
{
|
||||
$res = 3;
|
||||
$res = 8;
|
||||
$isMitarbeiter = false;
|
||||
$isStudent = false;
|
||||
$this->load->model('person/Person_model', 'PersonModel');
|
||||
$this->PersonModel->addJoin('public.tbl_benutzer', 'person_id');
|
||||
$this->PersonModel->addJoin('public.tbl_mitarbeiter', 'uid = mitarbeiter_uid');
|
||||
@@ -125,7 +130,8 @@ abstract class Auth_Controller extends FHC_Controller
|
||||
if (hasData($result)) {
|
||||
if ($this->permissionlib->isEntitled(['a' => $permMa], 'a'))
|
||||
return 0;
|
||||
$res = 1;
|
||||
$isMitarbeiter = true;
|
||||
$res += 1;
|
||||
}
|
||||
$this->PersonModel->addJoin('public.tbl_prestudent', 'person_id');
|
||||
$result = $this->PersonModel->load($person_id);
|
||||
@@ -140,8 +146,15 @@ abstract class Auth_Controller extends FHC_Controller
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
$isStudent = true;
|
||||
$res += 2;
|
||||
}
|
||||
if (isset($permDefault) && !$isMitarbeiter && !$isStudent)
|
||||
{
|
||||
if ($this->permissionlib->isEntitled(['a' => $permDefault], 'a'))
|
||||
return 0;
|
||||
$res += 4;
|
||||
}
|
||||
return $res;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user