Zweiter Teil der Rechte in Group Controller

author: Simon 2011-04-13 14:10:26 +0200
committer: Simon 2011-04-13 14:10:26 +0200
commit: 85c7d1157407b132a9f0b71840f65d7ce0119abf (patch)
tree: 0c0be236350d4e505a0002fb9a607fb584ac9181
parent: Erster Teil der Rechte in Group Controller (diff)
download: pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.tar.gz
pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.tar.xz
pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.zip
2 files changed, 28 insertions, 15 deletions
diff --git a/application/modules/user/controllers/GroupController.php b/application/modules/user/controllers/GroupController.php
index fb0d2a9..d9fd368 100644
--- a/application/modules/user/controllers/GroupController.php
+++ b/application/modules/user/controllers/GroupController.php
@@ -300,6 +300,10 @@ class User_GroupController extends Zend_Controller_Action
 
 	public function deleteAction()
 	{
+		// ACL delete a group
+		if(!Pbs_Acl::checkRight('gd'))
+			$this->_redirect('/user');
+		
 		$this->_helper->viewRenderer->setNoRender();
 		$groupID = $this->_request->getParam('groupID');
 		if(!isset($groupID)) {
@@ -335,6 +339,10 @@ class User_GroupController extends Zend_Controller_Action
 
 	public function grantpersonAction()
 	{
+		// ACL grant a membership to request
+		if(!Pbs_Acl::checkRight('gam'))
+			$this->_redirect('/user');
+			
 		$this->_helper->viewRenderer->setNoRender();
 		if(isset($_POST['grouprequestID']) && isset($_POST['roleID'])) {
 			$groupRequest = $this->groupRequestMapper->find($_POST['grouprequestID']);
@@ -369,21 +377,26 @@ class User_GroupController extends Zend_Controller_Action
 
 	public function revokepersonAction()
 	{
+		
 		$this->_helper->viewRenderer->setNoRender();
 		$membershipID = $this->_request->getParam('membershipID');
-		if(isset($membershipID)) {
-			$membership = $this->membershipMapper->find($membershipID);
-			if(isset($membership)) {
-				try {
-					$this->membershipMapper->delete($membership);
-				} catch(Zend_Exception $e)
-				{
-					echo "Caught exception: " . get_class($e) . "<br/>";
-					echo "Message: " . $e->getMessage() . "<br/>";
-					return;
+		$rr = $this->membershipMapper->find($membershipID);
+		
+		if(($rr->getGroupID() == $this->membership->getGroupID && Pbs_Acl::checkRight('gdmo') ) || ( $rr->getGroupID() != $this->membership->getGroupID && Pbs_Acl::checkRight('gdmog'))){
+			if(isset($membershipID)) {
+				$membership = $this->membershipMapper->find($membershipID);
+				if(isset($membership)) {
+					try {
+						$this->membershipMapper->delete($membership);
+					} catch(Zend_Exception $e)
+					{
+						echo "Caught exception: " . get_class($e) . "<br/>";
+						echo "Message: " . $e->getMessage() . "<br/>";
+						return;
+					}
+					$this->_redirect("/user/group/show/groupID/" . $membership->getGroupID());
 				}
-				$this->_redirect("/user/group/show/groupID/" . $membership->getGroupID());
-			}
-
-		}	}
+			}	
+		}
+	}
 }
diff --git a/application/modules/user/views/scripts/group/show.phtml b/application/modules/user/views/scripts/group/show.phtml
index 18bc33a..b2a85ac 100644
--- a/application/modules/user/views/scripts/group/show.phtml
+++ b/application/modules/user/views/scripts/group/show.phtml
@@ -1,4 +1,4 @@
-<h1>Groupdetails</h1>
+<h1>Groupdetails - <?php echo $this->group->getTitle();?></h1>
 <?php 
 if($this->usergroup == $this->requestgroup){ 
 	echo $this->formButton('deletegroup', 'Delete', array(
author	Simon	2011-04-13 14:10:26 +0200
committer	Simon	2011-04-13 14:10:26 +0200
commit	85c7d1157407b132a9f0b71840f65d7ce0119abf (patch)
tree	0c0be236350d4e505a0002fb9a607fb584ac9181
parent	Erster Teil der Rechte in Group Controller (diff)
download	pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.tar.gz pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.tar.xz pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.zip