Rights im Personen Controller eingeführt, verwalten von anderen Accounts nun auch möglich

1 files changed, 12 insertions, 6 deletions

diff --git a/application/modules/user/controllers/AuthController.php b/application/modules/user/controllers/AuthController.php
index 7eccc98..8160104 100644
--- a/application/modules/user/controllers/AuthController.php
+++ b/application/modules/user/controllers/AuthController.php
@@ -2,9 +2,7 @@
 
 class User_AuthController extends Zend_Controller_Action
 {
-
 	protected $personmapper = null;
-
 	private $db = null;
 
 	public function init()
@@ -120,11 +118,19 @@ class User_AuthController extends Zend_Controller_Action
 
 	public function deleteAction()
 	{
+		if($this->_request->getParam('personID')) {
+			if(!Pbs_Acl::checkRight('peoa')) {
+				$this->_redirect('/user');
+			}
+			$personID = $this->_request->getParam('personID');
+		} else {
+			if(!Pbs_Acl::checkRight('pdo')) {
+				$this->_redirect('/user');
+			}
+			$userIDsNamespace = Zend_Session::namespaceGet('userIDs');
+			$personID = $userIDsNamespace['personID'];
+		}
 		if($_POST['confirmdelete']) {
-			$auth = Zend_Auth::getInstance();
-			$result = $this->personmapper->findBy(array('email' => $auth->getIdentity()),true);
-			$person = $result[0];
-			$personID = $person["personID"];
 			if (isset($personID)){
 				$this->personmapper = new Application_Model_PersonMapper();
 				$person = $this->personmapper->find($personID);