diff options
| author | Simon | 2011-03-29 15:12:35 +0200 |
|---|---|---|
| committer | Simon | 2011-03-29 15:12:35 +0200 |
| commit | 143ce482a30c76575c334948752d4c6ae251196f (patch) | |
| tree | a4bda343f4f09a6861e40effafec9a9ccc03a2cd /application/modules/user/controllers/PoolController.php | |
| parent | ACL in ClientController (diff) | |
| download | pbs2-143ce482a30c76575c334948752d4c6ae251196f.tar.gz pbs2-143ce482a30c76575c334948752d4c6ae251196f.tar.xz pbs2-143ce482a30c76575c334948752d4c6ae251196f.zip | |
ACL in PoolController
Diffstat (limited to 'application/modules/user/controllers/PoolController.php')
| -rw-r--r-- | application/modules/user/controllers/PoolController.php | 38 |
1 files changed, 26 insertions, 12 deletions
diff --git a/application/modules/user/controllers/PoolController.php b/application/modules/user/controllers/PoolController.php index 07dfec5..15a3f1e 100644 --- a/application/modules/user/controllers/PoolController.php +++ b/application/modules/user/controllers/PoolController.php @@ -23,7 +23,9 @@ class User_PoolController extends Zend_Controller_Action public function indexAction() { - // TODO: ACL: is he allowed to see the pools of a group + // ACL: is he allowed to see the pools of a group + if(!Pbs_Acl::checkRight('poo')) + $this->_redirect('/user'); $result = $this->_request->getParam('deleteresult'); if($result != ""){ @@ -76,13 +78,16 @@ class User_PoolController extends Zend_Controller_Action // extract the un-assigned clients from the clientlist of the group $freeclients = $this->arrayDiff($clientsArray,$assignedclientsArray); - - $this->view->freeclients = $freeclients; + if(Pbs_Acl::checkRight('posuc')) + $this->view->freeclients = $freeclients; } public function createpoolAction() { - // TODO: ACL: is he allowed to create a pool? + // ACL: is he allowed to create a pool? + if(!Pbs_Acl::checkRight('poc')) + $this->_redirect('/user'); + if (!isset($_POST["add"])){ $addfilterform = new user_Form_Pool(array('buttontext' => 'Create Pool')); $this->view->addpool = $addfilterform; @@ -107,8 +112,11 @@ class User_PoolController extends Zend_Controller_Action public function deletepoolAction() { $poolID = $this->_request->getParam('poolID'); - // TODO: ACL: is he allowed to delete a pool? - #if( he is allowed){ + + // ACL: is he allowed to delete a pool? + if(!Pbs_Acl::checkRight('pod')) + $this->_redirect('/user'); + if(is_numeric($poolID)){ $poolmapper = new Application_Model_PoolMapper(); $pool = new Application_Model_Pool(); @@ -124,14 +132,14 @@ class User_PoolController extends Zend_Controller_Action } } $this->_redirect('/user/pool/index/deleteresult/error'); - #}else{ - # $this->_redirect('/user/'); - #} } public function editpoolAction() { - // TODO: ACL: is he allowed to edit a pool? + // ACL: is he allowed to edit a pool? + if(!Pbs_Acl::checkRight('poe')) + $this->_redirect('/user'); + if (!isset($_POST["add"])){ $poolID = $this->_request->getParam('poolID'); $pool = new Application_Model_Pool(); @@ -179,7 +187,10 @@ class User_PoolController extends Zend_Controller_Action $clientID = $this->_request->getParam('clientID'); $poolID = $this->_request->getParam('poolID'); - // TODO: ACL: Is he allowed to link clients to pools? + // ACL: Is he allowed to link clients to pools? + if(!Pbs_Acl::checkRight('polc')) + $this->_redirect('/user'); + if(!isset($_POST['clientID']) && ($clientID == '')){ $clientmapper = new Application_Model_ClientMapper(); $clients = $clientmapper->findBy('groupID',$this->membership->getGroupID()); @@ -228,7 +239,10 @@ class User_PoolController extends Zend_Controller_Action { $poolentriesID = $this->_request->getParam('poolentriesID'); - // TODO: ACL: Is he allowed to unlink clients from pools? + // ACL: Is he allowed to unlink clients from pools? + if(!Pbs_Acl::checkRight('pouc')) + $this->_redirect('/user'); + if(is_numeric($poolentriesID)){ $poolentriesMapper = new Application_Model_PoolEntriesMapper(); $poolentry = new Application_Model_PoolEntries(); |