ACL im RoleController

1 files changed, 37 insertions, 7 deletions

diff --git a/application/modules/user/controllers/RoleController.php b/application/modules/user/controllers/RoleController.php
index 88e2eeb..74efd70 100644
--- a/application/modules/user/controllers/RoleController.php
+++ b/application/modules/user/controllers/RoleController.php
@@ -22,6 +22,9 @@ class User_RoleController extends Zend_Controller_Action
 
 	public function indexAction()
 	{
+		if(!Pbs_Acl::checkRight('ro')) {
+			$this->_redirect('/user');
+		}
 		if(isset($this->userIDsNamespace['groupID'])) {
 			$this->view->roleList = $this->roleMapper->findBy(array('groupID' => $this->userIDsNamespace['groupID']),true);
 
@@ -46,6 +49,10 @@ class User_RoleController extends Zend_Controller_Action
 			$this->view->roleList = $pagination->getElements();
 			$this->view->pagination = $pagination->pagination($pageurl);
 			$this->view->page 		= $pagination->getRequestPage();
+			$this->view->addRight = Pbs_Acl::checkRight('ra');
+			$this->view->editRight = Pbs_Acl::checkRight('re');
+			$this->view->deleteRight = Pbs_Acl::checkRight('rd');
+			$this->view->detailsRight = Pbs_Acl::checkRight('rdd');
 			$this->view->userIDsNamespace = $this->userIDsNamespace;
 		} else {
 			$this->_helper->redirector('selectmembership', 'person');
@@ -54,11 +61,17 @@ class User_RoleController extends Zend_Controller_Action
 	}
 
 	public function searchAction(){
+		if(Pbs_Acl::checkRight('ro')) {
+			$this->_redirect('/user');
+		}
 		$this->_redirect('/user/role/index/search/'.($_GET['search']));
 	}
 
 	public function addAction()
 	{
+		if(!Pbs_Acl::checkRight('ra')) {
+			$this->_redirect('/user');
+		}
 		if(isset($this->userIDsNamespace['groupID'])) {
 			$roleID = $this->userIDsNamespace['roleID'];
 			$rights = $this->rightMapper->fetchAll();
@@ -70,9 +83,9 @@ class User_RoleController extends Zend_Controller_Action
 				}
 			}
 			if (!isset($_POST["add"])){
-				$addForm = new user_Form_RoleAdd(array('rightlist' => $rightlist));
+				$addForm = new user_Form_RoleAdd(array('rightlist' => $rightlist, 'inheritanceright' => Pbs_Acl::checkRight('rir'), 'addrighttoroleright' => Pbs_Acl::checkRight('rar')));
 			} else {
-				$addForm = new user_Form_RoleAdd(array('rightlist' => $rightlist),$_POST);
+				$addForm = new user_Form_RoleAdd(array('rightlist' => $rightlist, 'inheritanceright' => Pbs_Acl::checkRight('rir'), 'addrighttoroleright' => Pbs_Acl::checkRight('rar')),$_POST);
 				if ($addForm->isValid($_POST)) {
 					$_POST['groupID'] = $this->userIDsNamespace['groupID'];
 					$role = new Application_Model_Role($_POST);
@@ -105,7 +118,6 @@ class User_RoleController extends Zend_Controller_Action
 					return;
 				}
 			}
-
 			$this->view->addForm = $addForm;
 		} else {
 			$this->_helper->redirector('selectmembership', 'person');
@@ -115,6 +127,9 @@ class User_RoleController extends Zend_Controller_Action
 
 	public function editAction()
 	{
+		if(!Pbs_Acl::checkRight('re')) {
+			$this->_redirect('/user');
+		}
 		$roleID = $this->_request->getParam('roleID');
 		if(!isset($roleID)) {
 			if(count($this->userIDsNamespace) > 0) {
@@ -122,8 +137,7 @@ class User_RoleController extends Zend_Controller_Action
 			}
 		}
 		if(!isset($roleID)) {
-			$addForm = new user_Form_RoleAdd();
-			$this->view->addForm = $addForm;
+			$this->_helper->redirector('add', 'role');
 			return;
 		} else {
 			$roleMapper = new Application_Model_RoleMapper();
@@ -137,9 +151,9 @@ class User_RoleController extends Zend_Controller_Action
 				$_POST['description'] = $role->getDescription();
 				$_POST['groupID'] = $role->getGroupID();
 				$_POST['inheritance'] = $role->getInheritance();
-				$editForm = new user_Form_RoleEdit(array('roleID' => $roleID));
+				$editForm = new user_Form_RoleEdit(array('roleID' => $roleID, 'inheritanceright' => Pbs_Acl::checkRight('rir')));
 			} else {
-				$editForm = new user_Form_RoleEdit(array('roleID' => $roleID), $_POST);
+				$editForm = new user_Form_RoleEdit(array('roleID' => $roleID, 'inheritanceright' => Pbs_Acl::checkRight('rir')), $_POST);
 				if ($editForm->isValid($_POST)) {
 
 					$role = new Application_Model_Role($_POST);
@@ -175,6 +189,9 @@ class User_RoleController extends Zend_Controller_Action
 
 	public function showAction()
 	{
+		if(!Pbs_Acl::checkRight('rdd')) {
+			$this->_redirect('/user');
+		}
 		$roleID = $this->_request->getParam('roleID');
 		if(!isset($roleID)) {
 			if(count($this->userIDsNamespace) > 0) {
@@ -210,6 +227,10 @@ class User_RoleController extends Zend_Controller_Action
 				} else {
 					$this->view->rightsAvailable = true;
 				}
+				$this->view->editRight = Pbs_Acl::checkRight('re');
+				$this->view->deleteRight = Pbs_Acl::checkRight('rd');
+				$this->view->addRightToRoleRight = Pbs_Acl::checkRight('rar');
+				$this->view->removeRightOfRoleRight = Pbs_Acl::checkRight('rrr');
 				$this->view->role = $this->roleMapper->find($roleID);
 				$this->view->roleID = $roleID;
 				$this->view->userIDsNamespace = $this->userIDsNamespace;
@@ -227,6 +248,9 @@ class User_RoleController extends Zend_Controller_Action
 
 	public function deleteAction()
 	{
+		if(!Pbs_Acl::checkRight('rd')) {
+			$this->_redirect('/user');
+		}
 		$this->_helper->viewRenderer->setNoRender();
 		$roleID = $this->_request->getParam('roleID');
 		if(!isset($roleID)) {
@@ -268,6 +292,9 @@ class User_RoleController extends Zend_Controller_Action
 
 	public function linkrightAction()
 	{
+		if(!Pbs_Acl::checkRight('rar')) {
+			$this->_redirect('/user');
+		}
 		$roleID = $this->_request->getParam('roleID');
 		if(!isset($roleID)) {
 			if(count($this->userIDsNamespace) > 0) {
@@ -346,6 +373,9 @@ class User_RoleController extends Zend_Controller_Action
 
 	public function unlinkrightAction()
 	{
+		if(!Pbs_Acl::checkRight('rrr')) {
+			$this->_redirect('/user');
+		}
 		$this->_helper-> viewRenderer-> setNoRender();
 		$rightRolesID = $this->_request->getParam('rightrolesID');
 		if(isset($rightRolesID)) {