diff options
| author | Simon | 2011-04-13 14:10:26 +0200 |
|---|---|---|
| committer | Simon | 2011-04-13 14:10:26 +0200 |
| commit | 85c7d1157407b132a9f0b71840f65d7ce0119abf (patch) | |
| tree | 0c0be236350d4e505a0002fb9a607fb584ac9181 /application/modules/user/controllers | |
| parent | Erster Teil der Rechte in Group Controller (diff) | |
| download | pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.tar.gz pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.tar.xz pbs2-85c7d1157407b132a9f0b71840f65d7ce0119abf.zip | |
Zweiter Teil der Rechte in Group Controller
Diffstat (limited to 'application/modules/user/controllers')
| -rw-r--r-- | application/modules/user/controllers/GroupController.php | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/application/modules/user/controllers/GroupController.php b/application/modules/user/controllers/GroupController.php index fb0d2a9..d9fd368 100644 --- a/application/modules/user/controllers/GroupController.php +++ b/application/modules/user/controllers/GroupController.php @@ -300,6 +300,10 @@ class User_GroupController extends Zend_Controller_Action public function deleteAction() { + // ACL delete a group + if(!Pbs_Acl::checkRight('gd')) + $this->_redirect('/user'); + $this->_helper->viewRenderer->setNoRender(); $groupID = $this->_request->getParam('groupID'); if(!isset($groupID)) { @@ -335,6 +339,10 @@ class User_GroupController extends Zend_Controller_Action public function grantpersonAction() { + // ACL grant a membership to request + if(!Pbs_Acl::checkRight('gam')) + $this->_redirect('/user'); + $this->_helper->viewRenderer->setNoRender(); if(isset($_POST['grouprequestID']) && isset($_POST['roleID'])) { $groupRequest = $this->groupRequestMapper->find($_POST['grouprequestID']); @@ -369,21 +377,26 @@ class User_GroupController extends Zend_Controller_Action public function revokepersonAction() { + $this->_helper->viewRenderer->setNoRender(); $membershipID = $this->_request->getParam('membershipID'); - if(isset($membershipID)) { - $membership = $this->membershipMapper->find($membershipID); - if(isset($membership)) { - try { - $this->membershipMapper->delete($membership); - } catch(Zend_Exception $e) - { - echo "Caught exception: " . get_class($e) . "<br/>"; - echo "Message: " . $e->getMessage() . "<br/>"; - return; + $rr = $this->membershipMapper->find($membershipID); + + if(($rr->getGroupID() == $this->membership->getGroupID && Pbs_Acl::checkRight('gdmo') ) || ( $rr->getGroupID() != $this->membership->getGroupID && Pbs_Acl::checkRight('gdmog'))){ + if(isset($membershipID)) { + $membership = $this->membershipMapper->find($membershipID); + if(isset($membership)) { + try { + $this->membershipMapper->delete($membership); + } catch(Zend_Exception $e) + { + echo "Caught exception: " . get_class($e) . "<br/>"; + echo "Message: " . $e->getMessage() . "<br/>"; + return; + } + $this->_redirect("/user/group/show/groupID/" . $membership->getGroupID()); } - $this->_redirect("/user/group/show/groupID/" . $membership->getGroupID()); - } - - } } + } + } + } } |