diff options
| author | Björn Geiger | 2011-03-29 15:06:08 +0200 |
|---|---|---|
| committer | Björn Geiger | 2011-03-29 15:06:08 +0200 |
| commit | 8d424fa865088b3267de7af2e1182504d1ba2aa7 (patch) | |
| tree | c752606717d4ed9e636ede19b7e9906c456b943f /application/modules | |
| parent | Rollenverwaltung besser abgesichert (diff) | |
| parent | Acl in Filter implementiert (diff) | |
| download | pbs2-8d424fa865088b3267de7af2e1182504d1ba2aa7.tar.gz pbs2-8d424fa865088b3267de7af2e1182504d1ba2aa7.tar.xz pbs2-8d424fa865088b3267de7af2e1182504d1ba2aa7.zip | |
Merge branch 'master' of ssh://git.openslx.org/lsfks/master-teamprojekt/pbs2
Diffstat (limited to 'application/modules')
| -rw-r--r-- | application/modules/user/controllers/FilterController.php | 45 | ||||
| -rw-r--r-- | application/modules/user/controllers/IndexController.php | 5 |
2 files changed, 33 insertions, 17 deletions
diff --git a/application/modules/user/controllers/FilterController.php b/application/modules/user/controllers/FilterController.php index fd8eaf5..bf04f23 100644 --- a/application/modules/user/controllers/FilterController.php +++ b/application/modules/user/controllers/FilterController.php @@ -26,7 +26,9 @@ class User_FilterController extends Zend_Controller_Action public function indexAction() { - // TODO: ACL: is he authorized to see this? + // ACL: Is he allowed to see the overview + if(!Pbs_Acl::checkRight('fo')) + $this->_redirect('/user'); $result = $this->_request->getParam('addresult'); if($result != ""){ @@ -56,7 +58,10 @@ class User_FilterController extends Zend_Controller_Action public function addfilterAction() { - // TODO: ACL: is he authorized to add a filter? + // ACL: Is he allowed to add a Filter + if(!Pbs_Acl::checkRight('fa')) + $this->_redirect('/user'); + $bmmapper = new Application_Model_BootMenuMapper(); $result = $bmmapper->findBy('groupID',$this->membership->getGroupID()); foreach($result as $rr){ @@ -102,7 +107,10 @@ class User_FilterController extends Zend_Controller_Action { $filterID = $this->_request->getParam('filterID'); $filtermapper = new Application_Model_FilterMapper(); - // TODO: ACL implementieren ob er den filter löschen darf + + // ACL: Is he allowed to remove the filter + if(!Pbs_Acl::checkRight('fd')) + $this->_redirect('/user'); if(is_numeric($filterID)){ $filter = new Application_Model_Filter(); @@ -132,8 +140,10 @@ class User_FilterController extends Zend_Controller_Action $bm->setID($rr['bootmenuID']); $bootmenus[] = $bm; } - // TODO: ACL is he allowed to edit this ? - // edit filter or edit filterpriority + // ACL: Is he allowed to edit the filter or the filterpriority? + if(!Pbs_Acl::checkRight('fe') && !Pbs_Acl::checkRight('fefp')) + $this->_redirect('/user'); + if (!isset($_POST["add"])){ $filterID = $this->_request->getParam('filterID'); $filter = new Application_Model_Filter(); @@ -165,8 +175,8 @@ class User_FilterController extends Zend_Controller_Action $newfilterentry->setGroupID($this->membership->getGroupID()); $newfilterentry->setMembershipID($this->membership->getID()); - // TODO: ACL: if he is only allowed to edit filterpriority - if(false){ + // ACL: if he is only allowed to edit filterpriority + if(Pbs_Acl::checkRight('fefp')){ $DBfilterentry = new Application_Model_Filter(); $filtermapper->find($this->_request->getParam('filterID'),$DBfilterentry); @@ -179,8 +189,8 @@ class User_FilterController extends Zend_Controller_Action $this->_redirect('/user/filter/index/modifyresult/forbidden'); } } - // TODO: ACL: he is allowed to edit the filter - elseif(true){ + // ACL: he is allowed to edit the filter + elseif(Pbs_Acl::checkRight('fe')){ $filtermapper->save($newfilterentry); $this->_redirect('/user/filter/index/modifyresult/ok'); } @@ -207,7 +217,7 @@ class User_FilterController extends Zend_Controller_Action $membershipMapper = new Application_Model_MembershipMapper(); $memberships = $membershipMapper->findBY('groupID',$this->membership->getGroupID()); - // TODO: get all child groups + $grouppMapper = new Application_Model_GroupMapper(); $group = new Application_Model_Group(); $grouppMapper->find($this->membership->getGroupID(),$group); @@ -226,7 +236,10 @@ class User_FilterController extends Zend_Controller_Action public function addfilterentryAction() { - // TODO: ACL: is he allowed to create a new filterentry? + // ACL: is he allowed to create a new filterentry? + if(!Pbs_Acl::checkRight('ffa')) + $this->_redirect('/user'); + $filterID = $this->_request->getParam('filterID'); $filterMapper = new Application_Model_FilterMapper(); $filter = new Application_Model_Filter(); @@ -288,7 +301,10 @@ class User_FilterController extends Zend_Controller_Action public function editfilterentryAction() { - //TODO: ACL: is he allowed to edit filterentrys ? + //ACL: is he allowed to edit filterentrys ? + if(!Pbs_Acl::checkRight('ffe')) + $this->_redirect('/user'); + $selectData = $this->prepareFormData(); if (!isset($_POST["add"])){ try{ @@ -375,7 +391,10 @@ class User_FilterController extends Zend_Controller_Action public function removefilterentryAction() { - //TODO: ACL: is he autohorized to delete a filterentry? + //ACL: is he autohorized to delete a filterentry? + if(!Pbs_Acl::checkRight('ffd')) + $this->_redirect('/user'); + $filterentriesID = $this->_request->getParam('filterentriesID'); if(is_numeric($filterentriesID)){ $filterentriesmapper = new Application_Model_FilterEntriesMapper(); diff --git a/application/modules/user/controllers/IndexController.php b/application/modules/user/controllers/IndexController.php index 1e15768..8974286 100644 --- a/application/modules/user/controllers/IndexController.php +++ b/application/modules/user/controllers/IndexController.php @@ -22,10 +22,7 @@ class User_IndexController extends Zend_Controller_Action '/user/bootmenu' => 'Create your Bootmenu', ); $this->view->links = $links; - } - - - + } } } |