From 80c93c720cddb0e97c955da2fef0fd02b3827972 Mon Sep 17 00:00:00 2001
From: Björn Geiger
Date: Tue, 29 Mar 2011 15:01:46 +0200
Subject: Rollenverwaltung besser abgesichert

---
 .../modules/user/controllers/RoleController.php    | 234 +++++++++++++--------
 1 file changed, 143 insertions(+), 91 deletions(-)

(limited to 'application')

diff --git a/application/modules/user/controllers/RoleController.php b/application/modules/user/controllers/RoleController.php
index 0b0cb7d..009524f 100644
--- a/application/modules/user/controllers/RoleController.php
+++ b/application/modules/user/controllers/RoleController.php
@@ -27,7 +27,7 @@ class User_RoleController extends Zend_Controller_Action
 			$this->view->groupID = $this->userIDsNamespace['groupID'];
 			$this->view->roleList = $roleList;
 		} else {
-			$this->_helper->redirector('groupselect', 'role');
+			$this->_helper->redirector('selectmembership', 'person');
 			return;
 		}
 	}
@@ -40,7 +40,6 @@ class User_RoleController extends Zend_Controller_Action
 			} else {
 				$addForm = new user_Form_RoleAdd(array('rightlist' => $rightList),$_POST);
 				if ($addForm->isValid($_POST)) {
-
 					$_POST['groupID'] = $this->userIDsNamespace['groupID'];
 					$role = new Application_Model_Role($_POST);
 					try {
@@ -58,7 +57,7 @@ class User_RoleController extends Zend_Controller_Action
 
 			$this->view->addForm = $addForm;
 		} else {
-			$this->_helper->redirector('groupselect', 'role');
+			$this->_helper->redirector('selectmembership', 'person');
 			return;
 		}
 	}
@@ -75,33 +74,44 @@ class User_RoleController extends Zend_Controller_Action
 			$addForm = new user_Form_RoleAdd();
 			$this->view->addForm = $addForm;
 			return;
-		}
-		if (!isset($_POST["save"])){
-			$role = $this->roleMapper->find($roleID);
-			$_POST['title'] = $role->getTitle();
-			$_POST['description'] = $role->getDescription();
-			$_POST['groupID'] = $role->getGroupID();
-			$_POST['inheritance'] = $role->getInheritance();
-			$editForm = new user_Form_RoleEdit(array('roleID' => $roleID));
 		} else {
-			$editForm = new user_Form_RoleEdit(array('roleID' => $roleID), $_POST);
-			if ($editForm->isValid($_POST)) {
-					
-				$role = new Application_Model_Role($_POST);
-				$role->setID($this->_request->getParam('roleID'));
-				try {
-					$this->roleMapper->save($role);
-				} catch(Zend_Exception $e)
-				{
-					echo "Caught exception: " . get_class($e) . "<br/>";
-					echo "Message: " . $e->getMessage() . "<br/>";
+			$roleMapper = new Application_Model_RoleMapper();
+			$role = $roleMapper->find($roleID);
+			$roleGroupID = $role->getGroupID();
+		}
+		if($this->userIDsNamespace['groupID'] == $roleGroupID) {
+			if (!isset($_POST["save"])){
+				$role = $this->roleMapper->find($roleID);
+				$_POST['title'] = $role->getTitle();
+				$_POST['description'] = $role->getDescription();
+				$_POST['groupID'] = $role->getGroupID();
+				$_POST['inheritance'] = $role->getInheritance();
+				$editForm = new user_Form_RoleEdit(array('roleID' => $roleID));
+			} else {
+				$editForm = new user_Form_RoleEdit(array('roleID' => $roleID), $_POST);
+				if ($editForm->isValid($_POST)) {
+
+					$role = new Application_Model_Role($_POST);
+					$role->setID($this->_request->getParam('roleID'));
+					try {
+						$this->roleMapper->save($role);
+					} catch(Zend_Exception $e)
+					{
+						echo "Caught exception: " . get_class($e) . "<br/>";
+						echo "Message: " . $e->getMessage() . "<br/>";
+						return;
+					}
+					$this->_redirect($_SERVER['HTTP_REFERER']);
 					return;
 				}
-				$this->_redirect($_SERVER['HTTP_REFERER']);
-				return;
 			}
+			$this->view->editForm = $editForm;
+		} else {
+			$pbsNotifier = new Pbs_Notifier();
+			echo $pbsNotifier->notify('modify','forbidden');
+			$this->_helper-> viewRenderer-> setNoRender();
+			return;
 		}
-		$this->view->editForm = $editForm;
 	}
 
 	public function showAction()
@@ -113,19 +123,29 @@ class User_RoleController extends Zend_Controller_Action
 			}
 		}
 		if($roleID) {
-			$rightroles = $this->rightRolesMapper->findBy('roleID', $roleID);
-			if(count($rightroles) > 0) {
-				foreach($rightroles as $rightrole) {
-					$right = $this->rightMapper->find($rightrole['rightID']);
-					$rightsList[] = $right;
-				}
-				if(is_array($rightsList)) {
-					$this->view->rightsList = $rightsList;
+			$roleMapper = new Application_Model_RoleMapper();
+			$role = $roleMapper->find($roleID);
+			$roleGroupID = $role->getGroupID();
+			if($this->userIDsNamespace['groupID'] == $roleGroupID) {
+				$rightroles = $this->rightRolesMapper->findBy('roleID', $roleID);
+				if(count($rightroles) > 0) {
+					foreach($rightroles as $rightrole) {
+						$right = $this->rightMapper->find($rightrole['rightID']);
+						$rightsList[] = $right;
+					}
+					if(is_array($rightsList)) {
+						$this->view->rightsList = $rightsList;
+					}
 				}
+				$this->view->role = $this->roleMapper->find($roleID);
+				$this->view->roleID = $roleID;
+				$this->view->userIDsNamespace = $this->userIDsNamespace;
+			} else {
+				$pbsNotifier = new Pbs_Notifier();
+				echo $pbsNotifier->notify('view','forbidden');
+				$this->_helper-> viewRenderer-> setNoRender();
+				return;
 			}
-			$this->view->role = $this->roleMapper->find($roleID);
-			$this->view->roleID = $roleID;
-			$this->view->userIDsNamespace = $this->userIDsNamespace;
 		} else {
 			$this->_helper->redirector('', 'role');
 			return;
@@ -142,17 +162,27 @@ class User_RoleController extends Zend_Controller_Action
 			}
 		}
 		if (isset($roleID)){
-			$role = $this->roleMapper->find($roleID);
-			try {
-				$this->roleMapper->delete($role);
-			} catch(Zend_Exception $e)
-			{
-				echo "Caught exception: " . get_class($e) . "<br/>";
-				echo "Message: " . $e->getMessage() . "<br/>";
+			$roleMapper = new Application_Model_RoleMapper();
+			$role = $roleMapper->find($roleID);
+			$roleGroupID = $role->getGroupID();
+			if($this->userIDsNamespace['groupID'] == $roleGroupID) {
+				$role = $this->roleMapper->find($roleID);
+				try {
+					$this->roleMapper->delete($role);
+				} catch(Zend_Exception $e)
+				{
+					echo "Caught exception: " . get_class($e) . "<br/>";
+					echo "Message: " . $e->getMessage() . "<br/>";
+					return;
+				}
+				$this->_helper->redirector('', 'role');
+				return;
+			} else {
+				$pbsNotifier = new Pbs_Notifier();
+				echo $pbsNotifier->notify('delete','forbidden');
+				$this->_helper-> viewRenderer-> setNoRender();
 				return;
 			}
-			$this->_helper->redirector('', 'role');
-			return;
 		} else {
 			$this->_helper->redirector('', 'role');
 			return;
@@ -168,50 +198,61 @@ class User_RoleController extends Zend_Controller_Action
 			}
 		}
 		if(isset($roleID)) {
-			$rightroles = $this->rightRolesMapper->findBy('roleID', $roleID);
-			$rights = $this->rightMapper->fetchAll();
-			if(count($rightroles) > 0) {
-				if(count($rights) > 0) {
-					foreach($rights as $right) {
-						foreach($rightroles as $rightrole) {
-							if($right->getID() == $rightrole['rightID']) {
-								$found = true;
-								break;
+			$roleMapper = new Application_Model_RoleMapper();
+			$role = $roleMapper->find($roleID);
+			$roleGroupID = $role->getGroupID();
+			if($this->userIDsNamespace['groupID'] == $roleGroupID) {
+				$rightroles = $this->rightRolesMapper->findBy('roleID', $roleID);
+				$rights = $this->rightMapper->fetchAll();
+				if(count($rightroles) > 0) {
+					if(count($rights) > 0) {
+						foreach($rights as $right) {
+							foreach($rightroles as $rightrole) {
+								if($right->getID() == $rightrole['rightID']) {
+									$found = true;
+									break;
+								}
 							}
+							if(!$found) {
+								$rightlist[] = $right;
+							}
+							$found = false;
 						}
-						if(!$found) {
-							$rightlist[] = $right;
-						}
-						$found = false;
 					}
-				}
-			} else {
-				$rightlist = $rights;
-			}
-			if(count($rightlist) > 0) {
-				if (!isset($_POST["link"])){
-					$linkForm = new user_Form_LinkRight(array('rightlist' => $rightlist, 'roleID' => $roleID));
 				} else {
-					$linkForm = new user_Form_LinkRight(array('rightlist' => $rightlist, 'roleID' => $roleID), $_POST);
-					if ($linkForm->isValid($_POST)) {
-						$rightroles = new Application_Model_RightRoles();
-						$rightroles->setRightID($_POST['rightID']);
-						$rightroles->setRoleID($roleID);
-						try {
-							$this->rightRolesMapper->save($rightroles);
-						} catch(Zend_Exception $e)
-						{
-							echo "Caught exception: " . get_class($e) . "<br/>";
-							echo "Message: " . $e->getMessage() . "<br/>";
+					$rightlist = $rights;
+				}
+				if(count($rightlist) > 0) {
+					if (!isset($_POST["link"])){
+						$linkForm = new user_Form_LinkRight(array('rightlist' => $rightlist, 'roleID' => $roleID));
+					} else {
+						$linkForm = new user_Form_LinkRight(array('rightlist' => $rightlist, 'roleID' => $roleID), $_POST);
+						if ($linkForm->isValid($_POST)) {
+							$rightroles = new Application_Model_RightRoles();
+							$rightroles->setRightID($_POST['rightID']);
+							$rightroles->setRoleID($roleID);
+							try {
+								$this->rightRolesMapper->save($rightroles);
+							} catch(Zend_Exception $e)
+							{
+								echo "Caught exception: " . get_class($e) . "<br/>";
+								echo "Message: " . $e->getMessage() . "<br/>";
+								return;
+							}
+							$this->_redirect('/user/role/show/roleID/' . $roleID);
 							return;
 						}
-						$this->_redirect('/user/role/show/roleID/' . $roleID);
-						return;
 					}
+					$this->view->linkForm = $linkForm;
+				} else {
+					$this->_redirect('/user/role/show/roleID/' . $roleID);
+					return;
 				}
-				$this->view->linkForm = $linkForm;
+
 			} else {
-				$this->_redirect('/user/role/show/roleID/' . $roleID);
+				$pbsNotifier = new Pbs_Notifier();
+				echo $pbsNotifier->notify('link','forbidden');
+				$this->_helper-> viewRenderer-> setNoRender();
 				return;
 			}
 		} else {
@@ -229,19 +270,30 @@ class User_RoleController extends Zend_Controller_Action
 			$roleID = $rightRolesID[0];
 			$rightID = $rightRolesID[1];
 			if (isset($roleID) && isset($rightID)){
-				$rightroles = new Application_Model_RightRoles();
-				$rightroles->setRoleID($roleID);
-				$rightroles->setRightID($rightID);
-				try {
-					$this->rightRolesMapper->delete($rightroles);
-				} catch(Zend_Exception $e)
-				{
-					echo "Caught exception: " . get_class($e) . "<br/>";
-					echo "Message: " . $e->getMessage() . "<br/>";
+				$roleMapper = new Application_Model_RoleMapper();
+				$role = $roleMapper->find($roleID);
+				$roleGroupID = $role->getGroupID();
+				if($this->userIDsNamespace['groupID'] == $roleGroupID) {
+					$rightroles = new Application_Model_RightRoles();
+					$rightroles->setRoleID($roleID);
+					$rightroles->setRightID($rightID);
+					try {
+						$this->rightRolesMapper->delete($rightroles);
+					} catch(Zend_Exception $e)
+					{
+						echo "Caught exception: " . get_class($e) . "<br/>";
+						echo "Message: " . $e->getMessage() . "<br/>";
+						return;
+
+					}
+					$this->_redirect('/user/role/show/roleID/' . $roleID);
+					return;
+				} else {
+					$pbsNotifier = new Pbs_Notifier();
+					echo $pbsNotifier->notify('unlink','forbidden');
+					$this->_helper-> viewRenderer-> setNoRender();
 					return;
 				}
-				$this->_redirect('/user/role/show/roleID/' . $roleID);
-				return;
 			}
 		} else {
 			$this->_helper->redirector('', 'role');
-- 
cgit v1.2.3-55-g7522