summaryrefslogtreecommitdiffstats
path: root/application/modules/user/controllers/PoolController.php
diff options
context:
space:
mode:
authorSimon2011-03-29 15:12:35 +0200
committerSimon2011-03-29 15:12:35 +0200
commit143ce482a30c76575c334948752d4c6ae251196f (patch)
treea4bda343f4f09a6861e40effafec9a9ccc03a2cd /application/modules/user/controllers/PoolController.php
parentACL in ClientController (diff)
downloadpbs2-143ce482a30c76575c334948752d4c6ae251196f.tar.gz
pbs2-143ce482a30c76575c334948752d4c6ae251196f.tar.xz
pbs2-143ce482a30c76575c334948752d4c6ae251196f.zip
ACL in PoolController
Diffstat (limited to 'application/modules/user/controllers/PoolController.php')
-rw-r--r--application/modules/user/controllers/PoolController.php38
1 files changed, 26 insertions, 12 deletions
diff --git a/application/modules/user/controllers/PoolController.php b/application/modules/user/controllers/PoolController.php
index 07dfec5..15a3f1e 100644
--- a/application/modules/user/controllers/PoolController.php
+++ b/application/modules/user/controllers/PoolController.php
@@ -23,7 +23,9 @@ class User_PoolController extends Zend_Controller_Action
public function indexAction()
{
- // TODO: ACL: is he allowed to see the pools of a group
+ // ACL: is he allowed to see the pools of a group
+ if(!Pbs_Acl::checkRight('poo'))
+ $this->_redirect('/user');
$result = $this->_request->getParam('deleteresult');
if($result != ""){
@@ -76,13 +78,16 @@ class User_PoolController extends Zend_Controller_Action
// extract the un-assigned clients from the clientlist of the group
$freeclients = $this->arrayDiff($clientsArray,$assignedclientsArray);
-
- $this->view->freeclients = $freeclients;
+ if(Pbs_Acl::checkRight('posuc'))
+ $this->view->freeclients = $freeclients;
}
public function createpoolAction()
{
- // TODO: ACL: is he allowed to create a pool?
+ // ACL: is he allowed to create a pool?
+ if(!Pbs_Acl::checkRight('poc'))
+ $this->_redirect('/user');
+
if (!isset($_POST["add"])){
$addfilterform = new user_Form_Pool(array('buttontext' => 'Create Pool'));
$this->view->addpool = $addfilterform;
@@ -107,8 +112,11 @@ class User_PoolController extends Zend_Controller_Action
public function deletepoolAction()
{
$poolID = $this->_request->getParam('poolID');
- // TODO: ACL: is he allowed to delete a pool?
- #if( he is allowed){
+
+ // ACL: is he allowed to delete a pool?
+ if(!Pbs_Acl::checkRight('pod'))
+ $this->_redirect('/user');
+
if(is_numeric($poolID)){
$poolmapper = new Application_Model_PoolMapper();
$pool = new Application_Model_Pool();
@@ -124,14 +132,14 @@ class User_PoolController extends Zend_Controller_Action
}
}
$this->_redirect('/user/pool/index/deleteresult/error');
- #}else{
- # $this->_redirect('/user/');
- #}
}
public function editpoolAction()
{
- // TODO: ACL: is he allowed to edit a pool?
+ // ACL: is he allowed to edit a pool?
+ if(!Pbs_Acl::checkRight('poe'))
+ $this->_redirect('/user');
+
if (!isset($_POST["add"])){
$poolID = $this->_request->getParam('poolID');
$pool = new Application_Model_Pool();
@@ -179,7 +187,10 @@ class User_PoolController extends Zend_Controller_Action
$clientID = $this->_request->getParam('clientID');
$poolID = $this->_request->getParam('poolID');
- // TODO: ACL: Is he allowed to link clients to pools?
+ // ACL: Is he allowed to link clients to pools?
+ if(!Pbs_Acl::checkRight('polc'))
+ $this->_redirect('/user');
+
if(!isset($_POST['clientID']) && ($clientID == '')){
$clientmapper = new Application_Model_ClientMapper();
$clients = $clientmapper->findBy('groupID',$this->membership->getGroupID());
@@ -228,7 +239,10 @@ class User_PoolController extends Zend_Controller_Action
{
$poolentriesID = $this->_request->getParam('poolentriesID');
- // TODO: ACL: Is he allowed to unlink clients from pools?
+ // ACL: Is he allowed to unlink clients from pools?
+ if(!Pbs_Acl::checkRight('pouc'))
+ $this->_redirect('/user');
+
if(is_numeric($poolentriesID)){
$poolentriesMapper = new Application_Model_PoolEntriesMapper();
$poolentry = new Application_Model_PoolEntries();