From 9de18172bf018e4f132e3c5ecad7fcf23bf83507 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 29 Mar 2011 15:00:19 +0200 Subject: Acl in Filter implementiert --- .../modules/user/controllers/FilterController.php | 45 +++++++++++++++------- 1 file changed, 32 insertions(+), 13 deletions(-) (limited to 'application/modules/user/controllers/FilterController.php') diff --git a/application/modules/user/controllers/FilterController.php b/application/modules/user/controllers/FilterController.php index fd8eaf5..bf04f23 100644 --- a/application/modules/user/controllers/FilterController.php +++ b/application/modules/user/controllers/FilterController.php @@ -26,7 +26,9 @@ class User_FilterController extends Zend_Controller_Action public function indexAction() { - // TODO: ACL: is he authorized to see this? + // ACL: Is he allowed to see the overview + if(!Pbs_Acl::checkRight('fo')) + $this->_redirect('/user'); $result = $this->_request->getParam('addresult'); if($result != ""){ @@ -56,7 +58,10 @@ class User_FilterController extends Zend_Controller_Action public function addfilterAction() { - // TODO: ACL: is he authorized to add a filter? + // ACL: Is he allowed to add a Filter + if(!Pbs_Acl::checkRight('fa')) + $this->_redirect('/user'); + $bmmapper = new Application_Model_BootMenuMapper(); $result = $bmmapper->findBy('groupID',$this->membership->getGroupID()); foreach($result as $rr){ @@ -102,7 +107,10 @@ class User_FilterController extends Zend_Controller_Action { $filterID = $this->_request->getParam('filterID'); $filtermapper = new Application_Model_FilterMapper(); - // TODO: ACL implementieren ob er den filter löschen darf + + // ACL: Is he allowed to remove the filter + if(!Pbs_Acl::checkRight('fd')) + $this->_redirect('/user'); if(is_numeric($filterID)){ $filter = new Application_Model_Filter(); @@ -132,8 +140,10 @@ class User_FilterController extends Zend_Controller_Action $bm->setID($rr['bootmenuID']); $bootmenus[] = $bm; } - // TODO: ACL is he allowed to edit this ? - // edit filter or edit filterpriority + // ACL: Is he allowed to edit the filter or the filterpriority? + if(!Pbs_Acl::checkRight('fe') && !Pbs_Acl::checkRight('fefp')) + $this->_redirect('/user'); + if (!isset($_POST["add"])){ $filterID = $this->_request->getParam('filterID'); $filter = new Application_Model_Filter(); @@ -165,8 +175,8 @@ class User_FilterController extends Zend_Controller_Action $newfilterentry->setGroupID($this->membership->getGroupID()); $newfilterentry->setMembershipID($this->membership->getID()); - // TODO: ACL: if he is only allowed to edit filterpriority - if(false){ + // ACL: if he is only allowed to edit filterpriority + if(Pbs_Acl::checkRight('fefp')){ $DBfilterentry = new Application_Model_Filter(); $filtermapper->find($this->_request->getParam('filterID'),$DBfilterentry); @@ -179,8 +189,8 @@ class User_FilterController extends Zend_Controller_Action $this->_redirect('/user/filter/index/modifyresult/forbidden'); } } - // TODO: ACL: he is allowed to edit the filter - elseif(true){ + // ACL: he is allowed to edit the filter + elseif(Pbs_Acl::checkRight('fe')){ $filtermapper->save($newfilterentry); $this->_redirect('/user/filter/index/modifyresult/ok'); } @@ -207,7 +217,7 @@ class User_FilterController extends Zend_Controller_Action $membershipMapper = new Application_Model_MembershipMapper(); $memberships = $membershipMapper->findBY('groupID',$this->membership->getGroupID()); - // TODO: get all child groups + $grouppMapper = new Application_Model_GroupMapper(); $group = new Application_Model_Group(); $grouppMapper->find($this->membership->getGroupID(),$group); @@ -226,7 +236,10 @@ class User_FilterController extends Zend_Controller_Action public function addfilterentryAction() { - // TODO: ACL: is he allowed to create a new filterentry? + // ACL: is he allowed to create a new filterentry? + if(!Pbs_Acl::checkRight('ffa')) + $this->_redirect('/user'); + $filterID = $this->_request->getParam('filterID'); $filterMapper = new Application_Model_FilterMapper(); $filter = new Application_Model_Filter(); @@ -288,7 +301,10 @@ class User_FilterController extends Zend_Controller_Action public function editfilterentryAction() { - //TODO: ACL: is he allowed to edit filterentrys ? + //ACL: is he allowed to edit filterentrys ? + if(!Pbs_Acl::checkRight('ffe')) + $this->_redirect('/user'); + $selectData = $this->prepareFormData(); if (!isset($_POST["add"])){ try{ @@ -375,7 +391,10 @@ class User_FilterController extends Zend_Controller_Action public function removefilterentryAction() { - //TODO: ACL: is he autohorized to delete a filterentry? + //ACL: is he autohorized to delete a filterentry? + if(!Pbs_Acl::checkRight('ffd')) + $this->_redirect('/user'); + $filterentriesID = $this->_request->getParam('filterentriesID'); if(is_numeric($filterentriesID)){ $filterentriesmapper = new Application_Model_FilterEntriesMapper(); -- cgit v1.2.3-55-g7522