From 143ce482a30c76575c334948752d4c6ae251196f Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 29 Mar 2011 15:12:35 +0200 Subject: ACL in PoolController --- .../modules/user/controllers/PoolController.php | 38 +++++++++++++++------- 1 file changed, 26 insertions(+), 12 deletions(-) (limited to 'application/modules/user/controllers/PoolController.php') diff --git a/application/modules/user/controllers/PoolController.php b/application/modules/user/controllers/PoolController.php index 07dfec5..15a3f1e 100644 --- a/application/modules/user/controllers/PoolController.php +++ b/application/modules/user/controllers/PoolController.php @@ -23,7 +23,9 @@ class User_PoolController extends Zend_Controller_Action public function indexAction() { - // TODO: ACL: is he allowed to see the pools of a group + // ACL: is he allowed to see the pools of a group + if(!Pbs_Acl::checkRight('poo')) + $this->_redirect('/user'); $result = $this->_request->getParam('deleteresult'); if($result != ""){ @@ -76,13 +78,16 @@ class User_PoolController extends Zend_Controller_Action // extract the un-assigned clients from the clientlist of the group $freeclients = $this->arrayDiff($clientsArray,$assignedclientsArray); - - $this->view->freeclients = $freeclients; + if(Pbs_Acl::checkRight('posuc')) + $this->view->freeclients = $freeclients; } public function createpoolAction() { - // TODO: ACL: is he allowed to create a pool? + // ACL: is he allowed to create a pool? + if(!Pbs_Acl::checkRight('poc')) + $this->_redirect('/user'); + if (!isset($_POST["add"])){ $addfilterform = new user_Form_Pool(array('buttontext' => 'Create Pool')); $this->view->addpool = $addfilterform; @@ -107,8 +112,11 @@ class User_PoolController extends Zend_Controller_Action public function deletepoolAction() { $poolID = $this->_request->getParam('poolID'); - // TODO: ACL: is he allowed to delete a pool? - #if( he is allowed){ + + // ACL: is he allowed to delete a pool? + if(!Pbs_Acl::checkRight('pod')) + $this->_redirect('/user'); + if(is_numeric($poolID)){ $poolmapper = new Application_Model_PoolMapper(); $pool = new Application_Model_Pool(); @@ -124,14 +132,14 @@ class User_PoolController extends Zend_Controller_Action } } $this->_redirect('/user/pool/index/deleteresult/error'); - #}else{ - # $this->_redirect('/user/'); - #} } public function editpoolAction() { - // TODO: ACL: is he allowed to edit a pool? + // ACL: is he allowed to edit a pool? + if(!Pbs_Acl::checkRight('poe')) + $this->_redirect('/user'); + if (!isset($_POST["add"])){ $poolID = $this->_request->getParam('poolID'); $pool = new Application_Model_Pool(); @@ -179,7 +187,10 @@ class User_PoolController extends Zend_Controller_Action $clientID = $this->_request->getParam('clientID'); $poolID = $this->_request->getParam('poolID'); - // TODO: ACL: Is he allowed to link clients to pools? + // ACL: Is he allowed to link clients to pools? + if(!Pbs_Acl::checkRight('polc')) + $this->_redirect('/user'); + if(!isset($_POST['clientID']) && ($clientID == '')){ $clientmapper = new Application_Model_ClientMapper(); $clients = $clientmapper->findBy('groupID',$this->membership->getGroupID()); @@ -228,7 +239,10 @@ class User_PoolController extends Zend_Controller_Action { $poolentriesID = $this->_request->getParam('poolentriesID'); - // TODO: ACL: Is he allowed to unlink clients from pools? + // ACL: Is he allowed to unlink clients from pools? + if(!Pbs_Acl::checkRight('pouc')) + $this->_redirect('/user'); + if(is_numeric($poolentriesID)){ $poolentriesMapper = new Application_Model_PoolEntriesMapper(); $poolentry = new Application_Model_PoolEntries(); -- cgit v1.2.3-55-g7522