request acl permission in setter
Signed-off-by: dartcafe <github@dartcafe.de>
This commit is contained in:
dartcafe
Родитель
7395d946b7
Коммит
34fe2e9e43
|
|
@ -42,6 +42,7 @@ use OCA\Polls\Db\ShareMapper;
|
|||
* @package OCA\Polls\Model\Acl
|
||||
*/
|
||||
class Acl implements JsonSerializable {
|
||||
public const PERMISSION_OVERRIDE = 'override_permission';
|
||||
public const PERMISSION_POLL_VIEW = 'view';
|
||||
public const PERMISSION_POLL_EDIT = 'edit';
|
||||
public const PERMISSION_POLL_DELETE = 'delete';
|
||||
|
|
@ -94,12 +95,12 @@ class Acl implements JsonSerializable {
|
|||
/**
|
||||
* load share via token and than call setShare
|
||||
*/
|
||||
public function setToken(string $token = ''): Acl {
|
||||
public function setToken(string $token = '', string $permission = self::PERMISSION_POLL_VIEW): Acl {
|
||||
try {
|
||||
$this->share = $this->shareMapper->findByToken($token);
|
||||
$this->poll = $this->pollMapper->find($this->share->getPollId());
|
||||
$this->validateShareAccess();
|
||||
$this->request(self::PERMISSION_POLL_VIEW);
|
||||
$this->request($permission);
|
||||
|
||||
} catch (DoesNotExistException $e) {
|
||||
throw new NotAuthorizedException('Error loading share ' . $token);
|
||||
|
|
@ -108,10 +109,10 @@ class Acl implements JsonSerializable {
|
|||
return $this;
|
||||
}
|
||||
|
||||
public function setPollId(?int $pollId = 0): Acl {
|
||||
public function setPollId(?int $pollId = 0, string $permission = self::PERMISSION_POLL_VIEW): Acl {
|
||||
try {
|
||||
$this->poll = $this->pollMapper->find($pollId);
|
||||
$this->request(self::PERMISSION_POLL_VIEW);
|
||||
$this->request($permission);
|
||||
} catch (DoesNotExistException $e) {
|
||||
throw new NotAuthorizedException('Error loading poll ' . $pollId);
|
||||
}
|
||||
|
|
@ -152,11 +153,13 @@ class Acl implements JsonSerializable {
|
|||
return $this->getLoggedIn() ? $this->userManager->get($this->getUserId())->getDisplayName() : $this->share->getDisplayName();
|
||||
}
|
||||
|
||||
public function isAllowed(string $permission): bool {
|
||||
public function getIsAllowed(string $permission): bool {
|
||||
switch ($permission) {
|
||||
case self::PERMISSION_OVERRIDE:
|
||||
return true;
|
||||
case self::PERMISSION_POLL_VIEW:
|
||||
// if ($this->getIsOwner() || $this->hasAdminAccess()) {
|
||||
if ($this->isAllowed(self::PERMISSION_POLL_EDIT)) {
|
||||
if ($this->getIsAllowed(self::PERMISSION_POLL_EDIT)) {
|
||||
return true; // always grant access, if user has edit rights
|
||||
}
|
||||
|
||||
|
|
@ -180,13 +183,13 @@ class Acl implements JsonSerializable {
|
|||
return $this->getIsOwner() || $this->hasAdminAccess();
|
||||
|
||||
case self::PERMISSION_POLL_DELETE:
|
||||
return $this->isAllowed(self::PERMISSION_POLL_EDIT) || $this->getIsAdmin();
|
||||
return $this->getIsAllowed(self::PERMISSION_POLL_EDIT) || $this->getIsAdmin();
|
||||
|
||||
case self::PERMISSION_POLL_TAKEOVER:
|
||||
return $this->getIsAdmin() && !$this->getIsOwner();
|
||||
|
||||
case self::PERMISSION_POLL_SUBSCRIBE:
|
||||
return $this->hasEmail();
|
||||
return $this->getUserHasEmail();
|
||||
|
||||
case self::PERMISSION_POLL_RESULTS_VIEW:
|
||||
return $this->getIsOwner()
|
||||
|
|
@ -197,7 +200,7 @@ class Acl implements JsonSerializable {
|
|||
return $this->getIsOwner() || !$this->poll->getAnonymous();
|
||||
|
||||
case self::PERMISSION_OPTIONS_ADD:
|
||||
return $this->isAllowed(self::PERMISSION_POLL_EDIT)
|
||||
return $this->getIsAllowed(self::PERMISSION_POLL_EDIT)
|
||||
|| ($this->poll->getAllowProposals() === Poll::PROPOSAL_ALLOW
|
||||
&& !$this->poll->getProposalsExpired());
|
||||
|
||||
|
|
@ -213,21 +216,21 @@ class Acl implements JsonSerializable {
|
|||
}
|
||||
|
||||
public function request(string $permission): void {
|
||||
if (!$this->isAllowed($permission)) {
|
||||
if (!$this->getIsAllowed($permission)) {
|
||||
throw new NotAuthorizedException('denied permission ' . $permission);
|
||||
}
|
||||
}
|
||||
|
||||
public function jsonSerialize(): array {
|
||||
return [
|
||||
'allowComment' => $this->isAllowed(self::PERMISSION_COMMENT_ADD),
|
||||
'allowAddOptions' => $this->isAllowed(self::PERMISSION_OPTIONS_ADD),
|
||||
'allowEdit' => $this->isAllowed(self::PERMISSION_POLL_EDIT),
|
||||
'allowSeeResults' => $this->isAllowed(self::PERMISSION_POLL_RESULTS_VIEW),
|
||||
'allowSeeUsernames' => $this->isAllowed(self::PERMISSION_POLL_USERNAMES_VIEW),
|
||||
'allowSubscribe' => $this->isAllowed(self::PERMISSION_POLL_SUBSCRIBE),
|
||||
'allowView' => $this->isAllowed(self::PERMISSION_POLL_VIEW),
|
||||
'allowVote' => $this->isAllowed(self::PERMISSION_VOTE_EDIT),
|
||||
'allowComment' => $this->getIsAllowed(self::PERMISSION_COMMENT_ADD),
|
||||
'allowAddOptions' => $this->getIsAllowed(self::PERMISSION_OPTIONS_ADD),
|
||||
'allowEdit' => $this->getIsAllowed(self::PERMISSION_POLL_EDIT),
|
||||
'allowSeeResults' => $this->getIsAllowed(self::PERMISSION_POLL_RESULTS_VIEW),
|
||||
'allowSeeUsernames' => $this->getIsAllowed(self::PERMISSION_POLL_USERNAMES_VIEW),
|
||||
'allowSubscribe' => $this->getIsAllowed(self::PERMISSION_POLL_SUBSCRIBE),
|
||||
'allowView' => $this->getIsAllowed(self::PERMISSION_POLL_VIEW),
|
||||
'allowVote' => $this->getIsAllowed(self::PERMISSION_VOTE_EDIT),
|
||||
'displayName' => $this->getDisplayName(),
|
||||
'isOwner' => $this->getIsOwner(),
|
||||
'loggedIn' => $this->getLoggedIn(),
|
||||
|
|
@ -330,15 +333,12 @@ class Acl implements JsonSerializable {
|
|||
}
|
||||
|
||||
private function validateShareAccess(): void {
|
||||
if ($this->getLoggedIn()) {
|
||||
if (!$this->isShareValidForUsers()) {
|
||||
throw new NotAuthorizedException('Share type "' . $this->share->getType() . '"only valid for guests');
|
||||
};
|
||||
} else {
|
||||
if (!$this->isShareValidForGuests()) {
|
||||
throw new NotAuthorizedException('Share type "' . $this->share->getType() . '"only valid for registered users');
|
||||
};
|
||||
if ($this->getLoggedIn() && !$this->isShareValidForUsers()) {
|
||||
throw new NotAuthorizedException('Share type "' . $this->share->getType() . '"only valid for guests');
|
||||
}
|
||||
if (!$this->isShareValidForGuests()) {
|
||||
throw new NotAuthorizedException('Share type "' . $this->share->getType() . '"only valid for registered users');
|
||||
};
|
||||
}
|
||||
|
||||
private function isShareValidForGuests(): bool {
|
||||
|
|
@ -358,7 +358,7 @@ class Acl implements JsonSerializable {
|
|||
]);
|
||||
}
|
||||
|
||||
private function hasEmail(): bool {
|
||||
private function getUserHasEmail(): bool {
|
||||
return $this->share->getToken() ? strlen($this->share->getEmailAddress()) > 0 : $this->getLoggedIn();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ class CommentService {
|
|||
$this->acl->setPollId($pollId);
|
||||
}
|
||||
|
||||
if ($this->acl->isAllowed(Acl::PERMISSION_POLL_USERNAMES_VIEW)) {
|
||||
if ($this->acl->getIsAllowed(Acl::PERMISSION_POLL_USERNAMES_VIEW)) {
|
||||
return $this->commentMapper->findByPoll($this->acl->getPollId());
|
||||
} else {
|
||||
$this->anonymizer->set($this->acl->getPollId(), $this->acl->getUserId());
|
||||
|
|
@ -83,9 +83,9 @@ class CommentService {
|
|||
*/
|
||||
public function add(int $pollId = 0, ?string $token = '', string $message): Comment {
|
||||
if ($token) {
|
||||
$this->acl->setToken($token)->request(Acl::PERMISSION_COMMENT_ADD);
|
||||
$this->acl->setToken($token, Acl::PERMISSION_COMMENT_ADD);
|
||||
} else {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_COMMENT_ADD);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_COMMENT_ADD);
|
||||
}
|
||||
$this->comment = new Comment();
|
||||
$this->comment->setPollId($this->acl->getPollId());
|
||||
|
|
|
|||
|
|
@ -118,10 +118,10 @@ class OptionService {
|
|||
|
||||
$this->calculateVotes();
|
||||
|
||||
if ($this->poll->getHideBookedUp() && !$this->acl->isAllowed(Acl::PERMISSION_POLL_EDIT)) {
|
||||
if ($this->poll->getHideBookedUp() && !$this->acl->getIsAllowed(Acl::PERMISSION_POLL_EDIT)) {
|
||||
// hide booked up options except the user has edit permission
|
||||
$this->filterBookedUp();
|
||||
} elseif ($this->acl->isAllowed(Acl::PERMISSION_POLL_RESULTS_VIEW)) {
|
||||
} elseif ($this->acl->getIsAllowed(Acl::PERMISSION_POLL_RESULTS_VIEW)) {
|
||||
$this->calculateRanks();
|
||||
}
|
||||
|
||||
|
|
@ -150,9 +150,9 @@ class OptionService {
|
|||
*/
|
||||
public function add(int $pollId, int $timestamp = 0, string $pollOptionText = '', ?int $duration = 0, string $token = ''): Option {
|
||||
if ($token) {
|
||||
$this->acl->setToken($token)->request(Acl::PERMISSION_OPTIONS_ADD);
|
||||
$this->acl->setToken($token, Acl::PERMISSION_OPTIONS_ADD);
|
||||
} else {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_OPTIONS_ADD);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_OPTIONS_ADD);
|
||||
}
|
||||
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
|
@ -182,7 +182,7 @@ class OptionService {
|
|||
*/
|
||||
public function update(int $optionId, int $timestamp = 0, ?string $pollOptionText = '', ?int $duration = 0): Option {
|
||||
$this->option = $this->optionMapper->find($optionId);
|
||||
$this->acl->setPollId($this->option->getPollId())->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($this->option->getPollId(), Acl::PERMISSION_POLL_EDIT);
|
||||
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
|
|
@ -226,7 +226,7 @@ class OptionService {
|
|||
*/
|
||||
public function confirm(int $optionId): Option {
|
||||
$this->option = $this->optionMapper->find($optionId);
|
||||
$this->acl->setPollId($this->option->getPollId())->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($this->option->getPollId(), Acl::PERMISSION_POLL_EDIT);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
$this->option->setConfirmed($this->option->getConfirmed() ? 0 : time());
|
||||
|
|
@ -248,7 +248,7 @@ class OptionService {
|
|||
*/
|
||||
public function sequence(int $optionId, int $step, string $unit, int $amount): array {
|
||||
$this->option = $this->optionMapper->find($optionId);
|
||||
$this->acl->setPollId($this->option->getPollId())->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($this->option->getPollId(), Acl::PERMISSION_POLL_EDIT);
|
||||
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
|
|
@ -295,7 +295,7 @@ class OptionService {
|
|||
* @psalm-return array<array-key, Option>
|
||||
*/
|
||||
public function shift(int $pollId, int $step, string $unit): array {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
if ($this->poll->getType() !== Poll::TYPE_DATE) {
|
||||
|
|
@ -351,7 +351,7 @@ class OptionService {
|
|||
* @psalm-return array<array-key, Option>
|
||||
*/
|
||||
public function reorder(int $pollId, array $options): array {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
if ($this->poll->getType() === Poll::TYPE_DATE) {
|
||||
|
|
@ -382,7 +382,7 @@ class OptionService {
|
|||
public function setOrder(int $optionId, int $newOrder): array {
|
||||
|
||||
$this->option = $this->optionMapper->find($optionId);
|
||||
$this->acl->setPollId($this->option->getPollId())->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($this->option->getPollId(), Acl::PERMISSION_POLL_EDIT);
|
||||
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
|
|
@ -518,7 +518,7 @@ class OptionService {
|
|||
$option->isBookedUp = $this->poll->getOptionLimit() ? $this->poll->getOptionLimit() <= $option->yes : false;
|
||||
|
||||
// remove details, if the results shall be hidden
|
||||
if (!$this->acl->isAllowed(Acl::PERMISSION_POLL_RESULTS_VIEW)) {
|
||||
if (!$this->acl->getIsAllowed(Acl::PERMISSION_POLL_RESULTS_VIEW)) {
|
||||
$option->yes = 0;
|
||||
$option->no = 0;
|
||||
$option->maybe = 0;
|
||||
|
|
|
|||
|
|
@ -220,7 +220,7 @@ class PollService {
|
|||
* @return Poll
|
||||
*/
|
||||
public function update(int $pollId, array $poll): Poll {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
// Validate valuess
|
||||
|
|
@ -256,7 +256,7 @@ class PollService {
|
|||
* @return Poll
|
||||
*/
|
||||
public function switchDeleted(int $pollId): Poll {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_DELETE);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_DELETE);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
$this->poll->setDeleted($this->poll->getDeleted() ? 0 : time());
|
||||
|
|
@ -285,7 +285,7 @@ class PollService {
|
|||
* @return Poll
|
||||
*/
|
||||
public function delete(int $pollId): Poll {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_DELETE);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_DELETE);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
$this->pollMapper->delete($this->poll);
|
||||
|
|
@ -347,7 +347,7 @@ class PollService {
|
|||
* @psalm-return array<int, string>
|
||||
*/
|
||||
public function getParticipantsEmailAddresses(int $pollId): array {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
$this->poll = $this->acl->getPoll();
|
||||
|
||||
$votes = $this->voteMapper->findParticipantsByPoll($this->poll->getId());
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ class ShareService {
|
|||
*/
|
||||
public function list(int $pollId): array {
|
||||
try {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
$shares = $this->shareMapper->findByPoll($pollId);
|
||||
} catch (NotAuthorizedException $e) {
|
||||
return [];
|
||||
|
|
@ -230,7 +230,7 @@ class ShareService {
|
|||
* @return Share
|
||||
*/
|
||||
public function add(int $pollId, string $type, string $userId = ''): Share {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
|
||||
if ($type !== UserGroupClass::TYPE_PUBLIC) {
|
||||
try {
|
||||
|
|
@ -345,7 +345,7 @@ class ShareService {
|
|||
public function delete(string $token): string {
|
||||
try {
|
||||
$this->share = $this->shareMapper->findByToken($token);
|
||||
$this->acl->setPollId($this->share->getPollId())->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($this->share->getPollId(), Acl::PERMISSION_POLL_EDIT);
|
||||
$this->shareMapper->delete($this->share);
|
||||
} catch (DoesNotExistException $e) {
|
||||
// silently catch
|
||||
|
|
|
|||
|
|
@ -93,9 +93,9 @@ class VoteService {
|
|||
}
|
||||
|
||||
try {
|
||||
if (!$this->acl->isAllowed(Acl::PERMISSION_POLL_RESULTS_VIEW)) {
|
||||
if (!$this->acl->getIsAllowed(Acl::PERMISSION_POLL_RESULTS_VIEW)) {
|
||||
return $this->voteMapper->findByPollAndUser($this->acl->getpollId(), $this->acl->getUserId());
|
||||
} elseif (!$this->acl->isAllowed(Acl::PERMISSION_POLL_USERNAMES_VIEW)) {
|
||||
} elseif (!$this->acl->getIsAllowed(Acl::PERMISSION_POLL_USERNAMES_VIEW)) {
|
||||
$this->anonymizer->set($this->acl->getpollId(), $this->acl->getUserId());
|
||||
return $this->anonymizer->getVotes();
|
||||
} else {
|
||||
|
|
@ -152,12 +152,12 @@ class VoteService {
|
|||
$option = $this->optionMapper->find($optionId);
|
||||
|
||||
if ($token) {
|
||||
$this->acl->setToken($token)->request(Acl::PERMISSION_VOTE_EDIT);
|
||||
$this->acl->setToken($token, Acl::PERMISSION_VOTE_EDIT);
|
||||
if (intval($option->getPollId()) !== $this->acl->getPollId()) {
|
||||
throw new NotAuthorizedException;
|
||||
}
|
||||
} else {
|
||||
$this->acl->setPollId($option->getPollId())->request(Acl::PERMISSION_VOTE_EDIT);
|
||||
$this->acl->setPollId($option->getPollId(), Acl::PERMISSION_VOTE_EDIT);
|
||||
}
|
||||
|
||||
if ($setTo === 'yes') {
|
||||
|
|
@ -188,7 +188,7 @@ class VoteService {
|
|||
* Remove user from poll
|
||||
*/
|
||||
public function delete(int $pollId, string $userId): string {
|
||||
$this->acl->setPollId($pollId)->request(Acl::PERMISSION_POLL_EDIT);
|
||||
$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_EDIT);
|
||||
$this->voteMapper->deleteByPollAndUser($pollId, $userId);
|
||||
$this->watchService->writeUpdate($pollId, Watch::OBJECT_VOTES);
|
||||
return $userId;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче