Moved permission checks to Authenticator class
This commit is contained in:
Igor Scheller
msquare
parent
951828a4f1
commit
c33940f64a
|
|
@ -78,9 +78,7 @@ function angeltypes_about_controller()
|
||||||
*/
|
*/
|
||||||
function angeltype_delete_controller()
|
function angeltype_delete_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (!auth()->can('admin_angel_types')) {
|
||||||
|
|
||||||
if (!in_array('admin_angel_types', $privileges)) {
|
|
||||||
redirect(page_link_to('angeltypes'));
|
redirect(page_link_to('angeltypes'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -105,10 +103,8 @@ function angeltype_delete_controller()
|
||||||
*/
|
*/
|
||||||
function angeltype_edit_controller()
|
function angeltype_edit_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
// In supporter mode only allow to modify description
|
// In supporter mode only allow to modify description
|
||||||
$supporter_mode = !in_array('admin_angel_types', $privileges);
|
$supporter_mode = !auth()->can('admin_angel_types');
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if ($request->has('angeltype_id')) {
|
if ($request->has('angeltype_id')) {
|
||||||
|
|
@ -178,10 +174,9 @@ function angeltype_edit_controller()
|
||||||
*/
|
*/
|
||||||
function angeltype_controller()
|
function angeltype_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
|
||||||
if (!in_array('angeltypes', $privileges)) {
|
if (!auth()->can('angeltypes')) {
|
||||||
redirect(page_link_to('/'));
|
redirect(page_link_to('/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -210,8 +205,8 @@ function angeltype_controller()
|
||||||
$angeltype,
|
$angeltype,
|
||||||
$members,
|
$members,
|
||||||
$user_angeltype,
|
$user_angeltype,
|
||||||
in_array('admin_user_angeltypes', $privileges) || $user_angeltype['supporter'],
|
auth()->can('admin_user_angeltypes') || $user_angeltype['supporter'],
|
||||||
in_array('admin_angel_types', $privileges),
|
auth()->can('admin_angel_types'),
|
||||||
$user_angeltype['supporter'],
|
$user_angeltype['supporter'],
|
||||||
$user_driver_license,
|
$user_driver_license,
|
||||||
$user,
|
$user,
|
||||||
|
|
@ -250,11 +245,9 @@ function angeltype_controller_shiftsFilterDays($angeltype)
|
||||||
*/
|
*/
|
||||||
function angeltype_controller_shiftsFilter($angeltype, $days)
|
function angeltype_controller_shiftsFilter($angeltype, $days)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
$request = request();
|
$request = request();
|
||||||
$shiftsFilter = new ShiftsFilter(
|
$shiftsFilter = new ShiftsFilter(
|
||||||
in_array('user_shifts_admin', $privileges),
|
auth()->can('user_shifts_admin'),
|
||||||
Room_ids(),
|
Room_ids(),
|
||||||
[$angeltype['id']]
|
[$angeltype['id']]
|
||||||
);
|
);
|
||||||
|
|
@ -278,10 +271,9 @@ function angeltype_controller_shiftsFilter($angeltype, $days)
|
||||||
*/
|
*/
|
||||||
function angeltypes_list_controller()
|
function angeltypes_list_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
|
||||||
if (!in_array('angeltypes', $privileges)) {
|
if (!auth()->can('angeltypes')) {
|
||||||
redirect(page_link_to('/'));
|
redirect(page_link_to('/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -296,7 +288,7 @@ function angeltypes_list_controller()
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
||||||
if (in_array('admin_angel_types', $privileges)) {
|
if (auth()->can('admin_angel_types')) {
|
||||||
$actions[] = button(
|
$actions[] = button(
|
||||||
page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
|
page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
|
||||||
__('edit'),
|
__('edit'),
|
||||||
|
|
@ -340,7 +332,7 @@ function angeltypes_list_controller()
|
||||||
|
|
||||||
return [
|
return [
|
||||||
angeltypes_title(),
|
angeltypes_title(),
|
||||||
AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges))
|
AngelTypes_list_view($angeltypes, auth()->can('admin_angel_types'))
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,9 +16,7 @@ function event_config_title()
|
||||||
*/
|
*/
|
||||||
function event_config_edit_controller()
|
function event_config_edit_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (!auth()->can('admin_event_config')) {
|
||||||
|
|
||||||
if (!in_array('admin_event_config', $privileges)) {
|
|
||||||
redirect(page_link_to('/'));
|
redirect(page_link_to('/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,7 @@ use Engelsystem\ShiftsFilterRenderer;
|
||||||
*/
|
*/
|
||||||
function room_controller()
|
function room_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (!auth()->can('view_rooms')) {
|
||||||
|
|
||||||
if (!in_array('view_rooms', $privileges)) {
|
|
||||||
redirect(page_link_to());
|
redirect(page_link_to());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,6 @@ function shift_entries_controller()
|
||||||
*/
|
*/
|
||||||
function shift_entry_create_controller()
|
function shift_entry_create_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
|
|
@ -50,7 +49,7 @@ function shift_entry_create_controller()
|
||||||
|
|
||||||
$angeltype = AngelType($request->input('angeltype_id'));
|
$angeltype = AngelType($request->input('angeltype_id'));
|
||||||
|
|
||||||
if (in_array('user_shifts_admin', $privileges)) {
|
if (auth()->can('user_shifts_admin')) {
|
||||||
return shift_entry_create_controller_admin($shift, $angeltype);
|
return shift_entry_create_controller_admin($shift, $angeltype);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -43,13 +43,11 @@ function shift_edit_link($shift)
|
||||||
*/
|
*/
|
||||||
function shift_edit_controller()
|
function shift_edit_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
$msg = '';
|
$msg = '';
|
||||||
$valid = true;
|
$valid = true;
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if (!in_array('admin_shifts', $privileges)) {
|
if (!auth()->can('admin_shifts')) {
|
||||||
redirect(page_link_to('user_shifts'));
|
redirect(page_link_to('user_shifts'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -203,10 +201,9 @@ function shift_edit_controller()
|
||||||
*/
|
*/
|
||||||
function shift_delete_controller()
|
function shift_delete_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if (!in_array('user_shifts_admin', $privileges)) {
|
if (!auth()->can('user_shifts_admin')) {
|
||||||
redirect(page_link_to('user_shifts'));
|
redirect(page_link_to('user_shifts'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -253,11 +250,10 @@ function shift_delete_controller()
|
||||||
*/
|
*/
|
||||||
function shift_controller()
|
function shift_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if (!in_array('user_shifts', $privileges)) {
|
if (!auth()->can('user_shifts')) {
|
||||||
redirect(page_link_to('/'));
|
redirect(page_link_to('/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -332,9 +328,7 @@ function shifts_controller()
|
||||||
*/
|
*/
|
||||||
function shift_next_controller()
|
function shift_next_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (!auth()->can('user_shifts')) {
|
||||||
|
|
||||||
if (!in_array('user_shifts', $privileges)) {
|
|
||||||
redirect(page_link_to('/'));
|
redirect(page_link_to('/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -363,7 +357,7 @@ function shifts_json_export_controller()
|
||||||
if (!$user) {
|
if (!$user) {
|
||||||
engelsystem_error('Key invalid.');
|
engelsystem_error('Key invalid.');
|
||||||
}
|
}
|
||||||
if (!in_array('shifts_json_export', privileges_for_user($user->id))) {
|
if (!auth()->can('shifts_json_export')) {
|
||||||
engelsystem_error('No privilege for shifts_json_export.');
|
engelsystem_error('No privilege for shifts_json_export.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,6 @@ function user_angeltypes_delete_all_controller()
|
||||||
*/
|
*/
|
||||||
function user_angeltypes_confirm_all_controller()
|
function user_angeltypes_confirm_all_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
|
|
@ -95,7 +94,7 @@ function user_angeltypes_confirm_all_controller()
|
||||||
redirect(page_link_to('angeltypes'));
|
redirect(page_link_to('angeltypes'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!in_array('admin_user_angeltypes', $privileges) && !User_is_AngelType_supporter($user, $angeltype)) {
|
if (!auth()->can('admin_user_angeltypes') && !User_is_AngelType_supporter($user, $angeltype)) {
|
||||||
error(__('You are not allowed to confirm all users for this angeltype.'));
|
error(__('You are not allowed to confirm all users for this angeltype.'));
|
||||||
redirect(page_link_to('angeltypes'));
|
redirect(page_link_to('angeltypes'));
|
||||||
}
|
}
|
||||||
|
|
@ -235,11 +234,10 @@ function user_angeltype_delete_controller()
|
||||||
*/
|
*/
|
||||||
function user_angeltype_update_controller()
|
function user_angeltype_update_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$supporter = false;
|
$supporter = false;
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if (!in_array('admin_angel_types', $privileges)) {
|
if (!auth()->can('admin_angel_types')) {
|
||||||
error(__('You are not allowed to set supporter rights.'));
|
error(__('You are not allowed to set supporter rights.'));
|
||||||
redirect(page_link_to('angeltypes'));
|
redirect(page_link_to('angeltypes'));
|
||||||
}
|
}
|
||||||
|
|
@ -360,7 +358,6 @@ function user_angeltype_add_controller()
|
||||||
*/
|
*/
|
||||||
function user_angeltype_join_controller($angeltype)
|
function user_angeltype_join_controller($angeltype)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
|
||||||
$user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype);
|
$user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype);
|
||||||
|
|
@ -380,7 +377,7 @@ function user_angeltype_join_controller($angeltype)
|
||||||
));
|
));
|
||||||
success($success_message);
|
success($success_message);
|
||||||
|
|
||||||
if (in_array('admin_user_angeltypes', $privileges)) {
|
if (auth()->can('admin_user_angeltypes')) {
|
||||||
UserAngelType_confirm($user_angeltype_id, $user->id);
|
UserAngelType_confirm($user_angeltype_id, $user->id);
|
||||||
engelsystem_log(sprintf(
|
engelsystem_log(sprintf(
|
||||||
'User %s confirmed as %s.',
|
'User %s confirmed as %s.',
|
||||||
|
|
|
||||||
|
|
@ -96,13 +96,12 @@ function user_driver_license_load_user()
|
||||||
*/
|
*/
|
||||||
function user_driver_license_edit_controller()
|
function user_driver_license_edit_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
$user_source = user_driver_license_load_user();
|
$user_source = user_driver_license_load_user();
|
||||||
|
|
||||||
// only privilege admin_user can edit other users driver license information
|
// only privilege admin_user can edit other users driver license information
|
||||||
if ($user->id != $user_source->id && !in_array('admin_user', $privileges)) {
|
if ($user->id != $user_source->id && !auth()->can('admin_user')) {
|
||||||
redirect(user_driver_license_edit_link());
|
redirect(user_driver_license_edit_link());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -182,10 +182,9 @@ function user_worklog_delete_link($userWorkLog, $parameters = [])
|
||||||
*/
|
*/
|
||||||
function user_worklog_controller()
|
function user_worklog_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
|
||||||
if (!in_array('admin_user_worklog', $privileges)) {
|
if (!auth()->can('admin_user_worklog')) {
|
||||||
redirect(user_link($user->id));
|
redirect(user_link($user->id));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,6 @@ function users_controller()
|
||||||
*/
|
*/
|
||||||
function user_delete_controller()
|
function user_delete_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
|
|
@ -56,7 +55,7 @@ function user_delete_controller()
|
||||||
$user_source = $user;
|
$user_source = $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!in_array('admin_user', $privileges)) {
|
if (!auth()->can('admin_user')) {
|
||||||
redirect(page_link_to(''));
|
redirect(page_link_to(''));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -138,7 +137,6 @@ function user_link($userId)
|
||||||
*/
|
*/
|
||||||
function user_edit_vouchers_controller()
|
function user_edit_vouchers_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
|
|
@ -148,7 +146,7 @@ function user_edit_vouchers_controller()
|
||||||
$user_source = $user;
|
$user_source = $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!in_array('admin_user', $privileges)) {
|
if (!auth()->can('admin_user')) {
|
||||||
redirect(page_link_to(''));
|
redirect(page_link_to(''));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -190,7 +188,6 @@ function user_edit_vouchers_controller()
|
||||||
*/
|
*/
|
||||||
function user_controller()
|
function user_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
|
|
@ -203,7 +200,7 @@ function user_controller()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$shifts = Shifts_by_user($user_source->id, in_array('user_shifts_admin', $privileges));
|
$shifts = Shifts_by_user($user_source->id, auth()->can('user_shifts_admin'));
|
||||||
foreach ($shifts as &$shift) {
|
foreach ($shifts as &$shift) {
|
||||||
// TODO: Move queries to model
|
// TODO: Move queries to model
|
||||||
$shift['needed_angeltypes'] = DB::select('
|
$shift['needed_angeltypes'] = DB::select('
|
||||||
|
|
@ -242,15 +239,15 @@ function user_controller()
|
||||||
$user_source->name,
|
$user_source->name,
|
||||||
User_view(
|
User_view(
|
||||||
$user_source,
|
$user_source,
|
||||||
in_array('admin_user', $privileges),
|
auth()->can('admin_user'),
|
||||||
User_is_freeloader($user_source),
|
User_is_freeloader($user_source),
|
||||||
User_angeltypes($user_source->id),
|
User_angeltypes($user_source->id),
|
||||||
User_groups($user_source->id),
|
User_groups($user_source->id),
|
||||||
$shifts,
|
$shifts,
|
||||||
$user->id == $user_source->id,
|
$user->id == $user_source->id,
|
||||||
$tshirt_score,
|
$tshirt_score,
|
||||||
in_array('admin_active', $privileges),
|
auth()->can('admin_active'),
|
||||||
in_array('admin_user_worklog', $privileges),
|
auth()->can('admin_user_worklog'),
|
||||||
UserWorkLogsForUser($user_source->id)
|
UserWorkLogsForUser($user_source->id)
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
@ -263,10 +260,9 @@ function user_controller()
|
||||||
*/
|
*/
|
||||||
function users_list_controller()
|
function users_list_controller()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if (!in_array('admin_user', $privileges)) {
|
if (!auth()->can('admin_user')) {
|
||||||
redirect(page_link_to(''));
|
redirect(page_link_to(''));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,3 @@ if ($app->get('config')->get('maintenance')) {
|
||||||
echo $maintenance;
|
echo $maintenance;
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Init authorization
|
|
||||||
*/
|
|
||||||
load_auth();
|
|
||||||
|
|
|
||||||
|
|
@ -422,17 +422,16 @@ function Shift_signup_allowed_admin($needed_angeltype, $shift_entries)
|
||||||
*/
|
*/
|
||||||
function Shift_signout_allowed($shift, $angeltype, $signout_user_id)
|
function Shift_signout_allowed($shift, $angeltype, $signout_user_id)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
|
||||||
// user shifts admin can sign out any user at any time
|
// user shifts admin can sign out any user at any time
|
||||||
if (in_array('user_shifts_admin', $privileges)) {
|
if (auth()->can('user_shifts_admin')) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// angeltype supporter can sign out any user at any time from their supported angeltype
|
// angeltype supporter can sign out any user at any time from their supported angeltype
|
||||||
if (
|
if (
|
||||||
in_array('shiftentry_edit_angeltype_supporter', $privileges)
|
auth()->can('shiftentry_edit_angeltype_supporter')
|
||||||
&& User_is_AngelType_supporter($user, $angeltype)
|
&& User_is_AngelType_supporter($user, $angeltype)
|
||||||
) {
|
) {
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -466,14 +465,12 @@ function Shift_signup_allowed(
|
||||||
$needed_angeltype,
|
$needed_angeltype,
|
||||||
$shift_entries
|
$shift_entries
|
||||||
) {
|
) {
|
||||||
global $privileges;
|
if (auth()->can('user_shifts_admin')) {
|
||||||
|
|
||||||
if (in_array('user_shifts_admin', $privileges)) {
|
|
||||||
return Shift_signup_allowed_admin($needed_angeltype, $shift_entries);
|
return Shift_signup_allowed_admin($needed_angeltype, $shift_entries);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
in_array('shiftentry_edit_angeltype_supporter', $privileges)
|
auth()->can('shiftentry_edit_angeltype_supporter')
|
||||||
&& User_is_AngelType_supporter(auth()->user(), $angeltype)
|
&& User_is_AngelType_supporter(auth()->user(), $angeltype)
|
||||||
) {
|
) {
|
||||||
return Shift_signup_allowed_angeltype_supporter($needed_angeltype, $shift_entries);
|
return Shift_signup_allowed_angeltype_supporter($needed_angeltype, $shift_entries);
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ function admin_free_title()
|
||||||
*/
|
*/
|
||||||
function admin_free()
|
function admin_free()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
$search = '';
|
$search = '';
|
||||||
|
|
@ -88,7 +87,7 @@ function admin_free()
|
||||||
'dect' => $usr->contact->dect,
|
'dect' => $usr->contact->dect,
|
||||||
'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'),
|
'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'),
|
||||||
'actions' =>
|
'actions' =>
|
||||||
in_array('admin_user', $privileges)
|
auth()->can('admin_user')
|
||||||
? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs')
|
? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs')
|
||||||
: ''
|
: ''
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ use Engelsystem\Models\User\User;
|
||||||
*/
|
*/
|
||||||
function admin_news()
|
function admin_news()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
|
|
@ -32,7 +31,7 @@ function admin_news()
|
||||||
case 'edit':
|
case 'edit':
|
||||||
$user_source = User::find($news['UID']);
|
$user_source = User::find($news['UID']);
|
||||||
if (
|
if (
|
||||||
!in_array('admin_news_html', $privileges)
|
!auth()->can('admin_news_html')
|
||||||
&& strip_tags($news['Text']) != $news['Text']
|
&& strip_tags($news['Text']) != $news['Text']
|
||||||
) {
|
) {
|
||||||
$html .= warning(
|
$html .= warning(
|
||||||
|
|
@ -62,7 +61,7 @@ function admin_news()
|
||||||
|
|
||||||
case 'save':
|
case 'save':
|
||||||
$text = $request->postData('eText');
|
$text = $request->postData('eText');
|
||||||
if (!in_array('admin_news_html', $privileges)) {
|
if (!auth()->can('admin_news_html')) {
|
||||||
$text = strip_tags($text);
|
$text = strip_tags($text);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,10 +18,10 @@ function admin_questions_title()
|
||||||
*/
|
*/
|
||||||
function admin_new_questions()
|
function admin_new_questions()
|
||||||
{
|
{
|
||||||
global $privileges, $page;
|
global $page;
|
||||||
|
|
||||||
if ($page != 'admin_questions') {
|
if ($page != 'admin_questions') {
|
||||||
if (in_array('admin_questions', $privileges)) {
|
if (auth()->can('admin_questions')) {
|
||||||
$new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));
|
$new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));
|
||||||
|
|
||||||
if ($new_messages > 0) {
|
if ($new_messages > 0) {
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ function admin_user_title()
|
||||||
*/
|
*/
|
||||||
function admin_user()
|
function admin_user()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$tshirt_sizes = config('tshirt_sizes');
|
$tshirt_sizes = config('tshirt_sizes');
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
@ -83,7 +82,7 @@ function admin_user()
|
||||||
$html .= html_options('eAktiv', $options, $user_source->state->active) . '</td></tr>' . "\n";
|
$html .= html_options('eAktiv', $options, $user_source->state->active) . '</td></tr>' . "\n";
|
||||||
|
|
||||||
// Aktiv erzwingen
|
// Aktiv erzwingen
|
||||||
if (in_array('admin_active', $privileges)) {
|
if (auth()->can('admin_active')) {
|
||||||
$html .= ' <tr><td>' . __('Force active') . '</td><td>' . "\n";
|
$html .= ' <tr><td>' . __('Force active') . '</td><td>' . "\n";
|
||||||
$html .= html_options('force_active', $options, $user_source->state->force_active) . '</td></tr>' . "\n";
|
$html .= html_options('force_active', $options, $user_source->state->force_active) . '</td></tr>' . "\n";
|
||||||
}
|
}
|
||||||
|
|
@ -249,7 +248,7 @@ function admin_user()
|
||||||
case 'save':
|
case 'save':
|
||||||
$force_active = $user->state->force_active;
|
$force_active = $user->state->force_active;
|
||||||
$user_source = User::find($user_id);
|
$user_source = User::find($user_id);
|
||||||
if (in_array('admin_active', $privileges)) {
|
if (auth()->can('admin_active')) {
|
||||||
$force_active = $request->input('force_active');
|
$force_active = $request->input('force_active');
|
||||||
}
|
}
|
||||||
if ($user_source->settings->email_human) {
|
if ($user_source->settings->email_human) {
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,6 @@ function logout_title()
|
||||||
*/
|
*/
|
||||||
function guest_register()
|
function guest_register()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$authUser = auth()->user();
|
$authUser = auth()->user();
|
||||||
$tshirt_sizes = config('tshirt_sizes');
|
$tshirt_sizes = config('tshirt_sizes');
|
||||||
$enable_tshirt_size = config('enable_tshirt_size');
|
$enable_tshirt_size = config('enable_tshirt_size');
|
||||||
|
|
@ -71,7 +70,7 @@ function guest_register()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!in_array('register', $privileges) || (!$authUser && !config('registration_enabled'))) {
|
if (!auth()->can('register') || (!$authUser && !config('registration_enabled'))) {
|
||||||
error(__('Registration is disabled.'));
|
error(__('Registration is disabled.'));
|
||||||
|
|
||||||
return page_with_title(register_title(), [
|
return page_with_title(register_title(), [
|
||||||
|
|
@ -472,9 +471,7 @@ function guest_login()
|
||||||
*/
|
*/
|
||||||
function get_register_hint()
|
function get_register_hint()
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (auth()->can('register') && config('registration_enabled')) {
|
||||||
|
|
||||||
if (in_array('register', $privileges) && config('registration_enabled')) {
|
|
||||||
return join('', [
|
return join('', [
|
||||||
'<p>' . __('Please sign up, if you want to help us!') . '</p>',
|
'<p>' . __('Please sign up, if you want to help us!') . '</p>',
|
||||||
buttons([
|
buttons([
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ function user_atom()
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
engelsystem_error('Key invalid.');
|
engelsystem_error('Key invalid.');
|
||||||
}
|
}
|
||||||
if (!in_array('atom', privileges_for_user($user->id))) {
|
if (!auth()->can('atom')) {
|
||||||
engelsystem_error('No privilege for atom.');
|
engelsystem_error('No privilege for atom.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ function user_ical()
|
||||||
if (!$user) {
|
if (!$user) {
|
||||||
engelsystem_error('Key invalid.');
|
engelsystem_error('Key invalid.');
|
||||||
}
|
}
|
||||||
if (!in_array('ical', privileges_for_user($user->id))) {
|
if (!auth()->can('ical')) {
|
||||||
engelsystem_error('No privilege for ical.');
|
engelsystem_error('No privilege for ical.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,13 +18,12 @@ function myshifts_title()
|
||||||
*/
|
*/
|
||||||
function user_myshifts()
|
function user_myshifts()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
||||||
if (
|
if (
|
||||||
$request->has('id')
|
$request->has('id')
|
||||||
&& in_array('user_shifts_admin', $privileges)
|
&& auth()->can('user_shifts_admin')
|
||||||
&& preg_match('/^\d{1,}$/', $request->input('id'))
|
&& preg_match('/^\d{1,}$/', $request->input('id'))
|
||||||
&& User::find($request->input('id'))
|
&& User::find($request->input('id'))
|
||||||
) {
|
) {
|
||||||
|
|
@ -79,7 +78,7 @@ function user_myshifts()
|
||||||
|
|
||||||
if ($request->hasPostData('submit')) {
|
if ($request->hasPostData('submit')) {
|
||||||
$valid = true;
|
$valid = true;
|
||||||
if (in_array('user_shifts_admin', $privileges)) {
|
if (auth()->can('user_shifts_admin')) {
|
||||||
$freeloaded = $request->has('freeloaded');
|
$freeloaded = $request->has('freeloaded');
|
||||||
$freeload_comment = strip_request_item_nl('freeload_comment');
|
$freeload_comment = strip_request_item_nl('freeload_comment');
|
||||||
if ($freeloaded && $freeload_comment == '') {
|
if ($freeloaded && $freeload_comment == '') {
|
||||||
|
|
@ -120,7 +119,7 @@ function user_myshifts()
|
||||||
$shift['Comment'],
|
$shift['Comment'],
|
||||||
$shift['freeloaded'],
|
$shift['freeloaded'],
|
||||||
$shift['freeload_comment'],
|
$shift['freeload_comment'],
|
||||||
in_array('user_shifts_admin', $privileges)
|
auth()->can('user_shifts_admin')
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
redirect(page_link_to('user_myshifts'));
|
redirect(page_link_to('user_myshifts'));
|
||||||
|
|
|
||||||
|
|
@ -91,7 +91,7 @@ function news_text($news)
|
||||||
*/
|
*/
|
||||||
function display_news($news)
|
function display_news($news)
|
||||||
{
|
{
|
||||||
global $privileges, $page;
|
global $page;
|
||||||
|
|
||||||
$html = '';
|
$html = '';
|
||||||
$html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">';
|
$html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">';
|
||||||
|
|
@ -101,7 +101,7 @@ function display_news($news)
|
||||||
$html .= '<div class="panel-body">' . news_text($news) . '</div>';
|
$html .= '<div class="panel-body">' . news_text($news) . '</div>';
|
||||||
|
|
||||||
$html .= '<div class="panel-footer text-muted">';
|
$html .= '<div class="panel-footer text-muted">';
|
||||||
if (in_array('admin_news', $privileges)) {
|
if (auth()->can('admin_news')) {
|
||||||
$html .= '<div class="pull-right">'
|
$html .= '<div class="pull-right">'
|
||||||
. button_glyph(
|
. button_glyph(
|
||||||
page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]),
|
page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]),
|
||||||
|
|
@ -198,7 +198,6 @@ function user_news_comments()
|
||||||
*/
|
*/
|
||||||
function user_news()
|
function user_news()
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$display_news = config('display_news');
|
$display_news = config('display_news');
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
@ -206,13 +205,13 @@ function user_news()
|
||||||
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
|
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
|
||||||
|
|
||||||
$isMeeting = $request->postData('treffen');
|
$isMeeting = $request->postData('treffen');
|
||||||
if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
|
if ($request->has('text') && $request->has('betreff') && auth()->can('admin_news')) {
|
||||||
if (!$request->has('treffen')) {
|
if (!$request->has('treffen')) {
|
||||||
$isMeeting = 0;
|
$isMeeting = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
$text = $request->postData('text');
|
$text = $request->postData('text');
|
||||||
if (!in_array('admin_news_html', $privileges)) {
|
if (!auth()->can('admin_news_html')) {
|
||||||
$text = strip_tags($text);
|
$text = strip_tags($text);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -266,7 +265,7 @@ function user_news()
|
||||||
}
|
}
|
||||||
$html .= '</ul></div>';
|
$html .= '</ul></div>';
|
||||||
|
|
||||||
if (in_array('admin_news', $privileges)) {
|
if (auth()->can('admin_news')) {
|
||||||
$html .= '<hr />';
|
$html .= '<hr />';
|
||||||
$html .= '<h2>' . __('Create news:') . '</h2>';
|
$html .= '<h2>' . __('Create news:') . '</h2>';
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -168,7 +168,7 @@ function load_types()
|
||||||
*/
|
*/
|
||||||
function view_user_shifts()
|
function view_user_shifts()
|
||||||
{
|
{
|
||||||
global $privileges, $ical_shifts;
|
global $ical_shifts;
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
|
||||||
$session = session();
|
$session = session();
|
||||||
|
|
@ -182,13 +182,13 @@ function view_user_shifts()
|
||||||
$rooms[0]['id']
|
$rooms[0]['id']
|
||||||
];
|
];
|
||||||
$type_ids = array_map('get_ids_from_array', $types);
|
$type_ids = array_map('get_ids_from_array', $types);
|
||||||
$shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
|
$shiftsFilter = new ShiftsFilter(auth()->can('user_shifts_admin'), $room_ids, $type_ids);
|
||||||
$session->set('shifts-filter', $shiftsFilter->sessionExport());
|
$session->set('shifts-filter', $shiftsFilter->sessionExport());
|
||||||
}
|
}
|
||||||
|
|
||||||
$shiftsFilter = new ShiftsFilter();
|
$shiftsFilter = new ShiftsFilter();
|
||||||
$shiftsFilter->sessionImport($session->get('shifts-filter'));
|
$shiftsFilter->sessionImport($session->get('shifts-filter'));
|
||||||
update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
|
update_ShiftsFilter($shiftsFilter, auth()->can('user_shifts_admin'), $days);
|
||||||
$session->set('shifts-filter', $shiftsFilter->sessionExport());
|
$session->set('shifts-filter', $shiftsFilter->sessionExport());
|
||||||
|
|
||||||
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
|
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
|
||||||
|
|
|
||||||
|
|
@ -1,35 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Carbon\Carbon;
|
|
||||||
use Engelsystem\Database\DB;
|
use Engelsystem\Database\DB;
|
||||||
use Engelsystem\Models\User\User;
|
use Engelsystem\Models\User\User;
|
||||||
|
|
||||||
/**
|
|
||||||
* Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
|
|
||||||
*/
|
|
||||||
function load_auth()
|
|
||||||
{
|
|
||||||
global $privileges;
|
|
||||||
$session = session();
|
|
||||||
|
|
||||||
if ($session->has('uid')) {
|
|
||||||
$user = auth()->user();
|
|
||||||
|
|
||||||
if ($user) {
|
|
||||||
$user->last_login_at = new Carbon();
|
|
||||||
$user->save();
|
|
||||||
|
|
||||||
$privileges = privileges_for_user($user->id);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
$session->remove('uid');
|
|
||||||
}
|
|
||||||
|
|
||||||
// guest privileges
|
|
||||||
$privileges = privileges_for_group(-10);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* generate a salt (random string) of arbitrary length suitable for the use with crypt()
|
* generate a salt (random string) of arbitrary length suitable for the use with crypt()
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -45,15 +45,15 @@ function header_render_hints()
|
||||||
*/
|
*/
|
||||||
function make_user_submenu()
|
function make_user_submenu()
|
||||||
{
|
{
|
||||||
global $privileges, $page;
|
global $page;
|
||||||
|
|
||||||
$user_submenu = make_language_select();
|
$user_submenu = make_language_select();
|
||||||
|
|
||||||
if (in_array('user_settings', $privileges) || in_array('logout', $privileges)) {
|
if (auth()->can('user_settings') || auth()->can('logout')) {
|
||||||
$user_submenu[] = toolbar_item_divider();
|
$user_submenu[] = toolbar_item_divider();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (in_array('user_settings', $privileges)) {
|
if (auth()->can('user_settings')) {
|
||||||
$user_submenu[] = toolbar_item_link(
|
$user_submenu[] = toolbar_item_link(
|
||||||
page_link_to('user_settings'),
|
page_link_to('user_settings'),
|
||||||
'list-alt',
|
'list-alt',
|
||||||
|
|
@ -62,7 +62,7 @@ function make_user_submenu()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (in_array('logout', $privileges)) {
|
if (auth()->can('logout')) {
|
||||||
$user_submenu[] = toolbar_item_link(
|
$user_submenu[] = toolbar_item_link(
|
||||||
page_link_to('logout'),
|
page_link_to('logout'),
|
||||||
'log-out',
|
'log-out',
|
||||||
|
|
@ -79,7 +79,7 @@ function make_user_submenu()
|
||||||
*/
|
*/
|
||||||
function make_navigation()
|
function make_navigation()
|
||||||
{
|
{
|
||||||
global $page, $privileges;
|
global $page;
|
||||||
|
|
||||||
$menu = [];
|
$menu = [];
|
||||||
$pages = [
|
$pages = [
|
||||||
|
|
@ -91,7 +91,7 @@ function make_navigation()
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach ($pages as $menu_page => $title) {
|
foreach ($pages as $menu_page => $title) {
|
||||||
if (in_array($menu_page, $privileges)) {
|
if (auth()->can($menu_page)) {
|
||||||
$menu[] = toolbar_item_link(page_link_to($menu_page), '', $title, $menu_page == $page);
|
$menu[] = toolbar_item_link(page_link_to($menu_page), '', $title, $menu_page == $page);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -115,7 +115,7 @@ function make_navigation()
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach ($admin_pages as $menu_page => $title) {
|
foreach ($admin_pages as $menu_page => $title) {
|
||||||
if (in_array($menu_page, $privileges)) {
|
if (auth()->can($menu_page)) {
|
||||||
$admin_menu[] = toolbar_item_link(
|
$admin_menu[] = toolbar_item_link(
|
||||||
page_link_to($menu_page),
|
page_link_to($menu_page),
|
||||||
'',
|
'',
|
||||||
|
|
@ -140,16 +140,14 @@ function make_navigation()
|
||||||
*/
|
*/
|
||||||
function make_room_navigation($menu)
|
function make_room_navigation($menu)
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (!auth()->can('view_rooms')) {
|
||||||
|
|
||||||
if (!in_array('view_rooms', $privileges)) {
|
|
||||||
return $menu;
|
return $menu;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get a list of all rooms
|
// Get a list of all rooms
|
||||||
$rooms = Rooms();
|
$rooms = Rooms();
|
||||||
$room_menu = [];
|
$room_menu = [];
|
||||||
if (in_array('admin_rooms', $privileges)) {
|
if (auth()->can('admin_rooms')) {
|
||||||
$room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', __('Manage rooms'));
|
$room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', __('Manage rooms'));
|
||||||
}
|
}
|
||||||
if (count($room_menu) > 0) {
|
if (count($room_menu) > 0) {
|
||||||
|
|
|
||||||
|
|
@ -564,14 +564,12 @@ function AngelTypes_about_view_angeltype($angeltype)
|
||||||
*/
|
*/
|
||||||
function AngelTypes_about_view($angeltypes, $user_logged_in)
|
function AngelTypes_about_view($angeltypes, $user_logged_in)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
$buttons = [];
|
$buttons = [];
|
||||||
|
|
||||||
if ($user_logged_in) {
|
if ($user_logged_in) {
|
||||||
$buttons[] = button(page_link_to('angeltypes'), angeltypes_title(), 'back');
|
$buttons[] = button(page_link_to('angeltypes'), angeltypes_title(), 'back');
|
||||||
} else {
|
} else {
|
||||||
if (in_array('register', $privileges) && config('registration_enabled')) {
|
if (auth()->can('register') && config('registration_enabled')) {
|
||||||
$buttons[] = button(page_link_to('register'), register_title());
|
$buttons[] = button(page_link_to('register'), register_title());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -64,9 +64,7 @@ function Room_view($room, ShiftsFilterRenderer $shiftsFilterRenderer, ShiftCalen
|
||||||
*/
|
*/
|
||||||
function Room_name_render($room)
|
function Room_name_render($room)
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (auth()->can('view_rooms')) {
|
||||||
|
|
||||||
if (in_array('view_rooms', $privileges)) {
|
|
||||||
return '<a href="' . room_link($room) . '">' . glyph('map-marker') . $room['Name'] . '</a>';
|
return '<a href="' . room_link($room) . '">' . glyph('map-marker') . $room['Name'] . '</a>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -97,8 +97,6 @@ class ShiftCalendarShiftRenderer
|
||||||
*/
|
*/
|
||||||
private function renderShiftNeededAngeltypes($shift, $needed_angeltypes, $shift_entries, $user)
|
private function renderShiftNeededAngeltypes($shift, $needed_angeltypes, $shift_entries, $user)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
$shift_entries_filtered = [];
|
$shift_entries_filtered = [];
|
||||||
foreach ($needed_angeltypes as $needed_angeltype) {
|
foreach ($needed_angeltypes as $needed_angeltype) {
|
||||||
$shift_entries_filtered[$needed_angeltype['id']] = [];
|
$shift_entries_filtered[$needed_angeltype['id']] = [];
|
||||||
|
|
@ -130,7 +128,7 @@ class ShiftCalendarShiftRenderer
|
||||||
$shift_signup_state = new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, 0);
|
$shift_signup_state = new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (in_array('user_shifts_admin', $privileges)) {
|
if (auth()->can('user_shifts_admin')) {
|
||||||
$html .= '<li class="list-group-item">';
|
$html .= '<li class="list-group-item">';
|
||||||
$html .= button(shift_entry_create_link_admin($shift),
|
$html .= button(shift_entry_create_link_admin($shift),
|
||||||
glyph('plus') . __('Add more angels'),
|
glyph('plus') . __('Add more angels'),
|
||||||
|
|
@ -253,10 +251,8 @@ class ShiftCalendarShiftRenderer
|
||||||
*/
|
*/
|
||||||
private function renderShiftHead($shift, $class)
|
private function renderShiftHead($shift, $class)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
$header_buttons = '';
|
$header_buttons = '';
|
||||||
if (in_array('admin_shifts', $privileges)) {
|
if (auth()->can('admin_shifts')) {
|
||||||
$header_buttons = '<div class="pull-right">' . table_buttons([
|
$header_buttons = '<div class="pull-right">' . table_buttons([
|
||||||
button(
|
button(
|
||||||
page_link_to('user_shifts', ['edit_shift' => $shift['SID']]),
|
page_link_to('user_shifts', ['edit_shift' => $shift['SID']]),
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,7 @@
|
||||||
*/
|
*/
|
||||||
function ShiftType_name_render($shifttype)
|
function ShiftType_name_render($shifttype)
|
||||||
{
|
{
|
||||||
global $privileges;
|
if (auth()->can('shifttypes')) {
|
||||||
if (in_array('shifttypes', $privileges)) {
|
|
||||||
return '<a href="' . shifttype_link($shifttype) . '">' . $shifttype['name'] . '</a>';
|
return '<a href="' . shifttype_link($shifttype) . '">' . $shifttype['name'] . '</a>';
|
||||||
}
|
}
|
||||||
return $shifttype['name'];
|
return $shifttype['name'];
|
||||||
|
|
|
||||||
|
|
@ -102,12 +102,10 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null)
|
||||||
*/
|
*/
|
||||||
function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupState $shift_signup_state)
|
function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupState $shift_signup_state)
|
||||||
{
|
{
|
||||||
global $privileges;
|
$shift_admin = auth()->can('admin_shifts');
|
||||||
|
$user_shift_admin = auth()->can('user_shifts_admin');
|
||||||
$shift_admin = in_array('admin_shifts', $privileges);
|
$admin_rooms = auth()->can('admin_rooms');
|
||||||
$user_shift_admin = in_array('user_shifts_admin', $privileges);
|
$admin_shifttypes = auth()->can('shifttypes');
|
||||||
$admin_rooms = in_array('admin_rooms', $privileges);
|
|
||||||
$admin_shifttypes = in_array('shifttypes', $privileges);
|
|
||||||
|
|
||||||
$parsedown = new Parsedown();
|
$parsedown = new Parsedown();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -352,8 +352,6 @@ function User_view_shiftentries($needed_angel_type)
|
||||||
*/
|
*/
|
||||||
function User_view_myshift($shift, $user_source, $its_me)
|
function User_view_myshift($shift, $user_source, $its_me)
|
||||||
{
|
{
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
$shift_info = '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>';
|
$shift_info = '<a href="' . shift_link($shift) . '">' . $shift['name'] . '</a>';
|
||||||
if ($shift['title']) {
|
if ($shift['title']) {
|
||||||
$shift_info .= '<br /><a href="' . shift_link($shift) . '">' . $shift['title'] . '</a>';
|
$shift_info .= '<br /><a href="' . shift_link($shift) . '">' . $shift['title'] . '</a>';
|
||||||
|
|
@ -382,7 +380,7 @@ function User_view_myshift($shift, $user_source, $its_me)
|
||||||
$myshift['duration'] = '<p class="text-danger">'
|
$myshift['duration'] = '<p class="text-danger">'
|
||||||
. round(-($shift['end'] - $shift['start']) / 3600 * 2, 2) . ' h'
|
. round(-($shift['end'] - $shift['start']) / 3600 * 2, 2) . ' h'
|
||||||
. '</p>';
|
. '</p>';
|
||||||
if (in_array('user_shifts_admin', $privileges)) {
|
if (auth()->can('user_shifts_admin')) {
|
||||||
$myshift['comment'] .= '<br />'
|
$myshift['comment'] .= '<br />'
|
||||||
. '<p class="text-danger">' . __('Freeloaded') . ': ' . $shift['freeload_comment'] . '</p>';
|
. '<p class="text-danger">' . __('Freeloaded') . ': ' . $shift['freeload_comment'] . '</p>';
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -393,7 +391,7 @@ function User_view_myshift($shift, $user_source, $its_me)
|
||||||
$myshift['actions'] = [
|
$myshift['actions'] = [
|
||||||
button(shift_link($shift), glyph('eye-open') . __('view'), 'btn-xs')
|
button(shift_link($shift), glyph('eye-open') . __('view'), 'btn-xs')
|
||||||
];
|
];
|
||||||
if ($its_me || in_array('user_shifts_admin', $privileges)) {
|
if ($its_me || auth()->can('user_shifts_admin')) {
|
||||||
$myshift['actions'][] = button(
|
$myshift['actions'][] = button(
|
||||||
page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source->id]),
|
page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source->id]),
|
||||||
glyph('edit') . __('edit'),
|
glyph('edit') . __('edit'),
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace Engelsystem\Helpers;
|
namespace Engelsystem\Helpers;
|
||||||
|
|
||||||
|
use Carbon\Carbon;
|
||||||
use Engelsystem\Models\User\User;
|
use Engelsystem\Models\User\User;
|
||||||
use Engelsystem\Models\User\User as UserRepository;
|
use Engelsystem\Models\User\User as UserRepository;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
|
|
@ -21,6 +22,9 @@ class Authenticator
|
||||||
/** @var UserRepository */
|
/** @var UserRepository */
|
||||||
protected $userRepository;
|
protected $userRepository;
|
||||||
|
|
||||||
|
/** @var string[] */
|
||||||
|
protected $permissions;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param ServerRequestInterface $request
|
* @param ServerRequestInterface $request
|
||||||
* @param Session $session
|
* @param Session $session
|
||||||
|
|
@ -90,4 +94,60 @@ class Authenticator
|
||||||
|
|
||||||
return $this->user;
|
return $this->user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string[]|string $abilities
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function can($abilities): bool
|
||||||
|
{
|
||||||
|
$abilities = (array)$abilities;
|
||||||
|
|
||||||
|
if (empty($this->permissions)) {
|
||||||
|
$userId = $this->session->get('uid');
|
||||||
|
|
||||||
|
if ($userId) {
|
||||||
|
if ($user = $this->user()) {
|
||||||
|
$this->permissions = $this->getPermissionsByUser($user);
|
||||||
|
|
||||||
|
$user->last_login_at = new Carbon();
|
||||||
|
$user->save();
|
||||||
|
} else {
|
||||||
|
$this->session->remove('uid');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (empty($this->permissions)) {
|
||||||
|
$this->permissions = $this->getPermissionsByGroup(-10);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($abilities as $ability) {
|
||||||
|
if (!in_array($ability, $this->permissions)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $user
|
||||||
|
* @return array
|
||||||
|
* @codeCoverageIgnore
|
||||||
|
*/
|
||||||
|
protected function getPermissionsByUser($user)
|
||||||
|
{
|
||||||
|
return privileges_for_user($user->id);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param int $groupId
|
||||||
|
* @return array
|
||||||
|
* @codeCoverageIgnore
|
||||||
|
*/
|
||||||
|
protected function getPermissionsByGroup(int $groupId)
|
||||||
|
{
|
||||||
|
return privileges_for_group($groupId);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,6 @@ class LegacyMiddleware implements MiddlewareInterface
|
||||||
ServerRequestInterface $request,
|
ServerRequestInterface $request,
|
||||||
RequestHandlerInterface $handler
|
RequestHandlerInterface $handler
|
||||||
): ResponseInterface {
|
): ResponseInterface {
|
||||||
global $privileges;
|
|
||||||
global $page;
|
global $page;
|
||||||
|
|
||||||
/** @var Request $appRequest */
|
/** @var Request $appRequest */
|
||||||
|
|
@ -79,10 +78,7 @@ class LegacyMiddleware implements MiddlewareInterface
|
||||||
$title = $content = '';
|
$title = $content = '';
|
||||||
if (
|
if (
|
||||||
preg_match('~^\w+$~i', $page)
|
preg_match('~^\w+$~i', $page)
|
||||||
&& (
|
&& (in_array($page, $this->free_pages) || $this->auth->can($page))
|
||||||
in_array($page, $this->free_pages)
|
|
||||||
|| (isset($privileges) && in_array($page, $privileges))
|
|
||||||
)
|
|
||||||
) {
|
) {
|
||||||
list($title, $content) = $this->loadPage($page);
|
list($title, $content) = $this->loadPage($page);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ class Authentication extends TwigExtension
|
||||||
return [
|
return [
|
||||||
new TwigFunction('is_user', [$this, 'isAuthenticated']),
|
new TwigFunction('is_user', [$this, 'isAuthenticated']),
|
||||||
new TwigFunction('is_guest', [$this, 'isGuest']),
|
new TwigFunction('is_guest', [$this, 'isGuest']),
|
||||||
new TwigFunction('has_permission_to', [$this, 'checkAuth']),
|
new TwigFunction('has_permission_to', [$this->auth, 'can']),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -46,15 +46,4 @@ class Authentication extends TwigExtension
|
||||||
{
|
{
|
||||||
return !$this->isAuthenticated();
|
return !$this->isAuthenticated();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $privilege
|
|
||||||
* @return bool
|
|
||||||
*/
|
|
||||||
public function checkAuth($privilege)
|
|
||||||
{
|
|
||||||
global $privileges;
|
|
||||||
|
|
||||||
return in_array($privilege, $privileges);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -99,4 +99,56 @@ class AuthenticatorTest extends ServiceProviderTest
|
||||||
UserModelImplementation::$user = null;
|
UserModelImplementation::$user = null;
|
||||||
$this->assertEquals($user, $auth->apiUser());
|
$this->assertEquals($user, $auth->apiUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @covers \Engelsystem\Helpers\Authenticator::can
|
||||||
|
*/
|
||||||
|
public function testCan()
|
||||||
|
{
|
||||||
|
/** @var ServerRequestInterface|MockObject $request */
|
||||||
|
$request = $this->getMockForAbstractClass(ServerRequestInterface::class);
|
||||||
|
/** @var Session|MockObject $session */
|
||||||
|
$session = $this->createMock(Session::class);
|
||||||
|
/** @var UserModelImplementation|MockObject $userRepository */
|
||||||
|
$userRepository = new UserModelImplementation();
|
||||||
|
/** @var User|MockObject $user */
|
||||||
|
$user = $this->createMock(User::class);
|
||||||
|
|
||||||
|
$user->expects($this->once())
|
||||||
|
->method('save');
|
||||||
|
|
||||||
|
$session->expects($this->exactly(2))
|
||||||
|
->method('get')
|
||||||
|
->with('uid')
|
||||||
|
->willReturn(42);
|
||||||
|
$session->expects($this->once())
|
||||||
|
->method('remove')
|
||||||
|
->with('uid');
|
||||||
|
|
||||||
|
/** @var Authenticator|MockObject $auth */
|
||||||
|
$auth = $this->getMockBuilder(Authenticator::class)
|
||||||
|
->setConstructorArgs([$request, $session, $userRepository])
|
||||||
|
->setMethods(['getPermissionsByGroup', 'getPermissionsByUser', 'user'])
|
||||||
|
->getMock();
|
||||||
|
$auth->expects($this->exactly(1))
|
||||||
|
->method('getPermissionsByGroup')
|
||||||
|
->with(-10)
|
||||||
|
->willReturn([]);
|
||||||
|
$auth->expects($this->exactly(1))
|
||||||
|
->method('getPermissionsByUser')
|
||||||
|
->with($user)
|
||||||
|
->willReturn(['bar']);
|
||||||
|
$auth->expects($this->exactly(2))
|
||||||
|
->method('user')
|
||||||
|
->willReturnOnConsecutiveCalls(null, $user);
|
||||||
|
|
||||||
|
// No user, no permissions
|
||||||
|
$this->assertFalse($auth->can('foo'));
|
||||||
|
|
||||||
|
// User exists, has permissions
|
||||||
|
$this->assertTrue($auth->can('bar'));
|
||||||
|
|
||||||
|
// Permissions cached
|
||||||
|
$this->assertTrue($auth->can('bar'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -76,6 +76,9 @@ class LegacyMiddlewareTest extends TestCase
|
||||||
$auth->expects($this->atLeastOnce())
|
$auth->expects($this->atLeastOnce())
|
||||||
->method('user')
|
->method('user')
|
||||||
->willReturn(false);
|
->willReturn(false);
|
||||||
|
$auth->expects($this->atLeastOnce())
|
||||||
|
->method('can')
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
$translator->expects($this->exactly(2))
|
$translator->expects($this->exactly(2))
|
||||||
->method('translate')
|
->method('translate')
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ class AuthenticationTest extends ExtensionTest
|
||||||
|
|
||||||
$this->assertExtensionExists('is_user', [$extension, 'isAuthenticated'], $functions);
|
$this->assertExtensionExists('is_user', [$extension, 'isAuthenticated'], $functions);
|
||||||
$this->assertExtensionExists('is_guest', [$extension, 'isGuest'], $functions);
|
$this->assertExtensionExists('is_guest', [$extension, 'isGuest'], $functions);
|
||||||
$this->assertExtensionExists('has_permission_to', [$extension, 'checkAuth'], $functions);
|
$this->assertExtensionExists('has_permission_to', [$auth, 'can'], $functions);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -53,23 +53,4 @@ class AuthenticationTest extends ExtensionTest
|
||||||
$this->assertTrue($extension->isAuthenticated());
|
$this->assertTrue($extension->isAuthenticated());
|
||||||
$this->assertFalse($extension->isGuest());
|
$this->assertFalse($extension->isGuest());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @covers \Engelsystem\Renderer\Twig\Extensions\Authentication::checkAuth
|
|
||||||
*/
|
|
||||||
public function testCheckAuth()
|
|
||||||
{
|
|
||||||
global $privileges;
|
|
||||||
$privileges = [];
|
|
||||||
|
|
||||||
/** @var Authenticator|MockObject $auth */
|
|
||||||
$auth = $this->createMock(Authenticator::class);
|
|
||||||
|
|
||||||
$extension = new Authentication($auth);
|
|
||||||
|
|
||||||
$this->assertFalse($extension->checkAuth('foo.bar'));
|
|
||||||
|
|
||||||
$privileges = ['foo.bar'];
|
|
||||||
$this->assertTrue($extension->checkAuth('foo.bar'));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue