diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-12 14:41:23 +0100 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-12-02 12:53:31 +0100 |
| commit | c33940f64a1e5b59afd700010247382f5b7b2df3 (patch) | |
| tree | 453b8810c90cd78e75a1425a4f4f002e585d121a /includes/controller | |
| parent | 951828a4f1175f99666a48629ea125640cc7c598 (diff) | |
Moved permission checks to Authenticator class
Diffstat (limited to 'includes/controller')
| -rw-r--r-- | includes/controller/angeltypes_controller.php | 26 | ||||
| -rw-r--r-- | includes/controller/event_config_controller.php | 4 | ||||
| -rw-r--r-- | includes/controller/rooms_controller.php | 4 | ||||
| -rw-r--r-- | includes/controller/shift_entries_controller.php | 3 | ||||
| -rw-r--r-- | includes/controller/shifts_controller.php | 16 | ||||
| -rw-r--r-- | includes/controller/user_angeltypes_controller.php | 9 | ||||
| -rw-r--r-- | includes/controller/user_driver_licenses_controller.php | 3 | ||||
| -rw-r--r-- | includes/controller/user_worklog_controller.php | 3 | ||||
| -rw-r--r-- | includes/controller/users_controller.php | 18 |
9 files changed, 29 insertions, 57 deletions
diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 821d101a..6e78db45 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -78,9 +78,7 @@ function angeltypes_about_controller() */ function angeltype_delete_controller() { - global $privileges; - - if (!in_array('admin_angel_types', $privileges)) { + if (!auth()->can('admin_angel_types')) { redirect(page_link_to('angeltypes')); } @@ -105,10 +103,8 @@ function angeltype_delete_controller() */ function angeltype_edit_controller() { - global $privileges; - // In supporter mode only allow to modify description - $supporter_mode = !in_array('admin_angel_types', $privileges); + $supporter_mode = !auth()->can('admin_angel_types'); $request = request(); if ($request->has('angeltype_id')) { @@ -178,10 +174,9 @@ function angeltype_edit_controller() */ function angeltype_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('angeltypes', $privileges)) { + if (!auth()->can('angeltypes')) { redirect(page_link_to('/')); } @@ -210,8 +205,8 @@ function angeltype_controller() $angeltype, $members, $user_angeltype, - in_array('admin_user_angeltypes', $privileges) || $user_angeltype['supporter'], - in_array('admin_angel_types', $privileges), + auth()->can('admin_user_angeltypes') || $user_angeltype['supporter'], + auth()->can('admin_angel_types'), $user_angeltype['supporter'], $user_driver_license, $user, @@ -250,11 +245,9 @@ function angeltype_controller_shiftsFilterDays($angeltype) */ function angeltype_controller_shiftsFilter($angeltype, $days) { - global $privileges; - $request = request(); $shiftsFilter = new ShiftsFilter( - in_array('user_shifts_admin', $privileges), + auth()->can('user_shifts_admin'), Room_ids(), [$angeltype['id']] ); @@ -278,10 +271,9 @@ function angeltype_controller_shiftsFilter($angeltype, $days) */ function angeltypes_list_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('angeltypes', $privileges)) { + if (!auth()->can('angeltypes')) { redirect(page_link_to('/')); } @@ -296,7 +288,7 @@ function angeltypes_list_controller() ) ]; - if (in_array('admin_angel_types', $privileges)) { + if (auth()->can('admin_angel_types')) { $actions[] = button( page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]), __('edit'), @@ -340,7 +332,7 @@ function angeltypes_list_controller() return [ angeltypes_title(), - AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges)) + AngelTypes_list_view($angeltypes, auth()->can('admin_angel_types')) ]; } diff --git a/includes/controller/event_config_controller.php b/includes/controller/event_config_controller.php index e9b27cba..ff68c3ea 100644 --- a/includes/controller/event_config_controller.php +++ b/includes/controller/event_config_controller.php @@ -16,9 +16,7 @@ function event_config_title() */ function event_config_edit_controller() { - global $privileges; - - if (!in_array('admin_event_config', $privileges)) { + if (!auth()->can('admin_event_config')) { redirect(page_link_to('/')); } diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index f95184f0..01d4fd37 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -14,9 +14,7 @@ use Engelsystem\ShiftsFilterRenderer; */ function room_controller() { - global $privileges; - - if (!in_array('view_rooms', $privileges)) { + if (!auth()->can('view_rooms')) { redirect(page_link_to()); } diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 16f0c0a1..a6659598 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -35,7 +35,6 @@ function shift_entries_controller() */ function shift_entry_create_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -50,7 +49,7 @@ function shift_entry_create_controller() $angeltype = AngelType($request->input('angeltype_id')); - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { return shift_entry_create_controller_admin($shift, $angeltype); } diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 375ea6b6..caf124ba 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -43,13 +43,11 @@ function shift_edit_link($shift) */ function shift_edit_controller() { - global $privileges; - $msg = ''; $valid = true; $request = request(); - if (!in_array('admin_shifts', $privileges)) { + if (!auth()->can('admin_shifts')) { redirect(page_link_to('user_shifts')); } @@ -203,10 +201,9 @@ function shift_edit_controller() */ function shift_delete_controller() { - global $privileges; $request = request(); - if (!in_array('user_shifts_admin', $privileges)) { + if (!auth()->can('user_shifts_admin')) { redirect(page_link_to('user_shifts')); } @@ -253,11 +250,10 @@ function shift_delete_controller() */ function shift_controller() { - global $privileges; $user = auth()->user(); $request = request(); - if (!in_array('user_shifts', $privileges)) { + if (!auth()->can('user_shifts')) { redirect(page_link_to('/')); } @@ -332,9 +328,7 @@ function shifts_controller() */ function shift_next_controller() { - global $privileges; - - if (!in_array('user_shifts', $privileges)) { + if (!auth()->can('user_shifts')) { redirect(page_link_to('/')); } @@ -363,7 +357,7 @@ function shifts_json_export_controller() if (!$user) { engelsystem_error('Key invalid.'); } - if (!in_array('shifts_json_export', privileges_for_user($user->id))) { + if (!auth()->can('shifts_json_export')) { engelsystem_error('No privilege for shifts_json_export.'); } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index e03bd293..ad62416a 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -80,7 +80,6 @@ function user_angeltypes_delete_all_controller() */ function user_angeltypes_confirm_all_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -95,7 +94,7 @@ function user_angeltypes_confirm_all_controller() redirect(page_link_to('angeltypes')); } - if (!in_array('admin_user_angeltypes', $privileges) && !User_is_AngelType_supporter($user, $angeltype)) { + if (!auth()->can('admin_user_angeltypes') && !User_is_AngelType_supporter($user, $angeltype)) { error(__('You are not allowed to confirm all users for this angeltype.')); redirect(page_link_to('angeltypes')); } @@ -235,11 +234,10 @@ function user_angeltype_delete_controller() */ function user_angeltype_update_controller() { - global $privileges; $supporter = false; $request = request(); - if (!in_array('admin_angel_types', $privileges)) { + if (!auth()->can('admin_angel_types')) { error(__('You are not allowed to set supporter rights.')); redirect(page_link_to('angeltypes')); } @@ -360,7 +358,6 @@ function user_angeltype_add_controller() */ function user_angeltype_join_controller($angeltype) { - global $privileges; $user = auth()->user(); $user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype); @@ -380,7 +377,7 @@ function user_angeltype_join_controller($angeltype) )); success($success_message); - if (in_array('admin_user_angeltypes', $privileges)) { + if (auth()->can('admin_user_angeltypes')) { UserAngelType_confirm($user_angeltype_id, $user->id); engelsystem_log(sprintf( 'User %s confirmed as %s.', diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php index 69179b35..9dc15f15 100644 --- a/includes/controller/user_driver_licenses_controller.php +++ b/includes/controller/user_driver_licenses_controller.php @@ -96,13 +96,12 @@ function user_driver_license_load_user() */ function user_driver_license_edit_controller() { - global $privileges; $user = auth()->user(); $request = request(); $user_source = user_driver_license_load_user(); // only privilege admin_user can edit other users driver license information - if ($user->id != $user_source->id && !in_array('admin_user', $privileges)) { + if ($user->id != $user_source->id && !auth()->can('admin_user')) { redirect(user_driver_license_edit_link()); } diff --git a/includes/controller/user_worklog_controller.php b/includes/controller/user_worklog_controller.php index 4eaa5e91..bf0eb1cf 100644 --- a/includes/controller/user_worklog_controller.php +++ b/includes/controller/user_worklog_controller.php @@ -182,10 +182,9 @@ function user_worklog_delete_link($userWorkLog, $parameters = []) */ function user_worklog_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('admin_user_worklog', $privileges)) { + if (!auth()->can('admin_user_worklog')) { redirect(user_link($user->id)); } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 51b6e432..2fcd90b9 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -46,7 +46,6 @@ function users_controller() */ function user_delete_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -56,7 +55,7 @@ function user_delete_controller() $user_source = $user; } - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } @@ -138,7 +137,6 @@ function user_link($userId) */ function user_edit_vouchers_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -148,7 +146,7 @@ function user_edit_vouchers_controller() $user_source = $user; } - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } @@ -190,7 +188,6 @@ function user_edit_vouchers_controller() */ function user_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -203,7 +200,7 @@ function user_controller() } } - $shifts = Shifts_by_user($user_source->id, in_array('user_shifts_admin', $privileges)); + $shifts = Shifts_by_user($user_source->id, auth()->can('user_shifts_admin')); foreach ($shifts as &$shift) { // TODO: Move queries to model $shift['needed_angeltypes'] = DB::select(' @@ -242,15 +239,15 @@ function user_controller() $user_source->name, User_view( $user_source, - in_array('admin_user', $privileges), + auth()->can('admin_user'), User_is_freeloader($user_source), User_angeltypes($user_source->id), User_groups($user_source->id), $shifts, $user->id == $user_source->id, $tshirt_score, - in_array('admin_active', $privileges), - in_array('admin_user_worklog', $privileges), + auth()->can('admin_active'), + auth()->can('admin_user_worklog'), UserWorkLogsForUser($user_source->id) ) ]; @@ -263,10 +260,9 @@ function user_controller() */ function users_list_controller() { - global $privileges; $request = request(); - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } |