summaryrefslogtreecommitdiff
path: root/includes/controller
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2018-11-12 14:41:23 +0100
committermsquare <msquare@notrademark.de>2018-12-02 12:53:31 +0100
commitc33940f64a1e5b59afd700010247382f5b7b2df3 (patch)
tree453b8810c90cd78e75a1425a4f4f002e585d121a /includes/controller
parent951828a4f1175f99666a48629ea125640cc7c598 (diff)
Moved permission checks to Authenticator class
Diffstat (limited to 'includes/controller')
-rw-r--r--includes/controller/angeltypes_controller.php26
-rw-r--r--includes/controller/event_config_controller.php4
-rw-r--r--includes/controller/rooms_controller.php4
-rw-r--r--includes/controller/shift_entries_controller.php3
-rw-r--r--includes/controller/shifts_controller.php16
-rw-r--r--includes/controller/user_angeltypes_controller.php9
-rw-r--r--includes/controller/user_driver_licenses_controller.php3
-rw-r--r--includes/controller/user_worklog_controller.php3
-rw-r--r--includes/controller/users_controller.php18
9 files changed, 29 insertions, 57 deletions
diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php
index 821d101a..6e78db45 100644
--- a/includes/controller/angeltypes_controller.php
+++ b/includes/controller/angeltypes_controller.php
@@ -78,9 +78,7 @@ function angeltypes_about_controller()
*/
function angeltype_delete_controller()
{
- global $privileges;
-
- if (!in_array('admin_angel_types', $privileges)) {
+ if (!auth()->can('admin_angel_types')) {
redirect(page_link_to('angeltypes'));
}
@@ -105,10 +103,8 @@ function angeltype_delete_controller()
*/
function angeltype_edit_controller()
{
- global $privileges;
-
// In supporter mode only allow to modify description
- $supporter_mode = !in_array('admin_angel_types', $privileges);
+ $supporter_mode = !auth()->can('admin_angel_types');
$request = request();
if ($request->has('angeltype_id')) {
@@ -178,10 +174,9 @@ function angeltype_edit_controller()
*/
function angeltype_controller()
{
- global $privileges;
$user = auth()->user();
- if (!in_array('angeltypes', $privileges)) {
+ if (!auth()->can('angeltypes')) {
redirect(page_link_to('/'));
}
@@ -210,8 +205,8 @@ function angeltype_controller()
$angeltype,
$members,
$user_angeltype,
- in_array('admin_user_angeltypes', $privileges) || $user_angeltype['supporter'],
- in_array('admin_angel_types', $privileges),
+ auth()->can('admin_user_angeltypes') || $user_angeltype['supporter'],
+ auth()->can('admin_angel_types'),
$user_angeltype['supporter'],
$user_driver_license,
$user,
@@ -250,11 +245,9 @@ function angeltype_controller_shiftsFilterDays($angeltype)
*/
function angeltype_controller_shiftsFilter($angeltype, $days)
{
- global $privileges;
-
$request = request();
$shiftsFilter = new ShiftsFilter(
- in_array('user_shifts_admin', $privileges),
+ auth()->can('user_shifts_admin'),
Room_ids(),
[$angeltype['id']]
);
@@ -278,10 +271,9 @@ function angeltype_controller_shiftsFilter($angeltype, $days)
*/
function angeltypes_list_controller()
{
- global $privileges;
$user = auth()->user();
- if (!in_array('angeltypes', $privileges)) {
+ if (!auth()->can('angeltypes')) {
redirect(page_link_to('/'));
}
@@ -296,7 +288,7 @@ function angeltypes_list_controller()
)
];
- if (in_array('admin_angel_types', $privileges)) {
+ if (auth()->can('admin_angel_types')) {
$actions[] = button(
page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
__('edit'),
@@ -340,7 +332,7 @@ function angeltypes_list_controller()
return [
angeltypes_title(),
- AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges))
+ AngelTypes_list_view($angeltypes, auth()->can('admin_angel_types'))
];
}
diff --git a/includes/controller/event_config_controller.php b/includes/controller/event_config_controller.php
index e9b27cba..ff68c3ea 100644
--- a/includes/controller/event_config_controller.php
+++ b/includes/controller/event_config_controller.php
@@ -16,9 +16,7 @@ function event_config_title()
*/
function event_config_edit_controller()
{
- global $privileges;
-
- if (!in_array('admin_event_config', $privileges)) {
+ if (!auth()->can('admin_event_config')) {
redirect(page_link_to('/'));
}
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php
index f95184f0..01d4fd37 100644
--- a/includes/controller/rooms_controller.php
+++ b/includes/controller/rooms_controller.php
@@ -14,9 +14,7 @@ use Engelsystem\ShiftsFilterRenderer;
*/
function room_controller()
{
- global $privileges;
-
- if (!in_array('view_rooms', $privileges)) {
+ if (!auth()->can('view_rooms')) {
redirect(page_link_to());
}
diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php
index 16f0c0a1..a6659598 100644
--- a/includes/controller/shift_entries_controller.php
+++ b/includes/controller/shift_entries_controller.php
@@ -35,7 +35,6 @@ function shift_entries_controller()
*/
function shift_entry_create_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
@@ -50,7 +49,7 @@ function shift_entry_create_controller()
$angeltype = AngelType($request->input('angeltype_id'));
- if (in_array('user_shifts_admin', $privileges)) {
+ if (auth()->can('user_shifts_admin')) {
return shift_entry_create_controller_admin($shift, $angeltype);
}
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index 375ea6b6..caf124ba 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -43,13 +43,11 @@ function shift_edit_link($shift)
*/
function shift_edit_controller()
{
- global $privileges;
-
$msg = '';
$valid = true;
$request = request();
- if (!in_array('admin_shifts', $privileges)) {
+ if (!auth()->can('admin_shifts')) {
redirect(page_link_to('user_shifts'));
}
@@ -203,10 +201,9 @@ function shift_edit_controller()
*/
function shift_delete_controller()
{
- global $privileges;
$request = request();
- if (!in_array('user_shifts_admin', $privileges)) {
+ if (!auth()->can('user_shifts_admin')) {
redirect(page_link_to('user_shifts'));
}
@@ -253,11 +250,10 @@ function shift_delete_controller()
*/
function shift_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
- if (!in_array('user_shifts', $privileges)) {
+ if (!auth()->can('user_shifts')) {
redirect(page_link_to('/'));
}
@@ -332,9 +328,7 @@ function shifts_controller()
*/
function shift_next_controller()
{
- global $privileges;
-
- if (!in_array('user_shifts', $privileges)) {
+ if (!auth()->can('user_shifts')) {
redirect(page_link_to('/'));
}
@@ -363,7 +357,7 @@ function shifts_json_export_controller()
if (!$user) {
engelsystem_error('Key invalid.');
}
- if (!in_array('shifts_json_export', privileges_for_user($user->id))) {
+ if (!auth()->can('shifts_json_export')) {
engelsystem_error('No privilege for shifts_json_export.');
}
diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php
index e03bd293..ad62416a 100644
--- a/includes/controller/user_angeltypes_controller.php
+++ b/includes/controller/user_angeltypes_controller.php
@@ -80,7 +80,6 @@ function user_angeltypes_delete_all_controller()
*/
function user_angeltypes_confirm_all_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
@@ -95,7 +94,7 @@ function user_angeltypes_confirm_all_controller()
redirect(page_link_to('angeltypes'));
}
- if (!in_array('admin_user_angeltypes', $privileges) && !User_is_AngelType_supporter($user, $angeltype)) {
+ if (!auth()->can('admin_user_angeltypes') && !User_is_AngelType_supporter($user, $angeltype)) {
error(__('You are not allowed to confirm all users for this angeltype.'));
redirect(page_link_to('angeltypes'));
}
@@ -235,11 +234,10 @@ function user_angeltype_delete_controller()
*/
function user_angeltype_update_controller()
{
- global $privileges;
$supporter = false;
$request = request();
- if (!in_array('admin_angel_types', $privileges)) {
+ if (!auth()->can('admin_angel_types')) {
error(__('You are not allowed to set supporter rights.'));
redirect(page_link_to('angeltypes'));
}
@@ -360,7 +358,6 @@ function user_angeltype_add_controller()
*/
function user_angeltype_join_controller($angeltype)
{
- global $privileges;
$user = auth()->user();
$user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype);
@@ -380,7 +377,7 @@ function user_angeltype_join_controller($angeltype)
));
success($success_message);
- if (in_array('admin_user_angeltypes', $privileges)) {
+ if (auth()->can('admin_user_angeltypes')) {
UserAngelType_confirm($user_angeltype_id, $user->id);
engelsystem_log(sprintf(
'User %s confirmed as %s.',
diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php
index 69179b35..9dc15f15 100644
--- a/includes/controller/user_driver_licenses_controller.php
+++ b/includes/controller/user_driver_licenses_controller.php
@@ -96,13 +96,12 @@ function user_driver_license_load_user()
*/
function user_driver_license_edit_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
$user_source = user_driver_license_load_user();
// only privilege admin_user can edit other users driver license information
- if ($user->id != $user_source->id && !in_array('admin_user', $privileges)) {
+ if ($user->id != $user_source->id && !auth()->can('admin_user')) {
redirect(user_driver_license_edit_link());
}
diff --git a/includes/controller/user_worklog_controller.php b/includes/controller/user_worklog_controller.php
index 4eaa5e91..bf0eb1cf 100644
--- a/includes/controller/user_worklog_controller.php
+++ b/includes/controller/user_worklog_controller.php
@@ -182,10 +182,9 @@ function user_worklog_delete_link($userWorkLog, $parameters = [])
*/
function user_worklog_controller()
{
- global $privileges;
$user = auth()->user();
- if (!in_array('admin_user_worklog', $privileges)) {
+ if (!auth()->can('admin_user_worklog')) {
redirect(user_link($user->id));
}
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 51b6e432..2fcd90b9 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -46,7 +46,6 @@ function users_controller()
*/
function user_delete_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
@@ -56,7 +55,7 @@ function user_delete_controller()
$user_source = $user;
}
- if (!in_array('admin_user', $privileges)) {
+ if (!auth()->can('admin_user')) {
redirect(page_link_to(''));
}
@@ -138,7 +137,6 @@ function user_link($userId)
*/
function user_edit_vouchers_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
@@ -148,7 +146,7 @@ function user_edit_vouchers_controller()
$user_source = $user;
}
- if (!in_array('admin_user', $privileges)) {
+ if (!auth()->can('admin_user')) {
redirect(page_link_to(''));
}
@@ -190,7 +188,6 @@ function user_edit_vouchers_controller()
*/
function user_controller()
{
- global $privileges;
$user = auth()->user();
$request = request();
@@ -203,7 +200,7 @@ function user_controller()
}
}
- $shifts = Shifts_by_user($user_source->id, in_array('user_shifts_admin', $privileges));
+ $shifts = Shifts_by_user($user_source->id, auth()->can('user_shifts_admin'));
foreach ($shifts as &$shift) {
// TODO: Move queries to model
$shift['needed_angeltypes'] = DB::select('
@@ -242,15 +239,15 @@ function user_controller()
$user_source->name,
User_view(
$user_source,
- in_array('admin_user', $privileges),
+ auth()->can('admin_user'),
User_is_freeloader($user_source),
User_angeltypes($user_source->id),
User_groups($user_source->id),
$shifts,
$user->id == $user_source->id,
$tshirt_score,
- in_array('admin_active', $privileges),
- in_array('admin_user_worklog', $privileges),
+ auth()->can('admin_active'),
+ auth()->can('admin_user_worklog'),
UserWorkLogsForUser($user_source->id)
)
];
@@ -263,10 +260,9 @@ function user_controller()
*/
function users_list_controller()
{
- global $privileges;
$request = request();
- if (!in_array('admin_user', $privileges)) {
+ if (!auth()->can('admin_user')) {
redirect(page_link_to(''));
}