diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-12 14:41:23 +0100 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-12-02 12:53:31 +0100 |
| commit | c33940f64a1e5b59afd700010247382f5b7b2df3 (patch) | |
| tree | 453b8810c90cd78e75a1425a4f4f002e585d121a /includes/pages | |
| parent | 951828a4f1175f99666a48629ea125640cc7c598 (diff) | |
Moved permission checks to Authenticator class
Diffstat (limited to 'includes/pages')
| -rw-r--r-- | includes/pages/admin_free.php | 3 | ||||
| -rw-r--r-- | includes/pages/admin_news.php | 5 | ||||
| -rw-r--r-- | includes/pages/admin_questions.php | 4 | ||||
| -rw-r--r-- | includes/pages/admin_user.php | 5 | ||||
| -rw-r--r-- | includes/pages/guest_login.php | 7 | ||||
| -rw-r--r-- | includes/pages/user_atom.php | 2 | ||||
| -rw-r--r-- | includes/pages/user_ical.php | 2 | ||||
| -rw-r--r-- | includes/pages/user_myshifts.php | 7 | ||||
| -rw-r--r-- | includes/pages/user_news.php | 11 | ||||
| -rw-r--r-- | includes/pages/user_shifts.php | 6 |
10 files changed, 22 insertions, 30 deletions
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index d8787f36..7b694659 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -17,7 +17,6 @@ function admin_free_title() */ function admin_free() { - global $privileges; $request = request(); $search = ''; @@ -88,7 +87,7 @@ function admin_free() 'dect' => $usr->contact->dect, 'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'), 'actions' => - in_array('admin_user', $privileges) + auth()->can('admin_user') ? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs') : '' ]; diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 90aeb439..21245eb9 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -8,7 +8,6 @@ use Engelsystem\Models\User\User; */ function admin_news() { - global $privileges; $user = auth()->user(); $request = request(); @@ -32,7 +31,7 @@ function admin_news() case 'edit': $user_source = User::find($news['UID']); if ( - !in_array('admin_news_html', $privileges) + !auth()->can('admin_news_html') && strip_tags($news['Text']) != $news['Text'] ) { $html .= warning( @@ -62,7 +61,7 @@ function admin_news() case 'save': $text = $request->postData('eText'); - if (!in_array('admin_news_html', $privileges)) { + if (!auth()->can('admin_news_html')) { $text = strip_tags($text); } diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 60df1ebf..0b5940cc 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -18,10 +18,10 @@ function admin_questions_title() */ function admin_new_questions() { - global $privileges, $page; + global $page; if ($page != 'admin_questions') { - if (in_array('admin_questions', $privileges)) { + if (auth()->can('admin_questions')) { $new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL')); if ($new_messages > 0) { diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 3894e724..63993fc9 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -16,7 +16,6 @@ function admin_user_title() */ function admin_user() { - global $privileges; $user = auth()->user(); $tshirt_sizes = config('tshirt_sizes'); $request = request(); @@ -83,7 +82,7 @@ function admin_user() $html .= html_options('eAktiv', $options, $user_source->state->active) . '</td></tr>' . "\n"; // Aktiv erzwingen - if (in_array('admin_active', $privileges)) { + if (auth()->can('admin_active')) { $html .= ' <tr><td>' . __('Force active') . '</td><td>' . "\n"; $html .= html_options('force_active', $options, $user_source->state->force_active) . '</td></tr>' . "\n"; } @@ -249,7 +248,7 @@ function admin_user() case 'save': $force_active = $user->state->force_active; $user_source = User::find($user_id); - if (in_array('admin_active', $privileges)) { + if (auth()->can('admin_active')) { $force_active = $request->input('force_active'); } if ($user_source->settings->email_human) { diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index e1c6dfa4..2df09d79 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -39,7 +39,6 @@ function logout_title() */ function guest_register() { - global $privileges; $authUser = auth()->user(); $tshirt_sizes = config('tshirt_sizes'); $enable_tshirt_size = config('enable_tshirt_size'); @@ -71,7 +70,7 @@ function guest_register() } } - if (!in_array('register', $privileges) || (!$authUser && !config('registration_enabled'))) { + if (!auth()->can('register') || (!$authUser && !config('registration_enabled'))) { error(__('Registration is disabled.')); return page_with_title(register_title(), [ @@ -472,9 +471,7 @@ function guest_login() */ function get_register_hint() { - global $privileges; - - if (in_array('register', $privileges) && config('registration_enabled')) { + if (auth()->can('register') && config('registration_enabled')) { return join('', [ '<p>' . __('Please sign up, if you want to help us!') . '</p>', buttons([ diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 6aafb74f..e624ceb4 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -17,7 +17,7 @@ function user_atom() if (empty($user)) { engelsystem_error('Key invalid.'); } - if (!in_array('atom', privileges_for_user($user->id))) { + if (!auth()->can('atom')) { engelsystem_error('No privilege for atom.'); } diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index 8a80d681..ee3a8340 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -15,7 +15,7 @@ function user_ical() if (!$user) { engelsystem_error('Key invalid.'); } - if (!in_array('ical', privileges_for_user($user->id))) { + if (!auth()->can('ical')) { engelsystem_error('No privilege for ical.'); } diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 1eab016d..11bbc9f4 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -18,13 +18,12 @@ function myshifts_title() */ function user_myshifts() { - global $privileges; $user = auth()->user(); $request = request(); if ( $request->has('id') - && in_array('user_shifts_admin', $privileges) + && auth()->can('user_shifts_admin') && preg_match('/^\d{1,}$/', $request->input('id')) && User::find($request->input('id')) ) { @@ -79,7 +78,7 @@ function user_myshifts() if ($request->hasPostData('submit')) { $valid = true; - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { $freeloaded = $request->has('freeloaded'); $freeload_comment = strip_request_item_nl('freeload_comment'); if ($freeloaded && $freeload_comment == '') { @@ -120,7 +119,7 @@ function user_myshifts() $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], - in_array('user_shifts_admin', $privileges) + auth()->can('user_shifts_admin') ); } else { redirect(page_link_to('user_myshifts')); diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index e101be6b..34be033f 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -91,7 +91,7 @@ function news_text($news) */ function display_news($news) { - global $privileges, $page; + global $page; $html = ''; $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">'; @@ -101,7 +101,7 @@ function display_news($news) $html .= '<div class="panel-body">' . news_text($news) . '</div>'; $html .= '<div class="panel-footer text-muted">'; - if (in_array('admin_news', $privileges)) { + if (auth()->can('admin_news')) { $html .= '<div class="pull-right">' . button_glyph( page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), @@ -198,7 +198,6 @@ function user_news_comments() */ function user_news() { - global $privileges; $user = auth()->user(); $display_news = config('display_news'); $request = request(); @@ -206,13 +205,13 @@ function user_news() $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); $isMeeting = $request->postData('treffen'); - if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { + if ($request->has('text') && $request->has('betreff') && auth()->can('admin_news')) { if (!$request->has('treffen')) { $isMeeting = 0; } $text = $request->postData('text'); - if (!in_array('admin_news_html', $privileges)) { + if (!auth()->can('admin_news_html')) { $text = strip_tags($text); } @@ -266,7 +265,7 @@ function user_news() } $html .= '</ul></div>'; - if (in_array('admin_news', $privileges)) { + if (auth()->can('admin_news')) { $html .= '<hr />'; $html .= '<h2>' . __('Create news:') . '</h2>'; diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index cef6af73..942b8849 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -168,7 +168,7 @@ function load_types() */ function view_user_shifts() { - global $privileges, $ical_shifts; + global $ical_shifts; $user = auth()->user(); $session = session(); @@ -182,13 +182,13 @@ function view_user_shifts() $rooms[0]['id'] ]; $type_ids = array_map('get_ids_from_array', $types); - $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); + $shiftsFilter = new ShiftsFilter(auth()->can('user_shifts_admin'), $room_ids, $type_ids); $session->set('shifts-filter', $shiftsFilter->sessionExport()); } $shiftsFilter = new ShiftsFilter(); $shiftsFilter->sessionImport($session->get('shifts-filter')); - update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days); + update_ShiftsFilter($shiftsFilter, auth()->can('user_shifts_admin'), $days); $session->set('shifts-filter', $shiftsFilter->sessionExport()); $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); |