summaryrefslogtreecommitdiff
path: root/includes/pages
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2018-11-12 14:41:23 +0100
committermsquare <msquare@notrademark.de>2018-12-02 12:53:31 +0100
commitc33940f64a1e5b59afd700010247382f5b7b2df3 (patch)
tree453b8810c90cd78e75a1425a4f4f002e585d121a /includes/pages
parent951828a4f1175f99666a48629ea125640cc7c598 (diff)
Moved permission checks to Authenticator class
Diffstat (limited to 'includes/pages')
-rw-r--r--includes/pages/admin_free.php3
-rw-r--r--includes/pages/admin_news.php5
-rw-r--r--includes/pages/admin_questions.php4
-rw-r--r--includes/pages/admin_user.php5
-rw-r--r--includes/pages/guest_login.php7
-rw-r--r--includes/pages/user_atom.php2
-rw-r--r--includes/pages/user_ical.php2
-rw-r--r--includes/pages/user_myshifts.php7
-rw-r--r--includes/pages/user_news.php11
-rw-r--r--includes/pages/user_shifts.php6
10 files changed, 22 insertions, 30 deletions
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index d8787f36..7b694659 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -17,7 +17,6 @@ function admin_free_title()
*/
function admin_free()
{
- global $privileges;
$request = request();
$search = '';
@@ -88,7 +87,7 @@ function admin_free()
'dect' => $usr->contact->dect,
'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'),
'actions' =>
- in_array('admin_user', $privileges)
+ auth()->can('admin_user')
? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs')
: ''
];
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 90aeb439..21245eb9 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -8,7 +8,6 @@ use Engelsystem\Models\User\User;
*/
function admin_news()
{
- global $privileges;
$user = auth()->user();
$request = request();
@@ -32,7 +31,7 @@ function admin_news()
case 'edit':
$user_source = User::find($news['UID']);
if (
- !in_array('admin_news_html', $privileges)
+ !auth()->can('admin_news_html')
&& strip_tags($news['Text']) != $news['Text']
) {
$html .= warning(
@@ -62,7 +61,7 @@ function admin_news()
case 'save':
$text = $request->postData('eText');
- if (!in_array('admin_news_html', $privileges)) {
+ if (!auth()->can('admin_news_html')) {
$text = strip_tags($text);
}
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 60df1ebf..0b5940cc 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -18,10 +18,10 @@ function admin_questions_title()
*/
function admin_new_questions()
{
- global $privileges, $page;
+ global $page;
if ($page != 'admin_questions') {
- if (in_array('admin_questions', $privileges)) {
+ if (auth()->can('admin_questions')) {
$new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));
if ($new_messages > 0) {
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 3894e724..63993fc9 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -16,7 +16,6 @@ function admin_user_title()
*/
function admin_user()
{
- global $privileges;
$user = auth()->user();
$tshirt_sizes = config('tshirt_sizes');
$request = request();
@@ -83,7 +82,7 @@ function admin_user()
$html .= html_options('eAktiv', $options, $user_source->state->active) . '</td></tr>' . "\n";
// Aktiv erzwingen
- if (in_array('admin_active', $privileges)) {
+ if (auth()->can('admin_active')) {
$html .= ' <tr><td>' . __('Force active') . '</td><td>' . "\n";
$html .= html_options('force_active', $options, $user_source->state->force_active) . '</td></tr>' . "\n";
}
@@ -249,7 +248,7 @@ function admin_user()
case 'save':
$force_active = $user->state->force_active;
$user_source = User::find($user_id);
- if (in_array('admin_active', $privileges)) {
+ if (auth()->can('admin_active')) {
$force_active = $request->input('force_active');
}
if ($user_source->settings->email_human) {
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index e1c6dfa4..2df09d79 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -39,7 +39,6 @@ function logout_title()
*/
function guest_register()
{
- global $privileges;
$authUser = auth()->user();
$tshirt_sizes = config('tshirt_sizes');
$enable_tshirt_size = config('enable_tshirt_size');
@@ -71,7 +70,7 @@ function guest_register()
}
}
- if (!in_array('register', $privileges) || (!$authUser && !config('registration_enabled'))) {
+ if (!auth()->can('register') || (!$authUser && !config('registration_enabled'))) {
error(__('Registration is disabled.'));
return page_with_title(register_title(), [
@@ -472,9 +471,7 @@ function guest_login()
*/
function get_register_hint()
{
- global $privileges;
-
- if (in_array('register', $privileges) && config('registration_enabled')) {
+ if (auth()->can('register') && config('registration_enabled')) {
return join('', [
'<p>' . __('Please sign up, if you want to help us!') . '</p>',
buttons([
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index 6aafb74f..e624ceb4 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -17,7 +17,7 @@ function user_atom()
if (empty($user)) {
engelsystem_error('Key invalid.');
}
- if (!in_array('atom', privileges_for_user($user->id))) {
+ if (!auth()->can('atom')) {
engelsystem_error('No privilege for atom.');
}
diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php
index 8a80d681..ee3a8340 100644
--- a/includes/pages/user_ical.php
+++ b/includes/pages/user_ical.php
@@ -15,7 +15,7 @@ function user_ical()
if (!$user) {
engelsystem_error('Key invalid.');
}
- if (!in_array('ical', privileges_for_user($user->id))) {
+ if (!auth()->can('ical')) {
engelsystem_error('No privilege for ical.');
}
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 1eab016d..11bbc9f4 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -18,13 +18,12 @@ function myshifts_title()
*/
function user_myshifts()
{
- global $privileges;
$user = auth()->user();
$request = request();
if (
$request->has('id')
- && in_array('user_shifts_admin', $privileges)
+ && auth()->can('user_shifts_admin')
&& preg_match('/^\d{1,}$/', $request->input('id'))
&& User::find($request->input('id'))
) {
@@ -79,7 +78,7 @@ function user_myshifts()
if ($request->hasPostData('submit')) {
$valid = true;
- if (in_array('user_shifts_admin', $privileges)) {
+ if (auth()->can('user_shifts_admin')) {
$freeloaded = $request->has('freeloaded');
$freeload_comment = strip_request_item_nl('freeload_comment');
if ($freeloaded && $freeload_comment == '') {
@@ -120,7 +119,7 @@ function user_myshifts()
$shift['Comment'],
$shift['freeloaded'],
$shift['freeload_comment'],
- in_array('user_shifts_admin', $privileges)
+ auth()->can('user_shifts_admin')
);
} else {
redirect(page_link_to('user_myshifts'));
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index e101be6b..34be033f 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -91,7 +91,7 @@ function news_text($news)
*/
function display_news($news)
{
- global $privileges, $page;
+ global $page;
$html = '';
$html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">';
@@ -101,7 +101,7 @@ function display_news($news)
$html .= '<div class="panel-body">' . news_text($news) . '</div>';
$html .= '<div class="panel-footer text-muted">';
- if (in_array('admin_news', $privileges)) {
+ if (auth()->can('admin_news')) {
$html .= '<div class="pull-right">'
. button_glyph(
page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]),
@@ -198,7 +198,6 @@ function user_news_comments()
*/
function user_news()
{
- global $privileges;
$user = auth()->user();
$display_news = config('display_news');
$request = request();
@@ -206,13 +205,13 @@ function user_news()
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
$isMeeting = $request->postData('treffen');
- if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
+ if ($request->has('text') && $request->has('betreff') && auth()->can('admin_news')) {
if (!$request->has('treffen')) {
$isMeeting = 0;
}
$text = $request->postData('text');
- if (!in_array('admin_news_html', $privileges)) {
+ if (!auth()->can('admin_news_html')) {
$text = strip_tags($text);
}
@@ -266,7 +265,7 @@ function user_news()
}
$html .= '</ul></div>';
- if (in_array('admin_news', $privileges)) {
+ if (auth()->can('admin_news')) {
$html .= '<hr />';
$html .= '<h2>' . __('Create news:') . '</h2>';
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index cef6af73..942b8849 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -168,7 +168,7 @@ function load_types()
*/
function view_user_shifts()
{
- global $privileges, $ical_shifts;
+ global $ical_shifts;
$user = auth()->user();
$session = session();
@@ -182,13 +182,13 @@ function view_user_shifts()
$rooms[0]['id']
];
$type_ids = array_map('get_ids_from_array', $types);
- $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
+ $shiftsFilter = new ShiftsFilter(auth()->can('user_shifts_admin'), $room_ids, $type_ids);
$session->set('shifts-filter', $shiftsFilter->sessionExport());
}
$shiftsFilter = new ShiftsFilter();
$shiftsFilter->sessionImport($session->get('shifts-filter'));
- update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
+ update_ShiftsFilter($shiftsFilter, auth()->can('user_shifts_admin'), $days);
$session->set('shifts-filter', $shiftsFilter->sessionExport());
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);