From c33940f64a1e5b59afd700010247382f5b7b2df3 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Mon, 12 Nov 2018 14:41:23 +0100 Subject: Moved permission checks to Authenticator class --- includes/controller/angeltypes_controller.php | 26 ++++++++-------------- includes/controller/event_config_controller.php | 4 +--- includes/controller/rooms_controller.php | 4 +--- includes/controller/shift_entries_controller.php | 3 +-- includes/controller/shifts_controller.php | 16 +++++-------- includes/controller/user_angeltypes_controller.php | 9 +++----- .../controller/user_driver_licenses_controller.php | 3 +-- includes/controller/user_worklog_controller.php | 3 +-- includes/controller/users_controller.php | 18 ++++++--------- 9 files changed, 29 insertions(+), 57 deletions(-) (limited to 'includes/controller') diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 821d101a..6e78db45 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -78,9 +78,7 @@ function angeltypes_about_controller() */ function angeltype_delete_controller() { - global $privileges; - - if (!in_array('admin_angel_types', $privileges)) { + if (!auth()->can('admin_angel_types')) { redirect(page_link_to('angeltypes')); } @@ -105,10 +103,8 @@ function angeltype_delete_controller() */ function angeltype_edit_controller() { - global $privileges; - // In supporter mode only allow to modify description - $supporter_mode = !in_array('admin_angel_types', $privileges); + $supporter_mode = !auth()->can('admin_angel_types'); $request = request(); if ($request->has('angeltype_id')) { @@ -178,10 +174,9 @@ function angeltype_edit_controller() */ function angeltype_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('angeltypes', $privileges)) { + if (!auth()->can('angeltypes')) { redirect(page_link_to('/')); } @@ -210,8 +205,8 @@ function angeltype_controller() $angeltype, $members, $user_angeltype, - in_array('admin_user_angeltypes', $privileges) || $user_angeltype['supporter'], - in_array('admin_angel_types', $privileges), + auth()->can('admin_user_angeltypes') || $user_angeltype['supporter'], + auth()->can('admin_angel_types'), $user_angeltype['supporter'], $user_driver_license, $user, @@ -250,11 +245,9 @@ function angeltype_controller_shiftsFilterDays($angeltype) */ function angeltype_controller_shiftsFilter($angeltype, $days) { - global $privileges; - $request = request(); $shiftsFilter = new ShiftsFilter( - in_array('user_shifts_admin', $privileges), + auth()->can('user_shifts_admin'), Room_ids(), [$angeltype['id']] ); @@ -278,10 +271,9 @@ function angeltype_controller_shiftsFilter($angeltype, $days) */ function angeltypes_list_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('angeltypes', $privileges)) { + if (!auth()->can('angeltypes')) { redirect(page_link_to('/')); } @@ -296,7 +288,7 @@ function angeltypes_list_controller() ) ]; - if (in_array('admin_angel_types', $privileges)) { + if (auth()->can('admin_angel_types')) { $actions[] = button( page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]), __('edit'), @@ -340,7 +332,7 @@ function angeltypes_list_controller() return [ angeltypes_title(), - AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges)) + AngelTypes_list_view($angeltypes, auth()->can('admin_angel_types')) ]; } diff --git a/includes/controller/event_config_controller.php b/includes/controller/event_config_controller.php index e9b27cba..ff68c3ea 100644 --- a/includes/controller/event_config_controller.php +++ b/includes/controller/event_config_controller.php @@ -16,9 +16,7 @@ function event_config_title() */ function event_config_edit_controller() { - global $privileges; - - if (!in_array('admin_event_config', $privileges)) { + if (!auth()->can('admin_event_config')) { redirect(page_link_to('/')); } diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index f95184f0..01d4fd37 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -14,9 +14,7 @@ use Engelsystem\ShiftsFilterRenderer; */ function room_controller() { - global $privileges; - - if (!in_array('view_rooms', $privileges)) { + if (!auth()->can('view_rooms')) { redirect(page_link_to()); } diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 16f0c0a1..a6659598 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -35,7 +35,6 @@ function shift_entries_controller() */ function shift_entry_create_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -50,7 +49,7 @@ function shift_entry_create_controller() $angeltype = AngelType($request->input('angeltype_id')); - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { return shift_entry_create_controller_admin($shift, $angeltype); } diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 375ea6b6..caf124ba 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -43,13 +43,11 @@ function shift_edit_link($shift) */ function shift_edit_controller() { - global $privileges; - $msg = ''; $valid = true; $request = request(); - if (!in_array('admin_shifts', $privileges)) { + if (!auth()->can('admin_shifts')) { redirect(page_link_to('user_shifts')); } @@ -203,10 +201,9 @@ function shift_edit_controller() */ function shift_delete_controller() { - global $privileges; $request = request(); - if (!in_array('user_shifts_admin', $privileges)) { + if (!auth()->can('user_shifts_admin')) { redirect(page_link_to('user_shifts')); } @@ -253,11 +250,10 @@ function shift_delete_controller() */ function shift_controller() { - global $privileges; $user = auth()->user(); $request = request(); - if (!in_array('user_shifts', $privileges)) { + if (!auth()->can('user_shifts')) { redirect(page_link_to('/')); } @@ -332,9 +328,7 @@ function shifts_controller() */ function shift_next_controller() { - global $privileges; - - if (!in_array('user_shifts', $privileges)) { + if (!auth()->can('user_shifts')) { redirect(page_link_to('/')); } @@ -363,7 +357,7 @@ function shifts_json_export_controller() if (!$user) { engelsystem_error('Key invalid.'); } - if (!in_array('shifts_json_export', privileges_for_user($user->id))) { + if (!auth()->can('shifts_json_export')) { engelsystem_error('No privilege for shifts_json_export.'); } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index e03bd293..ad62416a 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -80,7 +80,6 @@ function user_angeltypes_delete_all_controller() */ function user_angeltypes_confirm_all_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -95,7 +94,7 @@ function user_angeltypes_confirm_all_controller() redirect(page_link_to('angeltypes')); } - if (!in_array('admin_user_angeltypes', $privileges) && !User_is_AngelType_supporter($user, $angeltype)) { + if (!auth()->can('admin_user_angeltypes') && !User_is_AngelType_supporter($user, $angeltype)) { error(__('You are not allowed to confirm all users for this angeltype.')); redirect(page_link_to('angeltypes')); } @@ -235,11 +234,10 @@ function user_angeltype_delete_controller() */ function user_angeltype_update_controller() { - global $privileges; $supporter = false; $request = request(); - if (!in_array('admin_angel_types', $privileges)) { + if (!auth()->can('admin_angel_types')) { error(__('You are not allowed to set supporter rights.')); redirect(page_link_to('angeltypes')); } @@ -360,7 +358,6 @@ function user_angeltype_add_controller() */ function user_angeltype_join_controller($angeltype) { - global $privileges; $user = auth()->user(); $user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype); @@ -380,7 +377,7 @@ function user_angeltype_join_controller($angeltype) )); success($success_message); - if (in_array('admin_user_angeltypes', $privileges)) { + if (auth()->can('admin_user_angeltypes')) { UserAngelType_confirm($user_angeltype_id, $user->id); engelsystem_log(sprintf( 'User %s confirmed as %s.', diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php index 69179b35..9dc15f15 100644 --- a/includes/controller/user_driver_licenses_controller.php +++ b/includes/controller/user_driver_licenses_controller.php @@ -96,13 +96,12 @@ function user_driver_license_load_user() */ function user_driver_license_edit_controller() { - global $privileges; $user = auth()->user(); $request = request(); $user_source = user_driver_license_load_user(); // only privilege admin_user can edit other users driver license information - if ($user->id != $user_source->id && !in_array('admin_user', $privileges)) { + if ($user->id != $user_source->id && !auth()->can('admin_user')) { redirect(user_driver_license_edit_link()); } diff --git a/includes/controller/user_worklog_controller.php b/includes/controller/user_worklog_controller.php index 4eaa5e91..bf0eb1cf 100644 --- a/includes/controller/user_worklog_controller.php +++ b/includes/controller/user_worklog_controller.php @@ -182,10 +182,9 @@ function user_worklog_delete_link($userWorkLog, $parameters = []) */ function user_worklog_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('admin_user_worklog', $privileges)) { + if (!auth()->can('admin_user_worklog')) { redirect(user_link($user->id)); } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 51b6e432..2fcd90b9 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -46,7 +46,6 @@ function users_controller() */ function user_delete_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -56,7 +55,7 @@ function user_delete_controller() $user_source = $user; } - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } @@ -138,7 +137,6 @@ function user_link($userId) */ function user_edit_vouchers_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -148,7 +146,7 @@ function user_edit_vouchers_controller() $user_source = $user; } - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } @@ -190,7 +188,6 @@ function user_edit_vouchers_controller() */ function user_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -203,7 +200,7 @@ function user_controller() } } - $shifts = Shifts_by_user($user_source->id, in_array('user_shifts_admin', $privileges)); + $shifts = Shifts_by_user($user_source->id, auth()->can('user_shifts_admin')); foreach ($shifts as &$shift) { // TODO: Move queries to model $shift['needed_angeltypes'] = DB::select(' @@ -242,15 +239,15 @@ function user_controller() $user_source->name, User_view( $user_source, - in_array('admin_user', $privileges), + auth()->can('admin_user'), User_is_freeloader($user_source), User_angeltypes($user_source->id), User_groups($user_source->id), $shifts, $user->id == $user_source->id, $tshirt_score, - in_array('admin_active', $privileges), - in_array('admin_user_worklog', $privileges), + auth()->can('admin_active'), + auth()->can('admin_user_worklog'), UserWorkLogsForUser($user_source->id) ) ]; @@ -263,10 +260,9 @@ function user_controller() */ function users_list_controller() { - global $privileges; $request = request(); - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } -- cgit v1.2.3-54-g00ecf