openinfra/openstackid-resources
Code Issues Proposed changes

Fixed serializers

Browse Source 
Fixed permissions

Change-Id: I20b697a2f5dad0ed637b7514d1c402463ba904ed
Signed-off-by: smarcet <smarcet@gmail.com>
This commit is contained in:
smarcet 2021-03-15 13:13:54 -03:00
parent 40fe0d4e6a
commit 1988da966d
3 changed files with 51 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php
View File

@ -198,7 +198,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
$current_member = $this->resource_server_context->getCurrentUser();
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->isSummitAdmin()) {
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasAllowedSummits()) {
return $this->error403(['message' => sprintf("Member %s has not permission for any Summit", $current_member->getId())]);
}
@ -247,7 +247,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
},
function ($filter) use ($current_member) {
if ($filter instanceof Filter) {
if (!is_null($current_member) && !$current_member->isAdmin() && $current_member->isSummitAdmin()) {
if (!is_null($current_member) && !$current_member->isAdmin() && $current_member->hasAllowedSummits()) {
// filter only the ones that we are allowed to see
$filter->addFilterCondition
(
@ -294,8 +294,15 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
$summit = SummitFinderStrategyFactory::build($this->repository, $this->resource_server_context)->find($summit_id);
if (is_null($summit)) return $this->error404();
$current_member = $this->resource_server_context->getCurrentUser();
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators))
if
(
!is_null($current_member) &&
!$current_member->isAdmin() &&
!$current_member->hasPermissionFor($summit)
)
return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]);
$serializer_type = $this->serializer_type_selector->getSerializerType();
return $this->ok
(
@ -325,7 +332,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
$summit = $this->repository->getCurrent();
if (is_null($summit)) return $this->error404();
$current_member = $this->resource_server_context->getCurrentUser();
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators))
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionFor($summit))
return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]);
$serializer_type = $this->serializer_type_selector->getSerializerType();
return $this->ok
@ -362,7 +369,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
if (is_null($summit)) return $this->error404();
$current_member = $this->resource_server_context->getCurrentUser();
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators))
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionFor($summit))
return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]);
$serializer_type = $this->serializer_type_selector->getSerializerType();

8
app/ModelSerializers/Summit/Presentation/SummitSelectedPresentationSerializer.php
View File

@ -30,7 +30,8 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer
'type',
'category_id',
'presentation_id',
'order'
'order',
'list_id',
];
/**
@ -58,9 +59,10 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer
{
if ($selected_presentation->getPresentationId() > 0) {
unset($values['presentation_id']);
$values['presentation_id'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getPresentation())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation));
$values['presentation'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getPresentation())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation));
}
}
break;
case 'list':
{
if ($selected_presentation->getListId() > 0) {
@ -68,7 +70,7 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer
$values['list'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getList())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation));
}
}
break;
}
}
}

34
app/Models/Foundation/Main/Member.php
View File

@ -1718,6 +1718,13 @@ SQL;
return $stmt->fetchAll(\PDO::FETCH_COLUMN);
}
/**
* @return bool
*/
public function hasAllowedSummits():bool{
return count($this->getAllAllowedSummitsIds()) > 0;
}
/**
* @param Summit $summit
* @return bool
@ -1757,6 +1764,33 @@ SQL;
return count($allowed_summits) > 0 && $this->isOnGroup($groupSlug);
}
/**
* @param Summit $summit
* @return bool
*/
public function hasPermissionFor(Summit $summit): bool
{
$sql = <<<SQL
SELECT DISTINCT(SummitAdministratorPermissionGroup_Summits.SummitID)
FROM SummitAdministratorPermissionGroup_Members
INNER JOIN SummitAdministratorPermissionGroup_Summits ON
SummitAdministratorPermissionGroup_Summits.SummitAdministratorPermissionGroupID = SummitAdministratorPermissionGroup_Members.SummitAdministratorPermissionGroupID
WHERE SummitAdministratorPermissionGroup_Members.MemberID = :member_id
AND
SummitAdministratorPermissionGroup_Summits.SummitID = :summit_id
SQL;
$stmt = $this->prepareRawSQL($sql);
$stmt->execute(
[
'member_id' => $this->getId(),
'summit_id' => $summit->getId()
]
);
$allowed_summits = $stmt->fetchAll(\PDO::FETCH_COLUMN);
return count($allowed_summits) > 0;
}
/**
* @param Summit $summit
* @return int[]