Fixed serializers
Fixed permissions Change-Id: I20b697a2f5dad0ed637b7514d1c402463ba904ed Signed-off-by: smarcet <smarcet@gmail.com>
This commit is contained in:
parent
40fe0d4e6a
commit
1988da966d
@ -198,7 +198,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
|
||||
|
||||
$current_member = $this->resource_server_context->getCurrentUser();
|
||||
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->isSummitAdmin()) {
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasAllowedSummits()) {
|
||||
return $this->error403(['message' => sprintf("Member %s has not permission for any Summit", $current_member->getId())]);
|
||||
}
|
||||
|
||||
@ -247,7 +247,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
|
||||
},
|
||||
function ($filter) use ($current_member) {
|
||||
if ($filter instanceof Filter) {
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && $current_member->isSummitAdmin()) {
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && $current_member->hasAllowedSummits()) {
|
||||
// filter only the ones that we are allowed to see
|
||||
$filter->addFilterCondition
|
||||
(
|
||||
@ -294,8 +294,15 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
|
||||
$summit = SummitFinderStrategyFactory::build($this->repository, $this->resource_server_context)->find($summit_id);
|
||||
if (is_null($summit)) return $this->error404();
|
||||
$current_member = $this->resource_server_context->getCurrentUser();
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators))
|
||||
|
||||
if
|
||||
(
|
||||
!is_null($current_member) &&
|
||||
!$current_member->isAdmin() &&
|
||||
!$current_member->hasPermissionFor($summit)
|
||||
)
|
||||
return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]);
|
||||
|
||||
$serializer_type = $this->serializer_type_selector->getSerializerType();
|
||||
return $this->ok
|
||||
(
|
||||
@ -325,7 +332,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
|
||||
$summit = $this->repository->getCurrent();
|
||||
if (is_null($summit)) return $this->error404();
|
||||
$current_member = $this->resource_server_context->getCurrentUser();
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators))
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionFor($summit))
|
||||
return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]);
|
||||
$serializer_type = $this->serializer_type_selector->getSerializerType();
|
||||
return $this->ok
|
||||
@ -362,7 +369,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController
|
||||
if (is_null($summit)) return $this->error404();
|
||||
|
||||
$current_member = $this->resource_server_context->getCurrentUser();
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators))
|
||||
if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionFor($summit))
|
||||
return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]);
|
||||
|
||||
$serializer_type = $this->serializer_type_selector->getSerializerType();
|
||||
|
@ -30,7 +30,8 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer
|
||||
'type',
|
||||
'category_id',
|
||||
'presentation_id',
|
||||
'order'
|
||||
'order',
|
||||
'list_id',
|
||||
];
|
||||
|
||||
/**
|
||||
@ -58,9 +59,10 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer
|
||||
{
|
||||
if ($selected_presentation->getPresentationId() > 0) {
|
||||
unset($values['presentation_id']);
|
||||
$values['presentation_id'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getPresentation())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation));
|
||||
$values['presentation'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getPresentation())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation));
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'list':
|
||||
{
|
||||
if ($selected_presentation->getListId() > 0) {
|
||||
@ -68,7 +70,7 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer
|
||||
$values['list'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getList())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation));
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1718,6 +1718,13 @@ SQL;
|
||||
return $stmt->fetchAll(\PDO::FETCH_COLUMN);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function hasAllowedSummits():bool{
|
||||
return count($this->getAllAllowedSummitsIds()) > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Summit $summit
|
||||
* @return bool
|
||||
@ -1757,6 +1764,33 @@ SQL;
|
||||
return count($allowed_summits) > 0 && $this->isOnGroup($groupSlug);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Summit $summit
|
||||
* @return bool
|
||||
*/
|
||||
public function hasPermissionFor(Summit $summit): bool
|
||||
{
|
||||
$sql = <<<SQL
|
||||
SELECT DISTINCT(SummitAdministratorPermissionGroup_Summits.SummitID)
|
||||
FROM SummitAdministratorPermissionGroup_Members
|
||||
INNER JOIN SummitAdministratorPermissionGroup_Summits ON
|
||||
SummitAdministratorPermissionGroup_Summits.SummitAdministratorPermissionGroupID = SummitAdministratorPermissionGroup_Members.SummitAdministratorPermissionGroupID
|
||||
WHERE SummitAdministratorPermissionGroup_Members.MemberID = :member_id
|
||||
AND
|
||||
SummitAdministratorPermissionGroup_Summits.SummitID = :summit_id
|
||||
SQL;
|
||||
|
||||
$stmt = $this->prepareRawSQL($sql);
|
||||
$stmt->execute(
|
||||
[
|
||||
'member_id' => $this->getId(),
|
||||
'summit_id' => $summit->getId()
|
||||
]
|
||||
);
|
||||
$allowed_summits = $stmt->fetchAll(\PDO::FETCH_COLUMN);
|
||||
return count($allowed_summits) > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Summit $summit
|
||||
* @return int[]
|
||||
|
Loading…
Reference in New Issue
Block a user