diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php index 742dbc8d..fa5b610e 100644 --- a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php +++ b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php @@ -198,7 +198,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController $current_member = $this->resource_server_context->getCurrentUser(); - if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->isSummitAdmin()) { + if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasAllowedSummits()) { return $this->error403(['message' => sprintf("Member %s has not permission for any Summit", $current_member->getId())]); } @@ -247,7 +247,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController }, function ($filter) use ($current_member) { if ($filter instanceof Filter) { - if (!is_null($current_member) && !$current_member->isAdmin() && $current_member->isSummitAdmin()) { + if (!is_null($current_member) && !$current_member->isAdmin() && $current_member->hasAllowedSummits()) { // filter only the ones that we are allowed to see $filter->addFilterCondition ( @@ -294,8 +294,15 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController $summit = SummitFinderStrategyFactory::build($this->repository, $this->resource_server_context)->find($summit_id); if (is_null($summit)) return $this->error404(); $current_member = $this->resource_server_context->getCurrentUser(); - if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators)) + + if + ( + !is_null($current_member) && + !$current_member->isAdmin() && + !$current_member->hasPermissionFor($summit) + ) return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]); + $serializer_type = $this->serializer_type_selector->getSerializerType(); return $this->ok ( @@ -325,7 +332,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController $summit = $this->repository->getCurrent(); if (is_null($summit)) return $this->error404(); $current_member = $this->resource_server_context->getCurrentUser(); - if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators)) + if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionFor($summit)) return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]); $serializer_type = $this->serializer_type_selector->getSerializerType(); return $this->ok @@ -362,7 +369,7 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController if (is_null($summit)) return $this->error404(); $current_member = $this->resource_server_context->getCurrentUser(); - if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionForOnGroup($summit, IGroup::SummitAdministrators)) + if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasPermissionFor($summit)) return $this->error403(['message' => sprintf("Member %s has not permission for this Summit", $current_member->getId())]); $serializer_type = $this->serializer_type_selector->getSerializerType(); diff --git a/app/ModelSerializers/Summit/Presentation/SummitSelectedPresentationSerializer.php b/app/ModelSerializers/Summit/Presentation/SummitSelectedPresentationSerializer.php index dce22dca..9ad66fdc 100644 --- a/app/ModelSerializers/Summit/Presentation/SummitSelectedPresentationSerializer.php +++ b/app/ModelSerializers/Summit/Presentation/SummitSelectedPresentationSerializer.php @@ -30,7 +30,8 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer 'type', 'category_id', 'presentation_id', - 'order' + 'order', + 'list_id', ]; /** @@ -58,9 +59,10 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer { if ($selected_presentation->getPresentationId() > 0) { unset($values['presentation_id']); - $values['presentation_id'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getPresentation())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation)); + $values['presentation'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getPresentation())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation)); } } + break; case 'list': { if ($selected_presentation->getListId() > 0) { @@ -68,7 +70,7 @@ class SummitSelectedPresentationSerializer extends SilverStripeSerializer $values['list'] = SerializerRegistry::getInstance()->getSerializer($selected_presentation->getList())->serialize(AbstractSerializer::filterExpandByPrefix($expand, $relation)); } } - + break; } } } diff --git a/app/Models/Foundation/Main/Member.php b/app/Models/Foundation/Main/Member.php index 8ed4594c..023bf2a0 100644 --- a/app/Models/Foundation/Main/Member.php +++ b/app/Models/Foundation/Main/Member.php @@ -1718,6 +1718,13 @@ SQL; return $stmt->fetchAll(\PDO::FETCH_COLUMN); } + /** + * @return bool + */ + public function hasAllowedSummits():bool{ + return count($this->getAllAllowedSummitsIds()) > 0; + } + /** * @param Summit $summit * @return bool @@ -1757,6 +1764,33 @@ SQL; return count($allowed_summits) > 0 && $this->isOnGroup($groupSlug); } + /** + * @param Summit $summit + * @return bool + */ + public function hasPermissionFor(Summit $summit): bool + { + $sql = <<prepareRawSQL($sql); + $stmt->execute( + [ + 'member_id' => $this->getId(), + 'summit_id' => $summit->getId() + ] + ); + $allowed_summits = $stmt->fetchAll(\PDO::FETCH_COLUMN); + return count($allowed_summits) > 0; + } + /** * @param Summit $summit * @return int[]