ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix not found acls and cleanup mappers

Browse Source
This commit is contained in:
Julius Haertl
2016-10-28 00:03:00 +02:00
parent 33714da18d
commit 1167ca14a8
7 changed files with 22 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Db/AclMapper.php
View File

@@ -42,7 +42,7 @@ class AclMapper extends DeckMapper implements IPermissionMapper {
}
public function isOwner($userId, $aclId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_board_acl` WHERE id = ?)';
$sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_board_acl` WHERE id = ?)';
$stmt = $this->execute($sql, [$aclId]);
$row = $stmt->fetch();
return ($row['owner'] === $userId);

19
lib/Db/BoardMapper.php
View File

@@ -131,25 +131,6 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
return parent::delete($entity);
}
public function userCanView($boardId, $userInfo) {
$board = $this->find($boardId);
if($board->getOwner()===$userInfo['user']) {
return true;
}
try {
$sql = 'SELECT acl.* FROM oc_deck_boards as boards ' .
'JOIN oc_deck_board_acl as acl ON boards.id=acl.board_id WHERE acl.participant=? AND acl.type=\'user\' AND boards.id = ? AND boards.owner != ?';
$acl = $this->find($sql, [$userInfo['user'], $boardId, $userInfo['user']], $limit, $offset);
return true;
} catch (Exception $e) { }
try {
$acl = $this->find($sql, [$userInfo['user'], $boardId, $userInfo['user']], $limit, $offset);
return true;
} catch (Exception $e) {
}
}
public function isOwner($userId, $boardId) {
$board = $this->find($boardId);
return ($board->getOwner() === $userId);

4
lib/Db/CardMapper.php
View File

@@ -120,14 +120,14 @@ class CardMapper extends Mapper implements IPermissionMapper {
}
public function isOwner($userId, $cardId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
$sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
$stmt = $this->execute($sql, [$cardId]);
$row = $stmt->fetch();
return ($row['owner'] === $userId);
}
public function findBoardId($cardId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
$sql = 'SELECT id FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
$stmt = $this->execute($sql, [$cardId]);
$row = $stmt->fetch();
return $row['id'];

3
lib/Db/LabelMapper.php
View File

@@ -25,7 +25,6 @@ namespace OCA\Deck\Db;
use OCP\AppFramework\Db\Entity;
use OCP\IDb;
use OCP\AppFramework\Db\Mapper;
class LabelMapper extends DeckMapper implements IPermissionMapper {
@@ -84,7 +83,7 @@ class LabelMapper extends DeckMapper implements IPermissionMapper {
}
public function isOwner($userId, $labelId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_labels` WHERE id = ?)';
$sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_labels` WHERE id = ?)';
$stmt = $this->execute($sql, [$labelId]);
$row = $stmt->fetch();
return ($row['owner'] === $userId);

2
lib/Db/StackMapper.php
View File

@@ -62,7 +62,7 @@ class StackMapper extends Mapper implements IPermissionMapper {
}
public function isOwner($userId, $stackId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id = ?)';
$sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id = ?)';
$stmt = $this->execute($sql, [$stackId]);
$row = $stmt->fetch();
return ($row['owner'] === $userId);