Add SharingMiddleware for permission checks and small fixes
This commit is contained in:
Julius Haertl
@@ -23,30 +23,48 @@
|
||||
|
||||
namespace OCA\Deck\Db;
|
||||
|
||||
use OCA\Deck\NoPermissionException;
|
||||
use OCP\AppFramework\Db\Entity;
|
||||
use OCP\IDb;
|
||||
use OCP\AppFramework\Db\Mapper;
|
||||
|
||||
|
||||
class AclMapper extends DeckMapper {
|
||||
class AclMapper extends DeckMapper implements IPermissionMapper {
|
||||
|
||||
public function __construct(IDb $db) {
|
||||
parent::__construct($db, 'deck_board_acl', '\OCA\Deck\Db\Acl');
|
||||
}
|
||||
|
||||
public function findAll($boardId, $limit=null, $offset=null) {
|
||||
$sql = 'SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage, 0 as owner FROM `*PREFIX*deck_board_acl` WHERE `board_id` = ? UNION SELECT 0, id, \'user\', owner, 1, 1, 1, 1 FROM `*PREFIX*deck_boards` WHERE `id` = ? ';
|
||||
$sql = 'SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage, 0 as owner FROM `*PREFIX*deck_board_acl` WHERE `board_id` = ? ' .
|
||||
'UNION SELECT 0, id, \'user\', owner, 1, 1, 1, 1 FROM `*PREFIX*deck_boards` WHERE `id` = ? ';
|
||||
return $this->findEntities($sql, [$boardId, $boardId], $limit, $offset);
|
||||
}
|
||||
|
||||
public function findAllShared($boardId) {
|
||||
$sql = 'SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage FROM `*PREFIX*deck_board_acl` WHERE `board_id` = ? ';
|
||||
return $this->findEntities($sql, [$boardId]);
|
||||
}
|
||||
public function findAllForCard($cardId, $userId) {
|
||||
$findBoardId = "(SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15))";
|
||||
$sql = "SELECT 0, id, 'user', owner, 1, 1, 1, 1 as owner FROM `oc_deck_boards` WHERE `id` IN (SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15))
|
||||
$sql = "SELECT 0, id, 'user', owner, 1, 1, 1, 1 as owner FROM `oc_deck_boards` " .
|
||||
"WHERE `id` IN (SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15))
|
||||
UNION
|
||||
SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage, 0 FROM oc_deck_board_acl
|
||||
WHERE participant = 'admin' AND board_id IN (SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15));";
|
||||
|
||||
}
|
||||
|
||||
public function isOwner($userId, $aclId) {
|
||||
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_board_acl` WHERE id = ?)';
|
||||
$stmt = $this->execute($sql, [$aclId]);
|
||||
$row = $stmt->fetch();
|
||||
return ($row['owner'] === $userId);
|
||||
}
|
||||
|
||||
public function findBoardId($aclId) {
|
||||
$entity = $this->find($aclId);
|
||||
return $entity->getBoardId();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user