Remove dark magic middleware and check permission in services
This commit is contained in:
Julius Haertl
@@ -38,10 +38,10 @@ use OCA\Deck\Db\LabelMapper;
|
||||
class BoardService {
|
||||
|
||||
private $boardMapper;
|
||||
private $aclMapper;
|
||||
private $labelMapper;
|
||||
private $logger;
|
||||
private $aclMapper;
|
||||
private $l10n;
|
||||
private $permissionService;
|
||||
|
||||
public function __construct(
|
||||
BoardMapper $boardMapper,
|
||||
@@ -49,14 +49,13 @@ class BoardService {
|
||||
IL10N $l10n,
|
||||
LabelMapper $labelMapper,
|
||||
AclMapper $aclMapper,
|
||||
IGroupManager $groupManager
|
||||
PermissionService $permissionService
|
||||
) {
|
||||
$this->boardMapper = $boardMapper;
|
||||
$this->labelMapper = $labelMapper;
|
||||
$this->aclMapper = $aclMapper;
|
||||
$this->logger = $logger;
|
||||
$this->l10n = $l10n;
|
||||
$this->groupManager = $groupManager;
|
||||
$this->permissionService = $permissionService;
|
||||
}
|
||||
|
||||
public function findAll($userInfo) {
|
||||
@@ -67,6 +66,7 @@ class BoardService {
|
||||
}
|
||||
|
||||
public function find($boardId) {
|
||||
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
|
||||
return $this->boardMapper->find($boardId, true, true);
|
||||
}
|
||||
|
||||
@@ -97,10 +97,12 @@ class BoardService {
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
$this->permissionService->checkPermission($this->boardMapper, $id, Acl::PERMISSION_READ);
|
||||
return $this->boardMapper->delete($this->find($id));
|
||||
}
|
||||
|
||||
public function update($id, $title, $color) {
|
||||
$this->permissionService->checkPermission($this->boardMapper, $id, Acl::PERMISSION_MANAGE);
|
||||
$board = $this->find($id);
|
||||
$board->setTitle($title);
|
||||
$board->setColor($color);
|
||||
@@ -109,6 +111,7 @@ class BoardService {
|
||||
|
||||
|
||||
public function addAcl($boardId, $type, $participant, $write, $invite, $manage) {
|
||||
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_SHARE);
|
||||
$acl = new Acl();
|
||||
$acl->setBoardId($boardId);
|
||||
$acl->setType($type);
|
||||
@@ -120,6 +123,7 @@ class BoardService {
|
||||
}
|
||||
|
||||
public function updateAcl($id, $write, $invite, $manage) {
|
||||
$this->permissionService->checkPermission($this->boardMapper, $id, Acl::PERMISSION_SHARE);
|
||||
$acl = $this->aclMapper->find($id);
|
||||
$acl->setPermissionWrite($write);
|
||||
$acl->setPermissionInvite($invite);
|
||||
@@ -128,6 +132,7 @@ class BoardService {
|
||||
}
|
||||
|
||||
public function deleteAcl($id) {
|
||||
$this->permissionService->checkPermission($this->boardMapper, $id, Acl::PERMISSION_SHARE);
|
||||
$acl = $this->aclMapper->find($id);
|
||||
return $this->aclMapper->delete($acl);
|
||||
}
|
||||
|
||||
@@ -25,21 +25,31 @@ namespace OCA\Deck\Service;
|
||||
|
||||
use OCA\Deck\Db\Card;
|
||||
use OCA\Deck\Db\CardMapper;
|
||||
use OCA\Deck\Db\Acl;
|
||||
use OCA\Deck\CardArchivedException;
|
||||
use OCA\Deck\Db\StackMapper;
|
||||
|
||||
|
||||
class CardService {
|
||||
|
||||
private $cardMapper;
|
||||
|
||||
public function __construct(CardMapper $cardMapper) {
|
||||
public function __construct(
|
||||
CardMapper $cardMapper,
|
||||
StackMapper $stackMapper,
|
||||
PermissionService $permissionService
|
||||
) {
|
||||
$this->cardMapper = $cardMapper;
|
||||
$this->stackMapper = $stackMapper;
|
||||
$this->permissionService = $permissionService;
|
||||
}
|
||||
|
||||
public function find($cardId) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
|
||||
return $this->cardMapper->find($cardId);
|
||||
}
|
||||
public function create($title, $stackId, $type, $order, $owner) {
|
||||
$this->permissionService->checkPermission($this->stackMapper, $stackId, Acl::PERMISSION_EDIT);
|
||||
$card = new Card();
|
||||
$card->setTitle($title);
|
||||
$card->setStackId($stackId);
|
||||
@@ -51,10 +61,12 @@ class CardService {
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
|
||||
return $this->cardMapper->delete($this->cardMapper->find($id));
|
||||
}
|
||||
|
||||
public function update($id, $title, $stackId, $type, $order, $description, $owner) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
|
||||
$card = $this->cardMapper->find($id);
|
||||
if($card->getArchived()) {
|
||||
throw new CardArchivedException();
|
||||
@@ -69,6 +81,7 @@ class CardService {
|
||||
}
|
||||
|
||||
public function rename($id, $title) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
|
||||
$card = $this->cardMapper->find($id);
|
||||
if($card->getArchived()) {
|
||||
throw new CardArchivedException();
|
||||
@@ -77,6 +90,7 @@ class CardService {
|
||||
return $this->cardMapper->update($card);
|
||||
}
|
||||
public function reorder($id, $stackId, $order) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
|
||||
$cards = $this->cardMapper->findAll($stackId);
|
||||
$i = 0;
|
||||
foreach ($cards as $card) {
|
||||
@@ -102,18 +116,21 @@ class CardService {
|
||||
}
|
||||
|
||||
public function archive($id) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
|
||||
$card = $this->cardMapper->find($id);
|
||||
$card->setArchived(true);
|
||||
return $this->cardMapper->update($card);
|
||||
}
|
||||
|
||||
public function unarchive($id) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
|
||||
$card = $this->cardMapper->find($id);
|
||||
$card->setArchived(false);
|
||||
return $this->cardMapper->update($card);
|
||||
}
|
||||
|
||||
public function assignLabel($cardId, $labelId) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_EDIT);
|
||||
$card = $this->cardMapper->find($cardId);
|
||||
if($card->getArchived()) {
|
||||
throw new CardArchivedException();
|
||||
@@ -122,6 +139,7 @@ class CardService {
|
||||
}
|
||||
|
||||
public function removeLabel($cardId, $labelId) {
|
||||
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_EDIT);
|
||||
$card = $this->cardMapper->find($cardId);
|
||||
if($card->getArchived()) {
|
||||
throw new CardArchivedException();
|
||||
|
||||
@@ -24,8 +24,7 @@
|
||||
namespace OCA\Deck\Service;
|
||||
|
||||
use OCA\Deck\Db\Label;
|
||||
use OCP\ILogger;
|
||||
use OCP\IL10N;
|
||||
use OCA\Deck\Db\Acl;
|
||||
use OCA\Deck\Db\LabelMapper;
|
||||
|
||||
|
||||
@@ -34,19 +33,22 @@ class LabelService {
|
||||
private $labelMapper;
|
||||
private $logger;
|
||||
|
||||
public function __construct(ILogger $logger,
|
||||
IL10N $l10n,
|
||||
LabelMapper $labelMapper) {
|
||||
public function __construct(
|
||||
LabelMapper $labelMapper,
|
||||
PermissionService $permissionService
|
||||
) {
|
||||
$this->labelMapper = $labelMapper;
|
||||
$this->logger = $logger;
|
||||
$this->permissionService = $permissionService;
|
||||
}
|
||||
|
||||
public function find($labelId) {
|
||||
$this->permissionService->checkPermission($this->labelMapper, $labelId, Acl::PERMISSION_READ);
|
||||
$label = $this->labelMapper->find($labelId);
|
||||
return $label;
|
||||
}
|
||||
|
||||
public function create($title, $color, $boardId) {
|
||||
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_MANAGE);
|
||||
$label = new Label();
|
||||
$label->setTitle($title);
|
||||
$label->setColor($color);
|
||||
@@ -55,10 +57,12 @@ class LabelService {
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
$this->permissionService->checkPermission($this->labelMapper, $id, Acl::PERMISSION_MANAGE);
|
||||
return $this->labelMapper->delete($this->find($id));
|
||||
}
|
||||
|
||||
public function update($id, $title, $color) {
|
||||
$this->permissionService->checkPermission($this->labelMapper, $id, Acl::PERMISSION_MANAGE);
|
||||
$label = $this->find($id);
|
||||
$label->setTitle($title);
|
||||
$label->setColor($color);
|
||||
|
||||
@@ -26,6 +26,11 @@ namespace OCA\Deck\Service;
|
||||
use OCA\Deck\Db\Acl;
|
||||
use OCA\Deck\Db\AclMapper;
|
||||
use OCA\Deck\Db\BoardMapper;
|
||||
use OCA\Deck\Db\Entity;
|
||||
use OCA\Deck\Db\IPermissionMapper;
|
||||
use OCA\Deck\NoPermissionException;
|
||||
use OCA\Deck\NotFoundException;
|
||||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\ILogger;
|
||||
|
||||
@@ -84,6 +89,36 @@ class PermissionService {
|
||||
return $this->userCan($acls, $permission);
|
||||
}
|
||||
|
||||
/**
|
||||
* check permissions for replacing dark magic middleware
|
||||
*
|
||||
* @param $mapper IPermissionMapper|null null if $id is a boardId
|
||||
* @param $id int unique identifier of the Entity
|
||||
* @param $permission int
|
||||
* @return bool
|
||||
* @throws NoPermissionException|NotFoundException
|
||||
*/
|
||||
public function checkPermission($mapper, $id, $permission) {
|
||||
try {
|
||||
if($mapper instanceof IPermissionMapper) {
|
||||
$boardId = $mapper->findBoardId($id);
|
||||
} else {
|
||||
$boardId = $id;
|
||||
}
|
||||
if($boardId === null) {
|
||||
throw new NotFoundException('No entity found');
|
||||
}
|
||||
if (!$this->getPermission($boardId, $permission)) {
|
||||
$class = new \ReflectionClass($mapper);
|
||||
$constants = array_flip($class->getConstants());
|
||||
throw new NoPermissionException('Permission ' . $constants[$permission] . ' not granted.');
|
||||
}
|
||||
} catch (DoesNotExistException $exception) {
|
||||
throw new NotFoundException('Permission denied');
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $boardId
|
||||
* @return bool
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace OCA\Deck\Service;
|
||||
|
||||
use OCA\Deck\Db\Acl;
|
||||
use OCA\Deck\Db\CardMapper;
|
||||
use OCA\Deck\Db\LabelMapper;
|
||||
use OCP\ILogger;
|
||||
@@ -41,17 +42,20 @@ class StackService {
|
||||
private $cardMapper;
|
||||
private $logger;
|
||||
private $labelMapper;
|
||||
private $permissionService;
|
||||
|
||||
public function __construct(StackMapper $stackMapper, CardMapper $cardMapper, LabelMapper $labelMapper, ILogger $logger,
|
||||
IL10N $l10n,
|
||||
ITimeFactory $timeFactory) {
|
||||
ITimeFactory $timeFactory, PermissionService $permissionService) {
|
||||
$this->stackMapper = $stackMapper;
|
||||
$this->cardMapper = $cardMapper;
|
||||
$this->labelMapper = $labelMapper;
|
||||
$this->logger = $logger;
|
||||
$this->permissionService = $permissionService;
|
||||
}
|
||||
|
||||
public function findAll($boardId) {
|
||||
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_READ);
|
||||
$stacks = $this->stackMapper->findAll($boardId);
|
||||
$labels = $this->labelMapper->getAssignedLabelsForBoard($boardId);
|
||||
foreach ($stacks as $stackIndex => $stack) {
|
||||
@@ -67,6 +71,7 @@ class StackService {
|
||||
}
|
||||
|
||||
public function findAllArchived($boardId) {
|
||||
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_READ);
|
||||
$stacks = $this->stackMapper->findAll($boardId);
|
||||
$labels = $this->labelMapper->getAssignedLabelsForBoard($boardId);
|
||||
foreach ($stacks as $stackIndex => $stack) {
|
||||
@@ -82,6 +87,7 @@ class StackService {
|
||||
}
|
||||
|
||||
public function create($title, $boardId, $order) {
|
||||
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_MANAGE);
|
||||
$stack = new Stack();
|
||||
$stack->setTitle($title);
|
||||
$stack->setBoardId($boardId);
|
||||
@@ -91,10 +97,12 @@ class StackService {
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
$this->permissionService->checkPermission($this->stackMapper, $id, Acl::PERMISSION_MANAGE);
|
||||
return $this->stackMapper->delete($this->stackMapper->find($id));
|
||||
}
|
||||
|
||||
public function update($id, $title, $boardId, $order) {
|
||||
$this->permissionService->checkPermission($this->stackMapper, $id, Acl::PERMISSION_MANAGE);
|
||||
$stack = $this->stackMapper->find($id);
|
||||
$stack->setTitle($title);
|
||||
$stack->setBoardId($boardId);
|
||||
|
||||
Reference in New Issue
Block a user