ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add permission exception details and fix card view permissions

Browse Source
This commit is contained in:
Julius Haertl
2016-08-31 14:05:50 +02:00
parent aae3660f4b
commit f4ac0c1b2f
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/Middleware/SharingMiddleware.php
View File

@@ -123,13 +123,8 @@ class SharingMiddleware extends Middleware {
} }
if($controller instanceof CardController) { if($controller instanceof CardController) {
if($method==="GET" || $method === "POST") {
$mapper = $this->container->query('OCA\Deck\Db\StackMapper');
$id = $params['stackId'];
} else {
$mapper = $this->container->query('OCA\Deck\Db\CardMapper'); $mapper = $this->container->query('OCA\Deck\Db\CardMapper');
$id = $params['cardId']; $id = $params['cardId'];
}
} }
if($controller instanceof LabelController) { if($controller instanceof LabelController) {
@@ -146,23 +141,23 @@ class SharingMiddleware extends Middleware {
if($this->reflector->hasAnnotation('RequireReadPermission')) { if($this->reflector->hasAnnotation('RequireReadPermission')) {
if(!$this->checkReadPermission($userId, $mapper, $id)) { if(!$this->checkReadPermission($userId, $mapper, $id)) {
throw new NoPermissionException("User ". $userId . " has no permission to read."); throw new NoPermissionException("User ". $userId . " has no permission to read.", $controller, $method);
} }
} }
if($this->reflector->hasAnnotation('RequireEditPermission')) { if($this->reflector->hasAnnotation('RequireEditPermission')) {
if(!$this->checkEditPermission($userId, $mapper, $id)) { if(!$this->checkEditPermission($userId, $mapper, $id)) {
throw new NoPermissionException("User ". $userId . " has no permission to edit."); throw new NoPermissionException("User ". $userId . " has no permission to edit.", $controller, $method);
} }
} }
if($this->reflector->hasAnnotation('RequireSharePermission')) { if($this->reflector->hasAnnotation('RequireSharePermission')) {
if(!$this->checkSharePermission($userId, $mapper, $id)) { if(!$this->checkSharePermission($userId, $mapper, $id)) {
throw new NoPermissionException("User ". $userId . " has no permission to share."); throw new NoPermissionException("User ". $userId . " has no permission to share.", $controller, $method);
} }
} }
if($this->reflector->hasAnnotation('RequireManagePermission')) { if($this->reflector->hasAnnotation('RequireManagePermission')) {
if(!$this->checkManagePermission($userId, $mapper, $id)) { if(!$this->checkManagePermission($userId, $mapper, $id)) {
throw new NoPermissionException("User ". $userId . " has no permission to manage."); throw new NoPermissionException("User ". $userId . " has no permission to manage.", $controller, $method);
} }
} }

6
lib/NoPermissionException.php
View File

@@ -26,4 +26,10 @@ namespace OCA\Deck;
class NoPermissionException extends \Exception { class NoPermissionException extends \Exception {
public function __construct($message, $controller=null, $method=null) {
parent::__construct($message);
if($controller && $method) {
$this->message = get_class($controller) . "#" . $method . ": " . $message;
}
}
} }