commit 914094bfe5cb86ef52ee0fda7acd9d6c47b2afb8
parent 6754432fc8d978f16e478c0846f651e47ed97f1d
Author: dankert <openrat@jandankert.de>
Date: Fri, 3 Dec 2021 22:30:29 +0100
Fix: Check rights for listing projects.
Diffstat:
4 files changed, 46 insertions(+), 36 deletions(-)
diff --git a/modules/cms/action/ProjectlistAction.class.php b/modules/cms/action/ProjectlistAction.class.php
@@ -32,21 +32,10 @@ use util\exception\SecurityException;
* @version $Revision$
* @package openrat.actions
*/
-class ProjectlistAction extends BaseAction
+abstract class ProjectlistAction extends BaseAction
{
function __construct()
{
parent::__construct();
}
-
-
- /**
- * Listing projects is allowed for all users.
- *
- * @return bool
- */
- public function checkAccess() {
-
- return true;
- }
}
\ No newline at end of file
diff --git a/modules/cms/action/projectlist/ProjectlistAddAction.class.php b/modules/cms/action/projectlist/ProjectlistAddAction.class.php
@@ -11,25 +11,14 @@ class ProjectlistAddAction extends ProjectlistAction implements Method {
public function view() {
- $this->setTemplateVar( 'projects',Project::getAllProjects() );
}
+ /**
+ * Add a new project.
+ */
public function post() {
- /*
- $projectid = $this->request->getVar('projectid');
-
- if ( $projectid ) {
-
- $db = \cms\base\DB::get();
- $project = Project::create($projectid);
- $project->load();
- $project->export($db->id);
- $this->addNoticeFor($project,Messages::DONE);
-
- } else {*/
-
$name = $this->request->getRequiredText('name');
$project = new Project();
@@ -37,8 +26,6 @@ class ProjectlistAddAction extends ProjectlistAction implements Method {
$project->persist();
$this->addNoticeFor( $project,Messages::ADDED );
- //}
-
}
diff --git a/modules/cms/action/projectlist/ProjectlistEditAction.class.php b/modules/cms/action/projectlist/ProjectlistEditAction.class.php
@@ -9,28 +9,46 @@ use cms\model\Project;
class ProjectlistEditAction extends ProjectlistAction implements Method {
+ /**
+ * Get a listing of all readable projects.
+ *
+ * @return void
+ */
public function view() {
- // Projekte ermitteln
+
$list = array();
- // Schleife ueber alle Projekte
foreach (Project::getAllProjects() as $id => $name) {
- $project = new Project($id);
+ $project = new Project($id);
$rootFolder = new Folder($project->getRootObjectId());
- $rootFolder->load();
- // Berechtigt für das Projekt?
+ // Check permission, the user must have the READ permission.
if ($rootFolder->hasRight(Permission::ACL_READ)) {
- $list[$id] = array();
- $list[$id]['id' ] = $id;
- $list[$id]['name' ] = $name;
+ $list[ $id ] = [
+ 'id' => $id,
+ 'name' => $name,
+ ];
}
}
$this->setTemplateVar('projects',$list);
$this->setTemplateVar('add',$this->userIsAdmin());
}
+
+
public function post() {
}
+
+
+ /**
+ * Check permission.
+ * This action is allowed to all users.
+ *
+ * @return true
+ */
+ function checkAccess()
+ {
+ return true;
+ }
}
diff --git a/modules/cms/action/projectlist/ProjectlistHistoryAction.class.php b/modules/cms/action/projectlist/ProjectlistHistoryAction.class.php
@@ -9,6 +9,10 @@ use cms\model\Project;
class ProjectlistHistoryAction extends ProjectlistAction implements Method {
+
+ /**
+ * History of a project.
+ */
public function view() {
$result = Project::getAllLastChanges();
@@ -22,6 +26,18 @@ class ProjectlistHistoryAction extends ProjectlistAction implements Method {
$this->setTemplateVar('timeline', $result);
}
+
public function post() {
+ throw new \BadMethodCallException();
}
+
+
+ /**
+ * Check permission. This is allowed to all users.
+ * @return bool true
+ */
+ function checkAccess()
+ {
+ return true;
+ }
}