partkeepr

fork of partkeepr
git clone https://git.e1e0.net/partkeepr.git
Log | Files | Refs | Submodules | README | LICENSE
commit 69ed155dcee0c1166d631234bfe735787009c4e0
parent 10a95614326f1f50e74af6e8c7a4690a7f0625a4
Author: Felicitus <felicitus@felicitus.org>
Date:   Wed, 29 Jun 2011 20:47:52 +0200

Changed the user service from an AdminService to a regular service, and create checks for create/update/delete operations

Diffstat:

Msrc/de/RaumZeitLabor/PartKeepr/User/UserService.php | 22+++++++++++++++++++---


1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/de/RaumZeitLabor/PartKeepr/User/UserService.php b/src/de/RaumZeitLabor/PartKeepr/User/UserService.php
@@ -4,12 +4,12 @@ use de\RaumZeitLabor\PartKeepr\Service\RestfulService;
 
 declare(encoding = 'UTF-8');
 
-use de\RaumZeitLabor\PartKeepr\Service\AdminService;
+use de\RaumZeitLabor\PartKeepr\Service\Service;
 use de\RaumZeitLabor\PartKeepr\PartKeepr,
 	de\RaumZeitLabor\PartKeepr\User\User,
 	de\RaumZeitLabor\PartKeepr\Session\SessionManager;
 
-class UserService extends AdminService implements RestfulService {
+class UserService extends Service implements RestfulService {
 	
 	/**
 	 * Implements the get() call for the RestfulService.
@@ -21,7 +21,11 @@ class UserService extends AdminService implements RestfulService {
 	 */
 	public function get () {
 		if ($this->hasParameter("id")) {
-			 return array("data" => UserManager::getInstance()->getUser($this->getParameter("id"))->serialize());
+			if (!SessionManager::getCurrentSession()->getUser()->isAdmin()) {
+				throw new \Exception("Permission denied");
+			}
+			
+			return array("data" => UserManager::getInstance()->getUser($this->getParameter("id"))->serialize());
 		} else {
 			if ($this->hasParameter("sort")) {
 				$tmp = json_decode($this->getParameter("sort"), true);
@@ -47,6 +51,10 @@ class UserService extends AdminService implements RestfulService {
 	 * @see de\RaumZeitLabor\PartKeepr\Service.RestfulService::create()
 	 */
 	public function create () {
+		if (!SessionManager::getCurrentSession()->getUser()->isAdmin()) {
+			throw new \Exception("Permission denied");
+		}
+		
 		$this->requireParameter("username");
 		
 		$user = new User;
@@ -62,6 +70,10 @@ class UserService extends AdminService implements RestfulService {
 	 * @see de\RaumZeitLabor\PartKeepr\Service.RestfulService::update()
 	 */
 	public function update () {
+		if (!SessionManager::getCurrentSession()->getUser()->isAdmin()) {
+			throw new \Exception("Permission denied");
+		}
+		
 		$this->requireParameter("id");
 		$this->requireParameter("username");
 		$user = UserManager::getInstance()->getUser($this->getParameter("id"));
@@ -78,6 +90,10 @@ class UserService extends AdminService implements RestfulService {
 	 * @see de\RaumZeitLabor\PartKeepr\Service.RestfulService::destroy()
 	 */
 	public function destroy () {
+		if (!SessionManager::getCurrentSession()->getUser()->isAdmin()) {
+			throw new \Exception("Permission denied");
+		}
+		
 		$this->requireParameter("id");
 		
 		UserManager::getInstance()->deleteUser($this->getParameter("id"));