Skip to content

Commit 56d520b

Browse files
alexdrydenalexdryden
committed
Check to make sure user has the authority to make the change first
1 parent b73590a commit 56d520b

File tree

1 file changed

+85
-82
lines changed

1 file changed

+85
-82
lines changed

src/Controller/UpdateController.php

Lines changed: 85 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,7 @@ public function tempteamUpdateAction()
226226

227227
public function teamUpdateAction()
228228
{
229+
echo "this is the teamAuth: " . $this->teamAuth()->teamAuthorized('update', 'team_user');
229230
$id = $this->params()->fromRoute('id');
230231
$team_sites = $this->entityManager
231232
->getRepository('Teams\Entity\TeamSite')->findBy(['team'=>$id]);
@@ -381,106 +382,108 @@ public function teamUpdateAction()
381382

382383
if ($request->isPost()) {
383384
$post_data = $request->getPost();
385+
if ($this->teamAuth()->teamAuthorized('update', 'team_user')) {
386+
//first update the team name and description
387+
$qb = $this->entityManager->createQueryBuilder();
388+
$qb->update('Teams\Entity\Team', 'team')
389+
->set('team.name', '?1')
390+
->set('team.description', '?2')
391+
->where('team.id = ?3')
392+
->setParameter(1, $post_data['o:name'])
393+
->setParameter(2, $post_data['o:description'])
394+
->setParameter(3, $id)
395+
->getQuery()
396+
->execute();
397+
398+
} else {
399+
$this->messenger()->addError("You aren't authorized to change the team details");
400+
}
384401

385-
//first update the team name and description
386-
$qb = $this->entityManager->createQueryBuilder();
387-
$qb->update('Teams\Entity\Team', 'team')
388-
->set('team.name', '?1')
389-
->set('team.description', '?2')
390-
->where('team.id = ?3')
391-
->setParameter(1, $post_data['o:name'])
392-
->setParameter(2, $post_data['o:description'])
393-
->setParameter(3, $id)
394-
->getQuery()
395-
->execute();
396402

397403
//if they clicked the add user button, just add a member and refresh
398404
//TODO: return the form as filled out with whatever changes they made or use Ajax
399405

400406
//if they actually click on the add user button
401-
if ($post_data['addUser']) {
402-
$team_id = $id;
403-
$user_id = $post_data['add-member'];
404-
$role_id = $post_data['member-role'];
405-
$newMember = $this->addTeamUser($team_id, $user_id, $role_id);
406-
407-
$successMessage = sprintf("Successfully added %s as a %s", $newMember->getUser()->getName(), $newMember->getRole()->getName());
408-
$this->messenger()->addSuccess($successMessage);
409-
410-
return $this->redirect()->refresh();
411-
}
407+
if ($this->teamAuth()->teamAuthorized('update', 'team_user')) {
408+
if ($post_data['addUser']) {
409+
$team_id = $id;
410+
$user_id = $post_data['add-member'];
411+
$role_id = $post_data['member-role'];
412+
$newMember = $this->addTeamUser($team_id, $user_id, $role_id);
412413

413-
//remove all team users and add the ones that are active in the form
414-
$team_users = $em->getRepository('Teams\Entity\TeamUser')->findBy(['team'=>$id]);
415-
foreach ($team_users as $tu):
416-
$em->remove($tu);
417-
endforeach;
418-
$em->flush();
419-
420-
$team_id = $id;
421-
$team = $em->getRepository('Teams\Entity\Team')->findOneBy(['id'=>$team_id]);
422-
423-
if ($post_data['UserRole']) {
424-
foreach ($post_data['UserRole'] as $user_id => $role_id):
425-
$user_id = (int) $user_id;
426-
$role_id = (int) $role_id;
414+
$successMessage = sprintf("Successfully added %s as a %s", $newMember->getUser()->getName(), $newMember->getRole()->getName());
415+
$this->messenger()->addSuccess($successMessage);
427416

428-
if ($post_data['UserCurrent'][$user_id] == 1) {
429-
$current = 1;
430-
} else {
431-
$current = null;
417+
return $this->redirect()->refresh();
432418
}
433419

434-
$user = $em->getRepository('Omeka\Entity\User')->findOneBy(['id'=>$user_id]);
435-
$role = $em->getRepository('Teams\Entity\TeamRole')->findOneBy(['id'=>$role_id]);
436-
437-
$new_tu = new TeamUser($team, $user, $role);
438-
$new_tu->setCurrent($current);
439-
440-
$em->persist($new_tu);
441-
420+
//remove all team users and add the ones that are active in the form
421+
$team_users = $em->getRepository('Teams\Entity\TeamUser')->findBy(['team'=>$id]);
422+
foreach ($team_users as $tu):
423+
$em->remove($tu);
442424
endforeach;
443425
$em->flush();
444-
}
445-
446-
//first delete then add resources to team
447-
$this->processResources($request, $team, $existing_resources, $existing_resource_templates, true);
448-
$this->processResources($request, $team, $existing_resources, $existing_resource_templates, false);
449-
450-
//handle new sites
451-
foreach ($post_data['teamSites']['o:site'] as $site) {
452-
if (!in_array($site, $current_sites)) {
453-
$site = $em->getRepository('Omeka\Entity\Site')->findOneBy(['id'=>$site]);
454-
$ts = new TeamSite($team, $site);
455-
$request = new Request('create', 'team_site');
456-
$event = new Event('api.hydrate.pre', $this, [
457-
'entity' => $ts,
458-
'request' => $request,
459-
]);
460-
$this->getEventManager()->triggerEvent($event);
461-
462-
$em->persist($ts);
463-
}
464-
}
465426

466-
//handle removed sites
467-
foreach ($current_sites as $site) {
468-
if (!in_array($site, $post_data['teamSites']['o:site'])) {
469-
$ts = $em->getRepository('Teams\Entity\TeamSite')->findOneBy(['team'=>$id, 'site'=>$site]);
470-
$request = new Request('delete', 'team_site');
471-
$event = new Event('api.hydrate.pre', $this, [
472-
'entity' => $ts,
473-
'request' => $request,
474-
]);
475-
$this->getEventManager()->triggerEvent($event);
476-
$em->remove($ts);
427+
$team_id = $id;
428+
$team = $em->getRepository('Teams\Entity\Team')->findOneBy(['id'=>$team_id]);
429+
430+
if ($post_data['UserRole']) {
431+
foreach ($post_data['UserRole'] as $user_id => $role_id):
432+
$user_id = (int) $user_id;
433+
$role_id = (int) $role_id;
434+
if ($post_data['UserCurrent'][$user_id] == 1) {
435+
$current = 1;
436+
} else {
437+
$current = null;
438+
}
439+
$user = $em->getRepository('Omeka\Entity\User')->findOneBy(['id'=>$user_id]);
440+
$role = $em->getRepository('Teams\Entity\TeamRole')->findOneBy(['id'=>$role_id]);
441+
442+
$new_tu = new TeamUser($team, $user, $role);
443+
$new_tu->setCurrent($current);
444+
$em->persist($new_tu);
445+
endforeach;
446+
$em->flush();
477447
}
478448
}
479-
$em->flush();
480-
481449

482450

451+
if ($this->teamAuth()->teamAuthorized('update', 'team')){
452+
//first delete then add resources to team
453+
$this->processResources($request, $team, $existing_resources, $existing_resource_templates, true);
454+
$this->processResources($request, $team, $existing_resources, $existing_resource_templates, false);
455+
456+
//handle new sites
457+
foreach ($post_data['teamSites']['o:site'] as $site) {
458+
if (!in_array($site, $current_sites)) {
459+
$site = $em->getRepository('Omeka\Entity\Site')->findOneBy(['id'=>$site]);
460+
$ts = new TeamSite($team, $site);
461+
$request = new Request('create', 'team_site');
462+
$event = new Event('api.hydrate.pre', $this, [
463+
'entity' => $ts,
464+
'request' => $request,
465+
]);
466+
$this->getEventManager()->triggerEvent($event);
467+
468+
$em->persist($ts);
469+
}
470+
}
483471

472+
//handle removed sites
473+
foreach ($current_sites as $site) {
474+
if (!in_array($site, $post_data['teamSites']['o:site'])) {
475+
$ts = $em->getRepository('Teams\Entity\TeamSite')->findOneBy(['team'=>$id, 'site'=>$site]);
476+
$request = new Request('delete', 'team_site');
477+
$event = new Event('api.hydrate.pre', $this, [
478+
'entity' => $ts,
479+
'request' => $request,
480+
]);
481+
$this->getEventManager()->triggerEvent($event);
482+
$em->remove($ts);
483+
}
484+
}
485+
$em->flush();
486+
}
484487

485488
$successMessage = sprintf("Successfully updated the %s team", $team->getName());
486489
$this->messenger()->addSuccess($successMessage);

0 commit comments

Comments
 (0)