Skip to content

Commit ea76e95

Browse files
smarcetsmarcet
committed
Track Allowed Locations
* fixed authz code Change-Id: I6f87520c45bc12dabfa367cf2448cf1744a81003
1 parent b214a3e commit ea76e95

File tree

2 files changed

+64
-0
lines changed

2 files changed

+64
-0
lines changed

app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitProposedScheduleAllowedLocationApiController.php

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@
1818
use App\Services\Model\ISummitProposedScheduleAllowedLocationService;
1919
use models\oauth2\IResourceServerContext;
2020
use models\summit\ISummitRepository;
21+
use models\summit\PresentationCategory;
22+
use models\summit\Summit;
2123
use ModelSerializers\SerializerRegistry;
2224
use utils\Filter;
2325
use utils\FilterElement;
@@ -75,6 +77,20 @@ public function __construct
7577
$this->repository = $repository;
7678
}
7779

80+
/**
81+
* @param Summit $summit
82+
* @param PresentationCategory $track
83+
* @return bool
84+
*/
85+
private function isCurrentUserAuth(Summit $summit, PresentationCategory $track):bool{
86+
$current_member = $this->resource_server_context->getCurrentUser();
87+
if(is_null($current_member)) return false;
88+
if($current_member->isAdmin()) return true;
89+
if($summit->isSummitAdmin($current_member)) return true;
90+
if($summit->isTrackChair($current_member, $track)) return true;
91+
return false;
92+
}
93+
7894
/**
7995
* @param $summit_id
8096
* @param $track_id
@@ -88,6 +104,9 @@ public function getAllAllowedLocationByTrack($summit_id, $track_id){
88104
$track = $summit->getPresentationCategory(intval($track_id));
89105
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
90106

107+
if(!$this->isCurrentUserAuth($summit, $track))
108+
return $this->error403();
109+
91110
return $this->_getAll(
92111
function () {
93112
return [
@@ -133,6 +152,9 @@ public function addAllowedLocationToTrack($summit_id, $track_id){
133152
$track = $summit->getPresentationCategory(intval($track_id));
134153
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
135154

155+
if(!$this->isCurrentUserAuth($summit, $track))
156+
return $this->error403();
157+
136158
$payload = $this->getJsonPayload(SummitProposedScheduleAllowedLocationValidationRulesFactory::buildForAdd());
137159

138160
return $this->created(SerializerRegistry::getInstance()->getSerializer($this->service->addProposedLocationToTrack($track, $payload))
@@ -159,6 +181,9 @@ public function getAllowedLocationFromTrack($summit_id, $track_id, $location_id)
159181
$track = $summit->getPresentationCategory(intval($track_id));
160182
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
161183

184+
if(!$this->isCurrentUserAuth($summit, $track))
185+
return $this->error403();
186+
162187
$allowed_location = $track->getAllowedLocationById(intval($location_id));
163188

164189
if(is_null($allowed_location)) return $this->error404();
@@ -181,6 +206,9 @@ public function removeAllowedLocationFromTrack($summit_id, $track_id, $location_
181206
$track = $summit->getPresentationCategory(intval($track_id));
182207
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
183208

209+
if(!$this->isCurrentUserAuth($summit, $track))
210+
return $this->error403();
211+
184212
$this->service->deleteProposedLocationFromTrack($track, intval($location_id));
185213

186214
return $this->deleted();
@@ -200,6 +228,9 @@ public function removeAllAllowedLocationFromTrack($summit_id, $track_id){
200228
$track = $summit->getPresentationCategory(intval($track_id));
201229
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
202230

231+
if(!$this->isCurrentUserAuth($summit, $track))
232+
return $this->error403();
233+
203234
$this->service->deleteAllProposedLocationFromTrack($track);
204235

205236
return $this->deleted();
@@ -220,6 +251,9 @@ public function addTimeFrame2AllowedLocation($summit_id, $track_id, $location_id
220251
$track = $summit->getPresentationCategory(intval($track_id));
221252
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
222253

254+
if(!$this->isCurrentUserAuth($summit, $track))
255+
return $this->error403();
256+
223257
$payload = $this->getJsonPayload(SummitProposedScheduleAllowedDayValidationRulesFactory::buildForAdd());
224258

225259
return $this->created(SerializerRegistry::getInstance()->getSerializer($this->service->addAllowedDayToProposedLocation($track, intval($location_id), $payload))
@@ -246,6 +280,9 @@ public function getAllTimeFrameFromAllowedLocation($summit_id, $track_id, $locat
246280
$track = $summit->getPresentationCategory(intval($track_id));
247281
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
248282

283+
if(!$this->isCurrentUserAuth($summit, $track))
284+
return $this->error403();
285+
249286
$allowed_location = $track->getAllowedLocationById(intval($location_id));
250287
if(is_null($allowed_location)) return $this->error404();
251288

@@ -321,6 +358,9 @@ public function getTimeFrameFromAllowedLocation($summit_id, $track_id, $location
321358
$track = $summit->getPresentationCategory(intval($track_id));
322359
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
323360

361+
if(!$this->isCurrentUserAuth($summit, $track))
362+
return $this->error403();
363+
324364
$allowed_location = $track->getAllowedLocationById(intval($location_id));
325365

326366
if(is_null($allowed_location)) return $this->error404();
@@ -353,6 +393,9 @@ public function removeTimeFrameFromAllowedLocation($summit_id, $track_id, $locat
353393
$track = $summit->getPresentationCategory(intval($track_id));
354394
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
355395

396+
if(!$this->isCurrentUserAuth($summit, $track))
397+
return $this->error403();
398+
356399
$this->service->deleteAllowedDayToProposedLocation($track, intval($location_id), intval($time_frame_id));
357400

358401
return $this->deleted();
@@ -373,6 +416,9 @@ public function removeAllTimeFrameFromAllowedLocation($summit_id, $track_id, $lo
373416
$track = $summit->getPresentationCategory(intval($track_id));
374417
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
375418

419+
if(!$this->isCurrentUserAuth($summit, $track))
420+
return $this->error403();
421+
376422
$this->service->deleteAllAllowedDayToProposedLocation($track, intval($location_id));
377423

378424
return $this->deleted();
@@ -394,6 +440,9 @@ public function updateTimeFrameFromAllowedLocation($summit_id, $track_id, $locat
394440
$track = $summit->getPresentationCategory(intval($track_id));
395441
if(is_null($track) || !$track->isChairVisible()) return $this->error404();
396442

443+
if(!$this->isCurrentUserAuth($summit, $track))
444+
return $this->error403();
445+
397446
$payload = $this->getJsonPayload(SummitProposedScheduleAllowedDayValidationRulesFactory::buildForUpdate());
398447

399448
return $this->updated(SerializerRegistry::getInstance()->getSerializer($this->service->updateAllowedDayToProposedLocation($track, intval($location_id), intval($time_frame_id), $payload))

database/seeders/ApiEndpointsSeeder.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5190,6 +5190,8 @@ private function seedSummitEndpoints()
51905190
IGroup::SuperAdmins,
51915191
IGroup::Administrators,
51925192
IGroup::SummitAdministrators,
5193+
IGroup::TrackChairs,
5194+
IGroup::TrackChairsAdmins,
51935195
]
51945196
],
51955197
[
@@ -5204,6 +5206,7 @@ private function seedSummitEndpoints()
52045206
IGroup::SuperAdmins,
52055207
IGroup::Administrators,
52065208
IGroup::SummitAdministrators,
5209+
IGroup::TrackChairsAdmins,
52075210
]
52085211
],
52095212
[
@@ -5218,6 +5221,8 @@ private function seedSummitEndpoints()
52185221
IGroup::SuperAdmins,
52195222
IGroup::Administrators,
52205223
IGroup::SummitAdministrators,
5224+
IGroup::TrackChairs,
5225+
IGroup::TrackChairsAdmins,
52215226
]
52225227
],
52235228
[
@@ -5232,6 +5237,7 @@ private function seedSummitEndpoints()
52325237
IGroup::SuperAdmins,
52335238
IGroup::Administrators,
52345239
IGroup::SummitAdministrators,
5240+
IGroup::TrackChairsAdmins,
52355241
]
52365242
],
52375243

@@ -5261,6 +5267,7 @@ private function seedSummitEndpoints()
52615267
IGroup::SuperAdmins,
52625268
IGroup::Administrators,
52635269
IGroup::SummitAdministrators,
5270+
IGroup::TrackChairsAdmins,
52645271
]
52655272
],
52665273
[
@@ -5275,6 +5282,8 @@ private function seedSummitEndpoints()
52755282
IGroup::SuperAdmins,
52765283
IGroup::Administrators,
52775284
IGroup::SummitAdministrators,
5285+
IGroup::TrackChairs,
5286+
IGroup::TrackChairsAdmins,
52785287
]
52795288
],
52805289
[
@@ -5289,6 +5298,8 @@ private function seedSummitEndpoints()
52895298
IGroup::SuperAdmins,
52905299
IGroup::Administrators,
52915300
IGroup::SummitAdministrators,
5301+
IGroup::TrackChairs,
5302+
IGroup::TrackChairsAdmins,
52925303
]
52935304
],
52945305
[
@@ -5303,6 +5314,7 @@ private function seedSummitEndpoints()
53035314
IGroup::SuperAdmins,
53045315
IGroup::Administrators,
53055316
IGroup::SummitAdministrators,
5317+
IGroup::TrackChairsAdmins,
53065318
]
53075319
],
53085320
[
@@ -5317,6 +5329,7 @@ private function seedSummitEndpoints()
53175329
IGroup::SuperAdmins,
53185330
IGroup::Administrators,
53195331
IGroup::SummitAdministrators,
5332+
IGroup::TrackChairsAdmins,
53205333
]
53215334
],
53225335
[
@@ -5331,6 +5344,8 @@ private function seedSummitEndpoints()
53315344
IGroup::SuperAdmins,
53325345
IGroup::Administrators,
53335346
IGroup::SummitAdministrators,
5347+
IGroup::TrackChairs,
5348+
IGroup::TrackChairsAdmins,
53345349
]
53355350
],
53365351
// ticket types

0 commit comments

Comments
 (0)