use for auth, and add Monitor Edit checks to Zone add/delete/edit
This commit is contained in:
Isaac Connor
parent
caa8adae5e
commit
08d3f98e5e
|
|
@ -16,13 +16,13 @@ public $components = array('RequestHandler');
|
|||
|
||||
public function beforeFilter() {
|
||||
parent::beforeFilter();
|
||||
$canView = $this->Session->Read('monitorPermission');
|
||||
if ($canView =='None')
|
||||
{
|
||||
|
||||
global $user;
|
||||
$canView = (!$user) || $user['Monitors'] != 'None';
|
||||
if ( !$canView ) {
|
||||
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Find all zones which belong to a MonitorId
|
||||
|
|
@ -43,13 +43,11 @@ public function forMonitor($id = null) {
|
|||
public function index() {
|
||||
$this->Zone->recursive = -1;
|
||||
|
||||
$allowedMonitors=preg_split ('@,@', $this->Session->Read('allowedMonitors'),NULL, PREG_SPLIT_NO_EMPTY);
|
||||
if (!empty($allowedMonitors))
|
||||
{
|
||||
global $user;
|
||||
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'],NULL, PREG_SPLIT_NO_EMPTY) : null;
|
||||
if ( $allowedMonitors ) {
|
||||
$mon_options = array('Zones.MonitorId' => $allowedMonitors);
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$mon_options = '';
|
||||
}
|
||||
$zones = $this->Zone->find('all',$mon_options);
|
||||
|
|
@ -65,6 +63,14 @@ public function index() {
|
|||
*/
|
||||
public function add() {
|
||||
if ( $this->request->is('post') ) {
|
||||
|
||||
global $user;
|
||||
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
|
||||
if ( !$canEdit ) {
|
||||
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||
return;
|
||||
}
|
||||
|
||||
$this->Zone->create();
|
||||
if ( $this->Zone->save($this->request->data) ) {
|
||||
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
|
||||
|
|
@ -88,6 +94,12 @@ public function index() {
|
|||
throw new NotFoundException(__('Invalid zone'));
|
||||
}
|
||||
if ( $this->request->is(array('post', 'put')) ) {
|
||||
global $user;
|
||||
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
|
||||
if ( !$canEdit ) {
|
||||
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||
return;
|
||||
}
|
||||
if ( $this->Zone->save($this->request->data) ) {
|
||||
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
|
||||
}
|
||||
|
|
@ -112,6 +124,12 @@ public function index() {
|
|||
throw new NotFoundException(__('Invalid zone'));
|
||||
}
|
||||
$this->request->allowMethod('post', 'delete');
|
||||
global $user;
|
||||
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
|
||||
if ( !$canEdit ) {
|
||||
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||
return;
|
||||
}
|
||||
if ( $this->Zone->delete() ) {
|
||||
return $this->flash(__('The zone has been deleted.'), array('action' => 'index'));
|
||||
} else {
|
||||
|
|
@ -119,8 +137,6 @@ public function index() {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function createZoneImage( $id = null ) {
|
||||
$this->loadModel('Monitor');
|
||||
$this->Monitor->id = $id;
|
||||
|
|
@ -128,7 +144,6 @@ public function index() {
|
|||
throw new NotFoundException(__('Invalid zone'));
|
||||
}
|
||||
|
||||
|
||||
$this->loadModel('Config');
|
||||
$zm_dir_images = $this->Config->find('list', array(
|
||||
'conditions' => array('Name' => 'ZM_DIR_IMAGES'),
|
||||
|
|
@ -149,6 +164,5 @@ public function index() {
|
|||
'status' => $status,
|
||||
'_serialize' => array('status')
|
||||
));
|
||||
|
||||
}
|
||||
}
|
||||
} // end class
|
||||
|
|
|
|||
Loading…
Reference in New Issue