Merge pull request #2359 from connortechnology/fix_2353
Update permissions checking for Groups to not use session. Fixes #2353
This commit is contained in:
commit
153877b9c0
|
@ -16,8 +16,10 @@ class GroupsController extends AppController {
|
||||||
|
|
||||||
public function beforeFilter() {
|
public function beforeFilter() {
|
||||||
parent::beforeFilter();
|
parent::beforeFilter();
|
||||||
$canView = $this->Session->Read('groupsPermission');
|
global $user;
|
||||||
if ( $canView == 'None' ) {
|
# We already tested for auth in appController, so we just need to test for specific permission
|
||||||
|
$canView = (!$user) || ($user['Groups'] != 'None');
|
||||||
|
if ( !$canView ) {
|
||||||
throw new UnauthorizedException(__('Insufficient Privileges'));
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -65,14 +67,21 @@ class GroupsController extends AppController {
|
||||||
public function add() {
|
public function add() {
|
||||||
if ( $this->request->is('post') ) {
|
if ( $this->request->is('post') ) {
|
||||||
|
|
||||||
if ($this->Session->Read('groupPermission') != 'Edit') {
|
global $user;
|
||||||
throw new UnauthorizedException(__('Insufficient privileges'));
|
# We already tested for auth in appController,
|
||||||
|
# so we just need to test for specific permission
|
||||||
|
$canEdit = (!$user) || ($user['Groups'] == 'Edit');
|
||||||
|
if ( !$canEdit ) {
|
||||||
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->Group->create();
|
$this->Group->create();
|
||||||
if ( $this->Group->save($this->request->data) ) {
|
if ( $this->Group->save($this->request->data) ) {
|
||||||
return $this->flash(__('The group has been saved.'), array('action' => 'index'));
|
return $this->flash(
|
||||||
|
__('The group has been saved.'),
|
||||||
|
array('action' => 'index')
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$monitors = $this->Group->Monitor->find('list');
|
$monitors = $this->Group->Monitor->find('list');
|
||||||
|
@ -91,12 +100,19 @@ class GroupsController extends AppController {
|
||||||
throw new NotFoundException(__('Invalid group'));
|
throw new NotFoundException(__('Invalid group'));
|
||||||
}
|
}
|
||||||
if ( $this->request->is(array('post', 'put'))) {
|
if ( $this->request->is(array('post', 'put'))) {
|
||||||
if ( $this->Session->Read('groupPermission') != 'Edit' ) {
|
global $user;
|
||||||
throw new UnauthorizedException(__('Insufficient privileges'));
|
# We already tested for auth in appController,
|
||||||
|
# so we just need to test for specific permission
|
||||||
|
$canEdit = (!$user) || ($user['Groups'] == 'Edit');
|
||||||
|
if ( !$canEdit ) {
|
||||||
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if ( $this->Group->save($this->request->data) ) {
|
if ( $this->Group->save($this->request->data) ) {
|
||||||
return $this->flash(__('The group has been saved.'), array('action' => 'index'));
|
return $this->flash(
|
||||||
|
__('The group has been saved.'),
|
||||||
|
array('action' => 'index')
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
$message = 'Error';
|
$message = 'Error';
|
||||||
}
|
}
|
||||||
|
@ -108,7 +124,7 @@ class GroupsController extends AppController {
|
||||||
$this->set(array(
|
$this->set(array(
|
||||||
'message' => $message,
|
'message' => $message,
|
||||||
'monitors'=> $monitors,
|
'monitors'=> $monitors,
|
||||||
'_serialize' => array('message',)
|
'_serialize' => array('message')
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -125,15 +141,26 @@ class GroupsController extends AppController {
|
||||||
throw new NotFoundException(__('Invalid group'));
|
throw new NotFoundException(__('Invalid group'));
|
||||||
}
|
}
|
||||||
$this->request->allowMethod('post', 'delete');
|
$this->request->allowMethod('post', 'delete');
|
||||||
if ( $this->Session->Read('groupPermission') != 'Edit' ) {
|
|
||||||
throw new UnauthorizedException(__('Insufficient privileges'));
|
global $user;
|
||||||
|
# We already tested for auth in appController,
|
||||||
|
# so we just need to test for specific permission
|
||||||
|
$canEdit = (!$user) || ($user['Groups'] == 'Edit');
|
||||||
|
if ( !$canEdit ) {
|
||||||
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $this->Group->delete() ) {
|
if ( $this->Group->delete() ) {
|
||||||
return $this->flash(__('The group has been deleted.'), array('action' => 'index'));
|
return $this->flash(
|
||||||
|
__('The group has been deleted.'),
|
||||||
|
array('action' => 'index')
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
return $this->flash(__('The group could not be deleted. Please, try again.'), array('action' => 'index'));
|
return $this->flash(
|
||||||
|
__('The group could not be deleted. Please, try again.'),
|
||||||
|
array('action' => 'index')
|
||||||
|
);
|
||||||
}
|
}
|
||||||
} // end function delete
|
} // end function delete
|
||||||
} // end class GroupController
|
} // end class GroupController
|
||||||
|
|
|
@ -38,8 +38,8 @@ class Group extends AppModel {
|
||||||
*/
|
*/
|
||||||
public $validate = array(
|
public $validate = array(
|
||||||
'Name' => array(
|
'Name' => array(
|
||||||
'notEmpty' => array(
|
'notBlank' => array(
|
||||||
'rule' => array('notEmpty'))),
|
'rule' => array('notBlank'))),
|
||||||
'Id' => array(
|
'Id' => array(
|
||||||
'numeric' => array(
|
'numeric' => array(
|
||||||
'rule' => array('numeric'),
|
'rule' => array('numeric'),
|
||||||
|
|
Loading…
Reference in New Issue