sharpetronics/crunchbutton
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

partial #2969 - added the permission verification at api

Browse Source
This commit is contained in:
Daniel Camargo 2014-05-20 11:53:50 -03:00
parent 2f48c594a2
commit 206fb04882
12 changed files with 107 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/controllers/default/cockpit2/api/driver/documents/index.php
View File

@ -48,7 +48,15 @@ class Controller_api_driver_documents extends Crunchbutton_Controller_RestAccoun
case 'save': case 'save':
// check the permission
$id_admin = $this->request()[ 'id_admin' ]; $id_admin = $this->request()[ 'id_admin' ];
$user = c::user();
$hasPermission = ( c::admin()->permission()->check( ['global', 'drivers-all'] ) || ( $id_admin == $user->id_admin ) );
if( !$hasPermission ){
$this->_error();
exit;
}
$id_driver_document = $this->request()[ 'id_driver_document' ]; $id_driver_document = $this->request()[ 'id_driver_document' ];
if( $id_admin && $id_driver_document ){ if( $id_admin && $id_driver_document ){
$docStatus = Cockpit_Driver_Document_Status::document( $id_admin, $id_driver_document ); $docStatus = Cockpit_Driver_Document_Status::document( $id_admin, $id_driver_document );
@ -90,13 +98,17 @@ class Controller_api_driver_documents extends Crunchbutton_Controller_RestAccoun
$id_admin = $admin->id_admin; $id_admin = $admin->id_admin;
} }
} }
// Check if the logged user has permission to see the admin's docs
$user = c::user();
$hasPermission = ( c::admin()->permission()->check( ['global', 'drivers-all'] ) || ( $id_admin == $user->id_admin ) );
// shows the regular list // shows the regular list
$list = []; $list = [];
$docs = Cockpit_Driver_Document::all(); $docs = Cockpit_Driver_Document::all();
foreach( $docs as $doc ){ foreach( $docs as $doc ){
$out = $doc->exports();; $out = $doc->exports();;
if( $id_admin ){ if( $id_admin && $hasPermission ){
$docStatus = Cockpit_Driver_Document_Status::document( $id_admin, $doc->id_driver_document ); $docStatus = Cockpit_Driver_Document_Status::document( $id_admin, $doc->id_driver_document );
if( $docStatus->id_driver_document_status ){ if( $docStatus->id_driver_document_status ){
$out[ 'status' ] = $docStatus->exports(); $out[ 'status' ] = $docStatus->exports();

11
include/controllers/default/cockpit2/api/driver/list/index.php
View File

@ -4,6 +4,12 @@ class Controller_api_driver_list extends Crunchbutton_Controller_RestAccount {
public function init() { public function init() {
$hasPermission = ( c::admin()->permission()->check( ['global', 'drivers-all'] ) );
if( !$hasPermission ){
$this->_error();
exit;
}
$resultsPerPage = 20; $resultsPerPage = 20;
if ( c::getPagePiece( 3 ) ) { if ( c::getPagePiece( 3 ) ) {
@ -45,4 +51,9 @@ class Controller_api_driver_list extends Crunchbutton_Controller_RestAccount {
echo json_encode( $data ); echo json_encode( $data );
} }
private function _error( $error = 'invalid request' ){
echo json_encode( [ 'error' => $error ] );
exit();
}
} }

10
include/controllers/default/cockpit2/api/driver/log/index.php
View File

@ -6,6 +6,16 @@ class Controller_api_driver_log extends Crunchbutton_Controller_RestAccount {
if( c::getPagePiece( 3 ) ){ if( c::getPagePiece( 3 ) ){
$admin = Crunchbutton_Admin::o( c::getPagePiece( 3 ) ); $admin = Crunchbutton_Admin::o( c::getPagePiece( 3 ) );
if( $admin->id_admin ){ if( $admin->id_admin ){
// Check the permission
$user = c::user();
$hasPermission = ( c::admin()->permission()->check( ['global', 'drivers-all'] ) || ( $admin->id_admin == $user->id_admin ) );
if( !$hasPermission ){
$this->_error();
exit;
}
$logs = Cockpit_Driver_Log::AllByDriver( $admin->id_admin ); $logs = Cockpit_Driver_Log::AllByDriver( $admin->id_admin );
$list = []; $list = [];
foreach( $logs as $log ){ foreach( $logs as $log ){

6
include/controllers/default/cockpit2/api/driver/notify/index.php
View File

@ -4,6 +4,12 @@ class Controller_api_driver_notify extends Crunchbutton_Controller_RestAccount {
public function init() { public function init() {
$hasPermission = ( c::admin()->permission()->check( ['global', 'drivers-all'] ) );
if( !$hasPermission ){
$this->_error();
exit;
}
if( $this->method() != 'post' ){ if( $this->method() != 'post' ){
$this->_error(); $this->_error();
} }

8
include/controllers/default/cockpit2/api/driver/onboarding/index.php
View File

@ -35,7 +35,9 @@ class Controller_api_driver_onboarding extends Crunchbutton_Controller_Rest {
$driver->active = 0; $driver->active = 0;
$driver->name = $name; $driver->name = $name;
$driver->phone = $phone; $driver->phone = $phone;
$driver->email = $email; if( $email && trim( $email ) != '' ){
$driver->email = $email;
}
$driver->save(); $driver->save();
Log::debug( [ 'action' => 'new driver created', 'driver' => $driver->id_admin, 'name' => $name, 'phone' => $phone, 'email' => $email, 'type' => 'drivers-onboarding'] ); Log::debug( [ 'action' => 'new driver created', 'driver' => $driver->id_admin, 'name' => $name, 'phone' => $phone, 'email' => $email, 'type' => 'drivers-onboarding'] );
@ -44,6 +46,10 @@ class Controller_api_driver_onboarding extends Crunchbutton_Controller_Rest {
$id_community = $this->request()[ 'id_community' ]; $id_community = $this->request()[ 'id_community' ];
if( $id_community ){ if( $id_community ){
$community = Crunchbutton_Community::o( $id_community ); $community = Crunchbutton_Community::o( $id_community );
$driver->timezone = $community->timezone;
$driver->save();
if( $community->id_community ){ if( $community->id_community ){
$group = $community->groupOfDrivers(); $group = $community->groupOfDrivers();
$adminGroup = new Crunchbutton_Admin_Group(); $adminGroup = new Crunchbutton_Admin_Group();

25
include/controllers/default/cockpit2/api/driver/save/index.php
View File

@ -4,12 +4,18 @@ class Controller_api_driver_save extends Crunchbutton_Controller_RestAccount {
public function init() { public function init() {
$id_admin = c::getPagePiece( 3 );
$user = c::user();
$hasPermission = ( c::admin()->permission()->check( ['global', 'drivers-all'] ) || ( $id_admin == $user->id_admin ) );
if( !$hasPermission ){
$this->_error();
exit;
}
if( $this->method() != 'post' ){ if( $this->method() != 'post' ){
$this->_error(); $this->_error();
} }
$id_admin = c::getPagePiece( 3 );
$newDriver = false; $newDriver = false;
// saves a new driver // saves a new driver
@ -26,6 +32,11 @@ class Controller_api_driver_save extends Crunchbutton_Controller_RestAccount {
$driver->phone = preg_replace( '/[^0-9]/i', '', $this->request()[ 'phone' ] ); $driver->phone = preg_replace( '/[^0-9]/i', '', $this->request()[ 'phone' ] );
$driver->email = $this->request()[ 'email' ]; $driver->email = $this->request()[ 'email' ];
$pass = $this->request()[ 'pass' ];
if( $pass && trim( $pass ) != '' ){
$driver->pass = $driver->makePass( $pass );
}
$driver->save(); $driver->save();
// add the community // add the community
@ -42,6 +53,8 @@ class Controller_api_driver_save extends Crunchbutton_Controller_RestAccount {
if( $id_community ){ if( $id_community ){
$community = Crunchbutton_Community::o( $id_community ); $community = Crunchbutton_Community::o( $id_community );
$driver->timezone = $community->timezone;
$driver->save();
if( $community->id_community ){ if( $community->id_community ){
$group = $community->groupOfDrivers(); $group = $community->groupOfDrivers();
$adminGroup = new Crunchbutton_Admin_Group(); $adminGroup = new Crunchbutton_Admin_Group();
@ -59,9 +72,11 @@ class Controller_api_driver_save extends Crunchbutton_Controller_RestAccount {
$log->datetime = date('Y-m-d H:i:s'); $log->datetime = date('Y-m-d H:i:s');
$log->save(); $log->save();
// Notify if ( $this->request()[ 'notify' ] ) {
Cockpit_Driver_Notify::send( $admin->id_admin, Cockpit_Driver_Notify::TYPE_WELCOME ); // Notify
Cockpit_Driver_Notify::send( $driver->id_admin, Cockpit_Driver_Notify::TYPE_WELCOME );
}
echo json_encode( [ 'success' => $driver->exports() ] ); echo json_encode( [ 'success' => $driver->exports() ] );
return; return;
} }

5
include/controllers/default/cockpit2/api/driver/setup/index.php
View File

@ -10,7 +10,10 @@ class Controller_api_driver_setup extends Crunchbutton_Controller_Rest {
$admin = Crunchbutton_Admin::o( $id_admin ); $admin = Crunchbutton_Admin::o( $id_admin );
if( $admin->id_admin ){ if( $admin->id_admin ){
$admin->email = $this->request()[ 'email' ];; $email = $this->request()[ 'email' ];
if( $email && trim( $email ) != '' ){
$admin->email = $email;
}
$admin->login = $admin->createLogin(); $admin->login = $admin->createLogin();
$admin->active = 1; $admin->active = 1;
$admin->pass = $admin->makePass( $this->request()[ 'password' ] ); $admin->pass = $admin->makePass( $this->request()[ 'password' ] );

5
include/controllers/default/cockpit2/api/unique/index.php
View File

@ -1,7 +1,9 @@
<?php <?php
class Controller_api_unique extends Crunchbutton_Controller_Rest { class Controller_api_unique extends Crunchbutton_Controller_Rest {
public function init() { public function init() {
switch ( $this->method() ) { switch ( $this->method() ) {
case 'post': case 'post':
$value = $this->request()[ 'value' ]; $value = $this->request()[ 'value' ];
@ -9,11 +11,13 @@ class Controller_api_unique extends Crunchbutton_Controller_Rest {
$this->_error(); $this->_error();
} }
switch ( c::getPagePiece( 2 ) ) { switch ( c::getPagePiece( 2 ) ) {
case 'email': case 'email':
$admin = Admin::q( 'SELECT * FROM admin WHERE email = "' . $value . '"' ); $admin = Admin::q( 'SELECT * FROM admin WHERE email = "' . $value . '"' );
echo json_encode( [ 'canIUse' => ( $admin->count() == 0 ) ] ); echo json_encode( [ 'canIUse' => ( $admin->count() == 0 ) ] );
exit; exit;
break; break;
case 'phone': case 'phone':
$admin = Admin::q( 'SELECT * FROM admin WHERE phone = "' . $value . '"' ); $admin = Admin::q( 'SELECT * FROM admin WHERE phone = "' . $value . '"' );
echo json_encode( [ 'canIUse' => ( $admin->count() == 0 ) ] ); echo json_encode( [ 'canIUse' => ( $admin->count() == 0 ) ] );
@ -22,6 +26,7 @@ class Controller_api_unique extends Crunchbutton_Controller_Rest {
} }
break; break;
} }
$this->_error(); $this->_error();
} }

2
include/library/Cockpit/Driver/Notify.php
View File

@ -10,7 +10,7 @@ class Cockpit_Driver_Notify extends Cana_Table {
$driver = Crunchbutton_Admin::o( $id_admin ); $driver = Crunchbutton_Admin::o( $id_admin );
if( !$driver->id_admin ){ if( !$driver->id_admin ){
$this->_error(); return [ 'error' => 'invalid user' ];
} }
$phone = $driver->phone(); $phone = $driver->phone();

1
include/library/Crunchbutton/Admin/Permission.php
View File

@ -124,7 +124,6 @@ class Crunchbutton_Admin_Permission extends Cana_Table {
'suggestions-list-restaurant-ID' => array( 'description' => 'View the food suggestions for these restaurants:', 'dependency' => array( 'suggestions-list-page' ), 'type' => 'combo', 'element' => 'Restaurant', 'copy' => array( 'title' => 'Copy from restaurants he has access to edit', 'permissions' => array( 'restaurant-ID-all', 'restaurant-ID-edit' ) ) ), 'suggestions-list-restaurant-ID' => array( 'description' => 'View the food suggestions for these restaurants:', 'dependency' => array( 'suggestions-list-page' ), 'type' => 'combo', 'element' => 'Restaurant', 'copy' => array( 'title' => 'Copy from restaurants he has access to edit', 'permissions' => array( 'restaurant-ID-all', 'restaurant-ID-edit' ) ) ),
); );
// User/Groups's permissions // User/Groups's permissions
$_permissions[ 'permissions' ] = array( 'description' => 'Admin user\'s permissions' ); $_permissions[ 'permissions' ] = array( 'description' => 'Admin user\'s permissions' );
$_permissions[ 'permissions' ][ 'doAllPermission' ] = 'permission-all'; $_permissions[ 'permissions' ][ 'doAllPermission' ] = 'permission-all';

32
include/views/default/cockpit2/frontend/drivers-onboarding-form.phtml
View File

@ -54,11 +54,35 @@
<small class="error" ng-show="form.driverEmail.$invalid">Enter a valid email.</small> <small class="error" ng-show="form.driverEmail.$invalid">Enter a valid email.</small>
</div> </div>
</li> </li>
<li class="buttons">
<button ng-click="save();">Save</button>
<button ng-click="cancel()">Cancel</button>
</li>
</ul> </ul>
<div ng-if="driver.login">
<hr/>
<h2>Access</h2>
<ul>
<li>
<label for="driverLogin">
<div class="label">Login:</div>
<div class="input">
<div class="input"><input type="text" name="driverLogin" readonly="readonly" disabled="disabled" ng-model="driver.login"></div>
</div>
</label>
</li>
<li>
<label for="driverPass">
<div class="label">Password:</div>
<div class="input"><input type="password" name="driverPass" ng-model="driver.pass"></div>
<div>Leave it blank if you don't wanna change it.</div>
</label>
</li>
</ul>
<hr/>
<ul class="buttons">
<li>
<button ng-click="save();">Save</button>
<button ng-click="cancel()">Cancel</button>
</li>
</ul>
</div>
</form> </form>
<div ng-if="driver.id_admin"> <div ng-if="driver.id_admin">
<hr/> <hr/>

1
www/assets/cockpit/js/controllers.drivers.js
View File

@ -253,6 +253,7 @@ NGApp.controller( 'DriversOnboardingFormCtrl', function ( $scope, $routeParams,
if( json.success ){ if( json.success ){
$scope.navigation.link( '/drivers/onboarding/' + json.success.id_admin ); $scope.navigation.link( '/drivers/onboarding/' + json.success.id_admin );
$scope.flash.setMessage( 'Driver saved!' ); $scope.flash.setMessage( 'Driver saved!' );
$scope.driver.pass = '';
} else { } else {
$scope.flash.setMessage( 'Driver not saved: ' + json.error , 'error' ); $scope.flash.setMessage( 'Driver not saved: ' + json.error , 'error' );
} }