Editing categories possible, add security check
This commit is contained in:
Mike Koch
parent
7d2479d5b6
commit
dd690decb2
@ -12,6 +12,7 @@ use BusinessLogic\Emails\EmailTemplateRetriever;
|
||||
use BusinessLogic\Emails\MailgunEmailSender;
|
||||
use BusinessLogic\Navigation\CustomNavElementHandler;
|
||||
use BusinessLogic\Security\BanRetriever;
|
||||
use BusinessLogic\Security\PermissionChecker;
|
||||
use BusinessLogic\Security\UserContextBuilder;
|
||||
use BusinessLogic\Security\UserToTicketChecker;
|
||||
use BusinessLogic\Settings\ApiChecker;
|
||||
@ -50,6 +51,9 @@ class ApplicationContext {
|
||||
function __construct() {
|
||||
$this->get = array();
|
||||
|
||||
// Permissions
|
||||
$this->get[PermissionChecker::class] = new PermissionChecker();
|
||||
|
||||
// Settings
|
||||
$this->get[ModsForHeskSettingsGateway::class] = new ModsForHeskSettingsGateway();
|
||||
|
||||
@ -74,7 +78,9 @@ class ApplicationContext {
|
||||
// Categories
|
||||
$this->get[CategoryGateway::class] = new CategoryGateway();
|
||||
$this->get[CategoryRetriever::class] = new CategoryRetriever($this->get[CategoryGateway::class]);
|
||||
$this->get[CategoryHandler::class] = new CategoryHandler($this->get[CategoryGateway::class]);
|
||||
$this->get[CategoryHandler::class] = new CategoryHandler(
|
||||
$this->get[CategoryGateway::class],
|
||||
$this->get[PermissionChecker::class]);
|
||||
|
||||
// Bans
|
||||
$this->get[BanGateway::class] = new BanGateway();
|
||||
|
||||
@ -3,7 +3,10 @@
|
||||
namespace BusinessLogic\Categories;
|
||||
|
||||
|
||||
use BusinessLogic\Exceptions\AccessViolationException;
|
||||
use BusinessLogic\Exceptions\ValidationException;
|
||||
use BusinessLogic\Security\PermissionChecker;
|
||||
use BusinessLogic\Security\UserPrivilege;
|
||||
use BusinessLogic\ValidationModel;
|
||||
use DataAccess\Categories\CategoryGateway;
|
||||
|
||||
@ -11,8 +14,12 @@ class CategoryHandler {
|
||||
/* @var $categoryGateway CategoryGateway */
|
||||
private $categoryGateway;
|
||||
|
||||
function __construct($categoryGateway) {
|
||||
/* @var $permissionChecker PermissionChecker */
|
||||
private $permissionChecker;
|
||||
|
||||
function __construct($categoryGateway, $permissionChecker) {
|
||||
$this->categoryGateway = $categoryGateway;
|
||||
$this->permissionChecker = $permissionChecker;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -22,27 +29,35 @@ class CategoryHandler {
|
||||
* @throws ValidationException When validation fails
|
||||
*/
|
||||
//TODO Test
|
||||
function createCategory($category, $heskSettings) {
|
||||
$validationModel = $this->validate($category, $heskSettings);
|
||||
function createCategory($category, $userContext, $heskSettings) {
|
||||
$validationModel = $this->validate($category, $userContext);
|
||||
|
||||
if (count($validationModel->errorKeys) > 0) {
|
||||
throw new ValidationException($validationModel);
|
||||
}
|
||||
|
||||
$category->id = $this->categoryGateway->createCategory($category, $heskSettings);
|
||||
$id = $this->categoryGateway->createCategory($category, $heskSettings);
|
||||
|
||||
return $category;
|
||||
$allCategories = $this->categoryGateway->getAllCategories($heskSettings);
|
||||
|
||||
return $allCategories[$id];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $category Category
|
||||
* @param $heskSettings array
|
||||
* @param $userContext
|
||||
* @param $creating bool
|
||||
* @return ValidationModel
|
||||
* @throws AccessViolationException
|
||||
*/
|
||||
//TODO Test
|
||||
private function validate($category, $heskSettings, $creating = true) {
|
||||
private function validate($category, $userContext, $creating = true) {
|
||||
$validationModel = new ValidationModel();
|
||||
|
||||
if (!$this->permissionChecker->doesUserHavePermission($userContext, UserPrivilege::CAN_MANAGE_CATEGORIES)) {
|
||||
throw new AccessViolationException('User cannot manage categories!');
|
||||
}
|
||||
|
||||
if (!$creating && $category->id < 1) {
|
||||
$validationModel->errorKeys[] = 'ID_MISSING';
|
||||
}
|
||||
@ -59,11 +74,47 @@ class CategoryHandler {
|
||||
$validationModel->errorKeys[] = 'NAME_MISSING';
|
||||
}
|
||||
|
||||
if ($category->priority === null || intval($category->priority) < 0 || intval($category->priority) > 3) {
|
||||
$validationModel->errorKeys[] = 'INVALID_PRIORITY';
|
||||
}
|
||||
|
||||
if ($category->autoAssign === null || !is_bool($category->autoAssign)) {
|
||||
$validationModel->errorKeys[] = 'INVALID_AUTOASSIGN';
|
||||
}
|
||||
|
||||
if ($category->displayBorder === null || !is_bool($category->displayBorder)) {
|
||||
$validationModel->errorKeys[] = 'INVALID_DISPLAY_BORDER';
|
||||
}
|
||||
|
||||
if ($category->type === null || (intval($category->type) !== 0 && intval($category->type) !== 1)) {
|
||||
$validationModel->errorKeys[] = 'INVALID_TYPE';
|
||||
}
|
||||
|
||||
if ($category->type === null || intval($category->type) < 0 || intval($category->type) > 2) {
|
||||
$validationModel->errorKeys[] = 'INVALID_TYPE';
|
||||
}
|
||||
|
||||
return $validationModel;
|
||||
}
|
||||
|
||||
function editCategory($category, $heskSettings) {
|
||||
/**
|
||||
* @param $category Category
|
||||
* @param $heskSettings array
|
||||
* @return Category
|
||||
* @throws ValidationException
|
||||
*/
|
||||
function editCategory($category, $userContext, $heskSettings) {
|
||||
$validationModel = $this->validate($category, $userContext, false);
|
||||
|
||||
if (count($validationModel->errorKeys) > 0) {
|
||||
throw new ValidationException($validationModel);
|
||||
}
|
||||
|
||||
$this->categoryGateway->updateCategory($category, $heskSettings);
|
||||
$this->categoryGateway->resortAllCategories($heskSettings);
|
||||
|
||||
$allCategories = $this->categoryGateway->getAllCategories($heskSettings);
|
||||
|
||||
return $allCategories[$category->id];
|
||||
}
|
||||
}
|
||||
23
api/BusinessLogic/Security/PermissionChecker.php
Normal file
23
api/BusinessLogic/Security/PermissionChecker.php
Normal file
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
namespace BusinessLogic\Security;
|
||||
|
||||
|
||||
class PermissionChecker {
|
||||
/**
|
||||
* @param $userContext UserContext
|
||||
* @param $permission string
|
||||
* @return bool
|
||||
*/
|
||||
function doesUserHavePermission($userContext, $permission) {
|
||||
if ($userContext->admin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (in_array($permission, $userContext->permissions)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -14,4 +14,5 @@ class UserPrivilege {
|
||||
const CAN_REPLY_TO_TICKETS = 'can_reply_tickets';
|
||||
const CAN_EDIT_TICKETS = 'can_edit_tickets';
|
||||
const CAN_DELETE_TICKETS = 'can_del_tickets';
|
||||
const CAN_MANAGE_CATEGORIES = 'can_man_cat';
|
||||
}
|
||||
@ -48,13 +48,16 @@ class CategoryController {
|
||||
return output($category);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $json
|
||||
* @return Category
|
||||
*/
|
||||
private function buildCategoryFromJson($json) {
|
||||
$category = new Category();
|
||||
|
||||
$category->id = Helpers::safeArrayGet($json, 'id');
|
||||
$category->autoAssign = Helpers::safeArrayGet($json, 'autoassign');
|
||||
$category->backgroundColor = Helpers::safeArrayGet($json, 'backgroundColor');
|
||||
$category->catOrder = Helpers::safeArrayGet($json, 'order');
|
||||
$category->catOrder = Helpers::safeArrayGet($json, 'catOrder');
|
||||
$category->description = Helpers::safeArrayGet($json, 'description');
|
||||
$category->displayBorder = Helpers::safeArrayGet($json, 'displayBorder');
|
||||
$category->foregroundColor = Helpers::safeArrayGet($json, 'foregroundColor');
|
||||
@ -68,7 +71,19 @@ class CategoryController {
|
||||
}
|
||||
|
||||
function put($id) {
|
||||
//-- TODO: Edit category
|
||||
global $hesk_settings, $applicationContext;
|
||||
|
||||
$data = JsonRetriever::getJsonData();
|
||||
|
||||
$category = $this->buildCategoryFromJson($data);
|
||||
$category->id = $id;
|
||||
|
||||
/* @var $categoryHandler CategoryHandler */
|
||||
$categoryHandler = $applicationContext->get[CategoryHandler::class];
|
||||
|
||||
$category = $categoryHandler->editCategory($category, $hesk_settings);
|
||||
|
||||
return output($category);
|
||||
}
|
||||
|
||||
function delete($id) {
|
||||
|
||||
@ -73,9 +73,47 @@ class CategoryGateway extends CommonDao {
|
||||
return $id;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $category Category
|
||||
* @param $heskSettings array
|
||||
*/
|
||||
function updateCategory($category, $heskSettings) {
|
||||
$this->init();
|
||||
|
||||
$sql = "UPDATE `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories` SET
|
||||
`name` = '" . hesk_dbEscape($category->name) . "',
|
||||
`cat_order` = " . intval($category->catOrder) . ",
|
||||
`autoassign` = '" . ($category->autoAssign ? 1 : 0) . "',
|
||||
`type` = '" . intval($category->type) . "',
|
||||
`priority` = '" . intval($category->priority) . "',
|
||||
`manager` = " . ($category->manager === null ? 0 : intval($category->manager)) . ",
|
||||
`background_color` = '" . hesk_dbEscape($category->backgroundColor) . "',
|
||||
`usage` = " . intval($category->usage) . ",
|
||||
`foreground_color` = '" . hesk_dbEscape($category->foregroundColor) . "',
|
||||
`display_border_outline` = '" . ($category->displayBorder ? 1 : 0) . "',
|
||||
`mfh_description` = '" . hesk_dbEscape($category->description) . "'
|
||||
WHERE `id` = " . intval($category->id);
|
||||
|
||||
hesk_dbQuery($sql);
|
||||
|
||||
$this->close();
|
||||
}
|
||||
|
||||
function resortAllCategories($heskSettings) {
|
||||
$this->init();
|
||||
|
||||
$rs = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories`
|
||||
ORDER BY `cat_order` ASC");
|
||||
|
||||
$sortValue = 10;
|
||||
while ($row = hesk_dbFetchAssoc($rs)) {
|
||||
hesk_dbQuery("UPDATE `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories`
|
||||
SET `cat_order` = " . intval($sortValue) . "
|
||||
WHERE `id` = " . intval($row['id']));
|
||||
|
||||
$sortValue += 10;
|
||||
}
|
||||
|
||||
$this->close();
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user