Fixed edit speaker profile permissions

Change-Id: Id75d77c5809b313fede84afbc02c4cbb4495f6a0
2019-05-09 13:23:05 -03:00 · 2019-05-09 13:23:05 -03:00 · 271408adb9
commit 271408adb9
parent b3e2549e1d
5 changed files with 31 additions and 7 deletions
--- a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSpeakersApiController.php
+++ b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSpeakersApiController.php
@ -766,6 +766,14 @@ final class OAuth2SummitSpeakersApiController extends OAuth2ProtectedController
            if (!Request::isJson()) return $this->error400();
            $data = Input::json();

+            $current_member_id = $this->resource_server_context->getCurrentUserExternalId();
+            if (is_null($current_member_id))
+                return $this->error403();
+
+            $creator = $this->member_repository->getById($current_member_id);
+            if (is_null($creator))
+                return $this->error403();
+
            $rules = [
                'title' => 'required|string|max:100',
                'first_name' => 'required|string|max:100',
@ -810,7 +818,7 @@ final class OAuth2SummitSpeakersApiController extends OAuth2ProtectedController
                'notes'
            ];

-            $speaker = $this->service->addSpeaker(HTMLCleaner::cleanData($data->all(), $fields));
+            $speaker = $this->service->addSpeaker(HTMLCleaner::cleanData($data->all(), $fields), $creator);

            return $this->created(SerializerRegistry::getInstance()->getSerializer($speaker, SerializerRegistry::SerializerType_Private)->serialize());
        } catch (ValidationException $ex1) {
@ -1215,7 +1223,6 @@ final class OAuth2SummitSpeakersApiController extends OAuth2ProtectedController
        }
    }

-
    /**
     * @param $speaker_id
     * @param $hash
--- a/app/Models/Foundation/Summit/Speakers/PresentationSpeaker.php
+++ b/app/Models/Foundation/Summit/Speakers/PresentationSpeaker.php
@ -1634,6 +1634,7 @@ SQL;
     */
    public function canBeEditedBy(Member $member):bool{
        if($member->isAdmin()) return true;
+        if($this->getMemberId() == $member->getId()) return true;
        $criteria = Criteria::create();
        $criteria
            ->where(Criteria::expr()->eq('requested_by', $member))
--- a/app/Models/Foundation/Summit/Speakers/SpeakerEditPermissionRequest.php
+++ b/app/Models/Foundation/Summit/Speakers/SpeakerEditPermissionRequest.php
@ -153,7 +153,6 @@ class SpeakerEditPermissionRequest extends SilverstripeBaseModel
        return md5($token);
    }

-
    public function approve():void{
        $this->approved = true;
        $this->approved_date = new \DateTime('now', new \DateTimeZone('UTC'));
--- a/app/Services/Model/ISpeakerService.php
+++ b/app/Services/Model/ISpeakerService.php
@ -16,6 +16,7 @@ use models\exceptions\EntityNotFoundException;
 use models\exceptions\ValidationException;
 use models\main\EmailCreationRequest;
 use models\main\File;
+use models\main\Member;
 use models\summit\PresentationSpeaker;
 use models\summit\PresentationSpeakerSummitAssistanceConfirmationRequest;
 use models\summit\SpeakerSummitRegistrationPromoCode;
@ -37,10 +38,11 @@ interface ISpeakerService

    /**
     * @param array $data
+     * @param null|Member $creator
     * @return PresentationSpeaker
     * @throws ValidationException
     */
-    public function addSpeaker(array $data);
+    public function addSpeaker(array $data, ?Member $creator = null);

    /**
     * @param Summit $summit
--- a/app/Services/Model/SpeakerService.php
+++ b/app/Services/Model/SpeakerService.php
@ -35,6 +35,7 @@ use models\main\EmailCreationRequest;
 use models\main\File;
 use models\main\IEmailCreationRequestRepository;
 use models\main\IMemberRepository;
+use models\main\Member;
 use models\main\MemberPromoCodeEmailCreationRequest;
 use models\main\SpeakerCreationEmailCreationRequest;
 use models\main\SpeakerSelectionAnnouncementEmailCreationRequest;
@ -170,13 +171,14 @@ final class SpeakerService

    /**
     * @param array $data
-     * @throws ValidationException
+     * @param null|Member $creator
     * @return PresentationSpeaker
+     * @throws ValidationException
     */
-    public function addSpeaker(array $data)
+    public function addSpeaker(array $data, ?Member $creator = null)
    {

-        return $this->tx_service->transaction(function () use ($data) {
+        return $this->tx_service->transaction(function () use ($data, $creator) {

            $speaker = new PresentationSpeaker();
            $speaker->setCreatedFromApi(true);
@ -236,6 +238,12 @@ final class SpeakerService
            $email_request->setSpeaker($speaker);
            $this->email_creation_request_repository->add($email_request);

+            if(!is_null($creator)){
+                // create edit permission for creator
+                $request = SpeakerEditPermissionRequestFactory::build($speaker, $creator);
+                $request->approve();
+                $this->speaker_edit_permisssion_repository->add($request);
+            }
            return $speaker;
        });
    }
@ -1087,6 +1095,13 @@ final class SpeakerService

            $request = $this->speaker_edit_permisssion_repository->getBySpeakerAndRequestor($speaker, $requestor);

+            if(is_null($request) && $speaker->canBeEditedBy($requestor)){
+                $request = SpeakerEditPermissionRequestFactory::build($speaker, $requestor);
+                $request->approve();
+                $this->speaker_edit_permisssion_repository->add($request);
+                return $request;
+            }
+
            if(is_null($request))
                throw new EntityNotFoundException();