From 271408adb913b8a26dcc9e3cc6802c1c24222a3c Mon Sep 17 00:00:00 2001 From: smarcet Date: Thu, 9 May 2019 13:23:05 -0300 Subject: [PATCH] Fixed edit speaker profile permissions Change-Id: Id75d77c5809b313fede84afbc02c4cbb4495f6a0 --- .../OAuth2SummitSpeakersApiController.php | 11 ++++++++-- .../Summit/Speakers/PresentationSpeaker.php | 1 + .../Speakers/SpeakerEditPermissionRequest.php | 1 - app/Services/Model/ISpeakerService.php | 4 +++- app/Services/Model/SpeakerService.php | 21 ++++++++++++++++--- 5 files changed, 31 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSpeakersApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSpeakersApiController.php index 6e9459ea..19d18ea5 100644 --- a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSpeakersApiController.php +++ b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSpeakersApiController.php @@ -766,6 +766,14 @@ final class OAuth2SummitSpeakersApiController extends OAuth2ProtectedController if (!Request::isJson()) return $this->error400(); $data = Input::json(); + $current_member_id = $this->resource_server_context->getCurrentUserExternalId(); + if (is_null($current_member_id)) + return $this->error403(); + + $creator = $this->member_repository->getById($current_member_id); + if (is_null($creator)) + return $this->error403(); + $rules = [ 'title' => 'required|string|max:100', 'first_name' => 'required|string|max:100', @@ -810,7 +818,7 @@ final class OAuth2SummitSpeakersApiController extends OAuth2ProtectedController 'notes' ]; - $speaker = $this->service->addSpeaker(HTMLCleaner::cleanData($data->all(), $fields)); + $speaker = $this->service->addSpeaker(HTMLCleaner::cleanData($data->all(), $fields), $creator); return $this->created(SerializerRegistry::getInstance()->getSerializer($speaker, SerializerRegistry::SerializerType_Private)->serialize()); } catch (ValidationException $ex1) { @@ -1215,7 +1223,6 @@ final class OAuth2SummitSpeakersApiController extends OAuth2ProtectedController } } - /** * @param $speaker_id * @param $hash diff --git a/app/Models/Foundation/Summit/Speakers/PresentationSpeaker.php b/app/Models/Foundation/Summit/Speakers/PresentationSpeaker.php index 53391c98..665484c2 100644 --- a/app/Models/Foundation/Summit/Speakers/PresentationSpeaker.php +++ b/app/Models/Foundation/Summit/Speakers/PresentationSpeaker.php @@ -1634,6 +1634,7 @@ SQL; */ public function canBeEditedBy(Member $member):bool{ if($member->isAdmin()) return true; + if($this->getMemberId() == $member->getId()) return true; $criteria = Criteria::create(); $criteria ->where(Criteria::expr()->eq('requested_by', $member)) diff --git a/app/Models/Foundation/Summit/Speakers/SpeakerEditPermissionRequest.php b/app/Models/Foundation/Summit/Speakers/SpeakerEditPermissionRequest.php index 1ff6740a..7650b370 100644 --- a/app/Models/Foundation/Summit/Speakers/SpeakerEditPermissionRequest.php +++ b/app/Models/Foundation/Summit/Speakers/SpeakerEditPermissionRequest.php @@ -153,7 +153,6 @@ class SpeakerEditPermissionRequest extends SilverstripeBaseModel return md5($token); } - public function approve():void{ $this->approved = true; $this->approved_date = new \DateTime('now', new \DateTimeZone('UTC')); diff --git a/app/Services/Model/ISpeakerService.php b/app/Services/Model/ISpeakerService.php index 7c914174..d19d6996 100644 --- a/app/Services/Model/ISpeakerService.php +++ b/app/Services/Model/ISpeakerService.php @@ -16,6 +16,7 @@ use models\exceptions\EntityNotFoundException; use models\exceptions\ValidationException; use models\main\EmailCreationRequest; use models\main\File; +use models\main\Member; use models\summit\PresentationSpeaker; use models\summit\PresentationSpeakerSummitAssistanceConfirmationRequest; use models\summit\SpeakerSummitRegistrationPromoCode; @@ -37,10 +38,11 @@ interface ISpeakerService /** * @param array $data + * @param null|Member $creator * @return PresentationSpeaker * @throws ValidationException */ - public function addSpeaker(array $data); + public function addSpeaker(array $data, ?Member $creator = null); /** * @param Summit $summit diff --git a/app/Services/Model/SpeakerService.php b/app/Services/Model/SpeakerService.php index 995be606..6326bc38 100644 --- a/app/Services/Model/SpeakerService.php +++ b/app/Services/Model/SpeakerService.php @@ -35,6 +35,7 @@ use models\main\EmailCreationRequest; use models\main\File; use models\main\IEmailCreationRequestRepository; use models\main\IMemberRepository; +use models\main\Member; use models\main\MemberPromoCodeEmailCreationRequest; use models\main\SpeakerCreationEmailCreationRequest; use models\main\SpeakerSelectionAnnouncementEmailCreationRequest; @@ -170,13 +171,14 @@ final class SpeakerService /** * @param array $data - * @throws ValidationException + * @param null|Member $creator * @return PresentationSpeaker + * @throws ValidationException */ - public function addSpeaker(array $data) + public function addSpeaker(array $data, ?Member $creator = null) { - return $this->tx_service->transaction(function () use ($data) { + return $this->tx_service->transaction(function () use ($data, $creator) { $speaker = new PresentationSpeaker(); $speaker->setCreatedFromApi(true); @@ -236,6 +238,12 @@ final class SpeakerService $email_request->setSpeaker($speaker); $this->email_creation_request_repository->add($email_request); + if(!is_null($creator)){ + // create edit permission for creator + $request = SpeakerEditPermissionRequestFactory::build($speaker, $creator); + $request->approve(); + $this->speaker_edit_permisssion_repository->add($request); + } return $speaker; }); } @@ -1087,6 +1095,13 @@ final class SpeakerService $request = $this->speaker_edit_permisssion_repository->getBySpeakerAndRequestor($speaker, $requestor); + if(is_null($request) && $speaker->canBeEditedBy($requestor)){ + $request = SpeakerEditPermissionRequestFactory::build($speaker, $requestor); + $request->approve(); + $this->speaker_edit_permisssion_repository->add($request); + return $request; + } + if(is_null($request)) throw new EntityNotFoundException();