FEAT #11764 TIME 0:40 delete private template

5b3d6db6 · Guillaume Heurtier · d8b39010 · 5b3d6db6
Commit 5b3d6db6 authored 5 years ago by Guillaume Heurtier
--- a/src/app/entity/controllers/ListTemplateController.php
+++ b/src/app/entity/controllers/ListTemplateController.php
@@ -252,17 +252,24 @@ class ListTemplateController

    public function delete(Request $request, Response $response, array $args)
    {
-        $listTemplate = ListTemplateModel::getById(['id' => $args['id'], 'select' => ['entity_id', 'type', 'title']]);
-        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'manage_entities', 'userId' => $GLOBALS['id']]) && !empty($listTemplate['entityId'])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
-        }
+        $listTemplate = ListTemplateModel::getById(['id' => $args['id'], 'select' => ['entity_id', 'type', 'title', 'owner']]);

-        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_listmodels', 'userId' => $GLOBALS['id']]) && empty($listTemplate['entityId'])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
-        }
        if (empty($listTemplate)) {
            return $response->withStatus(400)->withJson(['errors' => 'List template not found']);
        }
+        if (empty($listTemplate['owner']) && $listTemplate['type'] != 'visaCircuit' ) {
+            if (!PrivilegeController::hasPrivilege(['privilegeId' => 'manage_entities', 'userId'      => $GLOBALS['id']]) && !empty($listTemplate['entityId'])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+
+            if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_listmodels', 'userId'      => $GLOBALS['id']]) && empty($listTemplate['entityId'])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+        } else {
+            if ($listTemplate['owner'] != $GLOBALS['id']) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+        }

        if (!empty($listTemplate['entityId'])) {
            $entities = EntityModel::getAllowedEntitiesByUserId(['userId' => $GLOBALS['userId']]);