From 68717d36c3c55a54c81c5eca653cd319f5da37f4 Mon Sep 17 00:00:00 2001
From: Vinciane <vinciane.bizet@maarch.org>
Date: Thu, 27 Dec 2018 12:49:06 +0100
Subject: [PATCH] FEAT #9207 NoteController add ResController

---
 src/app/note/controllers/NoteController.php | 11 ++++++++---
 src/app/note/models/NoteModelAbstract.php   |  4 ++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/app/note/controllers/NoteController.php b/src/app/note/controllers/NoteController.php
index ff3b0e2bf26..a1878a856c2 100755
--- a/src/app/note/controllers/NoteController.php
+++ b/src/app/note/controllers/NoteController.php
@@ -21,6 +21,7 @@ use Respect\Validation\Validator;
 use Slim\Http\Request;
 use Slim\Http\Response;
 use History\controllers\HistoryController;
+use Resource\controllers\ResController;
 
 class NoteController
 {
@@ -39,12 +40,16 @@ class NoteController
     public function create(Request $request, Response $response)
     {
         $data = $request->getParams();
-        
+
+        if (!Validator::intVal()->validate($data['identifier']) || !ResController::hasRightByResId(['resId' => $data['identifier'], 'userId' => $GLOBALS['userId']])) {
+            return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
+        }
+       
         //Insert note in notes table and recover last insert ID
         $check = Validator::stringType()->notEmpty()->validate($data['note_text']);
         $check = $check && Validator::intVal()->notEmpty()->validate($data['identifier']); //correspond to res_id
-        $check = $check && Validator::stringType()->notEmpty()->validate($data['user_id']);
-
+        $check = $check && Validator::stringType()->notEmpty()->validate($GLOBALS['userId']);
+        
         if(isset($data['entities_chosen'])) {
             $check = $check && Validator::arrayType()->validate($data['entities_chosen']);
         }
diff --git a/src/app/note/models/NoteModelAbstract.php b/src/app/note/models/NoteModelAbstract.php
index f48d851c280..0dee049b8d5 100755
--- a/src/app/note/models/NoteModelAbstract.php
+++ b/src/app/note/models/NoteModelAbstract.php
@@ -68,7 +68,7 @@ abstract class NoteModelAbstract
 
     public static function create(array $aArgs)
     {
-        ValidatorModel::notEmpty($aArgs, ['identifier', 'user_id', 'note_text']);
+        ValidatorModel::notEmpty($aArgs, ['identifier', 'note_text']);
         ValidatorModel::intVal($aArgs, ['identifier']);
 
         $nextSequenceId = DatabaseModel::getNextSequenceValue(['sequenceId' => 'notes_seq']);
@@ -79,7 +79,7 @@ abstract class NoteModelAbstract
                 'id'         => $nextSequenceId,
                 'identifier' => $aArgs['identifier'],
                 'tablename'  => 'res_letterbox',
-                'user_id'    => $aArgs['user_id'],
+                'user_id'    => $GLOBALS['userId'],
                 'date_note'  => 'CURRENT_TIMESTAMP',
                 'note_text'  => $aArgs['note_text'],
                 'coll_id'    => 'letterbox_coll'
-- 
GitLab