FEAT #7752 Rights for contact groups

b84a69c3 · Damien · f9163976 · b84a69c3 · f9163976 · b84a69c3
Verified Commit b84a69c3 authored 6 years ago by Damien
--- a/.gitignore
+++ b/.gitignore
@@ -8,8 +8,6 @@ apps/maarch_entreprise/xml/log4php.xml
 *.log
 xdelete.sh
 core/Test/build/
-apps/maarch_entreprise/tmp/*
-/nbproject/private/apps/maarch_entreprise/define_custom.php
 apps/maarch_entreprise/js/angular/main.bundle.js
 modules/convert/batch/scripts/launch_fulltext_letterbox.sh
 modules/convert/batch/scripts/launch_convert_letterbox.sh
@@ -17,3 +15,4 @@ modules/convert/batch/config/config_only_indexes.xml
 modules/convert/batch/tmp/
 dist/
 node_modules/
+package-lock.json
\ No newline at end of file
--- a/package-lock.json
+++ b/package-lock.json
--- a/src/app/contact/controllers/ContactGroupController.php
+++ b/src/app/contact/controllers/ContactGroupController.php
@@ -28,31 +28,35 @@ class ContactGroupController
 {
    public function get(Request $request, Response $response)
    {
-        if (!ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
-        }
+        $hasService = ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin']);

-        $contactsGroups = ContactGroupModel::get();
+        $user = UserModel::getByUserId(['select' => ['id'], 'userId' => $GLOBALS['userId']]);

+        $contactsGroups = ContactGroupModel::get();
        foreach ($contactsGroups as $key => $contactsGroup) {
+            if (!$contactsGroup['public'] && $user['id'] != $contactsGroup['owner'] && !$hasService) {
+                unset($contactsGroups[$key]);
+                continue;
+            }
            $contactsGroups[$key]['position'] = $key;
            $contactsGroups[$key]['labelledOwner'] = UserModel::getLabelledUserById(['id' => $contactsGroup['owner']]);
        }

-        return $response->withJson(['contactsGroups' => $contactsGroups]);
+        return $response->withJson(['contactsGroups' => array_values($contactsGroups)]);
    }

    public function getById(Request $request, Response $response, array $aArgs)
    {
-        if (!ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
-        }
-
        $contactsGroup = ContactGroupModel::getById(['id' => $aArgs['id']]);
        if (empty($contactsGroup)) {
            return $response->withStatus(400)->withJson(['errors' => 'Contacts group not found']);
        }

+        $user = UserModel::getByUserId(['select' => ['id'], 'userId' => $GLOBALS['userId']]);
+        if ($contactsGroup['owner'] != $user['id'] && !ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
+            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+        }
+
        $contactsGroup['labelledOwner'] = UserModel::getLabelledUserById(['id' => $contactsGroup['owner']]);
        $contactsGroup['contacts'] = ContactGroupController::getFormattedListById(['id' => $aArgs['id']])['list'];

@@ -100,7 +104,8 @@ class ContactGroupController
            return $response->withStatus(400)->withJson(['errors' => 'Contacts Group does not exist']);
        }

-        if ($contactsGroup['owner'] != $GLOBALS['userId'] && !ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
+        $user = UserModel::getByUserId(['select' => ['id'], 'userId' => $GLOBALS['userId']]);
+        if ($contactsGroup['owner'] != $user['id'] && !ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }

@@ -112,7 +117,6 @@ class ContactGroupController
            return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
        }

-        $user = UserModel::getByUserId(['select' => ['id'], 'userId' => $GLOBALS['userId']]);
        $existingGroup = ContactGroupModel::get(['select' => [1], 'where' => ['label = ?', 'owner = ?', 'id != ?'], 'data' => [$data['label'], $user['id'], $aArgs['id']]]);
        if (!empty($existingGroup)) {
            return $response->withStatus(400)->withJson(['errors' => _CONTACTS_GROUP_LABEL_ALREADY_EXISTS]);
@@ -142,7 +146,8 @@ class ContactGroupController
            return $response->withStatus(400)->withJson(['errors' => 'Contacts Group does not exist']);
        }

-        if ($contactsGroup['owner'] != $GLOBALS['userId'] && !ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
+        $user = UserModel::getByUserId(['select' => ['id'], 'userId' => $GLOBALS['userId']]);
+        if ($contactsGroup['owner'] != $user['id'] && !ServiceModel::hasService(['id' => 'admin_contacts', 'userId' => $GLOBALS['userId'], 'location' => 'apps', 'type' => 'admin'])) {
            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
        }