Skip to content
Snippets Groups Projects
Commit c2bbe364 authored by Nathan Cheval's avatar Nathan Cheval
Browse files

Add perimeter check for doc

parent 2eb8eeac
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/app/attachment/controllers/ReconciliationController.php
+ 11
2
View file @ c2bbe364
...@@ -6,6 +6,7 @@ use Slim\Http\Request; ...@@ -6,6 +6,7 @@ use Slim\Http\Request;
use Slim\Http\Response; use Slim\Http\Response;
use Attachment\models\AttachmentModel; use Attachment\models\AttachmentModel;
use Resource\models\ResModel; use Resource\models\ResModel;
use Resource\controllers\ResController;
use Respect\Validation\Validator; use Respect\Validation\Validator;
use History\controllers\HistoryController; use History\controllers\HistoryController;
use Resource\controllers\StoreController; use Resource\controllers\StoreController;
...@@ -23,6 +24,10 @@ class ReconciliationController ...@@ -23,6 +24,10 @@ class ReconciliationController
return $response->withStatus(400)->withJson(['errors' => 'Bad Request']); return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
} }
if (!Validator::intVal()->validate($data['resId']) || !ResController::hasRightByResId(['resId' => $data['resId'], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
$resId = ReconciliationController::getWs($data); $resId = ReconciliationController::getWs($data);
if (empty($resId) || !empty($resId['errors'])) { if (empty($resId) || !empty($resId['errors'])) {
...@@ -164,19 +169,23 @@ class ReconciliationController ...@@ -164,19 +169,23 @@ class ReconciliationController
public function checkAttachment(Request $request, Response $response) public function checkAttachment(Request $request, Response $response)
{ {
$data = $request->getParams(); $data = $request->getQueryParams();
$check = Validator::stringType()->notEmpty()->validate($data['chrono']); $check = Validator::stringType()->notEmpty()->validate($data['chrono']);
if (!$check) { if (!$check) {
return $response->withStatus(400)->withJson(['errors' => 'Bad Request']); return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
} }
$attachment = AttachmentModel::getOnView([ $attachment = AttachmentModel::getOnView([
'select' => [1], 'select' => ['res_id_master'],
'where' => ['identifier = ?', "status IN ('A_TRA', 'NEW','TMP')"], 'where' => ['identifier = ?', "status IN ('A_TRA', 'NEW','TMP')"],
'data' => [$data['chrono']], 'data' => [$data['chrono']],
'orderBy' => ['res_id DESC'] 'orderBy' => ['res_id DESC']
])[0]; ])[0];
if (!Validator::intVal()->validate($attachment['res_id_master']) || !ResController::hasRightByResId(['resId' => $attachment['res_id_master'], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
if ($attachment == false) { if ($attachment == false) {
return $response->withStatus(500)->withJson(['errors' => '[ReconciliationController checkAttachment] ' . _NO_ATTACHMENT_CHRONO]); return $response->withStatus(500)->withJson(['errors' => '[ReconciliationController checkAttachment] ' . _NO_ATTACHMENT_CHRONO]);
}else{ }else{
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment