diff --git a/src/app/entity/controllers/ListTemplateController.php b/src/app/entity/controllers/ListTemplateController.php
index d8a554eef0e4ea9393a3a1ada51f6742b9a6142b..3e54337b54f3fdb748f7acde8375f6d319e00f80 100755
--- a/src/app/entity/controllers/ListTemplateController.php
+++ b/src/app/entity/controllers/ListTemplateController.php
@@ -33,18 +33,31 @@ class ListTemplateController
{
public function get(Request $request, Response $response)
{
- $listTemplates = ListTemplateModel::get(['select' => ['id', 'type', 'entity_id as "entityId"', 'title', 'description']]);
+ $listTemplates = ListTemplateModel::get([
+ 'select' => ['id', 'type', 'entity_id as "entityId"', 'title', 'description', 'owner'],
+ 'where' => ['owner is null or owner = ?'],
+ 'data' => [$GLOBALS['id']]
+ ]);
+
+ for ($i = 0; $i < count($listTemplates); $i++) {
+ $listTemplates[$i]['isPrivate'] = $listTemplates[$i]['owner'] != null;
+ unset($listTemplates[$i]['owner']);
+ }
return $response->withJson(['listTemplates' => $listTemplates]);
}
public function getById(Request $request, Response $response, array $args)
{
- $listTemplate = ListTemplateModel::getById(['id' => $args['id'], 'select' => ['title', 'description', 'type', 'entity_id']]);
+ $listTemplate = ListTemplateModel::getById(['id' => $args['id'], 'select' => ['title', 'description', 'type', 'entity_id', 'owner']]);
if (empty($listTemplate)) {
return $response->withStatus(400)->withJson(['errors' => 'List template not found']);
}
+ if (!empty($listTemplate['owner']) && $listTemplate['owner'] != $GLOBALS['id']) {
+ return $response->withStatus(403)->withJson(['errors' => 'Cannot access private model']);
+ }
+
$listTemplateItems = ListTemplateItemModel::get(['select' => ['*'], 'where' => ['list_template_id = ?'], 'data' => [$args['id']]]);
foreach ($listTemplateItems as $key => $value) {
if ($value['item_type'] == 'entity') {