From ea630136d8930e26cc51860f92be92fb1fa0cbb2 Mon Sep 17 00:00:00 2001
From: Guillaume Heurtier <guillaume.heurtier@maarch.org>
Date: Wed, 8 Jan 2020 12:18:05 +0100
Subject: [PATCH] FEAT #12764 TIME 0:30 get private list templates

---
 .../controllers/ListTemplateController.php      | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/app/entity/controllers/ListTemplateController.php b/src/app/entity/controllers/ListTemplateController.php
index d8a554eef0e..3e54337b54f 100755
--- a/src/app/entity/controllers/ListTemplateController.php
+++ b/src/app/entity/controllers/ListTemplateController.php
@@ -33,18 +33,31 @@ class ListTemplateController
 {
     public function get(Request $request, Response $response)
     {
-        $listTemplates = ListTemplateModel::get(['select' => ['id', 'type', 'entity_id as "entityId"', 'title', 'description']]);
+        $listTemplates = ListTemplateModel::get([
+            'select' => ['id', 'type', 'entity_id as "entityId"', 'title', 'description', 'owner'],
+            'where'  => ['owner is null or owner = ?'],
+            'data'   => [$GLOBALS['id']]
+        ]);
+
+        for ($i = 0; $i < count($listTemplates); $i++) {
+            $listTemplates[$i]['isPrivate'] = $listTemplates[$i]['owner'] != null;
+            unset($listTemplates[$i]['owner']);
+        }
 
         return $response->withJson(['listTemplates' => $listTemplates]);
     }
 
     public function getById(Request $request, Response $response, array $args)
     {
-        $listTemplate = ListTemplateModel::getById(['id' => $args['id'], 'select' => ['title', 'description', 'type', 'entity_id']]);
+        $listTemplate = ListTemplateModel::getById(['id' => $args['id'], 'select' => ['title', 'description', 'type', 'entity_id', 'owner']]);
         if (empty($listTemplate)) {
             return $response->withStatus(400)->withJson(['errors' => 'List template not found']);
         }
 
+        if (!empty($listTemplate['owner']) && $listTemplate['owner'] != $GLOBALS['id']) {
+            return $response->withStatus(403)->withJson(['errors' => 'Cannot access private model']);
+        }
+
         $listTemplateItems = ListTemplateItemModel::get(['select' => ['*'], 'where' => ['list_template_id = ?'], 'data' => [$args['id']]]);
         foreach ($listTemplateItems as $key => $value) {
             if ($value['item_type'] == 'entity') {
-- 
GitLab