From fdccd6448532849f867e3ab45656e5320020b4fa Mon Sep 17 00:00:00 2001
From: Guillaume Heurtier <guillaume.heurtier@maarch.org>
Date: Wed, 8 Jan 2020 15:57:24 +0100
Subject: [PATCH] FEAT #12091 TIME 1:300 create private template

---
 .../controllers/ListTemplateController.php    | 27 ++++++++++++++-----
 src/app/entity/models/ListTemplateModel.php   | 11 ++++----
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/src/app/entity/controllers/ListTemplateController.php b/src/app/entity/controllers/ListTemplateController.php
index 3e54337b54f..89650bd3bad 100755
--- a/src/app/entity/controllers/ListTemplateController.php
+++ b/src/app/entity/controllers/ListTemplateController.php
@@ -97,12 +97,26 @@ class ListTemplateController
     {
         $body = $request->getParsedBody();
 
-        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'manage_entities', 'userId' => $GLOBALS['id']]) && !empty($body['entityId'])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
-        }
+        if (empty($body['private'])) {
+            if (!PrivilegeController::hasPrivilege(['privilegeId' => 'manage_entities', 'userId'      => $GLOBALS['id']]) && !empty($body['entityId'])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
 
-        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_listmodels', 'userId' => $GLOBALS['id']]) && empty($body['entityId'])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_listmodels', 'userId'      => $GLOBALS['id']]) && empty($body['entityId'])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+
+            $owner = null;
+        } else {
+            if (!empty($body['entityId'])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+
+            if ($body['type'] == 'visaCircuit'
+                && !PrivilegeController::hasPrivilege(['privilegeId' => 'config_visa_workflow', 'userId' => $GLOBALS['id']])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+            $owner = $GLOBALS['id'];
         }
 
         $allowedTypes = ['diffusionList', 'visaCircuit', 'opinionCircuit'];
@@ -135,7 +149,8 @@ class ListTemplateController
             'title'         => $body['title'] ?? $body['description'],
             'description'   => $body['description'] ?? null,
             'type'          => $body['type'],
-            'entity_id'     => $body['entityId'] ?? null
+            'entity_id'     => $body['entityId'] ?? null,
+            'owner'         => $owner
         ]);
 
         foreach ($body['items'] as $key => $item) {
diff --git a/src/app/entity/models/ListTemplateModel.php b/src/app/entity/models/ListTemplateModel.php
index 8892336e2d2..eda4d13632d 100755
--- a/src/app/entity/models/ListTemplateModel.php
+++ b/src/app/entity/models/ListTemplateModel.php
@@ -65,11 +65,12 @@ class ListTemplateModel
         DatabaseModel::insert([
             'table'         => 'list_templates',
             'columnsValues' => [
-                'id'            => $nextSequenceId,
-                'title'         => $args['title'],
-                'description'   => $args['description'] ?? null,
-                'type'          => $args['type'],
-                'entity_id'     => $args['entity_id'] ?? null
+                'id'          => $nextSequenceId,
+                'title'       => $args['title'],
+                'description' => $args['description'] ?? null,
+                'type'        => $args['type'],
+                'entity_id'   => $args['entity_id'] ?? null,
+                'owner'       => $args['owner']
             ]
         ]);
 
-- 
GitLab