From 0866077fc6d0aa17996f8ca45dffafa79a119709 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 20 Aug 2019 10:06:15 +0200
Subject: [PATCH] chg: [decaying] Improved ACL integration for the UI

---
 app/Controller/DecayingModelController.php |  2 +-
 app/Model/DecayingModel.php                |  6 ++++++
 app/View/DecayingModel/decaying_tool.ctp   |  1 +
 app/View/DecayingModel/index.ctp           | 15 +++++++++++++++
 app/webroot/js/decayingTool.js             | 13 ++++++++-----
 5 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/app/Controller/DecayingModelController.php b/app/Controller/DecayingModelController.php
index 51b82e1eb..989b575e9 100644
--- a/app/Controller/DecayingModelController.php
+++ b/app/Controller/DecayingModelController.php
@@ -172,7 +172,7 @@ class DecayingModelController extends AppController
         $this->set('mayModify', true);
         $restrictedEdition = $this->DecayingModel->isDefaultModel($decayingModel);
         if (!$this->_isSiteAdmin() && $decayingModel['DecayingModel']['org_id'] != $this->Auth->user('Organisation')['id']) {
-            throw new MethodNotAllowedException(__("The model does not belong to your organisation"));
+            throw new UnauthorizedException(__("The model does not belong to your organisation"));
         }
 
         if ($this->request->is('post') || $this->request->is('put')) {
diff --git a/app/Model/DecayingModel.php b/app/Model/DecayingModel.php
index 2ba1bc3f3..3ab78f900 100644
--- a/app/Model/DecayingModel.php
+++ b/app/Model/DecayingModel.php
@@ -169,6 +169,11 @@ class DecayingModel extends AppModel
         return !is_null($decaying_model['DecayingModel']['uuid']);
     }
 
+    public function isEditableByCurrentUser($user, $decaying_model)
+    {
+        return !$this->isDefaultModel($decaying_model) && $decaying_model['DecayingModel']['org_id'] == $user['org_id'];
+    }
+
     public function fetchAllAllowedModels($user, $full=true, $filters=array())
     {
         $conditions = array();
@@ -194,6 +199,7 @@ class DecayingModel extends AppModel
                 $decayingModels[$i]['DecayingModel']['attribute_types'] = $decayingModels[$i]['DecayingModel']['attribute_types'] + Hash::extract($decayingModels[$i]['DecayingModelMapping'], '{n}.attribute_type');
                 unset($decayingModels[$i]['DecayingModelMapping']);
             }
+            $decayingModels[$i]['DecayingModel']['isEditable'] = $this->isEditableByCurrentUser($user, $decayingModels[$i]);
         }
 
         return $decayingModels;
diff --git a/app/View/DecayingModel/decaying_tool.ctp b/app/View/DecayingModel/decaying_tool.ctp
index 94899a013..0eb14c881 100644
--- a/app/View/DecayingModel/decaying_tool.ctp
+++ b/app/View/DecayingModel/decaying_tool.ctp
@@ -171,6 +171,7 @@
 ?>
 
 <script>
+var logged_user_org_id = <?php echo h($me['org_id']); ?>;
 $(document).ready(function() {
     $('.json-transform').each(function(i) {
         var text = $(this).text().trim();
diff --git a/app/View/DecayingModel/index.ctp b/app/View/DecayingModel/index.ctp
index 0485e92ed..1bc4ff287 100644
--- a/app/View/DecayingModel/index.ctp
+++ b/app/View/DecayingModel/index.ctp
@@ -18,10 +18,25 @@
     </div>
 
 <?php
+    $temp = $passedArgsArray;
+    unset($temp['sort']);
+    unset($temp['direction']);
+    $filter_active = count(array_keys($temp)) > 0;
     $data = array(
         'children' => array(
             array(
                 'children' => array(
+                    array(
+                        'title' => __('All Models'),
+                        'text' => __('All Models'),
+                        'url' => sprintf('%s/%s%s',
+                            $baseurl . '/decayingModel/index',
+                            isset($passedArgsArray['sort']) ? 'sort:' . $passedArgsArray['sort'] . '/' : '',
+                            isset($passedArgsArray['direction']) ? 'direction:' . $passedArgsArray['direction'] . '/' : ''
+                        ),
+                        'class' => 'searchFilterButton',
+                        'active' => !$filter_active
+                    ),
                     array(
                         'title' => __('My models only'),
                         'text' => __('My Models'),
diff --git a/app/webroot/js/decayingTool.js b/app/webroot/js/decayingTool.js
index 1e78ac2aa..b5f07645b 100644
--- a/app/webroot/js/decayingTool.js
+++ b/app/webroot/js/decayingTool.js
@@ -123,6 +123,7 @@
             /* CANVAS */
             _init: function() {
                 var that = this;
+                this.user_org_id = logged_user_org_id;
                 this.resetMultiplier();
                 this.width = $(this.container).width() - this.options.margin.left - this.options.margin.right;
                 this.height = 380 - this.options.margin.top - this.options.margin.bottom;
@@ -653,7 +654,7 @@
                 var btn_content_html;
                 var selected_model = d3.select($checkbox.closest('tr')[0]).data()[0];
                 if ($checkbox.length > 0) {
-                    if (selected_model.DecayingModel.isDefault) {
+                    if (!selected_model.DecayingModel.isEditable) {
                         save_button.data('isedit', 0).data('modelid', 0);
                         btn_content_html = '<i class="fa fa-plus"> ' + save_button.data('savetext');
                     } else {
@@ -979,10 +980,12 @@ ModelTable.prototype = {
     _gen_td_buttons: function(model) {
         var html_button = '<div style="width: max-content">';
         html_button += '<button class="btn btn-info btn-small decayingLoadBtn" onclick="decayingTool.loadModel(this);"><span class="fa fa-line-chart"> Load model</span></button>';
-        if (model.DecayingModel.enabled) {
-            html_button += '<button class="btn btn-danger btn-small" style="margin-left: 3px;" onclick="decayingTool.disableModel(this, ' + model.DecayingModel.id + ');" title="Disable model"><span class="fa fa-pause"></span></button>'
-        } else {
-            html_button += '<button class="btn btn-success btn-small" style="margin-left: 3px;" onclick="decayingTool.enableModel(this, ' + model.DecayingModel.id + ');" title="Enable model"><span class="fa fa-play"></span></button>'
+        if (model.DecayingModel.isEditable) {
+            if (model.DecayingModel.enabled) {
+                html_button += '<button class="btn btn-danger btn-small" style="margin-left: 3px;" onclick="decayingTool.disableModel(this, ' + model.DecayingModel.id + ');" title="Disable model"><span class="fa fa-pause"></span></button>'
+            } else {
+                html_button += '<button class="btn btn-success btn-small" style="margin-left: 3px;" onclick="decayingTool.enableModel(this, ' + model.DecayingModel.id + ');" title="Enable model"><span class="fa fa-play"></span></button>'
+            }
         }
         html_button += '</div>';
         return html_button;