chg: [eventGraph] refacto after comments from the Overmind

app/Controller/Component/ACLComponent.php

@@ -483,7 +483,7 @@ class ACLComponent extends Component {
 					'index' => array('*'),
 			),
 			'eventGraph' => array(
-					'get' => array('*'),
+					'view' => array('*'),
 					'add' => array('perm_add'),
 					'delete' => array('perm_modify'),
 			)

app/Controller/EventGraphController.php

@@ -12,10 +12,7 @@ class EventGraphController extends AppController {
 		parent::beforeFilter();
 	}
 
-	public function get($event_id = false) {
-		if (!$this->request->is('get')) {
-			throw new MethodNotAllowedException(__('Invalid method.'));
-		}
+	public function view($event_id = false) {
 		if ($event_id === false) throw new MethodNotAllowedException(__('No event ID set.'));
 
 		// retreive current org_id
@@ -23,9 +20,14 @@ class EventGraphController extends AppController {
 
 		// validate event
 		$this->loadModel('Event');
-		if (!is_numeric($event_id)) {
+		if (Validation::uuid($event_id)) {
+			$temp = $this->Event->find('first', array('recursive' => -1, 'fields' => array('Event.id'), 'conditions' => array('Event.uuid' => $eventId)));
+			if (empty($temp)) throw new NotFoundException('Invalid event');
+			$event_id = $temp['Event']['id'];
+		} else if (!is_numeric($event_id)) {
 			throw new NotFoundException(__('Invalid event'));
 		}
+
 		$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $event_id));
 		if (empty($event)) throw new NotFoundException('Invalid event');
 
@@ -38,9 +40,6 @@ class EventGraphController extends AppController {
 			),
 			'contain' => array(
 				'User' => array(
-					'conditions' => array(
-						'User.id = EventGraph.user_id'
-					),
 					'fields' => array(
 						'User.email'
 					)
@@ -51,17 +50,14 @@ class EventGraphController extends AppController {
 	}
 
 	public function add($event_id = false) {
-		if ($this->request->is('get') && $this->_isRest()) {
-			return $this->RestResponse->describe('EventGraph', 'add', false, $this->response->type());
-		} else if ($this->request->is('get')) { // retreive form
+		if ($this->request->is('get')) { 
+			if ($this->_isRest()) {
+				return $this->RestResponse->describe('EventGraph', 'add', false, $this->response->type());
+			}
 			$formURL = 'eventGraph_add_form';
 
-			if (!$this->_isSiteAdmin()) {
-				if ($this->userRole['perm_modify'] || $this->userRole['perm_modify_org']) {
-					// Allow the edit
-				} else {
-					throw new NotFoundException(__('Invalid event'));
-				}
+			if (!$this->_isSiteAdmin() && (!$this->userRole['perm_modify'] && !$this->userRole['perm_modify_org']) ) {
+				throw new NotFoundException(__('Invalid event'));
 			}
 
 			$this->set('action', 'add');
@@ -69,20 +65,19 @@ class EventGraphController extends AppController {
 			$this->render('ajax/' . $formURL);
 
 		} else {
-			if ($event_id === false) throw new MethodNotAllowedException(__('No event ID set.'));
+			if (empty($event_id)) throw new MethodNotAllowedException(__('No event ID set.'));
 
 			$this->loadModel('Event');
 			$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $event_id));
 			if (empty($event)) throw new NotFoundException('Invalid event');
 
 			$eventGraph = array();
-			if (!$this->_isSiteAdmin() && ($event['Event']['orgc_id'] != $this->_checkOrg() && !$this->userRole['perm_modify'])) {
+			if (!$this->_isSiteAdmin() && ($event['Event']['orgc_id'] != $this->Auth->user('org_id') && !$this->userRole['perm_modify'])) {
 				throw new UnauthorizedException(__('You do not have permission to do that.'));
 			} else {
 				$eventGraph['EventGraph']['event_id'] = $event_id;
 			}
 
-			$date = new DateTime();
 			if (!isset($this->request->data['EventGraph']['network_json'])) {
 				throw new MethodNotAllowedException('No network data set');
 			} else {
@@ -98,8 +93,6 @@ class EventGraphController extends AppController {
 				$eventGraph['EventGraph']['preview_img'] = $this->request->data['EventGraph']['preview_img'];
 			}
 
-			$eventGraph['EventGraph']['timestamp'] = $date->getTimestamp();
-
 			// Network pushed will be the owner of the authentication key
 			$eventGraph['EventGraph']['user_id'] = $this->Auth->user('id');
 			$eventGraph['EventGraph']['org_id'] = $this->Auth->user('org_id');
@@ -129,22 +122,23 @@ class EventGraphController extends AppController {
 		} else {
 			$this->set('id', $id);
 			$conditions = array('id' => $id);
+			if (!$this->_isSiteAdmin()) {
+				$conditions['org_id'] = $this->Auth->user('org_id');
+			}
 			$eventGraph = $this->EventGraph->find('first', array(
 					'conditions' => $conditions,
 					'recursive' => -1,
 					'fields' => array('id', 'event_id', 'user_id'),
 			));
 			if (empty($eventGraph)) throw new NotFoundException('Invalid EventGraph');
-			if ($this->request->is('ajax')) {
-				if ($this->request->is('post')) {
-					// only creator (or siteAdmin) can delete the eventGraph
-					if (($eventGraph['EventGraph']['user_id'] != $this->Auth->user()['id']) && !$this->_isSiteAdmin()) throw new MethodNotAllowedException('This eventGraph does not belong to you.');
-					$result = $this->EventGraph->delete($id);
-					if ($result) {
-						return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'EventGraph deleted.')), 'status'=>200, 'type' => 'json'));
-					} else {
-						return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'EventGraph not deleted.')), 'status'=>200, 'type' => 'json'));
-					}
+			if ($this->request->is('post')) {
+				// only creator (or siteAdmin) can delete the eventGraph
+				if (($eventGraph['EventGraph']['user_id'] != $this->Auth->user()['id']) && !$this->_isSiteAdmin()) throw new MethodNotAllowedException('This eventGraph does not belong to you.');
+				$result = $this->EventGraph->delete($id);
+				if ($result) {
+					return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'EventGraph deleted.')), 'status'=>200, 'type' => 'json'));
+				} else {
+					return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'EventGraph not deleted.')), 'status'=>200, 'type' => 'json'));
 				}
 			}
 		}

app/Model/AppModel.php

@@ -975,6 +975,7 @@ class AppModel extends Model {
 					INDEX `event_id` (`event_id`),
 					INDEX `user_id` (`user_id`),
 					INDEX `org_id` (`org_id`)
+					INDEX `timestamp` (`timestamp`)
 				) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
 				break;
 			case 'fixNonEmptySharingGroupID':

app/Model/EventGraph.php

@@ -29,21 +29,24 @@ class EventGraph extends AppModel{
 
 
 	public $validate = array(
-		'is_json' => array(
-				'rule' => array('isValidJson'),
-				'message' => 'The provided eventGraph is not a valid json format',
-				'required' => true,
+		'network_json' => array(
+			'rule' => array('isValidJson'),
+			'message' => 'The provided eventGraph is not a valid json format',
+			'required' => true,
 		),
 	);
 
 	public function beforeValidate($options = array()) {
 		parent::beforeValidate();
+		$date = new DateTime();
+		$this->data['EventGraph']['timestamp'] = $date->getTimestamp();
 		return true;
 	}
 
-	public function isValidJson($text) {
-		$check = json_decode($text);
-		if ($check === null) {
+	public function isValidJson($fields) {	
+		$text = $fields['network_json'];
+		$check = json_decode($text);	
+		if ($check === null) {      	
 			return false;
 		}
 		return true;

app/webroot/js/event-graph.js

@@ -1456,7 +1456,7 @@ class DataHandler {
 	}
 
 	fetch_graph_history(callback) {
-		$.getJSON( "/eventGraph/get/"+scope_id, function( history ) {
+		$.getJSON( "/eventGraph/view/"+scope_id, function( history ) {
 			var history_formatted = [];
 			var network_previews = [];
 			history.forEach(function(item) {