new: [acl] canEditEventReport

2022-10-24 16:40:02 +02:00 · 2022-10-24 16:40:02 +02:00 · a1a2109360
parent 813a228059
commit a1a2109360
3 changed files with 35 additions and 6 deletions
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@ -991,6 +991,25 @@ class ACLComponent extends Component
        return $sighting['Sighting']['org_id'] == $user['org_id'];
    }

+    /**
+     * @param array $user
+     * @param array $eventReport
+     * @return bool
+     */
+    public function canEditEventReport(array $user, array $eventReport)
+    {
+        if (!isset($report['Event'])) {
+            throw new InvalidArgumentException('Passed object does not contain an Event.');
+        }
+        if ($user['Role']['perm_site_admin']) {
+            return true;
+        }
+        if ($eventReport['Event']['orgc_id'] == $user['org_id']) {
+            return true;
+        }
+        return false;
+    }
+
    private function __checkLoggedActions($user, $controller, $action)
    {
        $loggedActions = array(
--- a/app/View/EventReports/index.ctp
+++ b/app/View/EventReports/index.ctp
@ -93,8 +93,8 @@
                        'EventReport.id'
                    ),
                    'icon' => 'edit',
-                    'complex_requirement' => function (array $row) use ($me) {
-                        return $me['Role']['perm_site_admin'] || $me['org_id'] == $row['Event']['orgc_id'];
+                    'complex_requirement' => function (array $row) {
+                        return $this->Acl->canEditEventReport($row);
                    }
                ),
                array(
@ -102,8 +102,8 @@
                    'icon' => 'trash',
                    'onclick' => 'simplePopup(\'' . $baseurl . '/event_reports/delete/[onclick_params_data_path]\');',
                    'onclick_params_data_path' => 'EventReport.id',
-                    'complex_requirement' => function (array $row) use ($me) {
-                        return ($me['Role']['perm_site_admin'] || $me['org_id'] == $row['Event']['orgc_id']) && !$row['EventReport']['deleted'];
+                    'complex_requirement' => function (array $row) {
+                        return $this->Acl->canEditEventReport($row) && !$row['EventReport']['deleted'];
                    }
                ),
                array(
@ -113,8 +113,8 @@
                    'icon' => 'trash-restore',
                    'postLink' => true,
                    'postLinkConfirm' => __('Are you sure you want to restore the Report?'),
-                    'complex_requirement' => function (array $row) use ($me) {
-                        return ($me['Role']['perm_site_admin'] || $me['org_id'] == $row['Event']['orgc_id']) && $row['EventReport']['deleted'];
+                    'complex_requirement' => function (array $row) {
+                        return $this->Acl->canEditEventReport($row) && $row['EventReport']['deleted'];
                    }
                ),
            )
--- a/app/View/Helper/AclHelper.php
+++ b/app/View/Helper/AclHelper.php
@ -83,4 +83,14 @@ class AclHelper extends Helper
        $me = $this->_View->viewVars['me'];
        return $this->ACL->canDeleteSighting($me, $sighting);
    }
+
+    /**
+     * @param array $eventReport
+     * @return bool
+     */
+    public function canEditEventReport(array $eventReport)
+    {
+        $me = $this->_View->viewVars['me'];
+        return $this->ACL->canEditReport($me, $eventReport);
+    }
 }