fix: [ACL] tightening for delete functions
- implemented beforeSave() function in the CRUD::delete() functionality - added correct handling for the organisation level encryption keys in the beforeSave constructorpull/85/head
iglocska
parent
c35d67ebca
commit
8cb24baf5f
|
|
@ -442,6 +442,12 @@ class CRUDComponent extends Component
|
|||
if (empty($data)) {
|
||||
throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias));
|
||||
}
|
||||
if (isset($params['beforeSave'])) {
|
||||
$data = $params['beforeSave']($data);
|
||||
if ($data === false) {
|
||||
throw new NotFoundException(__('Could not save {0} due to the input failing to meet expectations. Your input is bad and you should feel bad.', $this->ObjectAlias));
|
||||
}
|
||||
}
|
||||
$this->Controller->set('id', $data['id']);
|
||||
$this->Controller->set('data', $data);
|
||||
$this->Controller->set('bulkEnabled', false);
|
||||
|
|
@ -453,6 +459,7 @@ class CRUDComponent extends Component
|
|||
$isBulk = count($ids) > 1;
|
||||
$bulkSuccesses = 0;
|
||||
foreach ($ids as $id) {
|
||||
$skipExecution = false;
|
||||
$data = $this->Table->find()->where([$this->Table->getAlias() . '.id' => $id]);
|
||||
if (!empty($params['conditions'])) {
|
||||
$data->where($params['conditions']);
|
||||
|
|
@ -460,15 +467,24 @@ class CRUDComponent extends Component
|
|||
if (!empty($params['contain'])) {
|
||||
$data->contain($params['contain']);
|
||||
}
|
||||
$data = $data->first();
|
||||
if (!empty($data)) {
|
||||
$success = $this->Table->delete($data);
|
||||
$success = true;
|
||||
} else {
|
||||
$success = false;
|
||||
if (isset($params['beforeSave'])) {
|
||||
$data = $params['beforeSave']($data);
|
||||
if ($data === false) {
|
||||
$skipExecution = true;
|
||||
$success = false;
|
||||
}
|
||||
}
|
||||
if ($success) {
|
||||
$bulkSuccesses++;
|
||||
if (!$skipExecution) {
|
||||
$data = $data->first();
|
||||
if (!empty($data)) {
|
||||
$success = $this->Table->delete($data);
|
||||
$success = true;
|
||||
} else {
|
||||
$success = false;
|
||||
}
|
||||
if ($success) {
|
||||
$bulkSuccesses++;
|
||||
}
|
||||
}
|
||||
}
|
||||
$message = $this->getMessageBasedOnResult(
|
||||
|
|
|
|||
|
|
@ -57,36 +57,40 @@ class EncryptionKeysController extends AppController
|
|||
|
||||
private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
|
||||
{
|
||||
$orgConditions = [
|
||||
'id' => $currentUser['organisation_id']
|
||||
];
|
||||
if (empty($currentUser['role']['perm_org_admin'])) {
|
||||
$individualConditions = [
|
||||
'id' => $currentUser['individual_id']
|
||||
if (empty($currentUser['role']['perm_admin'])) {
|
||||
$orgConditions = [
|
||||
'id' => $currentUser['organisation_id']
|
||||
];
|
||||
}
|
||||
$params['beforeSave'] = function($entity) use($currentUser) {
|
||||
if ($entity['owner_model'] === 'organisation') {
|
||||
$entity['owner_id'] = $currentUser['organisation_id'];
|
||||
} else {
|
||||
if ($currentUser['role']['perm_org_admin']) {
|
||||
$this->loadModel('Alignments');
|
||||
$validIndividuals = $this->Alignments->find('list', [
|
||||
'keyField' => 'individual_id',
|
||||
'valueField' => 'id',
|
||||
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
|
||||
])->toArray();
|
||||
if (!isset($validIndividuals[$entity['owner_id']])) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
if (empty($currentUser['role']['perm_org_admin'])) {
|
||||
$individualConditions = [
|
||||
'id' => $currentUser['individual_id']
|
||||
];
|
||||
}
|
||||
$params['beforeSave'] = function($entity) use($currentUser) {
|
||||
if ($entity['owner_model'] === 'organisation') {
|
||||
if ($entity['owner_id'] !== $currentUser['organisation_id']) {
|
||||
throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.'));
|
||||
}
|
||||
} else {
|
||||
if ($entity['owner_id'] !== $currentUser['id']) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
if ($currentUser['role']['perm_org_admin']) {
|
||||
$this->loadModel('Alignments');
|
||||
$validIndividuals = $this->Alignments->find('list', [
|
||||
'keyField' => 'individual_id',
|
||||
'valueField' => 'id',
|
||||
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
|
||||
])->toArray();
|
||||
if (!isset($validIndividuals[$entity['owner_id']])) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
}
|
||||
} else {
|
||||
if ($entity['owner_id'] !== $currentUser['id']) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return $entity;
|
||||
};
|
||||
return $entity;
|
||||
};
|
||||
}
|
||||
$this->loadModel('Organisations');
|
||||
$this->loadModel('Individuals');
|
||||
$dropdownData = [
|
||||
|
|
@ -105,9 +109,7 @@ class EncryptionKeysController extends AppController
|
|||
$params = [
|
||||
'redirect' => $this->referer()
|
||||
];
|
||||
if (empty($currentUser['role']['perm_admin'])) {
|
||||
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
|
||||
}
|
||||
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
|
||||
$this->CRUD->add($params);
|
||||
$responsePayload = $this->CRUD->getResponsePayload();
|
||||
if (!empty($responsePayload)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue