cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [encryption keys] tightened ACL across all CRUD functions

pull/92/head
iglocska 2022-01-18 00:17:47 +01:00
parent 6d13d4aba0
commit b80d778e1a
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 60 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
src/Controller/EncryptionKeysController.php
View File

@ -39,7 +39,15 @@ class EncryptionKeysController extends AppController
public function delete($id) public function delete($id)
{ {
$this->CRUD->delete($id); $orgConditions = [];
$individualConditions = [];
$dropdownData = [];
$currentUser = $this->ACL->getUser();
$params = [];
if (empty($currentUser['role']['perm_admin'])) {
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
}
$this->CRUD->delete($id, $params);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
@ -47,49 +55,38 @@ class EncryptionKeysController extends AppController
$this->set('metaGroup', 'ContactDB'); $this->set('metaGroup', 'ContactDB');
} }
public function add() private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
{ {
$orgConditions = []; $orgConditions = [
$individualConditions = []; 'id' => $currentUser['organisation_id']
$currentUser = $this->ACL->getUser(); ];
$params = ['redirect' => $this->referer()]; if (empty($currentUser['role']['perm_org_admin'])) {
if (empty($currentUser['role']['perm_admin'])) { $individualConditions = [
$orgConditions = [ 'id' => $currentUser['individual_id']
'id' => $currentUser['organisation_id']
]; ];
if (empty($currentUser['role']['perm_org_admin'])) { }
$individualConditions = [ $params['beforeSave'] = function($entity) use($currentUser) {
'id' => $currentUser['individual_id'] if ($entity['owner_model'] === 'organisation') {
]; $entity['owner_id'] = $currentUser['organisation_id'];
} } else {
$params['beforeSave'] = function($entity) use($currentUser) { if ($currentUser['role']['perm_org_admin']) {
if ($entity['owner_model'] === 'organisation') { $this->loadModel('Alignments');
$entity['owner_id'] = $currentUser['organisation_id']; $validIndividuals = $this->Alignments->find('list', [
'keyField' => 'individual_id',
'valueField' => 'id',
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
])->toArray();
if (!isset($validIndividuals[$entity['owner_id']])) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
} else { } else {
if ($currentUser['role']['perm_org_admin']) { if ($entity['owner_id'] !== $currentUser['id']) {
$this->loadModel('Alignments'); throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
$validIndividuals = $this->Alignments->find('list', [
'keyField' => 'individual_id',
'valueField' => 'id',
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
])->toArray();
if (!isset($validIndividuals[$entity['owner_id']])) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
} else {
if ($entity['owner_id'] !== $currentUser['id']) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
} }
} }
return $entity; }
}; return $entity;
} };
$this->CRUD->add($params);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;
}
$this->loadModel('Organisations'); $this->loadModel('Organisations');
$this->loadModel('Individuals'); $this->loadModel('Individuals');
$dropdownData = [ $dropdownData = [
@ -102,13 +99,35 @@ class EncryptionKeysController extends AppController
'conditions' => $individualConditions 'conditions' => $individualConditions
]) ])
]; ];
return $params;
}
public function add()
{
$orgConditions = [];
$individualConditions = [];
$dropdownData = [];
$currentUser = $this->ACL->getUser();
$params = [
'redirect' => $this->referer()
];
if (empty($currentUser['role']['perm_admin'])) {
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
}
$this->CRUD->add($params);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;
}
$this->set(compact('dropdownData')); $this->set(compact('dropdownData'));
$this->set('metaGroup', 'ContactDB'); $this->set('metaGroup', 'ContactDB');
} }
public function edit($id = false) public function edit($id = false)
{ {
$conditions = []; $orgConditions = [];
$individualConditions = [];
$dropdownData = [];
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$params = [ $params = [
'fields' => [ 'fields' => [
@ -117,9 +136,7 @@ class EncryptionKeysController extends AppController
'redirect' => $this->referer() 'redirect' => $this->referer()
]; ];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_admin'])) {
if (empty($currentUser['role']['perm_org_admin'])) { $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
}
} }
$this->CRUD->edit($id, $params); $this->CRUD->edit($id, $params);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();