Merge pull request eventum#261 from glensc/controller-min-role

add $min_role to base controller

Author: glensc

src/Controller/AdvSearchController.php

@@ -36,9 +36,6 @@ class AdvSearchController extends BaseController
     /** @var int */
     protected $prj_id;
 
-    /** @var int */
-    private $role_id;
-
     /** @var int */
     private $custom_id;
 

src/Controller/BaseController.php

@@ -39,6 +39,16 @@ abstract class BaseController
     /** @var bool */
     protected $is_popup = false;
 
+    /**
+     * Minimum role required to access the page
+     *
+     * @var int
+     */
+    protected $min_role;
+
+    /** @var int */
+    protected $role_id;
+
     /** @var array */
     private $helpers;
 
@@ -59,8 +69,8 @@ public function __construct()
     public function run()
     {
         // NOTE: canAccess needs $issue_id for the template
-        if (!$this->canAccess()) {
-            $this->displayTemplate('permission_denied.tpl.html');
+        if (!$this->canRoleAccess() || !$this->canAccess()) {
+            $this->error(ev_gettext('Sorry, you are not allowed to access this page.'));
             exit;
         }
 
@@ -89,18 +99,48 @@ protected function getRequest()
 
     /**
      * display template
+     *
      * @param string $tpl_name
      */
     protected function displayTemplate($tpl_name = null)
     {
-        $this->tpl->assign('messages', $this->messages->getMessages());
+        $this->tpl->assign(
+            [
+                'messages' => $this->messages->getMessages(),
+                'is_popup' => $this->is_popup,
+            ]
+        );
+
         // set new template, if needed
         if ($tpl_name) {
             $this->tpl->setTemplate($tpl_name);
         }
         $this->tpl->displayTemplate();
     }
 
+    /**
+     * If page is restricted, check for minimum role.
+     *
+     * @return bool
+     */
+    final protected function canRoleAccess()
+    {
+        if ($this->min_role === null) {
+            // not restricted
+            return true;
+        }
+
+        if ($this->is_popup) {
+            Auth::checkAuthentication(null, true);
+        } else {
+            Auth::checkAuthentication();
+        }
+
+        $this->role_id = Auth::getCurrentRole();
+
+        return $this->role_id >= $this->min_role;
+    }
+
     /**
      * Display error message $msg and exit
      *

src/Controller/CloseController.php

@@ -39,9 +39,6 @@ class CloseController extends BaseController
     /** @var int */
     private $prj_id;
 
-    /** @var int */
-    private $role_id;
-
     /** @var string */
     private $cat;
 

src/Controller/MainController.php

@@ -27,9 +27,6 @@ class MainController extends BaseController
     /** @var string */
     protected $tpl_name = 'main.tpl.html';
 
-    /** @var int */
-    private $role_id;
-
     /** @var int */
     private $usr_id;
 

src/Controller/Manage/ManageBaseController.php

@@ -13,7 +13,6 @@
 
 namespace Eventum\Controller\Manage;
 
-use Auth;
 use Eventum\Controller\BaseController;
 use User;
 
@@ -22,9 +21,6 @@ abstract class ManageBaseController extends BaseController
     /** @var int */
     protected $min_role = User::ROLE_MANAGER;
 
-    /** @var int */
-    protected $role_id;
-
     public function __construct()
     {
         parent::__construct();
@@ -36,25 +32,11 @@ public function __construct()
         );
     }
 
-    /**
-     * {@inheritdoc}
-     */
     protected function canAccess()
     {
-        if ($this->is_popup) {
-            Auth::checkAuthentication(null, true);
-        } else {
-            Auth::checkAuthentication();
-        }
-
-        $this->role_id = Auth::getCurrentRole();
-        if ($this->role_id < $this->min_role) {
-            if ($this->is_popup) {
-                return false;
-            }
-            $this->error(ev_gettext('Sorry, you are not allowed to access this page.'));
-        }
-
+        // if manage controller does not implement this
+        // then give access permission.
+        // probably canRoleAccess satisfied access restriction.
         return true;
     }
 }

src/Controller/PartnersController.php

@@ -24,6 +24,12 @@ class PartnersController extends BaseController
     /** @var string */
     protected $tpl_name = 'select_partners.tpl.html';
 
+    /** @var int */
+    protected $min_role = User::ROLE_DEVELOPER;
+
+    /** @var bool */
+    protected $is_popup = true;
+
     /** @var int */
     private $issue_id;
 
@@ -52,12 +58,6 @@ protected function configure()
      */
     protected function canAccess()
     {
-        Auth::checkAuthentication(null, true);
-
-        if (Auth::getCurrentRole() <= User::ROLE_USER) {
-            return false;
-        }
-
         $this->usr_id = Auth::getUserID();
 
         if (Access::canViewIssuePartners($this->issue_id, $this->usr_id)) {

src/Controller/UpdateController.php

@@ -50,9 +50,6 @@ class UpdateController extends BaseController
     /** @var int */
     private $prj_id;
 
-    /** @var int */
-    private $role_id;
-
     /** @var array */
     private $details;
 

src/Controller/ViewController.php

@@ -54,9 +54,6 @@ class ViewController extends BaseController
     /** @var int */
     private $prj_id;
 
-    /** @var int */
-    private $role_id;
-
     /** @var int */
     private $issue_id;
 

templates/error_message.tpl.html

@@ -1,6 +1,13 @@
-{extends "base_full.tpl.html"}
+{if $is_popup}
+  {assign var="base_template" value="base.tpl.html"}
+{else}
+  {assign var="base_template" value="base_full.tpl.html"}
+{/if}
+{extends "$base_template"}
 {block title}{t}Error{/t}{/block}
 
 {block "content"}
-        &nbsp;<a href="javascript:history.go(-1);">{t}Go Back{/t}</a>
-{/block}
+  {if !$is_popup}
+    &nbsp;<a href="javascript:history.go(-1);">{t}Go Back{/t}</a>
+  {/if}
+{/block}