rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Resolve "Add ACL checking on Job Order list views" #840

Merged
arcticzero merged 2 commits from 30-add-acl-checking-on-job-order-list-views into master 2018-02-27 15:44:34 +00:00
Conversation 2 Commits 2 Files changed 3 +19 -11
3 changed files with 19 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/Controller/JobOrderController.php
View file

@ -40,10 +40,7 @@ class JobOrderController extends BaseController
{ {
public function getJobOrders(Request $req) public function getJobOrders(Request $req)
{ {
if (!$this->isGranted('jo_in.list')) { $this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
$exception = $this->createAccessDeniedException('No access.');
throw $exception;
}
// get search term // get search term
$term = $req->query->get('search'); $term = $req->query->get('search');
@ -147,7 +144,6 @@ class JobOrderController extends BaseController
public function incomingSubmit(Request $req, ValidatorInterface $validator, InvoiceCreator $ic) public function incomingSubmit(Request $req, ValidatorInterface $validator, InvoiceCreator $ic)
{ {
error_log(print_r($req->request->all(), true));
$this->denyAccessUnlessGranted('jo_in.list', null, 'No access.'); $this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
// initialize error list // initialize error list
@ -342,6 +338,8 @@ class JobOrderController extends BaseController
public function listAssigning() public function listAssigning()
{ {
$this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
$params = $this->initParameters('jo_assign'); $params = $this->initParameters('jo_assign');
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval'); $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@ -351,6 +349,8 @@ class JobOrderController extends BaseController
public function listFulfillment() public function listFulfillment()
{ {
$this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
$params = $this->initParameters('jo_fulfill'); $params = $this->initParameters('jo_fulfill');
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval'); $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@ -360,6 +360,8 @@ class JobOrderController extends BaseController
public function listOpen() public function listOpen()
{ {
$this->denyAccessUnlessGranted('jo_open.list', null, 'No access.');
$params = $this->initParameters('jo_open'); $params = $this->initParameters('jo_open');
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval'); $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@ -370,6 +372,8 @@ class JobOrderController extends BaseController
public function listAll() public function listAll()
{ {
$this->denyAccessUnlessGranted('jo_all.list', null, 'No access.');
$params = $this->initParameters('jo_all'); $params = $this->initParameters('jo_all');
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval'); $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@ -852,11 +856,11 @@ class JobOrderController extends BaseController
public function fulfillmentForm(MapTools $map_tools, $id) public function fulfillmentForm(MapTools $map_tools, $id)
{ {
$this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.'); $this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$params = $this->initParameters('jo_assign'); $params = $this->initParameters('jo_fulfill');
$params['mode'] = 'update-fulfillment'; $params['mode'] = 'update-fulfillment';
// get row data // get row data
@ -901,7 +905,7 @@ class JobOrderController extends BaseController
public function fulfillmentSubmit(Request $req, ValidatorInterface $validator, $id) public function fulfillmentSubmit(Request $req, ValidatorInterface $validator, $id)
{ {
$this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.'); $this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
// initialize error list // initialize error list
$error_array = []; $error_array = [];

4
templates/job-order/list.assigning.html.twig
View file

@ -111,7 +111,9 @@
var actions = '<a href="' + row.meta.update_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="View / Edit"><i class="la la-edit"></i></a>'; var actions = '<a href="' + row.meta.update_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="View / Edit"><i class="la la-edit"></i></a>';
{% if is_granted('jo_assign.unlock') %} {% if is_granted('jo_assign.unlock') %}
actions += '<a href="' + row.meta.unlock_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="Unlock"><i class="fa fa-unlock"></i></a>'; if (row.meta.unlock_url != '') {
actions += '<a href="' + row.meta.unlock_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="Unlock"><i class="fa fa-unlock"></i></a>';
}
{% endif %} {% endif %}
return actions; return actions;

6
templates/job-order/list.html.twig
View file

@ -106,8 +106,10 @@
template: function (row, index, datatable) { template: function (row, index, datatable) {
var actions = '<a href="' + row.meta.update_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="View / Edit"><i class="la la-edit"></i></a>'; var actions = '<a href="' + row.meta.update_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="View / Edit"><i class="la la-edit"></i></a>';
{% if row.meta.unlock_url != "" && is_granted('jo_proc.unlock') %} {% if is_granted('jo_proc.unlock') %}
actions += '<a href="' + row.meta.unlock_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="Unlock"><i class="fa fa-unlock"></i></a>'; if (row.meta.unlock_url != '') {
actions += '<a href="' + row.meta.unlock_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" title="Unlock"><i class="fa fa-unlock"></i></a>';
}
{% endif %} {% endif %}
return actions; return actions;