Skip to content
GitLab
Commit 549453bc authored by Chenu Denis's avatar Chenu Denis
Browse files

[fix] Token edition 

[feature] Allow disable load by plugins
parent e28cc563
Hide whitespace changes
Inline Side-by-side
StartUrl.php
View file @ 549453bc
......@@ -119,6 +119,11 @@ class StartUrl
if (!$oResponse) {
return false;
}
/* Plugin event to disable access*/
if (Utilities::PluginEventEditDisabled($this->surveyId, $srid)) {
return false;
}
$oSurvey = Survey::model()->findByPk($this->surveyId);
/* Check if accesscode ? Before token ? : review process ? */
/* Create the specific admin right */
......@@ -130,7 +135,7 @@ class StartUrl
if (Utilities::AdminAllowEdit($this->surveyId, $srid)) {
/* Add token if possible */
if (!$oSurvey->getIsAnonymized() && $oSurvey->getHasTokensTable()) {
if (!empty($oResponse->token) && Utilities::checkIsValidToken($this->surveyId, $oResponse->token) ) {
if (!empty($oResponse->token) && Utilities::checkIsValidToken($this->surveyId, $oResponse->token)) {
$params['token'] = $oResponse->token;
}
}
......@@ -140,12 +145,12 @@ class StartUrl
return App()->createUrl("survey/index", $params);
}
}
/* Check token validaty according to current srid */
if (!$oSurvey->getIsAnonymized() && $oSurvey->getHasTokensTable() && $this->token) {
/* currently token needed (valid one) */
if (!$oSurvey->getIsAnonymized() && $oSurvey->getHasTokensTable()) {
$allowTokenUser = $this->getSetting('allowTokenUser');
if ($allowTokenUser) {
if(Utilities::TokenAllowEdit($this->surveyId, $srid, $this->token)) {
if (Utilities::TokenAllowEdit($this->surveyId, $srid, $this->token)) {
// Same token can return true
if ($absolute) {
return App()->createAbsoluteUrl("survey/index", $params);
......@@ -155,6 +160,7 @@ class StartUrl
}
// Must continue if have accesscode
}
/* Check access code */
$uniqueCodeAccess = $this->getSetting('uniqueCodeAccess');
if ($uniqueCodeAccess && Utilities::CheckAccessCodeAllowEdit($this->surveyId, $srid)) {
$responseLink = \reloadAnyResponse\models\responseLink::model()->findByPk(['sid' => $this->surveyId, 'srid' => $srid]);
......@@ -181,6 +187,7 @@ class StartUrl
}
}
}
/* No other right : plugin event */
if (Utilities::PluginEventEditAllowed($this->surveyId, $srid)) {
if ($absolute) {
return App()->createAbsoluteUrl("survey/index", $params);
......
Utilities.php
View file @ 549453bc
......@@ -87,22 +87,22 @@ class Utilities
}
$language = App()->getLanguage();
$oSurvey = \Survey::model()->findByPk($surveyid);
/* Plugin event to disable access*/
if (self::PluginEventEditDisabled($surveyid, $srid)) {
return self::returnOrThrowException($surveyid, 401, self::translate('Sorry, you don‘t have access to this response.'));
}
/* @var boolean, did edition is allowed with current params and settings */
$editAllowed = false;
/* @var string : way used for reloading */
$wayUsed = "";
/* we check usage by usage : plugin, accesscode , token, admin */
$PluginEventEditAllowed = self::PluginEventEditAllowed($surveyid, $srid);
if (!is_null($PluginEventEditAllowed)) {
if (!$PluginEventEditAllowed) { // False or 0 or ''
return self::returnOrThrowException($surveyid, 401, self::translate('Sorry, you don‘t have access to this response.'));
}
if (self::PluginEventEditAllowed($surveyid, $srid)) {
$editAllowed = true;
$wayUsed = 'plugin';
}
if ($accesscode && self::getReloadAnyResponseSetting($surveyid, 'uniqueCodeAccess')) {
if ( !self::AccessCodeAllowEdit($surveyid, $srid, $accesscode)) {
if (!self::AccessCodeAllowEdit($surveyid, $srid, $accesscode)) {
return self::returnOrThrowException($surveyid, 401, self::translate('Sorry, this access code is not valid.'));
}
$editAllowed = true;
......@@ -143,15 +143,15 @@ class Utilities
* Get the search criteria for a specific survey
* @param integer $survey
* @param integer $srid
* @param string $extraFilterSetting, if null , get the extrafilters
* @param string $extraFilterSetting, if null , get the extrafilters
* @return criteria
*/
public static function getResponseCriteria($surveyId, $srid, $extraFilters = null )
public static function getResponseCriteria($surveyId, $srid, $extraFilters = null)
{
/* The filter */
$criteria = new \CDbcriteria();
$criteria->compare("id", $srid);
if (Yii::getPathOfAlias('getQuestionInformation') ) {
if (Yii::getPathOfAlias('getQuestionInformation')) {
if (is_null($extraFilters)) {
$extraFilters = trim(self::getReloadAnyResponseSetting($surveyId, 'extraFilters'));
}
......@@ -235,13 +235,13 @@ class Utilities
/**
* get current token for a survey
* @param integer $surveyid
* @param integer $surveyid
* @param boolena $byparam
* @return string|null
*/
public static function getCurrentToken($surveyid, $byparam = true)
{
if($byparam) {
if ($byparam) {
$tokenParam = App()->getRequest()->getParam('token');
if ($tokenParam) {
return $tokenParam;
......@@ -406,8 +406,8 @@ class Utilities
$now = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", Yii::app()->getConfig("timeadjust"));
return Survey::model()->count(
array(
'condition' => "sid = :sid AND COALESCE(expires, '$now') >= '$now' AND COALESCE(startdate, '$now') <= '$now' AND active ='Y'",
'params'=>array(':sid' => $surveyId)
'condition' => "sid = :sid AND COALESCE(expires, '$now') >= '$now' AND COALESCE(startdate, '$now') <= '$now' AND active ='Y'",
'params' => array(':sid' => $surveyId)
)
);
}
......@@ -586,16 +586,15 @@ class Utilities
}
if ($extraFilters = trim(self::getReloadAnyResponseSetting($surveyid, 'extraRestrictionToken'))) {
$criteria = self::getResponseCriteria($surveyid, $srid, $extraFilters);
$criteria->select = 'id';
$oResponse = SurveyDynamic::model($surveyid)->find($criteria);
if (!$oResponse) {
$oResponseCount = intval(SurveyDynamic::model($surveyid)->count($criteria));
if (!$oResponseCount) {
return false;
}
}
$isManager = false; // If not $tokenManaged : no need to check if manager
if ($tokenManaged) {
$tokenTableId = \TokenUsersListAndManagePlugin\Utilities::getSurveyHasTokenTable($surveyid);
if($tokenTableId) {
if ($tokenTableId) {
Yii::import('TokenUsersListAndManagePlugin.models.TokenManaged');
$TokenManaged = \TokenManaged::model($tokenTableId)->findByToken($token);
if ($TokenManaged && $TokenManaged->getIsManager()) {
......@@ -603,10 +602,10 @@ class Utilities
}
}
}
if ($tokenManaged && !empty($oResponse->submitdate)) {
$allowSubmitted = self::getReloadAnyResponseSetting($surveyid, 'allowUserOnSubmitted');
if(!$allowSubmitted) {
if (!$allowSubmitted) {
if (!$isManager) {
return false;
}
......@@ -671,9 +670,8 @@ class Utilities
{
if ($extraFilters = trim(self::getReloadAnyResponseSetting($surveyid, 'extraRestrictionCode'))) {
$criteria = self::getResponseCriteria($surveyid, $srid, $extraFilters);
$criteria->select = 'id';
$oResponse = SurveyDynamic::model($surveyid)->find($criteria);
if (!$oResponse) {
$oResponseCount = intval(SurveyDynamic::model($surveyid)->count($criteria));
if (!$oResponseCount) {
return false;
}
}
......@@ -688,17 +686,16 @@ class Utilities
*/
public static function AdminAllowEdit($surveyid, $srid)
{
if (self::getReloadAnyResponseSetting($surveyid, 'allowAdminUser')) {
if (!self::getReloadAnyResponseSetting($surveyid, 'allowAdminUser')) {
return false;
}
if (\Permission::model()->hasSurveyPermission($surveyid, 'responses', 'update')) {
if (!\Permission::model()->hasSurveyPermission($surveyid, 'responses', 'update')) {
return false;
}
if ($extraFilters = trim(self::getReloadAnyResponseSetting($surveyid, 'extraRestrictionAdmin'))) {
$criteria = self::getResponseCriteria($surveyid, $srid, $extraFilters);
$criteria->select = 'id';
$oResponse = SurveyDynamic::model($surveyid)->find($criteria);
if (!$oResponse) {
$oResponseCount = intval(SurveyDynamic::model($surveyid)->count($criteria));
if (!$oResponseCount) {
return false;
}
}
......@@ -720,4 +717,18 @@ class Utilities
return $event->get('allowed');
}
/**
* Check permission if it's disable by other plugin
* @param integer $surveydi
* @param integer $srid
* @return boolean|null
*/
public static function PluginEventEditDisabled($surveyid, $srid)
{
$event = new \PluginEvent('ReloadAnyResponseAllowEdit');
$event->set('surveyId', $surveyid);
$event->set('srid', $srid);
App()->getPluginManager()->dispatchEvent($event);
return $event->get('disable');
}
}
config.xml
View file @ 549453bc
......@@ -8,7 +8,7 @@
<author>Denis Chenu</author>
<authorUrl>https://extensions.sondages.pro/reloadanyresponse</authorUrl>
<supportUrl>https://support.sondages.pro/</supportUrl>
<version>5.4.0.RC1</version>
<version>5.4.0.RC2</version>
<license>GNU Affero General Public License v3.0</license>
<description><![CDATA[Allow to reload any response for admin user and respondant.]]></description>
</metadata>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment