Commit 0bfad666 authored by Peter Tönnies's avatar Peter Tönnies Committed by Peter Tönnies

made deletion of posts more restrictive and fixed #537 (fsreport notes could...

made deletion of posts more restrictive and fixed #537 (fsreport notes could not be deleted by orga.)
parent 75cbc4b1
......@@ -87,6 +87,7 @@
- When logging in, referenced redirects work now. !1034 #563 @peter.toennies
- Open link to markdown description in a new window !1050 #698 @chriswalg
- Open wiki.foodsharing.de in top menu bar in new window !1051 @chriswalg
- Deleting report notes now possible for Orga and report team. Writing user notes now possible for orga !1038 #537 @peter.toennies
## Refactoring
- Refactored profile from WorkGroupModel to WorkGroupGateway !898 #9 @svenpascal
......@@ -100,6 +101,7 @@
- Refactored QuizModel into a QuizGateway !998 #9 @svenpascal
- Refactored pickup slot deletion methods, kicked out duplicated code/vars and deleted not used code !968 @jofranz
- Use new storePermissions instead of chaining previous permission checks in stores !990 @jofranz
- Refactored the WallPost module !1038 @peter.toennies
## Dev/Test/CI stuff
- enable functional tests (symfony kernel running inside conception; for limits see inside tests/functional folder) !884 @NerdyProjects
......
......@@ -2,6 +2,7 @@
namespace Foodsharing\Permissions;
use Foodsharing\Lib\Session;
use Foodsharing\Modules\Core\DBConstants\Region\RegionIDs;
use Foodsharing\Modules\Event\EventGateway;
use Foodsharing\Modules\Region\RegionGateway;
......@@ -11,15 +12,18 @@ class WallPostPermissions
private $regionGateway;
private $eventGateway;
private $eventPermission;
private $session;
public function __construct(
RegionGateway $regionGateway,
EventGateway $eventGateway,
EventPermissions $eventPermissions
EventPermissions $eventPermissions,
Session $session
) {
$this->regionGateway = $regionGateway;
$this->eventGateway = $eventGateway;
$this->eventPermission = $eventPermissions;
$this->session = $session;
}
public function mayReadWall(int $fsId, string $target, int $targetId): bool
......@@ -40,7 +44,8 @@ class WallPostPermissions
$result = $fsId && $this->regionGateway->hasMember($fsId, RegionIDs::QUIZ_AND_REGISTRATION_WORK_GROUP);
break;
case 'usernotes':
$result = $fsId && $this->regionGateway->hasMember($fsId, RegionIDs::EUROPE_REPORT_TEAM);
case 'fsreport':
$result = $fsId && ($this->regionGateway->hasMember($fsId, RegionIDs::EUROPE_REPORT_TEAM) || $this->session->isOrgaTeam());
break;
default:
$result = $fsId > 0;
......@@ -75,17 +80,14 @@ class WallPostPermissions
{
switch ($target) {
case 'foodsaver':
case 'fairteiler':
$result = $fsId === $targetId;
break;
case 'bezirk':
$result = $this->regionGateway->isAdmin($fsId, $targetId);
break;
case 'usernotes':
case 'question':
$result = $this->mayReadWall($fsId, $target, $targetId);
break;
default:
$result = $fsId > 0;
$result = $fsId > 0 && $this->mayReadWall($fsId, $target, $targetId);
break;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment