Permissions for fingerprint endpoints created

This commit is contained in:
Mal 2020-08-23 11:44:12 +02:00
parent 39d14451b2
commit 37f220b561
4 changed files with 35 additions and 5 deletions

View File

@ -17,6 +17,10 @@ final class FingerprintDeleteController extends AbstractController
public function handle(): void public function handle(): void
{ {
if (!$this->isUserLoggedIn()) {
return;
}
parent::handle(); parent::handle();
if ($this->response->getStatus() !== ServerStatus::OK) { if ($this->response->getStatus() !== ServerStatus::OK) {
@ -25,16 +29,21 @@ final class FingerprintDeleteController extends AbstractController
try { try {
$db = new MySqlDatabase(); $db = new MySqlDatabase();
$this->response = new ApiJsonResponse();
$db->startTransaction(); $db->startTransaction();
$fingerprint = new Fingerprint($this->fingerprintId, $db); $fingerprint = new Fingerprint($this->fingerprintId, $db);
if (!$this->hasUserPermission($fingerprint->getUserId())) {
return;
}
$qrCode = new QrCode($fingerprint->getFingerprintId(), $fingerprint->getFingerprint()); $qrCode = new QrCode($fingerprint->getFingerprintId(), $fingerprint->getFingerprint());
$fingerprint->Delete(); $fingerprint->Delete();
$qrCode->delete(); $qrCode->delete();
$db->commit(); $db->commit();
$this->response = new ApiJsonResponse();
} catch (Throwable $e) { } catch (Throwable $e) {
$this->response = new ApiJsonResponse(ServerStatus::BAD_REQUEST); $this->response = new ApiJsonResponse(ServerStatus::BAD_REQUEST);
$this->response->setParameter('success', false); $this->response->setParameter('success', false);

View File

@ -18,8 +18,16 @@ final class FingerprintGetController extends AbstractController
public function handle(): void public function handle(): void
{ {
try { try {
if (!$this->isUserLoggedIn()) {
return;
}
$fingerprint = new Fingerprint($this->fingerprintId); $fingerprint = new Fingerprint($this->fingerprintId);
if (!$this->hasUserPermission($fingerprint->getUserId())) {
return;
}
$this->response = new ApiJsonResponse(); $this->response = new ApiJsonResponse();
$this->response->setResult($fingerprint); $this->response->setResult($fingerprint);
} catch (Throwable $e) { } catch (Throwable $e) {

View File

@ -12,6 +12,10 @@ final class FingerprintPostController extends AbstractController
public function handle(): void public function handle(): void
{ {
if (!$this->isUserLoggedIn()) {
return;
}
parent::handle(); parent::handle();
$db = new MySqlDatabase(); $db = new MySqlDatabase();
@ -20,8 +24,12 @@ final class FingerprintPostController extends AbstractController
$this->response = new ApiJsonResponse(); $this->response = new ApiJsonResponse();
try { try {
$fingerprint->setFingerprint($json->fingerprint); if (!$this->hasUserPermission((int)$json->userId)) {
$fingerprint->setUserId($json->userId); return;
}
$fingerprint->setFingerprint((string)$json->fingerprint);
$fingerprint->setUserId((int)$json->userId);
if (!$db->hasTransaction()) { if (!$db->hasTransaction()) {
$db->startTransaction(); $db->startTransaction();

View File

@ -20,6 +20,10 @@ final class FingerprintPutController extends AbstractController
public function handle(): void public function handle(): void
{ {
if (!$this->isUserLoggedIn()) {
return;
}
parent::handle(); parent::handle();
if ($this->response->getStatus() !== ServerStatus::OK) { if ($this->response->getStatus() !== ServerStatus::OK) {
@ -30,9 +34,10 @@ final class FingerprintPutController extends AbstractController
try { try {
$json = json_decode($this->requestBody, true); $json = json_decode($this->requestBody, true);
$fingerprint = new Fingerprint($this->fingerprintId); $fingerprint = new Fingerprint($this->fingerprintId);
if ($this->handleFingerprint($fingerprint, $json)) { if ($this->hasUserPermission($fingerprint->getUserId()) || $this->handleFingerprint($fingerprint, $json)) {
return; return;
} }