kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

Check permissions before showing ical, atom and json export links

Browse Source 
closes #729 (Rechtesystem ical&json)
main
Igor Scheller 5 years ago committed by msquare
parent 93ae2442f6
commit 8c0ac0f7a1
4 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File

5
includes/pages/user_shifts.php
Unescape Escape View File

@ -288,10 +288,15 @@ function view_user_shifts()
/** /**
* Returns a hint for the user how the ical feature works. * Returns a hint for the user how the ical feature works.
*
* @return string
*/ */
function ical_hint() function ical_hint()
{ {
$user = auth()->user(); $user = auth()->user();
if(!auth()->can('ical')) {
return '';
}
return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2) return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2)
. '<p>' . sprintf( . '<p>' . sprintf(

11
includes/view/User_view.php
Unescape Escape View File

@ -553,6 +553,7 @@ function User_view(
$admin_user_worklog_privilege, $admin_user_worklog_privilege,
$user_worklogs $user_worklogs
) { ) {
$auth = auth();
$nightShiftsConfig = config('night_shifts'); $nightShiftsConfig = config('night_shifts');
$user_name = htmlspecialchars( $user_name = htmlspecialchars(
$user_source->personalData->first_name) . ' ' . htmlspecialchars($user_source->personalData->last_name $user_source->personalData->first_name) . ' ' . htmlspecialchars($user_source->personalData->last_name
@ -625,15 +626,19 @@ function User_view(
page_link_to('user_settings'), page_link_to('user_settings'),
glyph('list-alt') . __('Settings') glyph('list-alt') . __('Settings')
) : '', ) : '',
$its_me ? button( ($its_me && $auth->can('ical')) ? button(
page_link_to('ical', ['key' => $user_source->api_key]), page_link_to('ical', ['key' => $user_source->api_key]),
glyph('calendar') . __('iCal Export') glyph('calendar') . __('iCal Export')
) : '', ) : '',
$its_me ? button( ($its_me && $auth->can('shifts_json_export')) ? button(
page_link_to('shifts_json_export', ['key' => $user_source->api_key]), page_link_to('shifts_json_export', ['key' => $user_source->api_key]),
glyph('export') . __('JSON Export') glyph('export') . __('JSON Export')
) : '', ) : '',
$its_me ? button( ($its_me && (
$auth->can('shifts_json_export')
|| $auth->can('ical')
|| $auth->can('atom')
)) ? button(
page_link_to('user_myshifts', ['reset' => 1]), page_link_to('user_myshifts', ['reset' => 1]),
glyph('repeat') . __('Reset API key') glyph('repeat') . __('Reset API key')
) : '' ) : ''

2
resources/views/layouts/app.twig
Unescape Escape View File

@ -12,7 +12,7 @@
<link rel="stylesheet" type="text/css" href="{{ asset('assets/theme' ~ theme ~ '.css') }}"/> <link rel="stylesheet" type="text/css" href="{{ asset('assets/theme' ~ theme ~ '.css') }}"/>
<script type="text/javascript" src="{{ asset('assets/vendor.js') }}"></script> <script type="text/javascript" src="{{ asset('assets/vendor.js') }}"></script>
{% if page() in ['news', 'meetings'] and is_user() -%} {% if page() in ['news', 'meetings'] and is_user() and has_permission_to('atom') -%}
{% set parameters = {'key': user.api_key} -%} {% set parameters = {'key': user.api_key} -%}
{% if page() == 'meetings' -%} {% if page() == 'meetings' -%}
{% set parameters = parameters|merge({'meetings': 1}) -%} {% set parameters = parameters|merge({'meetings': 1}) -%}

1
src/Middleware/SessionHandlerServiceProvider.php
Unescape Escape View File

@ -14,6 +14,7 @@ class SessionHandlerServiceProvider extends ServiceProvider
->give(function () { ->give(function () {
return [ return [
'/api', '/api',
'/atom',
'/ical', '/ical',
'/metrics', '/metrics',
'/shifts-json-export', '/shifts-json-export',

Write Preview
Loading…
Cancel
Save