public function validateUpdate($payload, sfWebRequest $request = null) { parent::validateUpdate($payload, $request); $params = $this->parsePayload($payload); $user = $this->getUser()->getGuardUser(); if (!$user) { throw new sfException('Action requires an auth token.', 401); } $primaryKey = $request->getParameter('id'); $episode = EpisodeTable::getInstance()->find($primaryKey); if (!$this->getUser()->isSuperAdmin()) { $admin = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $episode->getSubredditId(), array('admin')); $moderator = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $episode->getSubredditId(), array('moderator')); if (!$admin) { if (array_key_exists('episode_assignment_id', $params)) { $assignment = EpisodeAssignmentTable::getInstance()->find($params['episode_assignment_id']); if ($assignment->getSfGuardUserId() != $user->getIncremented()) { throw new sfException('You are not allowed to change the EpisodeAssignment of the Episode!', 403); } } if (array_key_exists('approved_by', $params) && !$moderator && $params['approved_by'] != $user->getIncremented()) { throw new sfException('You are not allowed to add approval for the Episode!', 403); } } } }
public function validateUpdate($payload, sfWebRequest $request = null) { parent::validateUpdate($payload, $request); $params = $this->parsePayload($payload); $primaryKey = $request->getParameter('id'); $assignment = EpisodeAssignmentTable::getInstance()->find($primaryKey); $admin = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $assignment->getEpisode()->getSubredditId(), array('admin')); if (array_key_exists('sf_guard_user_id', $params) && !$this->getUser()->isSuperAdmin() && !$admin) { throw new sfException('You are not allowed to change users for this EpisodeAssignment.', 403); } }
public function validateUpdate($payload, sfWebRequest $request = null) { parent::validateUpdate($payload, $request); $primaryKey = $request->getParameter('id'); $params = $this->parsePayload($payload); $user = $this->getUser()->getGuardUser(); if (!$user) { throw new sfException('Action requires an auth token.', 401); } $deadline = DeadlineTable::getInstance()->find($request->getParameter('id')); $subreddit_id = $deadline->getSubredditId(); $admin = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $subreddit_id, array('admin')); if (!$admin && !$this->getUser()->isSuperAdmin()) { throw new sfException("Your user does not have permissions to " . "update Deadlines in this Subreddit.", 403); } }
/** * Since a User can only have one membership in a Subreddit, this tests that * the first returned sfGuardUserSubredditMembership is the exact same as * the only one made. The limitation on sfGuardUserSubredditMemberships is * in place using Unique indexes in the database, so we depend upon that to * prevent multiple Subreddit Memberships. */ public function testGetFirstByUserSubredditAndMemberships() { $user = new sfGuardUser(); $user->setEmailAddress(rand(0, 1000)); $user->setUsername(rand(0, 1000)); $user->setIsValidated(1); $user->save(); $subreddit = new Subreddit(); $subreddit->setName(rand(0, 1000)); $subreddit->setDomain(rand(0, 1000)); $subreddit->save(); $membership = MembershipTable::getInstance()->findOneByType('user'); $second_membership = MembershipTable::getInstance()->findOneByType('admin'); $user_subreddit_membership = new sfGuardUserSubredditMembership(); $user_subreddit_membership->setSfGuardUserId($user->getIncremented()); $user_subreddit_membership->setSubredditId($subreddit->getIncremented()); $user_subreddit_membership->setMembership($membership); $user_subreddit_membership->save(); $second_user_subreddit_membership = new sfGuardUserSubredditMembership(); $second_user_subreddit_membership->setSfGuardUserId($user->getIncremented()); $second_user_subreddit_membership->setSubredditId($subreddit->getIncremented()); $second_user_subreddit_membership->setMembership($second_membership); $exception_thrown = false; try { $second_user_subreddit_membership->save(); } catch (Exception $exception) { unset($exception); $exception_thrown = true; } $retrieved_object = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $subreddit->getIncremented(), array($membership->getType())); $this->assertEquals($retrieved_object->getIncremented(), $user_subreddit_membership->getIncremented()); $user_subreddit_membership->delete(); $subreddit->delete(); $user->delete(); $this->assertTrue($exception_thrown); }
protected function verifyPermissionsForCurrentUser($subreddit_id, $permissions = array()) { $membership = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($this->getUser()->getApiUserId(), $subreddit_id, $permissions); return $membership ? true : false; }
public function save(Doctrine_Connection $conn = null) { if (!$this->isNew() && !$this->getSkipBackup() && in_array('graphic_file', $this->_modified) && $this->_get('graphic_file')) { $file_location = rtrim(ProjectConfiguration::getEpisodeGraphicFileLocalDirectory(), '/') . '/'; $filename = $this->_get('graphic_file'); if (file_exists($file_location . $filename)) { ProjectConfiguration::registerAws(); $response = $this->saveFileToApplicationBucket($file_location, $filename, 'upload', AmazonS3::ACL_PUBLIC); if ($response->isOK()) { unlink($file_location . $filename); } } } if (!$this->isNew() && !$this->getSkipBackup() && in_array('audio_file', $this->_modified) && $this->_get('audio_file')) { $file_location = rtrim(ProjectConfiguration::getEpisodeAudioFileLocalDirectory(), '/') . '/'; $filename = $this->_get('audio_file'); if (file_exists($file_location . $filename)) { ProjectConfiguration::registerAws(); $response = $this->saveFileToApplicationBucket($file_location, $filename, 'audio'); } } if (!$this->isNew() && in_array('is_submitted', $this->_modified) && $this->_get('is_submitted')) { /* The episode has been submitted. We need to send an email about * it to the subreddit moderators. */ $types = array('moderator'); $memberships = sfGuardUserSubredditMembershipTable::getInstance()->getAllBySubredditAndMemberships($this->getSubredditId(), $types); $initial_is_submitted = $this->_get('is_submitted'); $initial_submitted_at = $this->_get('submitted_at'); foreach ($memberships as $membership) { $user = $membership->getSfGuardUser(); $parameters = array('user_id' => $membership->getSfGuardUserId(), 'episode_id' => $this->getIncremented()); $prefer_html = $user->getPreferHtml(); $address = $user->getEmailAddress(); $name = $user->getPreferredName() ? $user->getPreferredName() : $user->getFullName(); $email = EmailTable::getInstance()->getFirstByEmailTypeAndLanguage('EpisodeApprovalPending', $user->getPreferredLanguage()); $subject = $email->generateSubject($parameters); $body = $email->generateBodyText($parameters, $prefer_html); $from = sfConfig::get('app_email_address', ProjectConfiguration::getApplicationName() . ' <' . ProjectConfiguration::getApplicationEmailAddress() . '>'); AppMail::sendMail($address, $from, $subject, $body, $prefer_html ? $body : null); $user->addLoginMessage('You have Episodes awaiting your approval.'); } // @todo: The previous foreach loop sets the 'is_submitted' and 'submitted_at' columns to null. I don't know why. $this->_set('is_submitted', $initial_is_submitted); $this->_set('submitted_at', $initial_submitted_at); } return parent::save($conn); }
public function validateUpdate($payload, sfWebRequest $request = null) { parent::validateUpdate($payload, $request); $params = $this->parsePayload($payload); $user = $this->getUser()->getGuardUser(); $primaryKey = $request->getParameter('id'); $admin = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $primaryKey, array('admin')); if (!$this->getUser()->isSuperAdmin() && !$admin) { throw new sfException("Your user does not have permissions to " . "alter Subreddits.", 403); } }