public function validateUpdate($payload, sfWebRequest $request = null) { parent::validateUpdate($payload, $request); $params = $this->parsePayload($payload); $primaryKey = $request->getParameter('id'); $params = $this->parsePayload($payload); $user = $this->getUser()->getGuardUser(); if (!$user) { throw new sfException('Action requires an auth token.', 401); } $subreddittropo = SubredditTropoNumber::getInstance()->find($primaryKey); $subreddit_id = $subreddittropo->getSubredditId(); $admin = sfGuardUserSubredditMembershipTable::getInstance()->getFirstByUserSubredditAndMemberships($user->getIncremented(), $subreddit_id, array('admin')); if (!$admin && !$this->getUser()->isSuperAdmin()) { throw new sfException("Your user does not have permissions to " . "update Tropo phone numbers in this Subreddit.", 403); } }
public function executePhone(sfWebRequest $request) { $this->forward404Unless($this->getUser()->isAuthenticated()); $auth_key = $this->getUser()->getApiAuthKey(); $this->getSubredditId($request); $membership_data = Api::getInstance()->setUser($auth_key)->get('subredditmembership?sf_guard_user_id=' . $this->getUser()->getApiUserId() . '&subreddit_id=' . $this->subreddit_id, true); $this->membership = array_key_exists(0, $membership_data['body']) ? ApiDoctrine::createQuickObject($membership_data['body'][0]) : null; $this->forward404If(!$this->membership || !in_array($this->membership->getMembership()->getType(), array('admin')) && !$this->getUser()->isSuperAdmin()); $phone_data = Api::getInstance()->setUser($auth_key)->get('subreddittropo?subreddit_id=' . $this->subreddit_id, true); $this->phone_numbers = ApiDoctrine::createQuickObjectArray($phone_data['body']); $number = new SubredditTropoNumber(); $number->setSubredditId($this->subreddit_id); $this->form = new SubredditTropoNumberForm($number); unset($this->form['subreddit_id']); if ($request->isMethod(sfRequest::POST)) { $this->processTropoPhoneForm($request, $this->form); } }