protected function hasPermission($permission, Model $requester)
{
if ($permission == 'create') {
return $requester->isLoggedIn();
}
if ($requester->id() == $this->uid) {
return true;
}
return $requester->isAdmin();
}
public static function find(array $params = [])
{
$params['where'] = (array) U::array_value($params, 'where');
$user = self::$injectedApp['user'];
if (!$user->isAdmin()) {
if (isset($params['where']['organization'])) {
$org = new Organization($params['where']['organization']);
if ($org->getRoleOfUser($user) < Volunteer::ROLE_VOLUNTEER) {
return ['models' => [], 'count' => 0];
}
} else {
return ['models' => [], 'count' => 0];
}
}
return parent::find($params);
}
private function authenticateApiRequest()
{
$resource = $this->app['oauth_resource'];
$request = Request::createFromGlobals();
$response = new Response();
if ($resource->verifyResourceRequest($request, $response)) {
$tokenData = $resource->getResourceController()->getToken();
// replace current user with the user from the access token
$userModel = Auth::USER_MODEL;
$user = $this->app['user'] = new $userModel($tokenData['user_id'], true);
// use the authenticated user as the requester for model permissions
Model::configure(['requester' => $user]);
} else {
$response->send();
exit;
}
}
public static function find(array $params = [])
{
$params['where'] = (array) U::array_value($params, 'where');
$user = self::$injectedApp['user'];
if (isset($params['where']['organization']) && !$user->isAdmin()) {
if (!isset($params['where']['approval_link'])) {
$org = new Organization($params['where']['organization']);
if ($org->getRoleOfUser($user) != Volunteer::ROLE_ADMIN) {
$params['where']['uid'] = $user->id();
}
}
} else {
// for now, leaving volunteer activity public
// this means any one can view volunteer hours with:
// GET /api/volunteers/volunteer_hours
}
return parent::find($params);
}
protected function hasPermission($permission, Model $requester)
{
return $requester->isAdmin();
}