Add acl and access list for projects

author: Frédéric Guillot <contact@fredericguillot.com> 2014-03-01 19:51:09 -0500
committer: Frédéric Guillot <contact@fredericguillot.com> 2014-03-01 19:51:09 -0500
commit: 28bc4246bff405367c9e5640bca356b307962026 (patch)
tree: 897fa49d471c1f4c6fc00bbd7e6d427239d01bd3 /controllers/user.php
parent: e7db71b593f2d9856a5b3aacde00a638d074d601 (diff)
1 files changed, 2 insertions, 10 deletions
diff --git a/controllers/user.php b/controllers/user.php
index 9f9781ef..10d3ad21 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -68,8 +68,6 @@ class User extends Base
     // Display a form to create a new user
     public function create()
     {
-        $this->checkPermissions();
-
         $this->response->html($this->template->layout('user_new', array(
             'projects' => $this->project->getList(),
             'errors' => array(),
@@ -82,8 +80,6 @@ class User extends Base
     // Validate and save a new user
     public function save()
     {
-        $this->checkPermissions();
-
         $values = $this->request->getValues();
         list($valid, $errors) = $this->user->validateCreation($values);
 
@@ -121,7 +117,7 @@ class User extends Base
         unset($user['password']);
 
         $this->response->html($this->template->layout('user_edit', array(
-            'projects' => $this->project->getList(),
+            'projects' => $this->project->filterListByAccess($this->project->getList(), $user['id']),
             'errors' => array(),
             'values' => $user,
             'menu' => 'users',
@@ -162,7 +158,7 @@ class User extends Base
         }
 
         $this->response->html($this->template->layout('user_edit', array(
-            'projects' => $this->project->getList(),
+            'projects' => $this->project->filterListByAccess($this->project->getList(), $values['id']),
             'errors' => $errors,
             'values' => $values,
             'menu' => 'users',
@@ -173,8 +169,6 @@ class User extends Base
     // Confirmation dialog before to remove a user
     public function confirm()
     {
-        $this->checkPermissions();
-
         $user = $this->user->getById($this->request->getIntegerParam('user_id'));
 
         if (! $user) $this->notfound();
@@ -189,8 +183,6 @@ class User extends Base
     // Remove a user
     public function remove()
     {
-        $this->checkPermissions();
-
         $user_id = $this->request->getIntegerParam('user_id');
 
         if ($user_id && $this->user->remove($user_id)) {
author	Frédéric Guillot <contact@fredericguillot.com>	2014-03-01 19:51:09 -0500
committer	Frédéric Guillot <contact@fredericguillot.com>	2014-03-01 19:51:09 -0500
commit	28bc4246bff405367c9e5640bca356b307962026 (patch)
tree	897fa49d471c1f4c6fc00bbd7e6d427239d01bd3 /controllers/user.php
parent	e7db71b593f2d9856a5b3aacde00a638d074d601 (diff)