From e5d5f44813e82f489d809a4c4b9d5ef363229a3f Mon Sep 17 00:00:00 2001
From: James <james@sourcefabric-DX4840.(none)>
Date: Wed, 6 Jun 2012 17:31:51 -0400
Subject: [PATCH] CC-3905: Playlist Library -> the delete tracks button is
 enabled for DJ users and PM's

- done
- PM should have full control on the library
- DJ is only allowed to edit/delete playlist that they created.
no action on files except play or add to their own playlist
---
 .../controllers/LibraryController.php         | 54 ++++++++++++++-----
 airtime_mvc/application/models/Playlist.php   |  4 ++
 2 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php
index 78c2e253b..e3267cf09 100644
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@@ -42,32 +42,38 @@ class LibraryController extends Zend_Controller_Action
         
         //Open a jPlayer window and play the audio clip.
         $menu["play"] = array("name"=> "Play", "icon" => "play");
+        
+        $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
 
         if ($type === "audioclip") {
 
             $file = Application_Model_StoredFile::Recall($id);
 
             if (isset($this->pl_sess->id) && $screen == "playlist") {
-                $menu["pl_add"] = array("name"=> "Add to Playlist", "icon" => "add-playlist", "icon" => "copy");
+                // if the user is not admin or pm, check the creator and see if this person owns the playlist
+                $playlist = new Application_Model_Playlist($this->pl_sess->id);
+                if($isAdminOrPM || $playlist->getCreatorId() == $user->getId()){
+                    $menu["pl_add"] = array("name"=> "Add to Playlist", "icon" => "add-playlist", "icon" => "copy");
+                }
             }
-            
-            
-            $menu["edit"] = array("name"=> "Edit Metadata", "icon" => "edit", "url" => "/library/edit-file-md/id/{$id}");
-    
-            if ($user->isAdmin()) {
+            if ($isAdminOrPM) {
                 $menu["del"] = array("name"=> "Delete", "icon" => "delete", "url" => "/library/delete");
+                $menu["edit"] = array("name"=> "Edit Metadata", "icon" => "edit", "url" => "/library/edit-file-md/id/{$id}");
             }
 
             $url = $file->getRelativeFileUrl($baseUrl).'/download/true';
-            $menu["download"] = array("name" => "Download", "icon" => "download", "url" => $url);   
+            $menu["download"] = array("name" => "Download", "icon" => "download", "url" => $url);
         }
         else if ($type === "playlist") {
-
+            $playlist = new Application_Model_Playlist($id);
             if ($this->pl_sess->id !== $id && $screen == "playlist") {
-                $menu["edit"] = array("name"=> "Edit", "icon" => "edit");
+                if($isAdminOrPM || $playlist->getCreatorId() == $user->getId()){
+                    $menu["edit"] = array("name"=> "Edit", "icon" => "edit");
+                }
+            }
+            if($isAdminOrPM || $playlist->getCreatorId() == $user->getId()){
+                $menu["del"] = array("name"=> "Delete", "icon" => "delete", "url" => "/library/delete");
             }
-
-            $menu["del"] = array("name"=> "Delete", "icon" => "delete", "url" => "/library/delete");
         }
 
         
@@ -106,6 +112,7 @@ class LibraryController extends Zend_Controller_Action
         $mediaItems = $this->_getParam('media', null);
 
         $user = Application_Model_User::GetCurrentUser();
+        $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
 
         $files = array();
         $playlists = array();
@@ -122,12 +129,27 @@ class LibraryController extends Zend_Controller_Action
             }
         }
 
+        $hasPermission = true;
         if (count($playlists)) {
-            Application_Model_Playlist::DeletePlaylists($playlists);
+            // make sure use has permission to delete all playslists in the list
+            if(!$isAdminOrPM){
+                foreach($playlists as $pid){
+                    $pl = new Application_Model_Playlist($pid);
+                    if($pl->getCreatorId() != $user->getId()){
+                        $hasPermission = false;
+                    }
+                }
+            }
         }
 
-        if (!$user->isAdmin()) {
+        if (!$isAdminOrPM && count($files)) {
+            $hasPermission = false;
+        }
+        if(!$hasPermission){
+            $this->view->message = "You don't have a permission to delete all playlists/files that are selected.";
             return;
+        }else{
+            Application_Model_Playlist::DeletePlaylists($playlists);
         }
 
         foreach ($files as $id) {
@@ -182,6 +204,12 @@ class LibraryController extends Zend_Controller_Action
 
     public function editFileMdAction()
     {
+        $user = Application_Model_User::GetCurrentUser();
+        $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+        if(!$isAdminOrPM){
+            return;
+        }
+        
         $request = $this->getRequest();
         $form = new Application_Form_EditAudioMD();
 
diff --git a/airtime_mvc/application/models/Playlist.php b/airtime_mvc/application/models/Playlist.php
index 63d33409a..70710f567 100644
--- a/airtime_mvc/application/models/Playlist.php
+++ b/airtime_mvc/application/models/Playlist.php
@@ -121,6 +121,10 @@ class Application_Model_Playlist {
 
         return $this->pl->getCcSubjs()->getDbLogin();
     }
+    
+    public function getCreatorId() {
+        return $this->pl->getCcSubjs()->getDbId();
+    }
 
     public function setCreator($p_id) {