From bf651a96aaa3d3382ae21ecab63eefe17efa57d7 Mon Sep 17 00:00:00 2001
From: Rudi Grinberg <rudi.grinberg@sourcefabric.org>
Date: Fri, 14 Sep 2012 16:47:55 -0400
Subject: [PATCH] cc-4431: Fixed isUserType
---
.../controllers/WebstreamController.php | 34 +++++++++++--------
airtime_mvc/application/models/User.php | 31 +++--------------
2 files changed, 24 insertions(+), 41 deletions(-)
diff --git a/airtime_mvc/application/controllers/WebstreamController.php b/airtime_mvc/application/controllers/WebstreamController.php
index 0521d58b1..9cea83a5e 100644
--- a/airtime_mvc/application/controllers/WebstreamController.php
+++ b/airtime_mvc/application/controllers/WebstreamController.php
@@ -17,8 +17,9 @@ class WebstreamController extends Zend_Controller_Action
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
if (!$this->isAuthorized(-1)) {
+ // TODO: this header call does not actually print any error message
header("Status: 401 Not Authorized");
-
+ Logging::info("Ain't not Authorized");
return;
}
@@ -94,30 +95,35 @@ class WebstreamController extends Zend_Controller_Action
}
+ /*TODO : make a user object be passed a parameter into this function so
+ that it does not have to be fetched multiple times.*/
public function isAuthorized($webstream_id)
{
- $hasPermission = false;
$user = Application_Model_User::getCurrentUser();
if ($user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
- $hasPermission = true;
+ return true;
}
- if (!$hasPermission && $user->isHost()) {
+ if ($user->isHost()) {
+ // not creating a webstream
if ($webstream_id != -1) {
$webstream = CcWebstreamQuery::create()->findPK($webstream_id);
- //we are updating a playlist. Ensure that if the user is a host/dj, that he has the correct permission.
+ /*we are updating a playlist. Ensure that if the user is a
+ host/dj, that he has the correct permission.*/
$user = Application_Model_User::getCurrentUser();
-
- if ($webstream->getDbCreatorId() == $user->getId()) {
- $hasPermission = true;
- }
- } else {
- //we are creating a new stream. Don't need to check whether the DJ/Host owns the stream
- $hasPermission = true;
+ //only allow when webstream belongs to the DJ
+ Logging::info("Webstream id:".$webstream->getDbCreatorId());
+ Logging::info("User id:".$user->getId());
+ return $webstream->getDbCreatorId() == $user->getId();
}
+ /*we are creating a new stream. Don't need to check whether the
+ DJ/Host owns the stream*/
+ return true;
+ } else {
+ Logging::info( $user );
}
-
- return $hasPermission;
+ Logging::info("what the fuck");
+ return false;
}
public function saveAction()
diff --git a/airtime_mvc/application/models/User.php b/airtime_mvc/application/models/User.php
index 5f68cc240..57130cf9b 100644
--- a/airtime_mvc/application/models/User.php
+++ b/airtime_mvc/application/models/User.php
@@ -72,34 +72,11 @@ class Application_Model_User
public function isUserType($type)
{
- if (is_array($type)) {
- $result = false;
- foreach ($type as $t) {
- switch ($t) {
- case UTYPE_ADMIN:
- $result = $this->_userInstance->getDbType() === 'A';
- break;
- case UTYPE_HOST:
- $result = $this->_userInstance->getDbType() === 'H';
- break;
- case UTYPE_PROGRAM_MANAGER:
- $result = $this->_userInstance->getDbType() === 'P';
- break;
- }
- if ($result) {
- return $result;
- }
- }
- } else {
- switch ($type) {
- case UTYPE_ADMIN:
- return $this->_userInstance->getDbType() === 'A';
- case UTYPE_HOST:
- return $this->_userInstance->getDbId() === 'H';
- case UTYPE_PROGRAM_MANAGER:
- return $this->_userInstance->getDbType() === 'P';
- }
+ if (!is_array($type)) {
+ $type = array($type);
}
+ $real_type = $this->_userInstance->getDbType();
+ return in_array($real_type, $type);
}
public function setLogin($login)