From 0eab0c609b94b6dee2cb24e416a7c2e86c67cb0b Mon Sep 17 00:00:00 2001
From: Albert Santoni <albert.santoni@sourcefabric.org>
Date: Fri, 20 Jun 2014 17:43:20 -0400
Subject: [PATCH] Permissions fixes for Super Admin users
---
airtime_mvc/application/controllers/LibraryController.php | 8 ++++----
.../application/controllers/ScheduleController.php | 8 ++++----
.../application/controllers/WebstreamController.php | 2 +-
airtime_mvc/application/models/Block.php | 2 +-
airtime_mvc/application/models/Playlist.php | 2 +-
airtime_mvc/application/models/StoredFile.php | 2 +-
airtime_mvc/application/models/User.php | 5 +++--
airtime_mvc/application/models/airtime/CcSubjs.php | 2 +-
8 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php
index 41ab24eaa..42699e9bc 100644
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@@ -83,7 +83,7 @@ class LibraryController extends Zend_Controller_Action
$obj = new $objInfo['className']($obj_sess->id);
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
- $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if ($isAdminOrPM || $obj->getCreatorId() == $userInfo->id) {
$this->view->obj = $obj;
@@ -186,7 +186,7 @@ class LibraryController extends Zend_Controller_Action
//Open a jPlayer window and play the audio clip.
$menu["play"] = array("name"=> _("Preview"), "icon" => "play", "disabled" => false);
- $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
$obj_sess = new Zend_Session_Namespace(UI_PLAYLISTCONTROLLER_OBJ_SESSNAME);
@@ -302,7 +302,7 @@ class LibraryController extends Zend_Controller_Action
$mediaItems = $this->_getParam('media', null);
$user = Application_Model_User::getCurrentUser();
- //$isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ //$isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
$files = array();
$playlists = array();
@@ -418,7 +418,7 @@ class LibraryController extends Zend_Controller_Action
public function editFileMdAction()
{
$user = Application_Model_User::getCurrentUser();
- $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
$request = $this->getRequest();
diff --git a/airtime_mvc/application/controllers/ScheduleController.php b/airtime_mvc/application/controllers/ScheduleController.php
index a430e15e5..ec385f167 100644
--- a/airtime_mvc/application/controllers/ScheduleController.php
+++ b/airtime_mvc/application/controllers/ScheduleController.php
@@ -104,7 +104,7 @@ class ScheduleController extends Zend_Controller_Action
$this->createShowFormAction(true);
$user = Application_Model_User::getCurrentUser();
- if ($user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
+ if ($user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
$this->view->preloadShowForm = true;
}
@@ -133,7 +133,7 @@ class ScheduleController extends Zend_Controller_Action
{
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
- $editable = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $editable = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
$calendar_interval = Application_Model_Preference::GetCalendarTimeScale();
Logging::info($calendar_interval);
@@ -191,7 +191,7 @@ class ScheduleController extends Zend_Controller_Action
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
- if ($user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
+ if ($user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
try {
$show = new Application_Model_Show($showId);
} catch (Exception $e) {
@@ -586,7 +586,7 @@ class ScheduleController extends Zend_Controller_Action
{
$user = Application_Model_User::getCurrentUser();
- if ($user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
+ if ($user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
$id = $this->_getParam('id');
try {
diff --git a/airtime_mvc/application/controllers/WebstreamController.php b/airtime_mvc/application/controllers/WebstreamController.php
index 8eb9a2ac5..1d94923c3 100644
--- a/airtime_mvc/application/controllers/WebstreamController.php
+++ b/airtime_mvc/application/controllers/WebstreamController.php
@@ -88,7 +88,7 @@ class WebstreamController extends Zend_Controller_Action
public function isAuthorized($webstream_id)
{
$user = Application_Model_User::getCurrentUser();
- if ($user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
+ if ($user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER))) {
return true;
}
diff --git a/airtime_mvc/application/models/Block.php b/airtime_mvc/application/models/Block.php
index babef06a5..8ea3593b1 100644
--- a/airtime_mvc/application/models/Block.php
+++ b/airtime_mvc/application/models/Block.php
@@ -1038,7 +1038,7 @@ SQL;
{
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
- $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
// get only the files from the blocks
// we are about to delete
diff --git a/airtime_mvc/application/models/Playlist.php b/airtime_mvc/application/models/Playlist.php
index 7a7573d2a..90baaf621 100644
--- a/airtime_mvc/application/models/Playlist.php
+++ b/airtime_mvc/application/models/Playlist.php
@@ -987,7 +987,7 @@ SQL;
{
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
- $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
// get only the files from the playlists
// we are about to delete
diff --git a/airtime_mvc/application/models/StoredFile.php b/airtime_mvc/application/models/StoredFile.php
index e30851e26..8031ba5c4 100644
--- a/airtime_mvc/application/models/StoredFile.php
+++ b/airtime_mvc/application/models/StoredFile.php
@@ -379,7 +379,7 @@ SQL;
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$user = new Application_Model_User($userInfo->id);
- $isAdminOrPM = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
+ $isAdminOrPM = $user->isUserType(array(UTYPE_SUPERADMIN, UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
if (!$isAdminOrPM && $this->getFileOwnerId() != $user->getId()) {
throw new FileNoPermissionException();
}
diff --git a/airtime_mvc/application/models/User.php b/airtime_mvc/application/models/User.php
index dc1cd49c8..14bb9491d 100644
--- a/airtime_mvc/application/models/User.php
+++ b/airtime_mvc/application/models/User.php
@@ -60,8 +60,9 @@ class Application_Model_User
$type = $this->getType();
$result = false;
- if ($type === UTYPE_ADMIN ||
- $type === UTYPE_PROGRAM_MANAGER ||
+ if ($this->isAdmin() ||
+ $this->isSuperAdmin() ||
+ $this->isPM() ||
self::isHostOfShow($p_showId)) {
$result = true;
}
diff --git a/airtime_mvc/application/models/airtime/CcSubjs.php b/airtime_mvc/application/models/airtime/CcSubjs.php
index 78fd56d9e..9cba6165e 100644
--- a/airtime_mvc/application/models/airtime/CcSubjs.php
+++ b/airtime_mvc/application/models/airtime/CcSubjs.php
@@ -15,7 +15,7 @@ class CcSubjs extends BaseCcSubjs {
public function isAdminOrPM()
{
- return $this->type === UTYPE_ADMIN || $this->type === UTYPE_PROGRAM_MANAGER;
+ return $this->type === UTYPE_ADMIN === UTYPE_SUPERADMIN || $this->type === UTYPE_ADMIN || $this->type === UTYPE_PROGRAM_MANAGER;
}
public function isHostOfShow($showId)