diff options
| author | Dave Arter <davea@mysociety.org> | 2016-08-24 15:52:34 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2016-09-08 09:45:59 +0100 |
| commit | 82c4b0cfdc4712a1f7b6e8824133d2de2a249b3a (patch) | |
| tree | f7eaf5ad2c5918a74d6c847f3df6c4f6a5118508 /perllib/FixMyStreet/App/Controller | |
| parent | 1444841970096122c9aeb5e86c82bede01b1bee6 (diff) | |
Simplify some permissions logic with extra helper method
Diffstat (limited to 'perllib/FixMyStreet/App/Controller')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 9 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/My.pm | 2 |
2 files changed, 5 insertions, 6 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 3c02c1318..66b46877f 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -982,9 +982,8 @@ sub load_template_body : Private { my ($self, $c, $body_id) = @_; my $zurich_user = $c->user->from_body && $c->cobrand->moniker eq 'zurich'; - my $has_permission = $c->user->from_body && - $c->user->from_body->id eq $body_id && - $c->user->has_permission_to('template_edit', $body_id); + my $has_permission = $c->user->has_body_permission_to('template_edit') && + $c->user->from_body->id eq $body_id; unless ( $c->user->is_superuser || $zurich_user || $has_permission ) { $c->detach( '/page_error_404_not_found' ); @@ -1212,7 +1211,7 @@ sub user_edit : Path('user_edit') : Args(1) { my $user = $c->cobrand->users->find( { id => $id } ); $c->detach( '/page_error_404_not_found' ) unless $user; - unless ( $c->user->is_superuser || ( $c->user->has_permission_to('user_edit', $c->user->from_body->id) ) ) { + unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') ) { $c->detach('/page_error_403_access_denied', []); } @@ -1249,7 +1248,7 @@ sub user_edit : Path('user_edit') : Args(1) { # set from_body to the same value as their own from_body. if ( $c->user->is_superuser ) { $user->from_body( $c->get_param('body') || undef ); - } elsif ( $c->user->has_permission_to('user_assign_body', $c->user->from_body->id ) && + } elsif ( $c->user->has_body_permission_to('user_assign_body') && $c->get_param('body') && $c->get_param('body') eq $c->user->from_body->id ) { $user->from_body( $c->user->from_body ); } else { diff --git a/perllib/FixMyStreet/App/Controller/My.pm b/perllib/FixMyStreet/App/Controller/My.pm index b15750c98..b7fabcf4c 100644 --- a/perllib/FixMyStreet/App/Controller/My.pm +++ b/perllib/FixMyStreet/App/Controller/My.pm @@ -41,7 +41,7 @@ sub planned : Local : Args(0) { my ( $self, $c ) = @_; $c->detach('/page_error_403_access_denied', []) - unless $c->user->from_body && $c->user->has_permission_to('planned_reports', $c->user->from_body->id); + unless $c->user->has_body_permission_to('planned_reports'); $c->stash->{problems_rs} = $c->user->active_planned_reports; $c->forward('get_problems'); |