Remove from_body requirement from User::has_permission_to

author: Dave Arter <davea@mysociety.org> 2016-09-14 10:52:08 +0100
committer: Dave Arter <davea@mysociety.org> 2016-09-20 16:07:09 +0100
commit: b01df0c7609a1d6c008b943a9936d471cf0e0ce3 (patch)
tree: 150199d93afb6ad71a6d7cb921eaff81dd07f63b /perllib/FixMyStreet
parent: 6f623cbb0c055fb4ae7f1a3639edaa212fc55392 (diff)
6 files changed, 15 insertions, 17 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 3fc5421ba..63ed9f3c6 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -687,7 +687,7 @@ sub report_edit : Path('report_edit') : Args(1) {
 
     unless (
         $c->cobrand->moniker eq 'zurich'
-        || $c->user->has_permission_to(report_edit => $problem->bodies_str)
+        || $c->user->has_permission_to(report_edit => $problem->bodies_str_ids)
     ) {
         $c->detach( '/page_error_403_access_denied', [] );
     }
diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm
index dadec5c53..94e6cd62a 100644
--- a/perllib/FixMyStreet/App/Controller/Moderate.pm
+++ b/perllib/FixMyStreet/App/Controller/Moderate.pm
@@ -54,7 +54,7 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) {
 
     # ... and immediately, if the user isn't authorized
     $c->detach unless $c->user_exists;
-    $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str);
+    $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str_ids);
 
     $c->forward('/auth/check_csrf_token');
 
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm
index 1d67afd0e..34392782b 100644
--- a/perllib/FixMyStreet/App/Controller/Report.pm
+++ b/perllib/FixMyStreet/App/Controller/Report.pm
@@ -133,7 +133,7 @@ sub load_problem_or_display_error : Private {
     }
 
     $c->stash->{problem} = $problem;
-    if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str) ) {
+    if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str_ids) ) {
         $c->stash->{problem_original} = $problem->find_or_new_related(
             moderation_original_data => {
                 title => $problem->title,
@@ -401,7 +401,7 @@ to the current Problem in $c->stash->{problem}. Shows the 403 page if not.
 sub check_has_permission_to : Private {
     my ( $self, $c, @permissions ) = @_;
 
-    my $bodies = $c->stash->{problem}->bodies_str;
+    my $bodies = $c->stash->{problem}->bodies_str_ids;
 
     my %permissions = map { $_ => $c->user->has_permission_to($_, $bodies) } @permissions
         if $c->user_exists;
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index 7b012e0a1..267f1059d 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -188,9 +188,9 @@ sub report_form_ajax : Path('ajax') : Args(0) {
 
     my $contribute_as = {};
     if ($c->user_exists) {
-        my $bodies = join(',', keys %{$c->stash->{bodies}});
-        my $ca_another_user = $c->user->has_permission_to('contribute_as_another_user', $bodies);
-        my $ca_body = $c->user->has_permission_to('contribute_as_body', $bodies);
+        my @bodies = keys %{$c->stash->{bodies}};
+        my $ca_another_user = $c->user->has_permission_to('contribute_as_another_user', \@bodies);
+        my $ca_body = $c->user->has_permission_to('contribute_as_body', \@bodies);
         $contribute_as->{another_user} = $ca_another_user if $ca_another_user;
         $contribute_as->{body} = $ca_body if $ca_body;
     }
diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index 705e6ee99..4c2d92d5e 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -113,7 +113,7 @@ sub process_user : Private {
     if ( $c->user_exists ) { {
         my $user = $c->user->obj;
 
-        if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str)) {
+        if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str_ids)) {
             # Act as if not logged in (and it will be auto-confirmed later on)
             last;
         }
@@ -276,7 +276,7 @@ sub process_update : Private {
     $update->mark_fixed($params{fixed} ? 1 : 0);
     $update->mark_open($params{reopen} ? 1 : 0);
 
-    $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str);
+    $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str_ids);
     if ($c->stash->{contributing_as_body}) {
         $update->name($c->user->from_body->name);
         $update->anonymous(0);
@@ -286,7 +286,7 @@ sub process_update : Private {
     }
 
     if ( $params{state} ) {
-        $params{state} = 'fixed - council' 
+        $params{state} = 'fixed - council'
             if $params{state} eq 'fixed' && $c->user && $c->user->belongs_to_body( $update->problem->bodies_str );
         $update->problem_state( $params{state} );
     } else {
diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm
index 0ba7e252c..56196c7c0 100644
--- a/perllib/FixMyStreet/DB/Result/User.pm
+++ b/perllib/FixMyStreet/DB/Result/User.pm
@@ -257,15 +257,14 @@ sub permissions {
 }
 
 sub has_permission_to {
-    my ($self, $permission_type, $body_id) = @_;
+    my ($self, $permission_type, $body_ids) = @_;
 
     return 1 if $self->is_superuser;
+    return 0 unless $body_ids;
 
-    return 0 unless $self->belongs_to_body($body_id);
-
-    my $permission = $self->user_body_permissions->find({ 
+    my $permission = $self->user_body_permissions->find({
             permission_type => $permission_type,
-            body_id => $self->from_body->id,
+            body_id => $body_ids,
         });
     return $permission ? 1 : 0;
 }
@@ -295,8 +294,7 @@ sub has_body_permission_to {
 
 sub contributing_as {
     my ($self, $other, $c, $bodies) = @_;
-    $bodies = join(',', keys %$bodies) if ref $bodies eq 'HASH';
-    $c->log->error("Bad data $bodies passed to contributing_as") if ref $bodies;
+    $bodies = [ keys %$bodies ] if ref $bodies eq 'HASH';
     my $form_as = $c->get_param('form_as') || '';
     return 1 if $form_as eq $other && $self->has_permission_to("contribute_as_$other", $bodies);
 }
author	Dave Arter <davea@mysociety.org>	2016-09-14 10:52:08 +0100
committer	Dave Arter <davea@mysociety.org>	2016-09-20 16:07:09 +0100
commit	b01df0c7609a1d6c008b943a9936d471cf0e0ce3 (patch)
tree	150199d93afb6ad71a6d7cb921eaff81dd07f63b /perllib/FixMyStreet
parent	6f623cbb0c055fb4ae7f1a3639edaa212fc55392 (diff)