diff options
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Moderate.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 4 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/Update.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 12 | ||||
| -rw-r--r-- | templates/web/base/report/_main.html | 2 | ||||
| -rw-r--r-- | templates/web/base/report/new/form_user_loggedin.html | 4 | ||||
| -rw-r--r-- | templates/web/base/report/update.html | 2 | ||||
| -rw-r--r-- | templates/web/base/report/update/form_name.html | 4 |
10 files changed, 21 insertions, 23 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 3fc5421ba..63ed9f3c6 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -687,7 +687,7 @@ sub report_edit : Path('report_edit') : Args(1) { unless ( $c->cobrand->moniker eq 'zurich' - || $c->user->has_permission_to(report_edit => $problem->bodies_str) + || $c->user->has_permission_to(report_edit => $problem->bodies_str_ids) ) { $c->detach( '/page_error_403_access_denied', [] ); } diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm index dadec5c53..94e6cd62a 100644 --- a/perllib/FixMyStreet/App/Controller/Moderate.pm +++ b/perllib/FixMyStreet/App/Controller/Moderate.pm @@ -54,7 +54,7 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { # ... and immediately, if the user isn't authorized $c->detach unless $c->user_exists; - $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str); + $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str_ids); $c->forward('/auth/check_csrf_token'); diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index 1d67afd0e..34392782b 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -133,7 +133,7 @@ sub load_problem_or_display_error : Private { } $c->stash->{problem} = $problem; - if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str) ) { + if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str_ids) ) { $c->stash->{problem_original} = $problem->find_or_new_related( moderation_original_data => { title => $problem->title, @@ -401,7 +401,7 @@ to the current Problem in $c->stash->{problem}. Shows the 403 page if not. sub check_has_permission_to : Private { my ( $self, $c, @permissions ) = @_; - my $bodies = $c->stash->{problem}->bodies_str; + my $bodies = $c->stash->{problem}->bodies_str_ids; my %permissions = map { $_ => $c->user->has_permission_to($_, $bodies) } @permissions if $c->user_exists; diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 7b012e0a1..267f1059d 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -188,9 +188,9 @@ sub report_form_ajax : Path('ajax') : Args(0) { my $contribute_as = {}; if ($c->user_exists) { - my $bodies = join(',', keys %{$c->stash->{bodies}}); - my $ca_another_user = $c->user->has_permission_to('contribute_as_another_user', $bodies); - my $ca_body = $c->user->has_permission_to('contribute_as_body', $bodies); + my @bodies = keys %{$c->stash->{bodies}}; + my $ca_another_user = $c->user->has_permission_to('contribute_as_another_user', \@bodies); + my $ca_body = $c->user->has_permission_to('contribute_as_body', \@bodies); $contribute_as->{another_user} = $ca_another_user if $ca_another_user; $contribute_as->{body} = $ca_body if $ca_body; } diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm index 705e6ee99..4c2d92d5e 100644 --- a/perllib/FixMyStreet/App/Controller/Report/Update.pm +++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm @@ -113,7 +113,7 @@ sub process_user : Private { if ( $c->user_exists ) { { my $user = $c->user->obj; - if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str)) { + if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str_ids)) { # Act as if not logged in (and it will be auto-confirmed later on) last; } @@ -276,7 +276,7 @@ sub process_update : Private { $update->mark_fixed($params{fixed} ? 1 : 0); $update->mark_open($params{reopen} ? 1 : 0); - $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str); + $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str_ids); if ($c->stash->{contributing_as_body}) { $update->name($c->user->from_body->name); $update->anonymous(0); @@ -286,7 +286,7 @@ sub process_update : Private { } if ( $params{state} ) { - $params{state} = 'fixed - council' + $params{state} = 'fixed - council' if $params{state} eq 'fixed' && $c->user && $c->user->belongs_to_body( $update->problem->bodies_str ); $update->problem_state( $params{state} ); } else { diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 0ba7e252c..56196c7c0 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -257,15 +257,14 @@ sub permissions { } sub has_permission_to { - my ($self, $permission_type, $body_id) = @_; + my ($self, $permission_type, $body_ids) = @_; return 1 if $self->is_superuser; + return 0 unless $body_ids; - return 0 unless $self->belongs_to_body($body_id); - - my $permission = $self->user_body_permissions->find({ + my $permission = $self->user_body_permissions->find({ permission_type => $permission_type, - body_id => $self->from_body->id, + body_id => $body_ids, }); return $permission ? 1 : 0; } @@ -295,8 +294,7 @@ sub has_body_permission_to { sub contributing_as { my ($self, $other, $c, $bodies) = @_; - $bodies = join(',', keys %$bodies) if ref $bodies eq 'HASH'; - $c->log->error("Bad data $bodies passed to contributing_as") if ref $bodies; + $bodies = [ keys %$bodies ] if ref $bodies eq 'HASH'; my $form_as = $c->get_param('form_as') || ''; return 1 if $form_as eq $other && $self->has_permission_to("contribute_as_$other", $bodies); } diff --git a/templates/web/base/report/_main.html b/templates/web/base/report/_main.html index e02d4b2b0..5ff34a2cf 100644 --- a/templates/web/base/report/_main.html +++ b/templates/web/base/report/_main.html @@ -7,7 +7,7 @@ <div class="problem-header clearfix" problem-id="[% problem.id %]"> -[% IF c.user.has_permission_to('planned_reports', problem.bodies_str) %] +[% IF c.user.has_permission_to('planned_reports', problem.bodies_str_ids) %] <form method="post" action="/my/planned/change" id="planned_form"> <input type="hidden" name="id" value="[% problem.id %]"> <input type="hidden" name="token" value="[% csrf_token %]"> diff --git a/templates/web/base/report/new/form_user_loggedin.html b/templates/web/base/report/new/form_user_loggedin.html index add4fdbd3..34dd4979c 100644 --- a/templates/web/base/report/new/form_user_loggedin.html +++ b/templates/web/base/report/new/form_user_loggedin.html @@ -5,8 +5,8 @@ [% INCLUDE form_as %] </div> [% ELSE %] - [% can_contribute_as_another_user = c.user.has_permission_to("contribute_as_another_user", bodies.keys.join(",")) %] - [% can_contribute_as_body = c.user.from_body AND c.user.has_permission_to("contribute_as_body", bodies.keys.join(",")) %] + [% can_contribute_as_another_user = c.user.has_permission_to("contribute_as_another_user", bodies.keys) %] + [% can_contribute_as_body = c.user.from_body AND c.user.has_permission_to("contribute_as_body", bodies.keys) %] [% IF can_contribute_as_another_user OR can_contribute_as_body %] [% INCLUDE form_as %] [% END %] diff --git a/templates/web/base/report/update.html b/templates/web/base/report/update.html index 55fdeb3b1..104e1d6f9 100644 --- a/templates/web/base/report/update.html +++ b/templates/web/base/report/update.html @@ -1,4 +1,4 @@ -[% moderating = c.user && c.user.has_permission_to('moderate', problem.bodies_str) %] +[% moderating = c.user && c.user.has_permission_to('moderate', problem.bodies_str_ids) %] [% IF loop.first %] <section class="full-width"> diff --git a/templates/web/base/report/update/form_name.html b/templates/web/base/report/update/form_name.html index ef8efd296..dd4c12151 100644 --- a/templates/web/base/report/update/form_name.html +++ b/templates/web/base/report/update/form_name.html @@ -2,8 +2,8 @@ [% PROCESS 'user/_anonymity.html' anonymous = update.anonymous %] - [% can_contribute_as_another_user = c.user.has_permission_to("contribute_as_another_user", problem.bodies_str) %] - [% can_contribute_as_body = c.user.from_body AND c.user.has_permission_to("contribute_as_body", problem.bodies_str) %] + [% can_contribute_as_another_user = c.user.has_permission_to("contribute_as_another_user", problem.bodies_str_ids) %] + [% can_contribute_as_body = c.user.from_body AND c.user.has_permission_to("contribute_as_body", problem.bodies_str_ids) %] [% IF can_contribute_as_another_user OR can_contribute_as_body %] <label for="form_as">[% loc('Provide update as') %]</label> |