Skip to content

Commit

Permalink
- Made menu validation recursive to fix permissions issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@edwardteach42
edwardteach42 committed Jul 30, 2018
1 parent bf18d06 commit f199425
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 14 deletions.
8 changes: 7 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# Changelog

## [Unreleased]
### No changes yet...

## [1.1.2] - 2018-07-30
### Fixed
- Made menu validation recursive to fix permissions issue

## [1.1.1] - 2018-07-29
### Added
Expand Down Expand Up @@ -40,7 +45,8 @@
- Separated Dappurware from the framework.


[Unreleased]: https://github.com/dappur/dappurware/compare/v1.1.1...HEAD
[Unreleased]: https://github.com/dappur/dappurware/compare/v1.1.2...HEAD
[1.1.2]: https://github.com/dappur/dappurware/compare/v1.1.1...v1.1.2
[1.1.1]: https://github.com/dappur/dappurware/compare/v1.1.0...v1.1.1
[1.1.0]: https://github.com/dappur/dappurware/compare/v1.0.6...v1.1.0
[1.0.6]: https://github.com/dappur/dappurware/compare/v1.0.5...v1.0.6
Expand Down
48 changes: 36 additions & 12 deletions app/src/TwigExtension/Menus.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
use Interop\Container\ContainerInterface;
use Psr\Http\Message\RequestInterface;

class Menus extends \Twig_Extension {

class Menus extends \Twig_Extension
{
protected $auth;
protected $request;

Expand All @@ -15,20 +15,29 @@ public function __construct(ContainerInterface $container)
$this->container = $container;
}

public function getName() {
public function getName()
{
return 'menus';
}

public function getFunctions() {
public function getFunctions()
{
return [
new \Twig_SimpleFunction('getMenu', [$this, 'getMenu'])
];
}

public function getMenu($menuId) {
$menu = \Dappur\Model\Menus::find($menuId);
public function getMenu($menuId)
{
$menu = new \Dappur\Model\Menus;
$menu = $menu->find($menuId);
$menu = json_decode($menu->json, true);
$menu = $this->validateMenu($menu);
return $menu;
}

private function validateMenu($menu)
{
$user = $this->container->auth->check();

foreach ($menu as $key => $value) {
Expand All @@ -42,30 +51,45 @@ public function getMenu($menuId) {
continue;
}

if (!empty($value['permission']) && !$user->hasAccess($value['permission'])) {
if (!empty($value['permission']) && !$this->container->auth->hasAccess($value['permission'])) {
unset($menu[$key]);
continue;
}

if ($value['roles'] && !empty($value['roles']) && $user) {
if ($value['roles'] && !empty($value['roles'])) {
$hasRole = false;
if (!$user) {
unset($menu[$key]);
continue;
}

foreach ($value['roles'] as $role) {
if ($user->inRole($role)) {
$hasRole = true;
}
}

if (!$hasRole) {
unset($menu[$key]);
continue;
}
}

$htmlTemp = new \Twig_Environment(new \Twig_Loader_Array([$value['text'] . '_html' => $value['text']]));
$htmlTemp = $htmlTemp->render($value['text'] . '_html', array("user" => $user));
if (isset($value['children']) && !empty($value['children'])) {
$menu[$key]['children'] = $this->validateMenu($value['children']);
}

$menu[$key]['text'] = $htmlTemp;
$htmlTemp = new \Twig_Environment(
new \Twig_Loader_Array([$value['text'] . '_html' => $value['text']])
);
$htmlTemp = $htmlTemp->render(
$value['text'] . '_html',
array("user" => $user)
);

$menu[$key]['text'] = $htmlTemp;
}

return $menu;
}
}
}
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "dappur/dappurware",
"description": "Support package for the Dappur Framework",
"keywords": ["dappur", "dappurware", "framework"],
"version": "1.1.1",
"version": "1.1.2",
"homepage": "https://github.com/dappur/dappurware",
"license": "MIT",
"authors": [
Expand Down

0 comments on commit f199425

Please sign in to comment.