tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ivan - Avoid staff deleting himself and avoid level change to oneself [skip ci]

This commit is contained in:
ivan 2016-12-21 17:54:02 -03:00
parent 91f8394ef6
commit 488633b0c2
2 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/controllers/staff/delete.php
View File

@ -21,6 +21,11 @@ class DeleteStaffController extends Controller {
$staffId = Controller::request('staffId');
$staff = Staff::getDataStore($staffId);
if($staffId === Controller::getLoggedUser()->id) {
Response::respondError(ERRORS::INVALID_STAFF);
return;
}
foreach($staff->sharedTicketList as $ticket) {
$ticket->owner = null;
$ticket->true = true;
@ -31,7 +36,6 @@ class DeleteStaffController extends Controller {
$department->owners--;
$department->store();
}
$staff->delete();
Response::respondSuccess();

33
server/controllers/staff/edit.php
View File

@ -4,8 +4,7 @@ use Respect\Validation\Validator as DataValidator;
class EditStaffController extends Controller {
const PATH = '/edit';
private $staffRow;
private $staffId;
private $staffInstance;
public function validations() {
return [
@ -15,14 +14,14 @@ class EditStaffController extends Controller {
}
public function handler() {
$this->staffId = Controller::request('staffId');
$staffId = Controller::request('staffId');
if(!$this->staffId) {
$this->staffRow = Controller::getLoggedUser();
if(!$staffId) {
$this->staffInstance = Controller::getLoggedUser();
} else if(Controller::isStaffLogged(3)) {
$this->staffRow = Staff::getDataStore($this->staffId, 'id');
$this->staffInstance = Staff::getDataStore($staffId, 'id');
if($this->staffRow->isNull()) {
if($this->staffInstance->isNull()) {
Response::respondError(ERRORS::INVALID_STAFF);
return;
}
@ -39,29 +38,29 @@ class EditStaffController extends Controller {
Response::respondSuccess();
}
public function editInformation() {
private function editInformation() {
if(Controller::request('email')) {
$this->staffRow->email = Controller::request('email');
$this->staffInstance->email = Controller::request('email');
}
if(Controller::request('password')) {
$this->staffRow->password = Hashing::hashPassword(Controller::request('password'));
$this->staffInstance->password = Hashing::hashPassword(Controller::request('password'));
}
if(Controller::request('level') && Controller::isStaffLogged(3)) {
$this->staffRow->level = Controller::request('level');
if(Controller::request('level') && Controller::isStaffLogged(3) && Controller::request('staffId') !== Controller::getLoggedUser()->id) {
$this->staffInstance->level = Controller::request('level');
}
if(Controller::request('departments') && Controller::isStaffLogged(3)) {
$this->staffRow->sharedDepartmentList = $this->getDepartmentList();
$this->staffInstance->sharedDepartmentList = $this->getDepartmentList();
}
$this->staffRow->store();
$this->staffInstance->store();
}
public function getDepartmentList() {
private function getDepartmentList() {
$listDepartments = new DataStoreList();
$departmentIds = json_decode(Controller::request('departments'));
@ -73,8 +72,8 @@ class EditStaffController extends Controller {
return $listDepartments;
}
public function updateDepartmentsOwners() {
$list1 = $this->staffRow->sharedDepartmentList;
private function updateDepartmentsOwners() {
$list1 = $this->staffInstance->sharedDepartmentList;
$list2 = $this->getDepartmentList();
foreach ($list1 as $department1) {