permission cleanup
This commit is contained in:
Etienne Roudeix
@@ -24,6 +24,7 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\Address\AddressCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Address\AddressEvent;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Customer\CustomerCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Form\AddressCreateForm;
|
||||
@@ -46,10 +47,10 @@ class AddressController extends AbstractCrudController
|
||||
null,
|
||||
null,
|
||||
|
||||
'admin.customer.update.view',
|
||||
'admin.address.create',
|
||||
'admin.address.update',
|
||||
'admin.address.delete',
|
||||
AdminResources::ADDRESS_VIEW,
|
||||
AdminResources::ADDRESS_CREATE,
|
||||
AdminResources::ADDRESS_UPDATE,
|
||||
AdminResources::ADDRESS_DELETE,
|
||||
|
||||
TheliaEvents::ADDRESS_CREATE,
|
||||
TheliaEvents::ADDRESS_UPDATE,
|
||||
@@ -62,7 +63,7 @@ class AddressController extends AbstractCrudController
|
||||
|
||||
public function useAddressAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.customer.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$address_id = $this->getRequest()->request->get('address_id');
|
||||
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
<?php
|
||||
/*************************************************************************************/
|
||||
/* */
|
||||
/* Thelia */
|
||||
/* */
|
||||
/* Copyright (c) OpenStudio */
|
||||
/* email : info@thelia.net */
|
||||
/* web : http://www.thelia.net */
|
||||
/* */
|
||||
/* This program is free software; you can redistribute it and/or modify */
|
||||
/* it under the terms of the GNU General Public License as published by */
|
||||
/* the Free Software Foundation; either version 3 of the License */
|
||||
/* */
|
||||
/* This program is distributed in the hope that it will be useful, */
|
||||
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
||||
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
||||
/* GNU General Public License for more details. */
|
||||
/* */
|
||||
/* You should have received a copy of the GNU General Public License */
|
||||
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
||||
/* */
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
/**
|
||||
* Class AdminProfileController
|
||||
* @package Thelia\Controller\Admin
|
||||
* @author Manuel Raynaud <mraynaud@openstudio.fr>
|
||||
*/
|
||||
class AdminProfileController extends BaseAdminController
|
||||
{
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.admin-profile.view")) return $response;
|
||||
return $this->render("admin-profiles", array("display_admin_profile" => 20));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Area\AreaAddCountryEvent;
|
||||
use Thelia\Core\Event\Area\AreaCreateEvent;
|
||||
use Thelia\Core\Event\Area\AreaDeleteEvent;
|
||||
@@ -52,10 +53,10 @@ class AreaController extends AbstractCrudController
|
||||
null,
|
||||
null,
|
||||
|
||||
'admin.area.default',
|
||||
'admin.area.create',
|
||||
'admin.area.update',
|
||||
'admin.area.delete',
|
||||
AdminResources::AREA_VIEW,
|
||||
AdminResources::AREA_CREATE,
|
||||
AdminResources::AREA_UPDATE,
|
||||
AdminResources::AREA_DELETE,
|
||||
|
||||
TheliaEvents::AREA_CREATE,
|
||||
TheliaEvents::AREA_UPDATE,
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Attribute\AttributeAvDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Attribute\AttributeAvUpdateEvent;
|
||||
@@ -46,10 +47,10 @@ class AttributeAvController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.attributes-av.view',
|
||||
'admin.configuration.attributes-av.create',
|
||||
'admin.configuration.attributes-av.update',
|
||||
'admin.configuration.attributes-av.delete',
|
||||
AdminResources::ATTRIBUTE_VIEW,
|
||||
AdminResources::ATTRIBUTE_CREATE,
|
||||
AdminResources::ATTRIBUTE_UPDATE,
|
||||
AdminResources::ATTRIBUTE_DELETE,
|
||||
|
||||
TheliaEvents::ATTRIBUTE_AV_CREATE,
|
||||
TheliaEvents::ATTRIBUTE_AV_UPDATE,
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Attribute\AttributeDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Attribute\AttributeUpdateEvent;
|
||||
@@ -50,10 +51,10 @@ class AttributeController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.attributes.view',
|
||||
'admin.configuration.attributes.create',
|
||||
'admin.configuration.attributes.update',
|
||||
'admin.configuration.attributes.delete',
|
||||
AdminResources::ATTRIBUTE_VIEW,
|
||||
AdminResources::ATTRIBUTE_CREATE,
|
||||
AdminResources::ATTRIBUTE_UPDATE,
|
||||
AdminResources::ATTRIBUTE_DELETE,
|
||||
|
||||
TheliaEvents::ATTRIBUTE_CREATE,
|
||||
TheliaEvents::ATTRIBUTE_UPDATE,
|
||||
@@ -253,7 +254,7 @@ class AttributeController extends AbstractCrudController
|
||||
protected function addRemoveFromAllTemplates($eventType)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.attributes.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
try {
|
||||
if (null !== $object = $this->getExistingObject()) {
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Category\CategoryDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Category\CategoryUpdateEvent;
|
||||
@@ -54,10 +55,10 @@ class CategoryController extends AbstractCrudController
|
||||
'manual',
|
||||
'category_order',
|
||||
|
||||
'admin.categories.default',
|
||||
'admin.categories.create',
|
||||
'admin.categories.update',
|
||||
'admin.categories.delete',
|
||||
AdminResources::CATEGORY_VIEW,
|
||||
AdminResources::CATEGORY_CREATE,
|
||||
AdminResources::CATEGORY_UPDATE,
|
||||
AdminResources::CATEGORY_DELETE,
|
||||
|
||||
TheliaEvents::CATEGORY_CREATE,
|
||||
TheliaEvents::CATEGORY_UPDATE,
|
||||
@@ -216,7 +217,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.categories.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$event = new CategoryToggleVisibilityEvent($this->getExistingObject());
|
||||
|
||||
@@ -296,7 +297,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function addRelatedContentAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.categories.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -326,7 +327,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function addRelatedPictureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.categories.update")) {
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -354,7 +355,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function deleteRelatedContentAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.categories.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Config\ConfigDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Config\ConfigUpdateEvent;
|
||||
@@ -45,10 +46,10 @@ class ConfigController extends AbstractCrudController
|
||||
'name',
|
||||
'order',
|
||||
|
||||
'admin.configuration.variables.view',
|
||||
'admin.configuration.variables.create',
|
||||
'admin.configuration.variables.update',
|
||||
'admin.configuration.variables.delete',
|
||||
AdminResources::CONFIG_VIEW,
|
||||
AdminResources::CONFIG_CREATE,
|
||||
AdminResources::CONFIG_UPDATE,
|
||||
AdminResources::CONFIG_DELETE,
|
||||
|
||||
TheliaEvents::CONFIG_CREATE,
|
||||
TheliaEvents::CONFIG_UPDATE,
|
||||
@@ -187,7 +188,7 @@ class ConfigController extends AbstractCrudController
|
||||
public function changeValuesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.variables.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$variables = $this->getRequest()->get('variable', array());
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Content\ContentAddFolderEvent;
|
||||
use Thelia\Core\Event\Content\ContentCreateEvent;
|
||||
use Thelia\Core\Event\Content\ContentDeleteEvent;
|
||||
@@ -49,10 +50,10 @@ class ContentController extends AbstractCrudController
|
||||
'manual',
|
||||
'content_order',
|
||||
|
||||
'admin.content.default',
|
||||
'admin.content.create',
|
||||
'admin.content.update',
|
||||
'admin.content.delete',
|
||||
AdminResources::CONTENT_VIEW,
|
||||
AdminResources::CONTENT_CREATE,
|
||||
AdminResources::CONTENT_UPDATE,
|
||||
AdminResources::CONTENT_DELETE,
|
||||
|
||||
TheliaEvents::CONTENT_CREATE,
|
||||
TheliaEvents::CONTENT_UPDATE,
|
||||
@@ -70,7 +71,7 @@ class ContentController extends AbstractCrudController
|
||||
public function addAdditionalFolderAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth('admin.content.update')) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
|
||||
|
||||
@@ -98,7 +99,7 @@ class ContentController extends AbstractCrudController
|
||||
public function removeAdditionalFolderAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth('admin.content.update')) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Country\CountryCreateEvent;
|
||||
use Thelia\Core\Event\Country\CountryDeleteEvent;
|
||||
use Thelia\Core\Event\Country\CountryToggleDefaultEvent;
|
||||
@@ -46,10 +47,10 @@ class CountryController extends AbstractCrudController
|
||||
'manual',
|
||||
'country_order',
|
||||
|
||||
'admin.country.default',
|
||||
'admin.country.create',
|
||||
'admin.country.update',
|
||||
'admin.country.delete',
|
||||
AdminResources::COUNTRY_VIEW,
|
||||
AdminResources::COUNTRY_CREATE,
|
||||
AdminResources::COUNTRY_UPDATE,
|
||||
AdminResources::COUNTRY_DELETE,
|
||||
|
||||
TheliaEvents::COUNTRY_CREATE,
|
||||
TheliaEvents::COUNTRY_UPDATE,
|
||||
|
||||
@@ -27,6 +27,7 @@ use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Router;
|
||||
use Thelia\Condition\ConditionFactory;
|
||||
use Thelia\Condition\ConditionManagerInterface;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Condition\ConditionCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Coupon\CouponConsumeEvent;
|
||||
use Thelia\Core\Event\Coupon\CouponCreateOrUpdateEvent;
|
||||
@@ -62,7 +63,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function browseAction()
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.coupon.view');
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
|
||||
$args['urlReadCoupon'] = $this->getRoute(
|
||||
'admin.coupon.read',
|
||||
@@ -94,7 +95,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function readAction($couponId)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.coupon.read');
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
|
||||
// Database request repeated in the loop but cached
|
||||
$search = CouponQuery::create();
|
||||
@@ -122,7 +123,7 @@ class CouponController extends BaseAdminController
|
||||
public function createAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
$response = $this->checkAuth('admin.coupon.create');
|
||||
$response = $this->checkAuth(AdminResources::COUPON_CREATE);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
@@ -170,7 +171,7 @@ class CouponController extends BaseAdminController
|
||||
public function updateAction($couponId)
|
||||
{
|
||||
// Check current user authorization
|
||||
$response = $this->checkAuth('admin.coupon.update');
|
||||
$response = $this->checkAuth(AdminResources::COUPON_UPDATE);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
@@ -277,7 +278,7 @@ var_dump($coupon->getIsRemovingPostage());;
|
||||
*/
|
||||
public function getConditionInputAction($conditionId)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.coupon.read');
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
@@ -307,7 +308,7 @@ var_dump($coupon->getIsRemovingPostage());;
|
||||
*/
|
||||
public function updateConditionsAction($couponId)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.coupon.read');
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Currency\CurrencyDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Currency\CurrencyUpdateEvent;
|
||||
@@ -46,10 +47,10 @@ class CurrencyController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.currencies.view',
|
||||
'admin.configuration.currencies.create',
|
||||
'admin.configuration.currencies.update',
|
||||
'admin.configuration.currencies.delete',
|
||||
AdminResources::CURRENCY_VIEW,
|
||||
AdminResources::CURRENCY_CREATE,
|
||||
AdminResources::CURRENCY_UPDATE,
|
||||
AdminResources::CURRENCY_DELETE,
|
||||
|
||||
TheliaEvents::CURRENCY_CREATE,
|
||||
TheliaEvents::CURRENCY_UPDATE,
|
||||
@@ -186,7 +187,7 @@ class CurrencyController extends AbstractCrudController
|
||||
public function updateRatesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.currencies.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
try {
|
||||
$this->dispatch(TheliaEvents::CURRENCY_UPDATE_RATES);
|
||||
@@ -204,7 +205,7 @@ class CurrencyController extends AbstractCrudController
|
||||
public function setDefaultAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.currencies.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$changeEvent = new CurrencyUpdateEvent($this->getRequest()->get('currency_id', 0));
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ namespace Thelia\Controller\Admin;
|
||||
use Propel\Runtime\Exception\PropelException;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Thelia\Core\Event\Address\AddressEvent;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Customer\CustomerAddressEvent;
|
||||
use Thelia\Core\Event\Customer\CustomerCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Customer\CustomerEvent;
|
||||
@@ -45,13 +46,13 @@ class CustomerController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.customer.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_VIEW)) return $response;
|
||||
return $this->render("customers", array("display_customer" => 20));
|
||||
}
|
||||
|
||||
public function viewAction($customer_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.customer.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_VIEW)) return $response;
|
||||
return $this->render("customer-edit", array(
|
||||
"customer_id" => $customer_id
|
||||
));
|
||||
@@ -67,7 +68,7 @@ class CustomerController extends BaseAdminController
|
||||
*/
|
||||
public function updateAction($customer_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.customer.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_UPDATE)) return $response;
|
||||
|
||||
$message = false;
|
||||
|
||||
@@ -123,7 +124,7 @@ class CustomerController extends BaseAdminController
|
||||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.customer.delete")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_DELETE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Feature\FeatureAvDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Feature\FeatureAvUpdateEvent;
|
||||
@@ -46,10 +47,10 @@ class FeatureAvController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.features-av.view',
|
||||
'admin.configuration.features-av.create',
|
||||
'admin.configuration.features-av.update',
|
||||
'admin.configuration.features-av.delete',
|
||||
AdminResources::FEATURE_VIEW,
|
||||
AdminResources::FEATURE_CREATE,
|
||||
AdminResources::FEATURE_UPDATE,
|
||||
AdminResources::FEATURE_DELETE,
|
||||
|
||||
TheliaEvents::FEATURE_AV_CREATE,
|
||||
TheliaEvents::FEATURE_AV_UPDATE,
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Feature\FeatureDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Feature\FeatureUpdateEvent;
|
||||
@@ -50,10 +51,10 @@ class FeatureController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.features.view',
|
||||
'admin.configuration.features.create',
|
||||
'admin.configuration.features.update',
|
||||
'admin.configuration.features.delete',
|
||||
AdminResources::FEATURE_VIEW,
|
||||
AdminResources::FEATURE_CREATE,
|
||||
AdminResources::FEATURE_UPDATE,
|
||||
AdminResources::FEATURE_DELETE,
|
||||
|
||||
TheliaEvents::FEATURE_CREATE,
|
||||
TheliaEvents::FEATURE_UPDATE,
|
||||
@@ -253,7 +254,7 @@ class FeatureController extends AbstractCrudController
|
||||
protected function addRemoveFromAllTemplates($eventType)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.features.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
try {
|
||||
if (null !== $object = $this->getExistingObject()) {
|
||||
|
||||
@@ -26,6 +26,7 @@ namespace Thelia\Controller\Admin;
|
||||
use Propel\Runtime\Exception\PropelException;
|
||||
use Symfony\Component\HttpFoundation\File\UploadedFile;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Document\DocumentCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Document\DocumentDeleteEvent;
|
||||
use Thelia\Core\Event\Image\ImageCreateOrUpdateEvent;
|
||||
@@ -69,7 +70,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function saveImageAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.image.save');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
if ($this->isParentTypeValid($parentType)) {
|
||||
@@ -145,7 +146,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function saveDocumentAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.document.save');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
if ($this->isParentTypeValid($parentType)) {
|
||||
@@ -209,7 +210,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getImageListAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.image.save');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('imageType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -226,7 +227,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getDocumentListAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.document.save');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('documentType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -243,7 +244,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getImageFormAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.image.save');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('imageType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -260,7 +261,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getDocumentFormAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.document.save');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('documentType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -277,7 +278,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function viewImageAction($imageId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('admin.image.view')) {
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
return $response;
|
||||
}
|
||||
try {
|
||||
@@ -306,7 +307,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function viewDocumentAction($documentId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('admin.document.view')) {
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
return $response;
|
||||
}
|
||||
try {
|
||||
@@ -335,7 +336,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function updateImageAction($imageId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('admin.image.update')) {
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -412,7 +413,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function updateDocumentAction($documentId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('admin.document.update')) {
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -489,7 +490,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function deleteImageAction($imageId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.image.delete');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
$fileManager = new FileManager($this->container);
|
||||
@@ -532,7 +533,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function deleteDocumentAction($documentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', 'admin.document.delete');
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
$fileManager = new FileManager($this->container);
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Folder\FolderCreateEvent;
|
||||
use Thelia\Core\Event\Folder\FolderDeleteEvent;
|
||||
use Thelia\Core\Event\Folder\FolderToggleVisibilityEvent;
|
||||
@@ -47,10 +48,10 @@ class FolderController extends AbstractCrudController
|
||||
'manual',
|
||||
'folder_order',
|
||||
|
||||
'admin.folder.default',
|
||||
'admin.folder.create',
|
||||
'admin.folder.update',
|
||||
'admin.folder.delete',
|
||||
AdminResources::FOLDER_VIEW,
|
||||
AdminResources::FOLDER_CREATE,
|
||||
AdminResources::FOLDER_UPDATE,
|
||||
AdminResources::FOLDER_DELETE,
|
||||
|
||||
TheliaEvents::FOLDER_CREATE,
|
||||
TheliaEvents::FOLDER_UPDATE,
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
|
||||
/**
|
||||
* Class LanguageController
|
||||
* @package Thelia\Controller\Admin
|
||||
@@ -32,7 +34,7 @@ class LanguageController extends BaseAdminController
|
||||
{
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.languages.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE_VIEW)) return $response;
|
||||
return $this->render("languages");
|
||||
}
|
||||
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
|
||||
/**
|
||||
* Class MailingSystemController
|
||||
* @package Thelia\Controller\Admin
|
||||
@@ -32,7 +34,7 @@ class MailingSystemController extends BaseAdminController
|
||||
{
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.mailing-system.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MAILING_SYSTEM_VIEW)) return $response;
|
||||
return $this->render("mailing-system");
|
||||
}
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Message\MessageDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;use Thelia\Core\Event\Message\MessageUpdateEvent;
|
||||
use Thelia\Core\Event\Message\MessageCreateEvent;
|
||||
@@ -44,10 +45,10 @@ class MessageController extends AbstractCrudController
|
||||
null, // no sort order change
|
||||
null, // no sort order change
|
||||
|
||||
'admin.configuration.messages.view',
|
||||
'admin.configuration.messages.create',
|
||||
'admin.configuration.messages.update',
|
||||
'admin.configuration.messages.delete',
|
||||
AdminResources::MESSAGE_VIEW,
|
||||
AdminResources::MESSAGE_CREATE,
|
||||
AdminResources::MESSAGE_UPDATE,
|
||||
AdminResources::MESSAGE_DELETE,
|
||||
|
||||
TheliaEvents::MESSAGE_CREATE,
|
||||
TheliaEvents::MESSAGE_UPDATE,
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
|
||||
/**
|
||||
* Class ModuleController
|
||||
* @package Thelia\Controller\Admin
|
||||
@@ -32,7 +34,7 @@ class ModuleController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.module.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE_VIEW)) return $response;
|
||||
return $this->render("modules", array("display_module" => 20));
|
||||
}
|
||||
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Order\OrderAddressEvent;
|
||||
use Thelia\Core\Event\Order\OrderEvent;
|
||||
use Thelia\Core\Event\PdfEvent;
|
||||
@@ -44,7 +45,7 @@ class OrderController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.orders.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_VIEW)) return $response;
|
||||
return $this->render("orders", array("display_order" => 20));
|
||||
}
|
||||
|
||||
@@ -57,7 +58,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateStatus($order_id = null)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.order.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -108,7 +109,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateDeliveryRef($order_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.order.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -143,7 +144,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateAddress($order_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.order.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -209,7 +210,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
protected function generatePdf($order_id, $fileName)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.order.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
|
||||
|
||||
$html = $this->renderRaw(
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Product\ProductAddCategoryEvent;
|
||||
use Thelia\Core\Event\Product\ProductDeleteCategoryEvent;
|
||||
use Thelia\Core\Event\Product\ProductDeleteEvent;
|
||||
@@ -61,10 +62,10 @@ class ProductController extends AbstractCrudController
|
||||
'manual',
|
||||
'product_order',
|
||||
|
||||
'admin.products.default',
|
||||
'admin.products.create',
|
||||
'admin.products.update',
|
||||
'admin.products.delete',
|
||||
AdminResources::PRODUCT_VIEW,
|
||||
AdminResources::PRODUCT_CREATE,
|
||||
AdminResources::PRODUCT_UPDATE,
|
||||
AdminResources::PRODUCT_DELETE,
|
||||
|
||||
TheliaEvents::PRODUCT_CREATE,
|
||||
TheliaEvents::PRODUCT_UPDATE,
|
||||
@@ -280,7 +281,7 @@ class ProductController extends AbstractCrudController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$event = new ProductToggleVisibilityEvent($this->getExistingObject());
|
||||
|
||||
@@ -356,7 +357,7 @@ class ProductController extends AbstractCrudController
|
||||
{
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -382,7 +383,7 @@ class ProductController extends AbstractCrudController
|
||||
{
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -434,7 +435,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addAccessoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$accessory_id = intval($this->getRequest()->get('accessory_id'));
|
||||
|
||||
@@ -459,7 +460,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteAccessoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$accessory_id = intval($this->getRequest()->get('accessory_id'));
|
||||
|
||||
@@ -515,7 +516,7 @@ class ProductController extends AbstractCrudController
|
||||
public function setProductTemplateAction($productId)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth('admin.products.update')) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$product = ProductQuery::create()->findPk($productId);
|
||||
|
||||
@@ -612,7 +613,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addAdditionalCategoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$category_id = intval($this->getRequest()->request->get('additional_category_id'));
|
||||
|
||||
@@ -637,7 +638,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteAdditionalCategoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$category_id = intval($this->getRequest()->get('additional_category_id'));
|
||||
|
||||
@@ -734,7 +735,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addCombinationAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$event = new ProductCreateCombinationEvent(
|
||||
$this->getExistingObject(),
|
||||
@@ -759,7 +760,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteCombinationAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.products.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$event = new ProductDeleteCombinationEvent(
|
||||
$this->getExistingObject(),
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Profile\ProfileEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Form\ProfileCreationForm;
|
||||
@@ -39,10 +40,10 @@ class ProfileController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.profile.view',
|
||||
'admin.configuration.profile.create',
|
||||
'admin.configuration.profile.update',
|
||||
'admin.configuration.profile.delete',
|
||||
AdminResources::PRODUCT_VIEW,
|
||||
AdminResources::PRODUCT_CREATE,
|
||||
AdminResources::PRODUCT_UPDATE,
|
||||
AdminResources::PRODUCT_DELETE,
|
||||
|
||||
TheliaEvents::PROFILE_CREATE,
|
||||
TheliaEvents::PROFILE_UPDATE,
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\ShippingZone\ShippingZoneAddAreaEvent;
|
||||
use Thelia\Core\Event\ShippingZone\ShippingZoneRemoveAreaEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
@@ -40,13 +41,13 @@ class ShippingZoneController extends BaseAdminController
|
||||
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.shipping-zones.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_VIEW)) return $response;
|
||||
return $this->render("shipping-zones", array("display_shipping_zone" => 20));
|
||||
}
|
||||
|
||||
public function updateAction($shipping_zones_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.shipping-zones.view")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_VIEW)) return $response;
|
||||
return $this->render("shipping-zones-edit", array(
|
||||
"shipping_zones_id" => $shipping_zones_id
|
||||
));
|
||||
@@ -57,7 +58,7 @@ class ShippingZoneController extends BaseAdminController
|
||||
*/
|
||||
public function addArea()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.shipping-zones.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_UPDATE)) return $response;
|
||||
|
||||
$shippingAreaForm = new ShippingZoneAddArea($this->getRequest());
|
||||
$error_msg = null;
|
||||
@@ -92,7 +93,7 @@ class ShippingZoneController extends BaseAdminController
|
||||
|
||||
public function removeArea()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.shipping-zones.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_UPDATE)) return $response;
|
||||
|
||||
$shippingAreaForm = new ShippingZoneRemoveArea($this->getRequest());
|
||||
$error_msg = null;
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Tax\TaxEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Form\TaxCreationForm;
|
||||
@@ -39,10 +40,10 @@ class TaxController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.tax.view',
|
||||
'admin.configuration.tax.create',
|
||||
'admin.configuration.tax.update',
|
||||
'admin.configuration.tax.delete',
|
||||
AdminResources::TAX_VIEW,
|
||||
AdminResources::TAX_CREATE,
|
||||
AdminResources::TAX_UPDATE,
|
||||
AdminResources::TAX_DELETE,
|
||||
|
||||
TheliaEvents::TAX_CREATE,
|
||||
TheliaEvents::TAX_UPDATE,
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Tax\TaxRuleEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Form\TaxRuleCreationForm;
|
||||
@@ -40,10 +41,10 @@ class TaxRuleController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
'admin.configuration.taxrule.view',
|
||||
'admin.configuration.taxrule.create',
|
||||
'admin.configuration.taxrule.update',
|
||||
'admin.configuration.taxrule.delete',
|
||||
AdminResources::TAX_VIEW,
|
||||
AdminResources::TAX_CREATE,
|
||||
AdminResources::TAX_UPDATE,
|
||||
AdminResources::TAX_DELETE,
|
||||
|
||||
TheliaEvents::TAX_RULE_CREATE,
|
||||
TheliaEvents::TAX_RULE_UPDATE,
|
||||
@@ -256,7 +257,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
public function processUpdateTaxesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth('admin.configuration.taxrule.update')) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Template\TemplateDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Template\TemplateUpdateEvent;
|
||||
@@ -51,10 +52,10 @@ class TemplateController extends AbstractCrudController
|
||||
null,
|
||||
null,
|
||||
|
||||
'admin.configuration.templates.view',
|
||||
'admin.configuration.templates.create',
|
||||
'admin.configuration.templates.update',
|
||||
'admin.configuration.templates.delete',
|
||||
AdminResources::TEMPLATE_VIEW,
|
||||
AdminResources::TEMPLATE_CREATE,
|
||||
AdminResources::TEMPLATE_UPDATE,
|
||||
AdminResources::TEMPLATE_DELETE,
|
||||
|
||||
TheliaEvents::TEMPLATE_CREATE,
|
||||
TheliaEvents::TEMPLATE_UPDATE,
|
||||
@@ -212,7 +213,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function addAttributeAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.template.attribute.add")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
|
||||
$attribute_id = intval($this->getRequest()->get('attribute_id'));
|
||||
|
||||
@@ -236,7 +237,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function deleteAttributeAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.template.attribute.delete")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
|
||||
$event = new TemplateDeleteAttributeEvent(
|
||||
$this->getExistingObject(),
|
||||
@@ -271,7 +272,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function addFeatureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.template.feature.add")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
|
||||
$feature_id = intval($this->getRequest()->get('feature_id'));
|
||||
|
||||
@@ -295,7 +296,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function deleteFeatureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth("admin.configuration.template.feature.delete")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
|
||||
$event = new TemplateDeleteFeatureEvent(
|
||||
$this->getExistingObject(),
|
||||
|
||||
Reference in New Issue
Block a user