X-Git-Url: https://dev.renevier.net/?a=blobdiff_plain;f=application%2Fcontrollers%2FPathController.php;h=6ef95292baf813d54c7a3a41a0dff0f032148d29;hb=a64d41557a62ec6051d7fa08d1ba941e089aa5c2;hp=bd4d33908bdfeb409b0a9eff47e654ae10908d2d;hpb=190fd621df4920c56a422c03663874cddaa67d64;p=syj.git diff --git a/application/controllers/PathController.php b/application/controllers/PathController.php index bd4d339..6ef9529 100644 --- a/application/controllers/PathController.php +++ b/application/controllers/PathController.php @@ -6,21 +6,6 @@ class PathController extends Zend_Controller_Action { public function indexAction() { $formData = $this->_helper->SyjPostData->getPostData('Syj_Form_Geom'); - - $sessionStorage = Zend_Auth::getInstance()->getStorage(); - if ($sessionStorage->isEmpty()) { - throw new Syj_Exception_Forbidden(); - } - $sessionData = $sessionStorage->read(); - - $user = new Syj_Model_User(); - $userMapper = new Syj_Model_UserMapper(); - if (!$userMapper->find($sessionData['user'], $user)) { - // we could also throw a forbidden exception, but client session - // should not contain reference to a non existent user. So, it's considered a bug. - throw new Syj_Exception_Forbidden(); - } - $decoder = new gisconverter\WKT(); try { @@ -41,16 +26,24 @@ class PathController extends Zend_Controller_Action } } $path->geom = $geom; + + $user = $this->_helper->SyjSession->user(); + if (!$user and !$formData["geom_accept"]) { + throw new Syj_Exception_Request(); + } + if ($path->getId()) { - if ($path->owner->id != $user->id) { - throw new Syj_Exception_Forbidden(); + if (!$path->isCreator($user)) { + throw new Syj_Exception_Request(); } } else { - $path->owner = $user; + $path->creator = $user; } + if (isset($formData["geom_title"])) { $path->title = $formData["geom_title"]; } + $path->creatorIp = $this->getRequest()->getClientIp(true); try { $pathMapper->save ($path); } catch(Zend_Db_Statement_Exception $e) {