FGFS-4.1/phpvms
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check aircraft permissions in PIREP update/file

Browse Source
This commit is contained in:
Nabeel Shahzad 2018-02-20 14:14:20 -06:00
parent 653711fa96
commit aeacd80bcb
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Controllers/Api/PirepController.php
View File

@ -170,12 +170,23 @@ class PirepController extends RestController
{
Log::info('PIREP Update, user ' . Auth::id(), $request->post());
$user = Auth::user();
$pirep = $this->pirepRepo->find($id);
$this->checkCancelled($pirep);
$attrs = $request->post();
$attrs['user_id'] = Auth::id();
# If aircraft is being changed, see if this user is allowed to fly this aircraft
if (array_key_exists('aircraft_id', $attrs)
&& setting('pireps.restrict_aircraft_to_rank', false)
) {
$can_use_ac = $this->userSvc->aircraftAllowed($user, $pirep->aircraft_id);
if (!$can_use_ac) {
throw new BadRequestHttpException('User is not allowed to fly this aircraft');
}
}
$pirep = $this->pirepRepo->update($attrs, $id);
$this->updateFields($pirep, $request);
@ -195,11 +206,24 @@ class PirepController extends RestController
{
Log::info('PIREP file, user ' . Auth::id(), $request->post());
$user = Auth::user();
# Check if the status is cancelled...
$pirep = $this->pirepRepo->find($id);
$this->checkCancelled($pirep);
$attrs = $request->post();
# If aircraft is being changed, see if this user is allowed to fly this aircraft
if (array_key_exists('aircraft_id', $attrs)
&& setting('pireps.restrict_aircraft_to_rank', false)
) {
$can_use_ac = $this->userSvc->aircraftAllowed($user, $pirep->aircraft_id);
if (!$can_use_ac) {
throw new BadRequestHttpException('User is not allowed to fly this aircraft');
}
}
$attrs['state'] = PirepState::PENDING;
$attrs['status'] = PirepStatus::ARRIVED;