Merge pull request #4533 from weerd/campaign-access

Adding initial access control to a few resources.

Author: weerd

lib/modules/dosomething/dosomething_api/includes/Transformer.php

@@ -234,7 +234,7 @@ protected function transformCollection($items, $method = 'transform') {
    */
   protected function transformCampaign($data) {
     $output = array(
-      'id' => $data->id ?: $data->nid,
+      'id' => isset($data->id) ? $data->id : $data->nid,
       'title' => $data->title,
     );
 

lib/modules/dosomething/dosomething_api/resources/campaign_resource.inc

@@ -55,6 +55,7 @@ function _campaign_resource_definition() {
           ),
         ),
         'access callback' => '_campaign_resource_alt_access',
+        'access arguments' => array('view'),
       ),
 
     ),
@@ -188,18 +189,33 @@ function _campaign_resource_access($op = 'view', $args = array()) {
 }
 
 
-function _campaign_resource_alt_access() {
-  // @TODO: Temp universal access for now.
-  // Need to rethink how access happens within these callbacks
-  // for new approach.
-  return TRUE;
+/**
+ * Determine whether the current user can access campaign resource.
+ *
+ * @param string $op
+ *
+ * @return bool
+ */
+function _campaign_resource_alt_access($op) {
+  // @TODO: replace _campaign_resource_access() with this method once full endpoint switcheroo happens and this method is fleshed out.
+  if ($op === 'view') {
+    return TRUE;
+  }
+
+  if ($op === 'index') {
+    return TRUE;
+  }
+
+  return FALSE;
 }
 
 
 /**
- * @param $nid
+ * Retrieve and show response for campaign request.
+ *
+ * @param string $nid
  *
- * @return mixed
+ * @return object
  */
 function _campaign_resource_retrieve($nid) {
   return (new CampaignTransformer)->show($nid);

lib/modules/dosomething/dosomething_api/resources/kudos_resource.inc

@@ -23,6 +23,7 @@ function _kudos_resource_definition() {
           ),
         ),
         'access callback' => '_kudos_resource_access',
+        'access arguments' => array('view'),
       ),
 
       'index' => array(
@@ -46,6 +47,7 @@ function _kudos_resource_definition() {
           ),
         ),
         'access callback' => '_kudos_resource_access',
+        'access arguments' => array('index'),
       ),
 
       'create' => array(
@@ -86,6 +88,7 @@ function _kudos_resource_definition() {
           ),
         ),
         'access callback' => '_kudos_resource_access',
+        'access arguments' => array('create'),
       ),
 
       'delete' => array(
@@ -107,6 +110,7 @@ function _kudos_resource_definition() {
           ),
         ),
         'access callback' => '_kudos_resource_access',
+        'access arguments' => array('delete'),
       ),
     ),
 
@@ -116,10 +120,25 @@ function _kudos_resource_definition() {
 }
 
 
-function _kudos_resource_access() {
-  // @TODO: Temp universal access for now.
-  // Permissions are still in effect for certain fields returned.
-  return TRUE;
+/**
+ * Determine whether the current user can access kudos resource.
+ *
+ * @param string $op
+ *
+ * @return bool
+ */
+function _kudos_resource_access($op) {
+  if ($op === 'view') {
+    return TRUE;
+  }
+
+  if ($op === 'index') {
+    return TRUE;
+  }
+
+  // @TODO add create & delete and check access with user_access().
+
+  return FALSE;
 }
 
 
@@ -153,4 +172,4 @@ function _kudos_resource_create($reportback_item_id, $user_id, $term_ids) {
 function _kudos_resource_delete($kudos_id) {
   // Returns number of rows affected.
   return dosomething_kudos_delete($kudos_id);
-}
+}

lib/modules/dosomething/dosomething_api/resources/reportback_item_resource.inc

@@ -23,6 +23,7 @@ function _reportback_item_resource_definition() {
           ),
         ),
         'access callback' => '_reportback_item_resource_access',
+        'access arguments' => array('view'),
       ),
 
       'index' => array(
@@ -76,6 +77,7 @@ function _reportback_item_resource_definition() {
           ),
         ),
         'access callback' => '_reportback_item_resource_access',
+        'access arguments' => array('index'),
       ),
 
     ),
@@ -86,10 +88,23 @@ function _reportback_item_resource_definition() {
 }
 
 
-function _reportback_item_resource_access() {
-  // @TODO: Temp universal access for now.
-  // Permissions are still in effect for certain fields returned.
-  return TRUE;
+/**
+ * Determine whether the current user can access campaign resource.
+ *
+ * @param string $op
+ *
+ * @return bool
+ */
+function _reportback_item_resource_access($op) {
+  if ($op === 'view') {
+    return TRUE;
+  }
+
+  if ($op === 'index') {
+    return TRUE;
+  }
+
+  return FALSE;
 }
 
 

lib/modules/dosomething/dosomething_api/resources/reportback_resource.inc

@@ -23,6 +23,7 @@ function _reportback_resource_definition() {
           ),
         ),
         'access callback' => '_reportback_resource_access',
+        'access arguments' => array('view'),
       ),
 
       'index' => array(
@@ -76,6 +77,7 @@ function _reportback_resource_definition() {
           ),
         ),
         'access callback' => '_reportback_resource_access',
+        'access arguments' => array('index'),
       ),
 
     ),
@@ -86,10 +88,23 @@ function _reportback_resource_definition() {
 }
 
 
-function _reportback_resource_access() {
-  // @TODO: Temp universal access for now.
-  // Permissions are still in effect for certain fields returned.
-  return TRUE;
+/**
+ * Determine whether the current user can access reportback resource.
+ *
+ * @param string $op
+ *
+ * @return bool
+ */
+function _reportback_resource_access($op) {
+  if ($op === 'view') {
+    return TRUE;
+  }
+
+  if ($op === 'index') {
+    return TRUE;
+  }
+
+  return FALSE;
 }
 
 
@@ -110,4 +125,4 @@ function _reportback_resource_index($campaigns, $status, $count, $random, $page)
 function _reportback_resource_retrieve($rbid) {
   $reportbacks = new ReportbackTransformer;
   return $reportbacks->show($rbid);
-}
+}

lib/modules/dosomething/dosomething_campaign/includes/Campaign.php

@@ -186,6 +186,9 @@ protected function getCoverImageAlt() {
    */
   protected function getFactData() {
     $data = array();
+    $data['fact_problem'] = NULL;
+    $data['fact_solution'] = NULL;
+    $data['sources'] = NULL;
 
     $fact_fields = array('field_fact_problem', 'field_fact_solution');
     $fact_vars = dosomething_fact_get_mutiple_fact_field_vars($this->node, $fact_fields);
@@ -206,6 +209,8 @@ protected function getFactData() {
         $data['sources'][$index]['formatted'] = $source;
       }
 
+
+
       return $data;
     }