Merge pull request #68 from EdSabino/fixUserPermissoes

Fix user permissoes
ccuffs · Oct 7, 2019 · b72a39d · b72a39d
2 parents e06f2ab + 94766b7
commit b72a39d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 8 deletions.
diff --git a/App/Controllers/UserController.php b/App/Controllers/UserController.php
@@ -26,7 +26,7 @@ public function index($request, $response, $args) {
 
     public function update($request, $response, $args) {
 
-        AuthHelper::allowAuthenticated();
+        AuthHelper::restrictToPermission(User::USER_LEVEL_ADMIN, "JSON");
 
         if(isset($_REQUEST['type']) && isset($args['id'])){
             $userNewRole = $_REQUEST['type'];

diff --git a/App/Helpers/AuthHelper.php b/App/Helpers/AuthHelper.php
@@ -37,16 +37,23 @@ public static function allowAuthenticated() {
 		}
 	}
 
-	public static function restrictToPermission($level) {
+	public static function restrictToPermission($level, $type = "HTML") {
 		$title = '401';
 		$isAuthenticated = AuthHelper::isAuthenticated();
 		$user = AuthHelper::getAuthenticatedUser();
-		if(!$isAuthenticated || !$user->isLevel($level)) {
+		$isAdmin = !$isAuthenticated || !$user->isLevel($level);
+		if($isAdmin && $type == 'HTML') {
 			$data = compact(['user', 'title']);
 			View::render('layout/admin/header', $data);
 			View::render('errors/401', $data);
 			View::render('layout/admin/footer', $data);
 			exit();
+		} else if ($isAdmin && $type == 'JSON') {
+			header("message: 'Usuário não autorizado!'");
+			header("Content-Type: text/html; charset=UTF-8")
+			http_response_code(401);
+			echo json_encode($obj);
+			exit();
 		}
 	}
 

diff --git a/App/Views/auth/users.php b/App/Views/auth/users.php
@@ -65,6 +65,6 @@
             <?php endforeach;?>
         </div>
     </div>
-    <script type="text/javascript">
+    <script type="text/javascript" content="text/html; charset=utf-8">
         SAC.userPermission();
     </script>
diff --git a/public/js/admin/sac.js b/public/js/admin/sac.js
@@ -91,15 +91,13 @@ var SAC = new function() {
 					'type' : permission
 				},
 				success : function(data, textStatus, request) {
-
 					let colorClass = $(card).attr('class');
 					removeColorClass(colorClass, card);
 					$(card).addClass(colorClasses[permission - 1]);
 					toastr.success(request.getResponseHeader('message'), {timeOut : 30, extendedTimeOut : 60});
-
 				},
 				error : function(request, textStatus, errorThrown) {
-					toastr.danger(request.getResponseHeader('message'), {timeOut : 30, extendedTimeOut : 60});
+					toastr.error(request.getResponseHeader('message'), {timeOut : 30, extendedTimeOut : 60});
 				}
 			});
 		});
@@ -110,4 +108,4 @@ var SAC = new function() {
 		$("input[name=price]").maskMoney({prefix:'R$ ', allowNegative: false, thousands:'.', decimal:',', affixesStay: false});
 		$("input[name=cpf]").mask('000.000.000-00');
 	}
-};
+};