diff --git a/Classes/Controller/NewsletterController.php b/Classes/Controller/NewsletterController.php index e5b3ecc..c82a7a7 100644 --- a/Classes/Controller/NewsletterController.php +++ b/Classes/Controller/NewsletterController.php @@ -84,6 +84,10 @@ public function resetFilterAction(string $redirectAction): ResponseInterface public function editAction(Newsletter $newsletter): ResponseInterface { + if ($newsletter->canBeRead() === false) { + throw new AuthenticationFailedException('You are not allowed to see this record', 1709329205); + } + $this->view->assignMultiple([ 'newsletter' => $newsletter, 'configurations' => $this->configurationRepository->findAllAuthorized(), @@ -104,6 +108,10 @@ public function initializeUpdateAction(): void public function updateAction(Newsletter $newsletter): ResponseInterface { + if ($newsletter->canBeRead() === false) { + throw new AuthenticationFailedException('You are not allowed to see this record', 1709329247); + } + $this->setBodytextInNewsletter($newsletter, $newsletter->getLanguage()); if (ConfigurationUtility::isMultiLanguageModeActivated()) { $newsletter->setSubject( @@ -140,6 +148,10 @@ public function initializeCreateAction(): void public function createAction(Newsletter $newsletter): ResponseInterface { + if ($newsletter->canBeRead() === false) { + throw new AuthenticationFailedException('You are not allowed to see this record', 1709329276); + } + $languages = $this->pageRepository->getLanguagesFromOrigin($newsletter->getOrigin()); foreach ($languages as $language) { $newsletterLanguage = clone $newsletter; @@ -170,6 +182,10 @@ public function createAction(Newsletter $newsletter): ResponseInterface public function disableAction(Newsletter $newsletter): ResponseInterface { + if ($newsletter->canBeRead() === false) { + throw new AuthenticationFailedException('You are not allowed to see this record', 1709329304); + } + $newsletter->disable(); $this->newsletterRepository->update($newsletter); return $this->redirect('list'); @@ -177,6 +193,10 @@ public function disableAction(Newsletter $newsletter): ResponseInterface public function enableAction(Newsletter $newsletter): ResponseInterface { + if ($newsletter->canBeRead() === false) { + throw new AuthenticationFailedException('You are not allowed to see this record', 1709329338); + } + $newsletter->enable(); $this->newsletterRepository->update($newsletter); return $this->redirect('list'); @@ -184,6 +204,10 @@ public function enableAction(Newsletter $newsletter): ResponseInterface public function deleteAction(Newsletter $newsletter): ResponseInterface { + if ($newsletter->canBeRead() === false) { + throw new AuthenticationFailedException('You are not allowed to see this record', 1709329345); + } + $this->newsletterRepository->removeNewsletterAndQueues($newsletter); $this->addFlashMessage(LocalizationUtility::translate('module.newsletter.delete.message')); return $this->redirect('list'); @@ -229,19 +253,6 @@ public function wizardUserPreviewAjax(ServerRequestInterface $request): Response return $response; } - /** - * @param ServerRequestInterface $request - * @return ResponseInterface - * @throws AuthenticationFailedException - * @throws ExceptionDbalDriver - * @throws ApiConnectionException - * @throws InvalidUrlException - * @throws MisconfigurationException - * @throws JsonException - * @throws ExtensionConfigurationExtensionNotConfiguredException - * @throws ExtensionConfigurationPathDoesNotExistException - * @throws InvalidConfigurationTypeException - */ public function testMailAjax(ServerRequestInterface $request): ResponseInterface { if (BackendUserUtility::isBackendUserAuthenticated() === false) { @@ -277,16 +288,6 @@ public function testMailAjax(ServerRequestInterface $request): ResponseInterface return $response; } - /** - * @param ServerRequestInterface $request - * @return ResponseInterface - * @throws AuthenticationFailedException - * @throws ExceptionDbalDriver - * @throws ExtensionConfigurationExtensionNotConfiguredException - * @throws ExtensionConfigurationPathDoesNotExistException - * @throws InvalidConfigurationTypeException - * @throws MisconfigurationException - */ public function previewSourcesAjax(ServerRequestInterface $request): ResponseInterface { if (BackendUserUtility::isBackendUserAuthenticated() === false) { @@ -299,10 +300,6 @@ public function previewSourcesAjax(ServerRequestInterface $request): ResponseInt return $response; } - /** - * @param ServerRequestInterface $request - * @return ResponseInterface - */ public function receiverDetailAjax(ServerRequestInterface $request): ResponseInterface { $userRepository = GeneralUtility::makeInstance(UserRepository::class); @@ -323,11 +320,6 @@ public function receiverDetailAjax(ServerRequestInterface $request): ResponseInt return $response; } - /** - * @return void - * @throws ExtensionConfigurationExtensionNotConfiguredException - * @throws ExtensionConfigurationPathDoesNotExistException - */ protected function addDocumentHeaderForNewsletterController(): void { $menuConfiguration = [ diff --git a/Classes/Domain/Model/Newsletter.php b/Classes/Domain/Model/Newsletter.php index f4a5a46..dc85622 100644 --- a/Classes/Domain/Model/Newsletter.php +++ b/Classes/Domain/Model/Newsletter.php @@ -403,7 +403,7 @@ public function getUnsubscribeRate(): float * * @return bool */ - private function canBeRead(): bool + public function canBeRead(): bool { if (BackendUserUtility::isAdministrator()) { return true;