admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SGGR#90860: PUT /api2/objects/33444.json eindigt met 404 status.

Browse Source 
svn path=/Website/trunk/; revision=71104
This commit is contained in:
Maykel Geerdink
2025-12-01 14:29:37 +00:00
parent 591fa3f970
commit 0afeb680ca
1 changed files with 40 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
APPL/API2/model_objects.inc
View File

@@ -100,47 +100,47 @@ function model_objects(ins_key, params)
};
var module = "INS"; // INS of SLE.
function _check_authorization(params, method)
{
var urole = "fe"; // TODO: Moet echt niet ter zake doen
var autfunction = urole == "fe"? "WEB_INSUSE" : "WEB_INSMAN";
params.authparams = user.checkAutorisation(autfunction, null, null, true); // pessimistisch
var ins_key = params.filter.id || -1;
var urole = params.filter.scope || "fe";
params.message = "";
params.message = "";
params.filter.scope = params.filter.scope || "fe";
var module = "INS";
var ins_key = params.filter.id || -1;
var srtdeel_key = -1;
var srtgroep_key = -1;
var autfunction = ( params.filter.scope == "fe"
? "WEB_INSUSE"
: ( params.filter.scope == "fo"
? "WEB_INSFOF"
: "WEB_INSMAN"
));
// Voor sleutels/cilinders:
if ( (ins_key > 0 && ins.isSleCil(ins_key))
|| (srtdeel_key > 0 && ins.isSleCil(srtdeel_key, "S"))
|| (srtgroep_key > 0 && ins.isSleCil(srtgroep_key, "G"))
)
{
autfunction = "WEB_SLEBOF";
module = "SLE";
}
var srtdeel_key = -1;
var srtgroep_key = -1;
// Heb ik rechten voor 1 van de INS autorisaties. Onafhankelijk van de urole.
var autfunction = ["WEB_INSUSE", "WEB_INSFOF", "WEB_INSMAN"];
// Voor sleutels/cilinders:
if ( (ins_key > 0 && ins.isSleCil(ins_key))
|| (srtdeel_key > 0 && ins.isSleCil(srtdeel_key, "S"))
|| (srtgroep_key > 0 && ins.isSleCil(srtgroep_key, "G"))
)
{
autfunction = "WEB_SLEBOF";
module = "SLE";
}
params.authparams = user.checkAutorisation(autfunction, null, null, true); // pessimistisch
if (ins_key > 0)
{
var this_ins = ins.func_enabled_deel(ins_key, {urole: params.filter.scope});
user.auth_required_or_abort(this_ins.canChange || this_ins.canChangeOwn); // dat is toch wel het minste
params.authparams = this_ins.authparams(autfunction);
}
else
{
params.authparams = user.checkAutorisation(autfunction); // , null, null, true); // pessimistisch
var this_ins = { canChangeAlg: true };
}
switch (method)
{
case "GET": if (ins_key > 0)
{
var this_ins = ins.func_enabled_deel(ins_key, {urole: urole});
user.auth_required_or_abort(this_ins.canReadAny); // dat is toch wel het minste
}
else
{
var this_ins = { canChangeAlg: true };
}
break;
case "PUT":
case "POST": var this_ins = ins.func_enabled_deel(ins_key, {urole: urole});
user.auth_required_or_abort(this_ins.canChange || this_ins.canChangeOwn); // dat is toch wel het minste
break;
}
params.func_enabled = this_ins || {};
params.func_enabled = this_ins || {};
};
function _pre_analyze_fields(params, jsondata, method)
@@ -307,7 +307,7 @@ function model_objects(ins_key, params)
}
if (bindingBits & BIND_RUIMTE)
{
if(jsondata.room && jsondata.room > 0 )
if (jsondata.room && jsondata.room > 0 )
{
placeholder.status = true;
placeholder.ruimte_type = "R";
@@ -420,7 +420,9 @@ function model_objects(ins_key, params)
query.wheres.push(" ins_v_deelenonderdeel.ins_discipline_key IN"
+ " (SELECT ins_discipline_key"
+ " FROM fac_v_webgebruiker"
+ " WHERE fac_functie_key = " + params.authparams.autfunctionkey
+ (module == "INS"
? " WHERE fac_functie_key IN ({0}, {1}, {2})".format(F('WEB_INSUSE'), F('WEB_INSFOF'), F('WEB_INSMAN'))
: " WHERE fac_functie_key = " + F("WEB_SLEBOF"))
+ " AND prs_perslid_key = " + user_key
+ " AND fac_gebruiker_prs_level_read < 9"
+ " AND fac_gebruiker_alg_level_read < 9)");