From 328352f91a548fe50cb91345e0059407577f7aa3 Mon Sep 17 00:00:00 2001
From: Josef Rokos <pepa@bukova.info>
Date: Mon, 29 May 2017 22:09:03 +0200
Subject: [PATCH] Improved permission checks.

---
 core/gridform.h         | 21 +++++++++++++++++++++
 core/iplugin.h          |  8 ++++++++
 core/settingsform.cpp   |  8 ++++++++
 core/users/userform.cpp |  4 ++--
 shop/shop.cpp           |  6 ++++++
 5 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/core/gridform.h b/core/gridform.h
index abb39b5..e39fa19 100644
--- a/core/gridform.h
+++ b/core/gridform.h
@@ -174,6 +174,13 @@ private slots:
 protected:
     virtual void handleNewRecord() override
     {
+        PermissionEvaluator permEv;
+        if (!permEv.hasPermission(pluginId(), PERM_ADD))
+        {
+            QMessageBox::critical(this, tr("Permission denied"), tr("You don't have permission to add new record."));
+            return;
+        }
+
         if (m_form == NULL)
         {
             Q_ASSERT(false);
@@ -187,6 +194,13 @@ protected:
 
     virtual void handleEditRecord() override
     {
+        PermissionEvaluator permEv;
+        if (!permEv.hasPermission(pluginId(), PERM_EDIT))
+        {
+            QMessageBox::critical(this, tr("Permission denied"), tr("You don't have permission to edit record."));
+            return;
+        }
+
         if (m_form == NULL || m_tableModel == NULL || tableView()->currentIndex().row() < 0)
         {
             Q_ASSERT(false);
@@ -200,6 +214,13 @@ protected:
 
     void handleDeleteRecord() override
     {
+        PermissionEvaluator permEv;
+        if (!permEv.hasPermission(pluginId(), PERM_DELETE))
+        {
+            QMessageBox::critical(this, tr("Permission denied"), tr("You don't have permission to delete record."));
+            return;
+        }
+
         m_permissionDenied = false;
         connectService();
         if (m_form == NULL || m_tableModel == NULL || tableView()->currentIndex().row() < 0)
diff --git a/core/iplugin.h b/core/iplugin.h
index 0d47eba..b8f620f 100644
--- a/core/iplugin.h
+++ b/core/iplugin.h
@@ -8,6 +8,7 @@
 #include <QStringList>
 #include <QIcon>
 #include <QTranslator>
+#include <QMessageBox>
 
 #include "service.h"
 #include "igridform.h"
@@ -51,6 +52,13 @@ public:
     virtual void init(const QJsonObject &metaData) = 0;
 
     virtual QWidget *ui() {
+        PermissionEvaluator permEv;
+        if (!permEv.hasPermission(pluginId(), PERM_READ))
+        {
+            QMessageBox::critical(m_ui, QObject::tr("Permission denied"), QObject::tr("You don't have permission to open this plugin."));
+            return NULL;
+        }
+
         IGridForm *form = qobject_cast<IGridForm*>(m_ui);
         bool filled = true;
 
diff --git a/core/settingsform.cpp b/core/settingsform.cpp
index 3a32235..8009cc6 100644
--- a/core/settingsform.cpp
+++ b/core/settingsform.cpp
@@ -6,6 +6,8 @@
 #include "iplugin.h"
 #include "iform.h"
 
+#include <QMessageBox>
+
 SettingsForm::SettingsForm(QWidget *parent) :
     QDialog(parent),
     ui(new Ui::SettingsForm)
@@ -39,6 +41,12 @@ void SettingsForm::on_buttonBox_accepted()
 
 void SettingsForm::accept()
 {
+    if (!Context::instance().currentUser()->isAdmin())
+    {
+        QMessageBox::critical(this, tr("Permission denied"), tr("You don't have permission to save settings."));
+        return;
+    }
+
     for (int i = 0; i < ui->tabWidget->count(); i++)
     {
         IForm *tab = qobject_cast<IForm*>(ui->tabWidget->widget(i));
diff --git a/core/users/userform.cpp b/core/users/userform.cpp
index 1b8ce7d..9631dfc 100644
--- a/core/users/userform.cpp
+++ b/core/users/userform.cpp
@@ -77,12 +77,12 @@ bool UserForm::bindOtherToData()
 }
 
 
-void UserForm::on_password_textChanged(const QString &arg1)
+void UserForm::on_password_textChanged(const QString &)
 {
     m_passChanged = true;
 }
 
-void UserForm::on_retypePassword_textChanged(const QString &arg1)
+void UserForm::on_retypePassword_textChanged(const QString &)
 {
     m_passChanged = true;
 }
diff --git a/shop/shop.cpp b/shop/shop.cpp
index bc2c7b7..bc3bd85 100644
--- a/shop/shop.cpp
+++ b/shop/shop.cpp
@@ -24,6 +24,12 @@ QIcon Shop::pluginIcon()
 QWidget *Shop::ui()
 {
     QWidget *uiWidget = IPlugin::ui();
+
+    if (uiWidget == NULL)
+    {
+        return NULL;
+    }
+
     qobject_cast<ShopForm*>(uiWidget)->loadLast();
     qobject_cast<ShopForm*>(uiWidget)->fillRaceiptCombo();
     qobject_cast<ShopForm*>(uiWidget)->loadButtons();