TIM-45: Allow project managers and controllers see the interpretation…

… of other people

Just developers may only see their own data

src/Netresearch/TimeTrackerBundle/Controller/BaseController.php

@@ -279,14 +279,4 @@ protected function translate(
 
         return $translator->trans($id, $parameters, $domain, $locale);
     }
-
-    /**
-     * Returns true, if the functionality of the calling method violates the GDPR.
-     *
-     * @return bool
-     */
-    protected function isHiddenCausedByGDPRViolation()
-    {
-        return true;
-    }
 }

src/Netresearch/TimeTrackerBundle/Controller/DefaultController.php

@@ -311,12 +311,14 @@ public function getCustomersAction(Request $request)
     }
 
     /**
+     * Developers may see their own data only, CTL and PL may see everyone.
+     *
      * @param Request $request
      * @return Response
      */
     public function getUsersAction(Request $request)
     {
-        if ($this->isHiddenCausedByGDPRViolation()) {
+        if ($this->isDEV($request)) {
             $data = $this->getDoctrine()->getRepository('NetresearchTimeTrackerBundle:User')->getUserById($this->getUserId($request));
         } else {
             $data = $this->getDoctrine()->getRepository('NetresearchTimeTrackerBundle:User')->getUsers($this->getUserId($request));

web/app_dev.php

@@ -8,15 +8,6 @@
 
 // This check prevents access to debug front controllers that are deployed by accident to production servers.
 // Feel free to remove this, extend it, or make something more sophisticated.
-if (strpos($_SERVER['HTTP_HOST'],'timetracker.sobol.nr') === FALSE
-    &&  ( isset($_SERVER['HTTP_CLIENT_IP'])
-        || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
-        || !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))
-    )
-) {
-    header('HTTP/1.0 403 Forbidden');
-    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
-}
 
 /* @var Composer\Autoload\ClassLoader */
 $loader = require __DIR__.'/../app/autoload.php';