From 6cc3bab9366a45c95e4290473b5e6bda3f9be75d Mon Sep 17 00:00:00 2001
From: Luis Fernando Saisa Lopez <luis.saisa@colosa.com>
Date: Fri, 4 Sep 2015 18:22:20 -0400
Subject: [PATCH] PM-3370 "REST endpoint GET calendars, pmtable y..." SOLVED

---
 .../ProcessMaker/Services/Api/Calendar.php    | 22 +++++++++++++++++--
 .../src/ProcessMaker/Services/Api/Pmtable.php | 20 +++++++++++++++++
 .../Services/Api/ProcessCategory.php          |  8 +++++++
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Calendar.php b/workflow/engine/src/ProcessMaker/Services/Api/Calendar.php
index 4dac191b3..0c31706b4 100644
--- a/workflow/engine/src/ProcessMaker/Services/Api/Calendar.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/Calendar.php
@@ -13,6 +13,26 @@ class Calendar extends Api
 {
     private $formatFieldNameInUppercase = false;
 
+    /**
+     * Constructor of the class
+     *
+     * return void
+     */
+    public function __construct()
+    {
+        try {
+            $user = new \ProcessMaker\BusinessModel\User();
+
+            $usrUid = $this->getUserId();
+
+            if (!$user->checkPermission($usrUid, "PM_SETUP")) {
+                throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid)));
+            }
+        } catch (\Exception $e) {
+            throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
+        }
+    }
+
     /**
      * @url GET
      */
@@ -21,7 +41,6 @@ class Calendar extends Api
         try {
             $calendar = new \ProcessMaker\BusinessModel\Calendar();
             $calendar->setFormatFieldNameInUppercase($this->formatFieldNameInUppercase);
-
             $response = $calendar->getCalendars(array("filter" => $filter), null, null, $start, $limit);
 
             return $response;
@@ -40,7 +59,6 @@ class Calendar extends Api
         try {
             $calendar = new \ProcessMaker\BusinessModel\Calendar();
             $calendar->setFormatFieldNameInUppercase($this->formatFieldNameInUppercase);
-
             $response = $calendar->getCalendar($cal_uid);
 
             return $response;
diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Pmtable.php b/workflow/engine/src/ProcessMaker/Services/Api/Pmtable.php
index d75d9ba69..f95683eb9 100644
--- a/workflow/engine/src/ProcessMaker/Services/Api/Pmtable.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/Pmtable.php
@@ -11,6 +11,26 @@ use \Luracast\Restler\RestException;
  */
 class Pmtable extends Api
 {
+    /**
+     * Constructor of the class
+     *
+     * return void
+     */
+    public function __construct()
+    {
+        try {
+            $user = new \ProcessMaker\BusinessModel\User();
+
+            $usrUid = $this->getUserId();
+
+            if (!$user->checkPermission($usrUid, "PM_SETUP")) {
+                throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid)));
+            }
+        } catch (\Exception $e) {
+            throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
+        }
+    }
+
     /**
      * @return array
      *
diff --git a/workflow/engine/src/ProcessMaker/Services/Api/ProcessCategory.php b/workflow/engine/src/ProcessMaker/Services/Api/ProcessCategory.php
index 3d4f060bc..772c1c0ad 100644
--- a/workflow/engine/src/ProcessMaker/Services/Api/ProcessCategory.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/ProcessCategory.php
@@ -21,6 +21,14 @@ class ProcessCategory extends Api
     public function __construct()
     {
         try {
+            $user = new \ProcessMaker\BusinessModel\User();
+
+            $usrUid = $this->getUserId();
+
+            if (!$user->checkPermission($usrUid, "PM_SETUP")) {
+                throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid)));
+            }
+
             $this->category = new \ProcessMaker\BusinessModel\ProcessCategory();
 
             $this->category->setFormatFieldNameInUppercase(false);