[Organizations] Fixes: Missing acl checks for editing organizations.

module/Organizations/config/module.config.php

@@ -151,11 +151,13 @@
                 'allow' => array(
                     'route/lang/organizations',
                     'Organizations/InviteEmployee',
+                    'Entity/Organization' => [ 'edit' => 'Organizations/Write' ],
                 ),
             ),
         ),
         'assertions' => array(
             'invokables' => array(
+                'Organizations/Write' => 'Organizations\Acl\Assertion\WriteAssertion',
             ),
         ),
     ),

module/Organizations/src/Organizations/Acl/Assertion/WriteAssertion.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * YAWIK
+ *
+ * @filesource
+ * @license MIT
+ * @copyright  2013 - 2016 Cross Solution <http://cross-solution.de>
+ */
+
+/** */
+namespace Organizations\Acl\Assertion;
+
+use Auth\Entity\UserInterface;
+use Core\Entity\PermissionsInterface;
+use Organizations\Entity\OrganizationInterface;
+use Zend\Permissions\Acl\Acl;
+use Zend\Permissions\Acl\Assertion\AssertionInterface;
+use Zend\Permissions\Acl\Resource\ResourceInterface;
+use Zend\Permissions\Acl\Role\RoleInterface;
+
+/**
+ * ${CARET}
+ * 
+ * @author Mathias Gelhausen <[email protected]>
+ * @todo write test 
+ */
+class WriteAssertion implements AssertionInterface
+{
+    public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
+    {
+        return 'edit' == $privilege
+               && $role instanceOf UserInterface
+               && $resource instanceOf OrganizationInterface
+               && $resource->getPermissions()->isGranted($role, PermissionsInterface::PERMISSION_CHANGE);
+    }
+}

module/Organizations/src/Organizations/Controller/IndexController.php

@@ -12,6 +12,7 @@
 
 use Core\Entity\Collection\ArrayCollection;
 use Core\Form\SummaryForm;
+use Organizations\Exception\MissingParentOrganizationException;
 use Zend\Mvc\Controller\AbstractActionController;
 use Organizations\Repository;
 use Organizations\Form;
@@ -124,7 +125,7 @@ public function editAction()
             /* @var $handler \Organizations\Controller\Plugin\GetOrganizationHandler */
             $handler = $this->plugin('Organizations/GetOrganizationHandler');
             $org  = $handler->process($this->params(), true);
-        } catch (\RuntimeException $e) {
+        } catch (MissingParentOrganizationException $e) {
             return $this->getErrorViewModel('no-parent');
         }
 

module/Organizations/src/Organizations/Controller/Plugin/GetOrganizationHandler.php

@@ -11,6 +11,7 @@
 /** */
 namespace Organizations\Controller\Plugin;
 
+use Organizations\Exception\MissingParentOrganizationException;
 use Zend\Mvc\Controller\Plugin\AbstractPlugin;
 use Core\Repository\RepositoryService;
 use Auth\AuthenticationService;
@@ -94,7 +95,7 @@ public function process(Params $params,$allowDraft = true)
                     /* @var $parent \Organizations\Entity\OrganizationReference */
                     $parent = $user->getOrganization();
                     if (!$parent->hasAssociation()) {
-                        throw new \RuntimeException('You cannot create organizations, because you do not belong to a parent organization. Use "User menu -> create my organization" first.');
+                        throw new MissingParentOrganizationException('You cannot create organizations, because you do not belong to a parent organization. Use "User menu -> create my organization" first.');
                     }
                     $organization->setParent($parent->getOrganization());
                 }
@@ -109,6 +110,9 @@ public function process(Params $params,$allowDraft = true)
         if (!$organization) {
             throw new \RuntimeException('No Organization found with id "' . $organizationId . '"');
         }
+
+        $this->acl->check($organization, 'edit');
+
         return $organization;
     }
 }