From c576f8df37af57a8f526703cb62361268f24ef45 Mon Sep 17 00:00:00 2001
From: ryanrath <ryanrath@buffalo.edu>
Date: Mon, 16 Dec 2019 10:28:40 -0500
Subject: [PATCH] Updates to allow for PO usage (#74)

* Updates to allow for PO usage

This functionality was originally added for OpenXDMoD and as such did not take into
account that PO would also be utilizing this endpoint. Logic has been added to the
 options building that defaults to not restricting the resources
returned, but if the user does not have  then they are restricted to seeing only
the resources they have access to.

* Updates per code review comments by @jpwhite4
---
 .../AppKernelControllerProvider.php           | 28 +++++++------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/classes/Rest/Controllers/AppKernelControllerProvider.php b/classes/Rest/Controllers/AppKernelControllerProvider.php
index de0bef0..a34391c 100644
--- a/classes/Rest/Controllers/AppKernelControllerProvider.php
+++ b/classes/Rest/Controllers/AppKernelControllerProvider.php
@@ -1585,9 +1585,6 @@ public function getAppKernelSuccessRate(Request $req, Application $app)
      * Retrieves the raw numeric values for the AppKernel Performance Map. This endpoint provides
      * the data for `CenterReportCardPortlet.js`
      *
-     * **NOTE:** This function will throw an UnauthorizedException if the user making the request
-     * does not have the Center Director or Center Staff acl.
-     *
      * @param Request     $request
      * @param Application $app
      * @return JsonResponse
@@ -1598,14 +1595,6 @@ public function getRawPerformanceMap(Request $request, Application $app)
     {
         $user = $this->authorize($request);
 
-        // We need to ensure that only Center Director / Center Staff users are authorized to
-        // utilize this endpoint. Note, we do not utilize the `requirements` parameter of the above
-        // `authorize` call because it utilizes `XDUser::hasAcls` which only checks if the user has
-        // *all* of the supplied acls, not any of the supplied acls.
-        if ( ! ( $user->hasAcl(ROLE_ID_CENTER_DIRECTOR) ||  $user->hasAcl(ROLE_ID_CENTER_STAFF) ) ) {
-            throw  new UnauthorizedHttpException('xdmod', "Unable to complete action. User is not authorized.");
-        }
-
         $startDate = $this->getStringParam($request, 'start_date', true);
         if ($startDate !== null) {
             $startDate = new \DateTime($startDate);
@@ -1628,13 +1617,16 @@ public function getRawPerformanceMap(Request $request, Application $app)
 
         $data = array();
         try {
-            $perfMap = new \AppKernel\PerformanceMap(array(
-                'start_date' => $startDate,
-                'end_date' => $endDate,
-                'resource' => array('data' => $user->getResources()),
-                'appKer' => $appKernels,
-                'problemSize' => $problemSizes
-            ));
+            $options = array(
+                    'start_date' => $startDate,
+                    'end_date' => $endDate,
+                    'appKer' => $appKernels,
+                    'problemSize' => $problemSizes
+            );
+            if (!$user->hasAcl(ROLE_ID_PROGRAM_OFFICER)) {
+                $options['resource'] = array('data' => $user->getResources());
+            }
+            $perfMap = new \AppKernel\PerformanceMap($options);
 
             // The columns that we're going to be retrieving from the PerformanceMap and ultimately
             // returning to the requester.