mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-04 01:01:41 +09:00
Fix incorrect permission check when check_var is set but mid is not
This commit is contained in:
Kijin Sung
parent
ad6aeb4c00
commit
5e9cf872e7
2 changed files with 29 additions and 9 deletions
|
|
@ -254,15 +254,15 @@ class ModuleObject extends BaseObject
|
|||
// Get privileges(granted) information for target module by <permission check> of module.xml
|
||||
if(($permission = $this->xml_info->action->{$this->act}->permission) && $permission->check_var)
|
||||
{
|
||||
// Check parameter
|
||||
if(empty($check_module_srl = trim(Context::get($permission->check_var))))
|
||||
// Ensure that the list of modules to check is the right type and not empty
|
||||
$check_var = Context::get($permission->check_var);
|
||||
if (is_scalar($check_var))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if (empty($check_module_srl = trim($check_var)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// If value is not array
|
||||
if(!is_array($check_module_srl))
|
||||
{
|
||||
// Convert string to array. delimiter is ,(comma) or |@|
|
||||
if(preg_match('/,|\|@\|/', $check_module_srl, $delimiter) && $delimiter[0])
|
||||
{
|
||||
|
|
@ -273,6 +273,14 @@ class ModuleObject extends BaseObject
|
|||
$check_module_srl = array($check_module_srl);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$check_module_srl = array_map('trim', $check_var);
|
||||
if (!count($check_var))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Check permission by privileges(granted) information for target module
|
||||
foreach($check_module_srl as $target_srl)
|
||||
|
|
@ -295,7 +303,15 @@ class ModuleObject extends BaseObject
|
|||
}
|
||||
|
||||
// Check permission based on the grant information for the current module.
|
||||
$grant = ModuleModel::getInstance()->getGrant($this->module_info, $this->user, $this->xml_info);
|
||||
if (isset($check_grant))
|
||||
{
|
||||
$grant = $check_grant;
|
||||
}
|
||||
else
|
||||
{
|
||||
$grant = ModuleModel::getInstance()->getGrant($this->module_info, $this->user, $this->xml_info);
|
||||
}
|
||||
|
||||
if(!$this->checkPermission($grant, $this->user, $failed_requirement))
|
||||
{
|
||||
$this->stop($this->_generatePermissionError($failed_requirement));
|
||||
|
|
|
|||
|
|
@ -103,7 +103,11 @@ class Permission
|
|||
// Check if each permission is granted to the current user.
|
||||
foreach ($this->_spec as $key => $requirement)
|
||||
{
|
||||
if ($requirement === 'guest')
|
||||
if ($key === 'manager' && $this->manager)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
elseif ($requirement === 'guest')
|
||||
{
|
||||
$this->{$key} = true;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue