fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-04 17:44:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add 404 error handler and update permission data structure

Browse source
This commit is contained in:
Kijin Sung 2020-06-18 14:13:23 +09:00
parent e20c06bf00
commit 5fa72f8629
7 changed files with 49 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
classes/module/ModuleHandler.class.php
View file

@ -597,7 +597,7 @@ class ModuleHandler extends Handler
// Protect admin action // Protect admin action
if(($this->module == 'admin' || $kind == 'admin') && !ModuleModel::getGrant($forward, $logged_info)->root) if(($this->module == 'admin' || $kind == 'admin') && !ModuleModel::getGrant($forward, $logged_info)->root)
{ {
if($this->module == 'admin' || empty($xml_info->permission->{$this->act})) if($this->module == 'admin' || empty($xml_info->action->{$this->act}->permission->target))
{ {
self::_setInputErrorToContext(); self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator'; $this->error = 'admin.msg_is_not_administrator';

8
classes/module/ModuleObject.class.php
View file

@ -251,10 +251,10 @@ class ModuleObject extends BaseObject
if(Context::get('logged_info')->is_admin !== 'Y') if(Context::get('logged_info')->is_admin !== 'Y')
{ {
// Get privileges(granted) information for target module by <permission check> of module.xml // Get privileges(granted) information for target module by <permission check> of module.xml
if(($permission_check = $this->xml_info->permission_check->{$this->act}) && $permission_check->key) if(($permission = $this->xml_info->action->{$this->act}->permission) && $permission->check_var)
{ {
// Check parameter // Check parameter
if(empty($check_module_srl = trim(Context::get($permission_check->key)))) if(empty($check_module_srl = trim(Context::get($permission->check_var))))
{ {
return false; return false;
} }
@ -277,7 +277,7 @@ class ModuleObject extends BaseObject
foreach($check_module_srl as $target_srl) foreach($check_module_srl as $target_srl)
{ {
// Get privileges(granted) information of current user for target module // Get privileges(granted) information of current user for target module
if(($grant = ModuleModel::getInstance()->getPrivilegesBySrl($target_srl, $permission_check->type)) === false) if(($grant = ModuleModel::getInstance()->getPrivilegesBySrl($target_srl, $permission->check_type)) === false)
{ {
return false; return false;
} }
@ -348,7 +348,7 @@ class ModuleObject extends BaseObject
} }
// Get permission types(guest, member, manager, root) of the currently requested action // Get permission types(guest, member, manager, root) of the currently requested action
$permission = $this->xml_info->permission->{$this->act}; $permission = $this->xml_info->action->{$this->act}->permission->target ?: $this->xml_info->permission->{$this->act};
// If admin action, set default permission // If admin action, set default permission
if(empty($permission) && stripos($this->act, 'admin') !== false) if(empty($permission) && stripos($this->act, 'admin') !== false)

52
common/framework/parsers/moduleactionparser.php
View file

@ -49,10 +49,9 @@ class ModuleActionParser
$info->route->GET = []; $info->route->GET = [];
$info->route->POST = []; $info->route->POST = [];
$info->action = new \stdClass; $info->action = new \stdClass;
$info->menu = new \stdClass;
$info->grant = new \stdClass; $info->grant = new \stdClass;
$info->permission = new \stdClass; $info->menu = new \stdClass;
$info->permission_check = new \stdClass; $info->error_handlers = [];
// Parse grants. // Parse grants.
foreach ($xml->grants->grant ?: [] as $grant) foreach ($xml->grants->grant ?: [] as $grant)
@ -64,19 +63,6 @@ class ModuleActionParser
$info->grant->{$grant_name} = $grant_info; $info->grant->{$grant_name} = $grant_info;
} }
// Parse permissions not defined in the <actions> section.
foreach ($xml->permissions->permission ?: [] as $permission)
{
$action_name = trim($permission['action']);
$permission = trim($permission['target']);
$info->permission->{$action_name} = $permission;
$check = new \stdClass;
$check->key = trim($permission['check_var']) ?: trim($permission['check-var']);
$check->type = trim($permission['check_type']) ?: trim($permission['check-type']);
$info->permission_check->{$action_name} = $check;
}
// Parse menus. // Parse menus.
foreach ($xml->menus->menu ?: [] as $menu) foreach ($xml->menus->menu ?: [] as $menu)
{ {
@ -95,15 +81,12 @@ class ModuleActionParser
// Parse permissions. // Parse permissions.
$action_name = trim($action['name']); $action_name = trim($action['name']);
$permission = trim($action['permission']); $permission = trim($action['permission']);
$permission_info = (object)['target' => '', 'check_var' => '', 'check_type' => ''];
if ($permission) if ($permission)
{ {
$info->permission->{$action_name} = $permission; $permission_info->target = $permission;
if (isset($info->permission_check->{$action_name})) $permission_info->check_var = trim($action['check_var']) ?: trim($action['check-var']);
{ $permission_info->check_type = trim($action['check_type']) ?: trim($action['check-type']);
$info->permission_check->{$action_name} = new \stdClass;
}
$info->permission_check->{$action_name}->key = trim($action['check_var']) ?: trim($action['check-var']);
$info->permission_check->{$action_name}->type = trim($action['check_type']) ?: trim($action['check-type']);
} }
// Parse routes. // Parse routes.
@ -136,6 +119,7 @@ class ModuleActionParser
$action_info = new \stdClass; $action_info = new \stdClass;
$action_info->type = trim($action['type']); $action_info->type = trim($action['type']);
$action_info->grant = trim($action['grant']) ?: 'guest'; $action_info->grant = trim($action['grant']) ?: 'guest';
$action_info->permission = $permission_info;
$action_info->ruleset = trim($action['ruleset']); $action_info->ruleset = trim($action['ruleset']);
$action_info->method = $method; $action_info->method = $method;
$action_info->route = $route_arg; $action_info->route = $route_arg;
@ -171,6 +155,28 @@ class ModuleActionParser
{ {
$info->simple_setup_index_act = $action_name; $info->simple_setup_index_act = $action_name;
} }
// Set error handler settings.
$error_handlers = explode(',', trim($action['error_handlers']) ?: trim($action['error-handlers']));
foreach ($error_handlers as $error_handler)
{
if (intval($error_handler) > 200)
{
$info->error_handlers[intval($error_handler)] = $action_name;
}
}
}
// Parse permissions not defined in the <actions> section.
foreach ($xml->permissions->permission ?: [] as $permission)
{
$action_name = trim($permission['action']);
if (isset($info->action->{$action_name}))
{
$info->action->{$action_name}->permission->target = trim($permission['target']);
$info->action->{$action_name}->permission->check_var = trim($permission['check_var']) ?: trim($permission['check-var']);
$info->action->{$action_name}->permission->check_type = trim($permission['check_type']) ?: trim($permission['check-type']);
}
} }
// Return the complete result. // Return the complete result.

1
common/framework/parsers/moduleinfoparser.php
View file

@ -83,6 +83,7 @@ class ModuleInfoParser
$info->default_index_act = $action_info->default_index_act; $info->default_index_act = $action_info->default_index_act;
$info->setup_index_act = $action_info->setup_index_act; $info->setup_index_act = $action_info->setup_index_act;
$info->simple_setup_index_act = $action_info->simple_setup_index_act; $info->simple_setup_index_act = $action_info->simple_setup_index_act;
$info->error_handlers = $action_info->error_handlers ?: [];
// Return the complete result. // Return the complete result.
return $info; return $info;

7
common/framework/router.php
View file

@ -156,6 +156,13 @@ class Router
$allargs = array_merge(['mid' => $prefix, 'act' => $internal_url], $args); $allargs = array_merge(['mid' => $prefix, 'act' => $internal_url], $args);
return (object)['status' => 200, 'url' => $url, 'args' => $allargs]; return (object)['status' => 200, 'url' => $url, 'args' => $allargs];
} }
// If the module defines a 404 error handler, call it.
if ($internal_url && isset($action_info->error_handlers[404]))
{
$allargs = array_merge(['mid' => $prefix, 'act' => $action_info->error_handlers[404]], $args);
return (object)['status' => 200, 'url' => $url, 'args' => $allargs];
}
} }
} }

5
modules/board/board.view.php
View file

@ -1364,6 +1364,11 @@ class boardView extends board
Context::set('blame_member_info', $blame_member_infos); Context::set('blame_member_info', $blame_member_infos);
$this->setTemplateFile('vote_log'); $this->setTemplateFile('vote_log');
} }
function dispBoardNotFound()
{
$this->alertMessage('msg_not_founded', 404);
}
/** /**
* @brief the method for displaying the warning messages * @brief the method for displaying the warning messages

3
modules/board/conf/module.xml
View file

@ -92,6 +92,7 @@
<action name="dispBoardUpdateLog" type="view" permission="update_view" standalone="false" /> <action name="dispBoardUpdateLog" type="view" permission="update_view" standalone="false" />
<action name="dispBoardUpdateLogView" type="view" permission="update_view" standalone="false" /> <action name="dispBoardUpdateLogView" type="view" permission="update_view" standalone="false" />
<action name="dispBoardVoteLog" type="view" permission="vote_log_view" standalone="false" /> <action name="dispBoardVoteLog" type="view" permission="vote_log_view" standalone="false" />
<action name="dispBoardNotFound" type="view" standalone="false" error-handlers="404" />
<action name="dispBoardNoticeList" type="view" permission="list" standalone="false" /> <action name="dispBoardNoticeList" type="view" permission="list" standalone="false" />
<action name="dispBoardCategoryList" type="view" permission="list" standalone="false" /> <action name="dispBoardCategoryList" type="view" permission="list" standalone="false" />
@ -125,7 +126,7 @@
<action name="getBoardAdminSimpleSetup" type="model" simple_setup_index="true" /> <action name="getBoardAdminSimpleSetup" type="model" simple_setup_index="true" />
<action name="procBoardAdminInsertBoard" type="controller" permission="manager" check_var="module_srl" ruleset="insertBoard" /> <action name="procBoardAdminInsertBoard" type="controller" permission="manager" check_var="module_srl" ruleset="insertBoard" />
<action name="procBoardAdminDeleteBoard" type="controller" /> <action name="procBoardAdminDeleteBoard" type="controller" permission="manager" check_var="module_srl" />
<action name="procBoardAdminUpdateBoardFroBasic" type="controller" ruleset="insertBoardForBasic" /> <action name="procBoardAdminUpdateBoardFroBasic" type="controller" ruleset="insertBoardForBasic" />
<action name="procBoardAdminSaveCategorySettings" type="controller" permission="manager" check_var="module_srl" ruleset="saveCategorySettings" /> <action name="procBoardAdminSaveCategorySettings" type="controller" permission="manager" check_var="module_srl" ruleset="saveCategorySettings" />
</actions> </actions>