fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-08 11:33:55 +09:00
Code Issues Projects Releases Packages Wiki Activity

현재 모듈이 아닌 특정 모듈의 유저 권한을 체크하는 <permission> 옵션 추가

Browse source
This commit is contained in:
conory 2017-03-17 22:52:25 +09:00
parent 3f33194f94
commit a258a3cec8
2 changed files with 104 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

105
classes/module/ModuleObject.class.php
View file

@ -170,27 +170,101 @@ class ModuleObject extends Object
// variable module config // variable module config
$this->module_config = $oModuleModel->getModuleConfig($this->module, $module_info->site_srl); $this->module_config = $oModuleModel->getModuleConfig($this->module, $module_info->site_srl);
$module_srl = Context::get('module_srl');
$logged_info = Context::get('logged_info'); $logged_info = Context::get('logged_info');
// permission settings. access, manager(== is_admin) are fixed and privilege name in XE // If permission check target is not the current module
if(!$module_info->mid && !is_array($module_srl) && preg_match('/^([0-9]+)$/', $module_srl)) if($xml_info->permission_check->{$action}->key && $check_module_srl = Context::get($xml_info->permission_check->{$action}->key))
{
if($info->permission_check->{$action}->array === '' && !is_array($check_module_srl))
{
if(!preg_match('/^([0-9]+)$/', $check_module_srl))
{
$this->stop('msg_invalid_request');
return;
}
$request_module = $oModuleModel->getModuleInfoByModuleSrl($check_module_srl);
if(!$request_module->module_srl)
{
$this->stop('msg_invalid_request');
return;
}
$grant = $oModuleModel->getGrant($request_module, $logged_info);
}
else
{
if(!is_array($check_module_srl))
{
$check_module_srl = explode($info->permission_check->{$action}->array, $check_module_srl);
}
foreach($check_module_srl as $module_srl)
{ {
$request_module = $oModuleModel->getModuleInfoByModuleSrl($module_srl); $request_module = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
if($request_module->module_srl == $module_srl) if(!$request_module->module_srl)
{ {
$grant = $oModuleModel->getGrant($request_module, $logged_info); $this->stop('msg_invalid_request');
return;
}
$module_grant = $oModuleModel->getGrant($request_module, $logged_info);
// Check permissions
if(!$this->checkPermission($module_grant, $xml_info))
{
return;
} }
} }
else
$checked = true;
}
}
// Get grant information of user
if(!isset($grant))
{ {
$grant = $oModuleModel->getGrant($module_info, $logged_info, $xml_info); $grant = $oModuleModel->getGrant($module_info, $logged_info, $xml_info);
} }
// checks permission and action if you don't have an admin privilege // Check permissions
if(!$grant->manager) if(!isset($checked) && !$this->checkPermission($grant, $xml_info))
{ {
return;
}
// permission variable settings
$this->grant = $grant;
Context::set('grant', $grant);
// execute init
if(method_exists($this, 'init'))
{
$this->init();
}
}
/**
* Check permissions
* @param object $xml_info object containing module description
* @param object $grant grant information of user
* */
function checkPermission($xml_info, $grant = null)
{
// Get grant information
if(!$grant)
{
$grant = getModel('module')->getGrant($this->module_info, Context::get('logged_info'), $xml_info);
}
// If manager, Pass
if($grant->manager)
{
return true;
}
// get permission types(guest, member, manager, root) of the currently requested action // get permission types(guest, member, manager, root) of the currently requested action
$permission = $xml_info->permission->{$this->act}; $permission = $xml_info->permission->{$this->act};
@ -206,25 +280,16 @@ class ModuleObject extends Object
if($permission == 'member' && !Context::get('is_logged')) if($permission == 'member' && !Context::get('is_logged'))
{ {
$this->stop('msg_not_permitted_act'); $this->stop('msg_not_permitted_act');
return; return false;
} }
else if(in_array($permission, array('root', 'manager'))) else if(in_array($permission, array('root', 'manager')))
{ {
$this->stop('admin.msg_is_not_administrator'); $this->stop('admin.msg_is_not_administrator');
return; return false;
}
} }
} }
// permission variable settings return true;
$this->grant = $grant;
Context::set('grant', $grant);
// execute init
if(method_exists($this, 'init'))
{
$this->init();
}
} }
/** /**

6
modules/module/module.model.php
View file

@ -845,10 +845,16 @@ class moduleModel extends module
{ {
$action = $permission->attrs->action; $action = $permission->attrs->action;
$target = $permission->attrs->target; $target = $permission->attrs->target;
$check = $permission->attrs->check ?: 'module_srl';
$check_array = isset($permission->attrs->check_array) ? $permission->attrs->check_array : '';
$info->permission->{$action} = $target; $info->permission->{$action} = $target;
$info->permission_check->{$action}->key = $check;
$info->permission_check->{$action}->array = $check_array;
$buff[] = sprintf('$info->permission->%s = \'%s\';', $action, $target); $buff[] = sprintf('$info->permission->%s = \'%s\';', $action, $target);
$buff[] = sprintf('$info->permission_check->%s->key = \'%s\';', $action, $check);
$buff[] = sprintf('$info->permission_check->%s->array = \'%s\';', $action, $check_array);
} }
} }
// for admin menus // for admin menus