check_var 속성 기본값 제거

'all-managers', 'same-managers' 퍼미션 타입 추가 코드 정리
2026-05-09 20:12:14 +09:00 · 2017-03-29 12:54:27 +09:00 · 2017-03-29 12:54:27 +09:00 · cd2760c4f5
commit cd2760c4f5
parent da36bc5633
3 changed files with 237 additions and 172 deletions
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@ -671,7 +671,9 @@ class ModuleHandler extends Handler
 				}
 				// Protect admin action
-				if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($this->module_info, $logged_info)->root)
+				if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
 				{
 					if($this->module == 'admin' || strpos($xml_info->permission->{$this->act}, 'manager') === false)
 					{
 						self::_setInputErrorToContext();
 						$this->error = 'admin.msg_is_not_administrator';
@ -681,6 +683,7 @@ class ModuleHandler extends Handler
 						$oMessageObject->dispMessage();
 						return $oMessageObject;
 					}
 				}
 				// Admin page layout
 				if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify')
--- a/classes/module/ModuleObject.class.php
+++ b/classes/module/ModuleObject.class.php
@ -128,7 +128,7 @@ class ModuleObject extends Object
 	}
 	/**
-	 * sett to set the template path for refresh.html
+	 * Set the template path for refresh.html
 	 * refresh.html is executed as a result of method execution
 	 * Tpl as the common run of the refresh.html ..
 	 * @return void
@ -140,7 +140,7 @@ class ModuleObject extends Object
 	}
 	/**
-	 * sett to set the action name
+	 * Set the action name
 	 * @param string $act
 	 * @return void
 	 * */
@ -150,39 +150,58 @@ class ModuleObject extends Object
 	}
 	/**
-	 * sett to set module information
+	 * Set module information
 	 * @param object $module_info object containing module information
 	 * @param object $xml_info object containing module description
 	 * @return void
 	 * */
 	function setModuleInfo($module_info, $xml_info)
 	{
-		// The default variable settings
+		// Set default variables
 		$this->mid = $module_info->mid;
 		$this->module_srl = $module_info->module_srl;
 		$this->module_info = $module_info;
 		$this->origin_module_info = $module_info;
 		$this->xml_info = $xml_info;
 		$this->skin_vars = $module_info->skin_vars;
 		$this->module_config = getModel('module')->getModuleConfig($this->module, $module_info->site_srl);
-		$oModuleModel = getModel('module');
+		// Set privileges(granted) information
-		
+		if($this->setPrivileges() !== true)
 		// variable module config
 		$this->module_config = $oModuleModel->getModuleConfig($this->module, $module_info->site_srl);
 		// Proceeding <permission check> of module.xml
 		$permission_check = $xml_info->permission_check->{$this->act};
 		// If permission check target is not the current module
 		if($permission_check->key && $check_module_srl = trim(Context::get($permission_check->key)))
 		{
-			// If value is array
+			$this->stop('msg_invalid_request');
-			if(is_array($check_module_srl) || preg_match('/,|\|@\|/', $check_module_srl, $delimiter))
+			return;
 		}
 		// Execute init
 		if(method_exists($this, 'init'))
 		{
-				// Convert string to array. delimiter is ,(comma) or |@|
+			$this->init();
 		}
 	}
 	/**
 	 * Set privileges(granted) information of current user and check permission of current module
 	 * @return boolean success : true, fail : false
 	 * */
 	function setPrivileges()
 	{
 		if(Context::get('logged_info')->is_admin !== 'Y')
 		{
 			// Get privileges(granted) information for target module by <permission check> of module.xml
 			if(($permission_check = $this->xml_info->permission_check->{$this->act}) && $permission_check->key)
 			{
 				// Check parameter
 				if(empty($check_module_srl = trim(Context::get($permission_check->key))))
 				{
 					return false;
 				}
 				// If value is not array
 				if(!is_array($check_module_srl))
 				{
-					if($delimiter[0])
+					// Convert string to array. delimiter is ,(comma) or |@|
 					if(preg_match('/,|\|@\|/', $check_module_srl, $delimiter) && $delimiter[0])
 					{
 						$check_module_srl = explode($delimiter[0], $check_module_srl);
 					}
@ -192,125 +211,63 @@ class ModuleObject extends Object
 					}
 				}
-				// Check and Stop
+				// Check permission by privileges(granted) information for target module
 				foreach($check_module_srl as $target_srl)
 				{
-					if($this->checkPermissionBySrl($target_srl, $permission_check->type, $xml_info) === false)
+					// Get privileges(granted) information of current user for target module
 					if(($grant = getModel('module')->getPrivilegesBySrl($target_srl, $permission_check->type)) === false)
 					{
-						return;
+						return false;
 					}
 					}
-				$checked = true;
+					// Check permission
 					if($this->checkPermission($grant, false) !== true)
 					{
 						return false;
 					}
 			// If value is string
 			else
 			{
 				// only check, and return grant information
 				if(($grant = $this->checkPermissionBySrl($check_module_srl, $permission_check->type)) === false)
 				{
 					return;
 				}
 			}
 		}
-		// Get grant information of user
+		// If no privileges(granted) information, check permission by privileges(granted) information for current module
 		if(!isset($grant))
 		{
-			$grant = $oModuleModel->getGrant($module_info, Context::get('logged_info'), $xml_info);
+			// Get privileges(granted) information of current user for current module
-		}
+			$grant = getModel('module')->getGrant($this->module_info, Context::get('logged_info'), $this->xml_info);
-		// Check permissions
+			// Check permission
-		if(!isset($checked) && !$this->checkPermission($xml_info, $grant))
+			if($this->checkPermission($grant) !== true)
 			{
-			return;
+				return false;
 			}
 		}
-		// permission variable settings
+		// Set privileges(granted) variables
 		$this->grant = $grant;
 		Context::set('grant', $grant);
 		// execute init
 		if(method_exists($this, 'init'))
 		{
 			$this->init();
 		}
 	}
 	/**
 	 * Check permission by target_srl
 	 * @param string $target_srl as module_srl. It may be a reference serial number
 	 * @param string $type module name. get module_srl from module
 	 * @param object $xml_info object containing module description. and if used, check permission
 	 * @return mixed fail : false, success : true or object
 	 * */
 	function checkPermissionBySrl($target_srl, $type = null, $xml_info = null)
 	{
 		if(!($target_srl = trim($target_srl)) || !preg_match('/^([0-9]+)$/', $target_srl) && $type != 'module')
 		{
 			$this->stop('msg_invalid_request');
 			return false;
 		}
 		if($type)
 		{
 			if($type == 'document')
 			{
 				$target_srl = getModel('document')->getDocument($target_srl, false, false)->get('module_srl');
 			}
 			else if($type == 'comment')
 			{
 				$target_srl = getModel('comment')->getComment($target_srl)->get('module_srl');
 			}
 			else if($type == 'file')
 			{
 				$target_srl = getModel('file')->getFile($target_srl)->module_srl;
 			}
 			else if($type == 'module')
 			{
 				$module_info = getModel('module')->getModuleInfoByMid($target_srl);
 			}
 		}
 		if(!isset($module_info))
 		{
 			$module_info = getModel('module')->getModuleInfoByModuleSrl($target_srl);
 		}
 		if(!$module_info->module_srl)
 		{
 			$this->stop('msg_invalid_request');
 			return false;
 		}
 		$grant = getModel('module')->getGrant($module_info, Context::get('logged_info'));
 		if($xml_info)
 		{
 			// Check permissions
 			if(!$this->checkPermission($xml_info, $grant))
 			{
 				return false;
 			}
 		return true;
 	}
-		return $grant;
+	/**
 	 * Check permission
 	 * @param object $grant privileges(granted) information of user
 	 * @param object $find if user doesn't have privilege(granted), find more privilege of the user
 	 * @param object $member_info member information
 	 * @return boolean success : true, fail : false
 	 * */
 	function checkPermission($grant = null, $find = true, $member_info = null)
 	{
 		// Get logged-in member information
 		if(!$member_info)
 		{
 			$member_info = Context::get('logged_info');
 		}
-	/**
+		// Get privileges(granted) information of the member for current module
 	 * Check permissions
 	 * @param object $xml_info object containing module description
 	 * @param object $grant grant information of user
 	 * @return boolean true : success, false : fail
 	 * */
 	function checkPermission($xml_info, $grant = null)
 	{
 		// Get grant information
 		if(!$grant)
 		{
-			$grant = getModel('module')->getGrant($this->module_info, Context::get('logged_info'), $xml_info);
+			$grant = getModel('module')->getGrant($this->module_info, $member_info, $this->xml_info);
 		}
 		// If an administrator, Pass
@ -319,8 +276,8 @@ class ModuleObject extends Object
 			return true;
 		}
-		// get permission types(guest, member, manager, root) of the currently requested action
+		// Get permission types(guest, member, manager, root) of the currently requested action
-		$permission = $xml_info->permission->{$this->act};
+		$permission = $this->xml_info->permission->{$this->act};
 		// If admin action, default permission
 		if(!$permission && stripos($this->act, 'admin') !== false)
@ -328,19 +285,38 @@ class ModuleObject extends Object
 			$permission = 'root';
 		}
-		// Check permissions
+		// If 'act' have permission, but user does not have privilege(granted), error
 		if($permission)
 		{
 			// If permission is 'member', check logged-in
 			if($permission == 'member' && !Context::get('is_logged'))
 			{
 				$this->stop('msg_not_permitted_act');
 				return false;
 			}
-			else if($permission == 'manager' && !$grant->manager)
+			// If permission is 'manager', check 'is user have manager privilege(granted)'
 			else if(strpos($permission, 'manager') !== false && !$grant->manager)
 			{
 				// If permission is 'all-managers','same-managers', search modules to find manager privilege of the member
 				if(Context::get('is_logged') && $find)
 				{
 					// if permission is 'all-managers', and manager privilege of the member is found by search all modules, Pass
 					if($permission == 'all-managers' && getModel('module')->findManagerPrivilege($member_info) !== false)
 					{
 						return true;
 					}
 					// if permission is 'same-managers', and manager privilege of the member is found by search same modules, Pass
 					else if($permission == 'same-managers' && getModel('module')->findManagerPrivilege($member_info, $this->module) !== false)
 					{
 						return true;
 					}
 				}
 				$this->stop('admin.msg_is_not_administrator');
 				return false;
 			}
 			// If permission is 'root', Error!
 			// Because an administrator who have root privilege(granted) was passed already
 			else if($permission == 'root')
 			{
 				$this->stop('admin.msg_is_not_administrator');
@ -357,12 +333,16 @@ class ModuleObject extends Object
 	 * @return ModuleObject $this
 	 * */
 	function stop($msg_code)
 	{
 		if($this->stop_proc !== true)
 		{
 			// flag setting to stop the proc processing
-		$this->stop_proc = TRUE;
+			$this->stop_proc = true;
 			// Error handling
 			$this->setError(-1);
 			$this->setMessage($msg_code);
 			// Error message display by message module
 			$type = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $type);
@ -373,6 +353,7 @@ class ModuleObject extends Object
 			$this->setTemplatePath($oMessageObject->getTemplatePath());
 			$this->setTemplateFile($oMessageObject->getTemplateFile());
 			$this->setHttpStatusCode($oMessageObject->getHttpStatusCode());
 		}
 		return $this;
 	}
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@ -847,7 +847,7 @@ class moduleModel extends module
 					$target = $permission->attrs->target;
 					$info->permission->{$action} = $target;
-					$info->permission_check->{$action}->key = $permission->attrs->check_var ?: 'module_srl';
+					$info->permission_check->{$action}->key = $permission->attrs->check_var ?: '';
 					$info->permission_check->{$action}->type = $permission->attrs->check_type ?: '';
 					$buff[] = sprintf('$info->permission->%s = \'%s\';', $action, $target);
@ -1905,18 +1905,20 @@ class moduleModel extends module
 	}
 	/**
-	 * @brief Return permission by using module info, xml info and member info
+	 * @brief Return privileges(granted) information by using module info, xml info and member info
 	 */
 	function getGrant($module_info, $member_info, $xml_info = '')
 	{
-		if (!$xml_info && isset($GLOBALS['__MODULE_GRANT__'][intval($module_info->module_srl)][intval($member_info->member_srl)]))
+		$__cache = &$GLOBALS['__MODULE_GRANT__'][$module_info->module][intval($module_info->module_srl)][intval($member_info->member_srl)];
 		if (!$xml_info && is_object($__cache))
 		{
-			return $GLOBALS['__MODULE_GRANT__'][intval($module_info->module_srl)][intval($member_info->member_srl)];
+			return $__cache;
 		}
 		$grant = new stdClass;
-		// Get information of module xml 
+		// Get information of module.xml 
 		if(!$xml_info)
 		{
 			$xml_info = $this->getModuleActionXml($module_info->module);
@ -1932,49 +1934,49 @@ class moduleModel extends module
 			$member_group = array();
 		}
-		$is_module_admin = $this->isModuleAdmin($member_info, $module_info->module_srl);
+		$is_module_admin = $module_info->module_srl ? $this->isModuleAdmin($member_info, $module_info->module_srl) : false;
-		// Get module grant
+		// Get 'privilege name' list from module.xml
-		$module_grant = array_keys((array) $xml_info->grant);
+		$privilege_list = array_keys((array) $xml_info->grant);
-		// Prepend default grant
+		// Prepend default 'privilege name'
 		// is_admin, manager, is_site_admin not distinguish because of compatibility.
-		array_unshift($module_grant, 'access', 'is_admin', 'manager', 'is_site_admin', 'root');
+		array_unshift($privilege_list, 'access', 'is_admin', 'manager', 'is_site_admin', 'root');
-		// unique
+		// Unique
-		$module_grant = array_unique($module_grant, SORT_STRING);
+		$privilege_list = array_unique($privilege_list, SORT_STRING);
-		// Set grant
+		// Grant first
-		foreach($module_grant as $val)
+		foreach($privilege_list as $val)
 		{
-			// If an administrator, set all true.
+			// If an administrator, grant all
 			if($member_info->is_admin == 'Y')
 			{
 				$grant->{$val} = true;
 			}
-			// If a module manager, except 'root'
+			// If a module manager, grant all (except 'root')
 			else if($is_module_admin === true && $val !== 'root')
 			{
 				$grant->{$val} = true;
 			}
-			// If module_srl doesn't exist, access true
+			// If module_srl doesn't exist, grant access
 			else if(!$module_info->module_srl && $val === 'access')
 			{
 				$grant->{$val} = true;
 			}
-			// default permission false
+			// Default : not grant
 			else
 			{
 				$grant->{$val} = false;
 			}
 		}
-		// If not have access permission, check more
+		// If access were not granted, check more
 		if(!$grant->access)
 		{
 			$checked = array();
-			// check permission information that get from the DB 
+			// Grant privileges by information that get from the DB
 			foreach($this->getModuleGrants($module_info->module_srl)->data as $val)
 			{
 				if(isset($checked[$val->name]))
@ -2002,7 +2004,7 @@ class moduleModel extends module
 					// Site-joined member only
 					else if($val->group_srl == -2)
 					{
-						// Permission granted if no information of the currently connected site exists
+						// Grant if no information of the currently connected site exists
 						if(!Context::get('site_module_info')->site_srl)
 						{
 							$grant->{$val->name} = true;
@ -2020,13 +2022,13 @@ class moduleModel extends module
 				}
 			}
-			// access default permission
+			// Grant access by default
 			if(!isset($checked['access']))
 			{
 				$grant->access = true;
 			}
-			// module default permission
+			// Grant privileges by default information of module
 			if(is_array($xml_info->grant))
 			{
 				foreach($xml_info->grant as $name => $item)
@ -2053,7 +2055,7 @@ class moduleModel extends module
 						}
 						else if($item->default == 'site')
 						{
-							// Permission granted if no information of the currently connected site exists
+							// Grant if no information of the currently connected site exists
 							if(!Context::get('site_module_info')->site_srl)
 							{
 								$grant->{$name} = true;
@ -2068,10 +2070,89 @@ class moduleModel extends module
 			}
 		}
-		$GLOBALS['__MODULE_GRANT__'][intval($module_info->module_srl)][intval($member_info->member_srl)] = $grant;
+		return $__cache = $grant;
 	}
 	/**
 	 * Get privileges(granted) information of the member for target module by target_srl
 	 * @param string $target_srl as module_srl. It may be a reference serial number
 	 * @param string $type module name. get module_srl from module
 	 * @param object $member_info member information
 	 * @return mixed success : object, fail : false
 	 * */
 	function getPrivilegesBySrl($target_srl, $type = null, $member_info = null)
 	{
 		if(empty($target_srl = trim($target_srl)) || !preg_match('/^([0-9]+)$/', $target_srl) && $type != 'module')
 		{
 			return false;
 		}
 		if($type)
 		{
 			if($type == 'document')
 			{
 				$target_srl = getModel('document')->getDocument($target_srl, false, false)->get('module_srl');
 			}
 			else if($type == 'comment')
 			{
 				$target_srl = getModel('comment')->getComment($target_srl)->get('module_srl');
 			}
 			else if($type == 'file')
 			{
 				$target_srl = getModel('file')->getFile($target_srl)->module_srl;
 			}
 			else if($type == 'module')
 			{
 				$module_info = $this->getModuleInfoByMid($target_srl);
 			}
 		}
 		if(!isset($module_info))
 		{
 			$module_info = $this->getModuleInfoByModuleSrl($target_srl);
 		}
 		if(!$module_info->module_srl)
 		{
 			return false;
 		}
 		if(!$member_info)
 		{
 			$member_info = Context::get('logged_info');
 		}
 		return $this->getGrant($module_info, $member_info);
 	}
 	/**
 	 * @brief Search all modules to find manager privilege of the member
 	 * @param object $member_info member information
 	 * @param string $module module name. if used, search scope is same module
 	 * @return mixed success : object, fail : false
 	 */
 	function findManagerPrivilege($member_info, $module = null)
 	{
 		if(!$member_info->member_srl || empty($mid_list = $this->getMidList()))
 		{
 			return false;
 		}
 		foreach($mid_list as $module_info)
 		{
 			if($module && $module_info->module != $module)
 			{
 				continue;
 			}
 			if(($grant = $this->getGrant($module_info, $member_info)) && $grant->manager)
 			{
 				return $grant;
 			}
 		}
 		return false;
 	}
 	/**
 	 * @brief Get module grants