diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php index b6e330ea9..ad83fe989 100644 --- a/classes/module/ModuleHandler.class.php +++ b/classes/module/ModuleHandler.class.php @@ -19,6 +19,7 @@ var $act = NULL; ///< action var $mid = NULL; ///< 모듈의 객체명 var $document_srl = NULL; ///< 문서 번호 + var $module_srl = NULL; ///< 모듈의 번호 var $module_info = NULL; ///< 모듈의 정보 @@ -31,7 +32,7 @@ * 인자를 넘겨주지 않으면 현 페이지 요청받은 Request Arguments를 이용하여 * 변수를 세팅한다. **/ - function ModuleHandler($module = '', $act = '', $mid = '', $document_srl = '') { + function ModuleHandler($module = '', $act = '', $mid = '', $document_srl = '', $module_srl = '') { // 설치가 안되어 있다면 install module을 지정 if(!Context::isInstalled()) { $this->module = 'install'; @@ -52,6 +53,9 @@ if(!$document_srl) $this->document_srl = (int)Context::get('document_srl'); else $this->document_srl = (int)$document_srl; + if(!$module_srl) $this->module_srl = (int)Context::get('module_srl'); + else $this->module_srl = (int)$module_srl; + // 기본 변수들의 검사 (XSS방지를 위한 기초적 검사) if($this->module && !eregi("^([a-z0-9\_\-]+)$",$this->module)) die(Context::getLang("msg_invalid_request")); if($this->mid && !eregi("^([a-z0-9\_\-]+)$",$this->mid)) die(Context::getLang("msg_invalid_request")); @@ -70,13 +74,17 @@ $oModuleModel = &getModel('module'); // document_srl이 있으면 document_srl로 모듈과 모듈 정보를 구함 - if($this->document_srl && !$this->mid) $module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl); + if($this->document_srl && !$this->mid && !$this->module_srl) $module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl); if($this->module && $module_info->module != $this->module) unset($module_info); // 아직 모듈을 못 찾았고 $mid값이 있으면 $mid로 모듈을 구함 if(!$module_info && $this->mid) $module_info = $oModuleModel->getModuleInfoByMid($this->mid); if($this->module && $module_info->module != $this->module) unset($module_info); + // 모듈을 여전히(;;) 못 찾고 $module_srl이 있으면 해당 모듈을 구함 + if(!$module_info && $this->module_srl) $module_info = $oModuleModel->getModuleInfoByModuleSrl($this->module_srl); + if($this->module && $module_info->module != $this->module) unset($module_info); + // 역시 모듈을 못 찾았고 $module이 없다면 기본 모듈을 찾아봄 if(!$module_info && !$this->module) $module_info = $oModuleModel->getModuleInfoByMid(); diff --git a/classes/module/ModuleObject.class.php b/classes/module/ModuleObject.class.php index 3255e4b58..84d67fab9 100644 --- a/classes/module/ModuleObject.class.php +++ b/classes/module/ModuleObject.class.php @@ -92,15 +92,7 @@ $grant->is_admin = false; } - // act값에 admin이 들어 있는데 관리자가 아닌 경우 오류 표시 - if(substr_count($this->act, 'Admin')) { - if(!$is_logged) { - $this->setAct("dispMemberLoginForm"); - } elseif(!$grant->is_admin) { - return $this->stop('msg_not_permitted_act'); - } - } - + // module.xml 에 있는 권한 정보를 정리 if($module_info->grants) { foreach($module_info->grants as $key => $val) { if(!$xml_info->grant->{$key}) { @@ -160,6 +152,26 @@ } } + // act값에 admin이 들어 있는데 관리자가 아닌 경우 오류 표시 + if(substr_count($this->act, 'Admin')) { + // 로그인 되어 있지 않다면 무조건 금지 + if(!$is_logged) $this->setAct("dispMemberLoginForm"); + else { + + $permitted = false; + + // 최고관리자이면 무조건 패스~ + if($grant->is_admin) $permitted = true; + + // 최고관리자가 아니더라도 module.xml에서 permission에 등록된 권한이 있으면 허용 + $permission_target = $xml_info->permission->{$this->act}; + if($permission_target && $grant->{$permission_target}) $permitted = true; + + if(!$permitted) return $this->stop('msg_not_permitted_act'); + + } + } + // 권한변수 설정 $this->grant = $grant; Context::set('grant', $grant); diff --git a/modules/module/module.model.php b/modules/module/module.model.php index 0ab87b7ae..18d0279b9 100644 --- a/modules/module/module.model.php +++ b/modules/module/module.model.php @@ -301,6 +301,7 @@ if(!count($xml_obj->module)) return; ///< xml 내용중에 module 태그가 없다면 오류;; $grants = $xml_obj->module->grants->grant; ///< 권한 정보 (없는 경우도 있음) + $permissions = $xml_obj->module->permissions->permission; ///< 권한 대행 (없는 경우도 있음) $actions = $xml_obj->module->actions->action; ///< action list (필수) $default_index = $admin_index = ''; @@ -323,6 +324,21 @@ } } + // 권한 허용 정리 + if($permissions) { + if(is_array($permissions)) $permission_list = $permissions; + else $permission_list[] = $permissions; + + foreach($permission_list as $permission) { + $action = $permission->attrs->action; + $target = $permission->attrs->target; + + $info->permission->{$action} = $target; + + $buff .= sprintf('$info->permission->%s = \'%s\';', $action, $target); + } + } + // actions 정리 if($actions) { if(is_array($actions)) $action_list = $actions; diff --git a/modules/opage/opage.admin.controller.php b/modules/opage/opage.admin.controller.php index 32cdfffb4..533487ca5 100644 --- a/modules/opage/opage.admin.controller.php +++ b/modules/opage/opage.admin.controller.php @@ -43,6 +43,7 @@ if($module_info->module_srl != $module_args->module_srl) { $output = $oModuleController->insertModule($module_args); $msg_code = 'success_registed'; + $module_info->module_srl = $output->get('module_srl'); } else { $output = $oModuleController->updateModule($module_args); $msg_code = 'success_updated'; diff --git a/modules/opage/tpl/js/opage_admin.js b/modules/opage/tpl/js/opage_admin.js index 4f94966de..9c4ee1c60 100644 --- a/modules/opage/tpl/js/opage_admin.js +++ b/modules/opage/tpl/js/opage_admin.js @@ -47,3 +47,29 @@ function doChangeCategory(fo_obj) { } return true; } + +/* 권한 관련 */ +function doSelectAll(obj, key) { + var fo_obj = obj.parentNode; + while(fo_obj.nodeName != 'FORM') { + fo_obj = fo_obj.parentNode; + } + + for(var i=0;i - + + + 열람 + 浏览 + 閲覧 + view + + + 관리 + 管理 + 管理 + manager + + + + + + + diff --git a/modules/page/page.admin.controller.php b/modules/page/page.admin.controller.php index 036b1ff0c..4dd8c04ee 100644 --- a/modules/page/page.admin.controller.php +++ b/modules/page/page.admin.controller.php @@ -42,6 +42,7 @@ if($module_info->module_srl != $args->module_srl) { $output = $oModuleController->insertModule($args); $msg_code = 'success_registed'; + $module_info->module_srl = $output->get('module_srl'); } else { $output = $oModuleController->updateModule($args); $msg_code = 'success_updated'; @@ -49,6 +50,24 @@ if(!$output->toBool()) return $output; + /** + * 권한 저장 + **/ + // 현 모듈의 권한 목록을 저장 + $grant_list = $this->xml_info->grant; + + if(count($grant_list)) { + foreach($grant_list as $key => $val) { + $group_srls = Context::get($key); + if($group_srls) $arr_grant[$key] = explode('|@|',$group_srls); + } + $grants = serialize($arr_grant); + } + + $oModuleController = &getController('module'); + $oModuleController->updateModuleGrant($module_info->module_srl, $grants); + + $this->add("module_srl", $args->module_srl); $this->add("page", Context::get('page')); $this->setMessage($msg_code); diff --git a/modules/page/page.admin.view.php b/modules/page/page.admin.view.php index ef816214c..c854de208 100644 --- a/modules/page/page.admin.view.php +++ b/modules/page/page.admin.view.php @@ -27,6 +27,15 @@ // 템플릿 경로 구함 (page의 경우 tpl에 관리자용 템플릿 모아놓음) $this->setTemplatePath($this->module_path.'tpl'); + + // 권한 그룹의 목록을 가져온다 + $oMemberModel = &getModel('member'); + $group_list = $oMemberModel->getGroups(); + Context::set('group_list', $group_list); + + // module.xml에서 권한 관련 목록을 구해옴 + $grant_list = $this->xml_info->grant; + Context::set('grant_list', $grant_list); } /** diff --git a/modules/page/page.view.php b/modules/page/page.view.php index 57a3d386b..4c2cfe99a 100644 --- a/modules/page/page.view.php +++ b/modules/page/page.view.php @@ -23,6 +23,9 @@ * @brief 일반 요청시 출력 **/ function dispPageIndex() { + // 권한 체크 + if(!$this->grant->view) return $this->stop('msg_not_permitted'); + // 템플릿에서 사용할 변수를 Context::set() if($this->module_srl) Context::set('module_srl',$this->module_srl); diff --git a/modules/page/tpl/content.html b/modules/page/tpl/content.html index eb8667901..6cbacfacc 100644 --- a/modules/page/tpl/content.html +++ b/modules/page/tpl/content.html @@ -1,10 +1,12 @@ {$page_content} - +
{$lang->cmd_remake_cache} + {$lang->cmd_setup} + {$lang->cmd_page_modify}
diff --git a/modules/page/tpl/filter/insert_page.xml b/modules/page/tpl/filter/insert_page.xml index f00e55ef5..112077bdb 100644 --- a/modules/page/tpl/filter/insert_page.xml +++ b/modules/page/tpl/filter/insert_page.xml @@ -10,6 +10,8 @@ + + diff --git a/modules/page/tpl/filter/insert_page_content.xml b/modules/page/tpl/filter/insert_page_content.xml index 949a2e006..176f424bd 100644 --- a/modules/page/tpl/filter/insert_page_content.xml +++ b/modules/page/tpl/filter/insert_page_content.xml @@ -12,6 +12,8 @@ + + diff --git a/modules/page/tpl/js/page_admin.js b/modules/page/tpl/js/page_admin.js index 895e4913e..30b3f99ad 100644 --- a/modules/page/tpl/js/page_admin.js +++ b/modules/page/tpl/js/page_admin.js @@ -83,3 +83,28 @@ function completeRemoveWidgetCache(ret_obj) { alert(message); location.reload(); } + +/* 권한 관련 */ +function doSelectAll(obj, key) { + var fo_obj = obj.parentNode; + while(fo_obj.nodeName != 'FORM') { + fo_obj = fo_obj.parentNode; + } + + for(var i=0;i + + +
diff --git a/modules/page/tpl/page_info.html b/modules/page/tpl/page_info.html index 0940db54f..f164ed648 100644 --- a/modules/page/tpl/page_info.html +++ b/modules/page/tpl/page_info.html @@ -59,17 +59,46 @@

{$lang->about_layout}

- - - - {$lang->cmd_page_modify} - - {$lang->cmd_list} - - {$lang->cmd_back} - - - + + + + + + + + + + + + + + + + + + + + + + + +
{$lang->grant}{$lang->target}
{$val->title} + + grants[$key])&&in_array($v->group_srl,$module_info->grants[$key]))-->checked="checked"/> + + + {$lang->cmd_select_all}{$lang->cmd_unselect_all}
+ +
+ + {$lang->cmd_page_modify} + + {$lang->cmd_list} + + {$lang->cmd_back} + +
+ diff --git a/modules/page/tpl/page_insert.html b/modules/page/tpl/page_insert.html index 86cf7ee81..83ab0ea24 100644 --- a/modules/page/tpl/page_insert.html +++ b/modules/page/tpl/page_insert.html @@ -60,6 +60,36 @@ + + + + + + + + + + + + + + + + + + + + + + + +
{$lang->grant}{$lang->target}
{$val->title} + + grants[$key])&&in_array($v->group_srl,$module_info->grants[$key]))-->checked="checked"/> + + + {$lang->cmd_select_all}{$lang->cmd_unselect_all}
+