mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-27 06:13:32 +09:00
<action>에 퍼미션 속성 추가
승인 권한 (grant)도 퍼미션 체크를 할 수 있도록 추가
This commit is contained in:
conory
parent
9713e99144
commit
f224a4aea0
3 changed files with 69 additions and 30 deletions
|
|
@ -556,13 +556,14 @@ class ModuleHandler extends Handler
|
|||
}
|
||||
|
||||
$forward = NULL;
|
||||
|
||||
// 1. Look for the module with action name
|
||||
if(preg_match('/^([a-z]+)([A-Z])([a-z0-9\_]+)(.*)$/', $this->act, $matches))
|
||||
{
|
||||
$module = strtolower($matches[2] . $matches[3]);
|
||||
$xml_info = $oModuleModel->getModuleActionXml($module);
|
||||
|
||||
if($xml_info->action->{$this->act} && ((stripos($this->act, 'admin') !== FALSE) || $xml_info->action->{$this->act}->standalone != 'false'))
|
||||
if($xml_info->action->{$this->act} && ($this->module == 'admin' || $xml_info->action->{$this->act}->standalone != 'false'))
|
||||
{
|
||||
$forward = new stdClass();
|
||||
$forward->module = $module;
|
||||
|
|
@ -581,12 +582,12 @@ class ModuleHandler extends Handler
|
|||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if(!$forward)
|
||||
{
|
||||
$forward = $oModuleModel->getActionForward($this->act);
|
||||
}
|
||||
|
||||
|
||||
if($forward->module && $forward->type && $forward->act && $forward->act == $this->act)
|
||||
{
|
||||
$kind = stripos($forward->act, 'admin') !== FALSE ? 'admin' : '';
|
||||
|
|
@ -594,9 +595,24 @@ class ModuleHandler extends Handler
|
|||
$ruleset = $forward->ruleset;
|
||||
$tpl_path = $oModule->getTemplatePath();
|
||||
$orig_module = $oModule;
|
||||
|
||||
|
||||
$xml_info = $oModuleModel->getModuleActionXml($forward->module);
|
||||
|
||||
|
||||
// Protect admin action
|
||||
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
|
||||
{
|
||||
if($this->module == 'admin' || empty($xml_info->permission->{$this->act}))
|
||||
{
|
||||
self::_setInputErrorToContext();
|
||||
$this->error = 'admin.msg_is_not_administrator';
|
||||
$oMessageObject = self::getModuleInstance('message', $display_mode);
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
// SECISSUE also check foward act method
|
||||
// check REQUEST_METHOD in controller
|
||||
if($type == 'controller')
|
||||
|
|
@ -670,21 +686,6 @@ class ModuleHandler extends Handler
|
|||
return $oMessageObject;
|
||||
}
|
||||
|
||||
// Protect admin action
|
||||
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
|
||||
{
|
||||
if($this->module == 'admin' || strpos($xml_info->permission->{$this->act}, 'manager') === false)
|
||||
{
|
||||
self::_setInputErrorToContext();
|
||||
$this->error = 'admin.msg_is_not_administrator';
|
||||
$oMessageObject = self::getModuleInstance('message', $display_mode);
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
// Admin page layout
|
||||
if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify')
|
||||
{
|
||||
|
|
|
|||
|
|
@ -223,6 +223,7 @@ class ModuleObject extends Object
|
|||
// Check permission
|
||||
if($this->checkPermission($grant, false) !== true)
|
||||
{
|
||||
$this->stop('msg_not_permitted_act');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -238,6 +239,7 @@ class ModuleObject extends Object
|
|||
// Check permission
|
||||
if($this->checkPermission($grant) !== true)
|
||||
{
|
||||
$this->stop('msg_not_permitted_act');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -279,8 +281,14 @@ class ModuleObject extends Object
|
|||
// Get permission types(guest, member, manager, root) of the currently requested action
|
||||
$permission = $this->xml_info->permission->{$this->act};
|
||||
|
||||
// If admin action, default permission
|
||||
if(!$permission && stripos($this->act, 'admin') !== false)
|
||||
// If permission is 'guest', Pass
|
||||
if($permission == 'guest')
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// If admin action, set default permission
|
||||
if(empty($permission) && stripos($this->act, 'admin') !== false)
|
||||
{
|
||||
$permission = 'root';
|
||||
}
|
||||
|
|
@ -291,7 +299,6 @@ class ModuleObject extends Object
|
|||
// If permission is 'member', check logged-in
|
||||
if($permission == 'member' && !Context::get('is_logged'))
|
||||
{
|
||||
$this->stop('msg_not_permitted_act');
|
||||
return false;
|
||||
}
|
||||
// If permission is 'manager', check 'is user have manager privilege(granted)'
|
||||
|
|
@ -317,16 +324,27 @@ class ModuleObject extends Object
|
|||
}
|
||||
}
|
||||
|
||||
$this->stop('admin.msg_is_not_administrator');
|
||||
return false;
|
||||
}
|
||||
// If permission is 'root', Error!
|
||||
// Because an administrator who have root privilege(granted) was passed already
|
||||
else if($permission == 'root')
|
||||
{
|
||||
$this->stop('admin.msg_is_not_administrator');
|
||||
return false;
|
||||
}
|
||||
// If grant name, check the privilege(granted) of the user
|
||||
else if($grant_names = explode('|', $permission))
|
||||
{
|
||||
$privilege_list = array_keys((array) $this->xml_info->grant);
|
||||
|
||||
foreach($grant_names as $name)
|
||||
{
|
||||
if(!in_array($name, $privilege_list) || !$grant->$name)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue