fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-12 05:22:35 +09:00
Code Issues Projects Releases Packages Wiki Activity

<action>에 퍼미션 속성 추가

Browse source 
승인 권한 (grant)도 퍼미션 체크를 할 수 있도록 추가
This commit is contained in:
conory 2017-04-07 14:55:33 +09:00
parent 9713e99144
commit f224a4aea0
3 changed files with 69 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

41
classes/module/ModuleHandler.class.php
View file

@ -556,13 +556,14 @@ class ModuleHandler extends Handler
} }
$forward = NULL; $forward = NULL;
// 1. Look for the module with action name // 1. Look for the module with action name
if(preg_match('/^([a-z]+)([A-Z])([a-z0-9\_]+)(.*)$/', $this->act, $matches)) if(preg_match('/^([a-z]+)([A-Z])([a-z0-9\_]+)(.*)$/', $this->act, $matches))
{ {
$module = strtolower($matches[2] . $matches[3]); $module = strtolower($matches[2] . $matches[3]);
$xml_info = $oModuleModel->getModuleActionXml($module); $xml_info = $oModuleModel->getModuleActionXml($module);
if($xml_info->action->{$this->act} && ((stripos($this->act, 'admin') !== FALSE) || $xml_info->action->{$this->act}->standalone != 'false')) if($xml_info->action->{$this->act} && ($this->module == 'admin' || $xml_info->action->{$this->act}->standalone != 'false'))
{ {
$forward = new stdClass(); $forward = new stdClass();
$forward->module = $module; $forward->module = $module;
@ -581,12 +582,12 @@ class ModuleHandler extends Handler
return $oMessageObject; return $oMessageObject;
} }
} }
if(!$forward) if(!$forward)
{ {
$forward = $oModuleModel->getActionForward($this->act); $forward = $oModuleModel->getActionForward($this->act);
} }
if($forward->module && $forward->type && $forward->act && $forward->act == $this->act) if($forward->module && $forward->type && $forward->act && $forward->act == $this->act)
{ {
$kind = stripos($forward->act, 'admin') !== FALSE ? 'admin' : ''; $kind = stripos($forward->act, 'admin') !== FALSE ? 'admin' : '';
@ -594,9 +595,24 @@ class ModuleHandler extends Handler
$ruleset = $forward->ruleset; $ruleset = $forward->ruleset;
$tpl_path = $oModule->getTemplatePath(); $tpl_path = $oModule->getTemplatePath();
$orig_module = $oModule; $orig_module = $oModule;
$xml_info = $oModuleModel->getModuleActionXml($forward->module); $xml_info = $oModuleModel->getModuleActionXml($forward->module);
// Protect admin action
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
{
if($this->module == 'admin' || empty($xml_info->permission->{$this->act}))
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
// SECISSUE also check foward act method // SECISSUE also check foward act method
// check REQUEST_METHOD in controller // check REQUEST_METHOD in controller
if($type == 'controller') if($type == 'controller')
@ -670,21 +686,6 @@ class ModuleHandler extends Handler
return $oMessageObject; return $oMessageObject;
} }
// Protect admin action
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
{
if($this->module == 'admin' || strpos($xml_info->permission->{$this->act}, 'manager') === false)
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
// Admin page layout // Admin page layout
if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify') if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify')
{ {

28
classes/module/ModuleObject.class.php
View file

@ -223,6 +223,7 @@ class ModuleObject extends Object
// Check permission // Check permission
if($this->checkPermission($grant, false) !== true) if($this->checkPermission($grant, false) !== true)
{ {
$this->stop('msg_not_permitted_act');
return false; return false;
} }
} }
@ -238,6 +239,7 @@ class ModuleObject extends Object
// Check permission // Check permission
if($this->checkPermission($grant) !== true) if($this->checkPermission($grant) !== true)
{ {
$this->stop('msg_not_permitted_act');
return false; return false;
} }
} }
@ -279,8 +281,14 @@ class ModuleObject extends Object
// Get permission types(guest, member, manager, root) of the currently requested action // Get permission types(guest, member, manager, root) of the currently requested action
$permission = $this->xml_info->permission->{$this->act}; $permission = $this->xml_info->permission->{$this->act};
// If admin action, default permission // If permission is 'guest', Pass
if(!$permission && stripos($this->act, 'admin') !== false) if($permission == 'guest')
{
return true;
}
// If admin action, set default permission
if(empty($permission) && stripos($this->act, 'admin') !== false)
{ {
$permission = 'root'; $permission = 'root';
} }
@ -291,7 +299,6 @@ class ModuleObject extends Object
// If permission is 'member', check logged-in // If permission is 'member', check logged-in
if($permission == 'member' && !Context::get('is_logged')) if($permission == 'member' && !Context::get('is_logged'))
{ {
$this->stop('msg_not_permitted_act');
return false; return false;
} }
// If permission is 'manager', check 'is user have manager privilege(granted)' // If permission is 'manager', check 'is user have manager privilege(granted)'
@ -317,16 +324,27 @@ class ModuleObject extends Object
} }
} }
$this->stop('admin.msg_is_not_administrator');
return false; return false;
} }
// If permission is 'root', Error! // If permission is 'root', Error!
// Because an administrator who have root privilege(granted) was passed already // Because an administrator who have root privilege(granted) was passed already
else if($permission == 'root') else if($permission == 'root')
{ {
$this->stop('admin.msg_is_not_administrator');
return false; return false;
} }
// If grant name, check the privilege(granted) of the user
else if($grant_names = explode('|', $permission))
{
$privilege_list = array_keys((array) $this->xml_info->grant);
foreach($grant_names as $name)
{
if(!in_array($name, $privilege_list) || !$grant->$name)
{
return false;
}
}
}
} }
return true; return true;

30
modules/module/module.model.php
View file

@ -839,13 +839,13 @@ class moduleModel extends module
else $permission_list[] = $permissions; else $permission_list[] = $permissions;
$buff[] = '$info->permission = new stdClass;'; $buff[] = '$info->permission = new stdClass;';
$info->permission = new stdClass(); $info->permission = new stdClass();
foreach($permission_list as $permission) foreach($permission_list as $permission)
{ {
$action = $permission->attrs->action; $action = $permission->attrs->action;
$target = $permission->attrs->target; $target = $permission->attrs->target;
$info->permission->{$action} = $target; $info->permission->{$action} = $target;
$info->permission_check->{$action}->key = $permission->attrs->check_var ?: ''; $info->permission_check->{$action}->key = $permission->attrs->check_var ?: '';
$info->permission_check->{$action}->type = $permission->attrs->check_type ?: ''; $info->permission_check->{$action}->type = $permission->attrs->check_type ?: '';
@ -863,6 +863,7 @@ class moduleModel extends module
$buff[] = '$info->menu = new stdClass;'; $buff[] = '$info->menu = new stdClass;';
$info->menu = new stdClass(); $info->menu = new stdClass();
foreach($menu_list as $menu) foreach($menu_list as $menu)
{ {
$menu_name = $menu->attrs->name; $menu_name = $menu->attrs->name;
@ -885,20 +886,39 @@ class moduleModel extends module
{ {
if(is_array($actions)) $action_list = $actions; if(is_array($actions)) $action_list = $actions;
else $action_list[] = $actions; else $action_list[] = $actions;
if(!isset($info->permission))
{
$buff[] = '$info->permission = new stdClass;';
$info->permission = new stdClass();
}
$buff[] = '$info->action = new stdClass;'; $buff[] = '$info->action = new stdClass;';
$info->action = new stdClass(); $info->action = new stdClass();
foreach($action_list as $action) foreach($action_list as $action)
{ {
$name = $action->attrs->name; $name = $action->attrs->name;
// <action permission="...">
if($action->attrs->permission)
{
$info->permission->$name = $action->attrs->permission;
$info->permission_check->$name->key = $action->attrs->check_var ?: '';
$info->permission_check->$name->type = $action->attrs->check_type ?: '';
$buff[] = sprintf('$info->permission->%s = \'%s\';', $name, $info->permission->$name);
$buff[] = sprintf('$info->permission_check->%s->key = \'%s\';', $name, $info->permission_check->$name->key);
$buff[] = sprintf('$info->permission_check->%s->type = \'%s\';', $name, $info->permission_check->$name->type);
}
$type = $action->attrs->type; $type = $action->attrs->type;
$grant = $action->attrs->grant?$action->attrs->grant:'guest'; $grant = $action->attrs->grant?$action->attrs->grant:'guest';
$standalone = $action->attrs->standalone=='false'?'false':'true'; $standalone = $action->attrs->standalone=='false'?'false':'true';
$ruleset = $action->attrs->ruleset?$action->attrs->ruleset:''; $ruleset = $action->attrs->ruleset?$action->attrs->ruleset:'';
$method = $action->attrs->method?$action->attrs->method:''; $method = $action->attrs->method?$action->attrs->method:'';
$check_csrf = $action->attrs->check_csrf=='false'?'false':'true'; $check_csrf = $action->attrs->check_csrf=='false'?'false':'true';
$index = $action->attrs->index; $index = $action->attrs->index;
$admin_index = $action->attrs->admin_index; $admin_index = $action->attrs->admin_index;
$setup_index = $action->attrs->setup_index; $setup_index = $action->attrs->setup_index;