fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-08 19:42:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

<action>에 퍼미션 속성 추가

Browse source 
승인 권한 (grant)도 퍼미션 체크를 할 수 있도록 추가
This commit is contained in:
conory 2017-04-07 14:55:33 +09:00
parent 9713e99144
commit f224a4aea0
3 changed files with 69 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

33
classes/module/ModuleHandler.class.php
View file

@ -556,13 +556,14 @@ class ModuleHandler extends Handler
}
$forward = NULL;
// 1. Look for the module with action name
if(preg_match('/^([a-z]+)([A-Z])([a-z0-9\_]+)(.*)$/', $this->act, $matches))
{
$module = strtolower($matches[2] . $matches[3]);
$xml_info = $oModuleModel->getModuleActionXml($module);
if($xml_info->action->{$this->act} && ((stripos($this->act, 'admin') !== FALSE) || $xml_info->action->{$this->act}->standalone != 'false'))
if($xml_info->action->{$this->act} && ($this->module == 'admin' || $xml_info->action->{$this->act}->standalone != 'false'))
{
$forward = new stdClass();
$forward->module = $module;
@ -597,6 +598,21 @@ class ModuleHandler extends Handler
$xml_info = $oModuleModel->getModuleActionXml($forward->module);
// Protect admin action
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
{
if($this->module == 'admin' || empty($xml_info->permission->{$this->act}))
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
// SECISSUE also check foward act method
// check REQUEST_METHOD in controller
if($type == 'controller')
@ -670,21 +686,6 @@ class ModuleHandler extends Handler
return $oMessageObject;
}
// Protect admin action
if(($this->module == 'admin' || $kind == 'admin') && !$oModuleModel->getGrant($forward, $logged_info)->root)
{
if($this->module == 'admin' || strpos($xml_info->permission->{$this->act}, 'manager') === false)
{
self::_setInputErrorToContext();
$this->error = 'admin.msg_is_not_administrator';
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
// Admin page layout
if($this->module == 'admin' && $type == 'view' && $this->act != 'dispLayoutAdminLayoutModify')
{

28
classes/module/ModuleObject.class.php
View file

@ -223,6 +223,7 @@ class ModuleObject extends Object
// Check permission
if($this->checkPermission($grant, false) !== true)
{
$this->stop('msg_not_permitted_act');
return false;
}
}
@ -238,6 +239,7 @@ class ModuleObject extends Object
// Check permission
if($this->checkPermission($grant) !== true)
{
$this->stop('msg_not_permitted_act');
return false;
}
}
@ -279,8 +281,14 @@ class ModuleObject extends Object
// Get permission types(guest, member, manager, root) of the currently requested action
$permission = $this->xml_info->permission->{$this->act};
// If admin action, default permission
if(!$permission && stripos($this->act, 'admin') !== false)
// If permission is 'guest', Pass
if($permission == 'guest')
{
return true;
}
// If admin action, set default permission
if(empty($permission) && stripos($this->act, 'admin') !== false)
{
$permission = 'root';
}
@ -291,7 +299,6 @@ class ModuleObject extends Object
// If permission is 'member', check logged-in
if($permission == 'member' && !Context::get('is_logged'))
{
$this->stop('msg_not_permitted_act');
return false;
}
// If permission is 'manager', check 'is user have manager privilege(granted)'
@ -317,16 +324,27 @@ class ModuleObject extends Object
}
}
$this->stop('admin.msg_is_not_administrator');
return false;
}
// If permission is 'root', Error!
// Because an administrator who have root privilege(granted) was passed already
else if($permission == 'root')
{
$this->stop('admin.msg_is_not_administrator');
return false;
}
// If grant name, check the privilege(granted) of the user
else if($grant_names = explode('|', $permission))
{
$privilege_list = array_keys((array) $this->xml_info->grant);
foreach($grant_names as $name)
{
if(!in_array($name, $privilege_list) || !$grant->$name)
{
return false;
}
}
}
}
return true;

22
modules/module/module.model.php
View file

@ -839,8 +839,8 @@ class moduleModel extends module
else $permission_list[] = $permissions;
$buff[] = '$info->permission = new stdClass;';
$info->permission = new stdClass();
foreach($permission_list as $permission)
{
$action = $permission->attrs->action;
@ -863,6 +863,7 @@ class moduleModel extends module
$buff[] = '$info->menu = new stdClass;';
$info->menu = new stdClass();
foreach($menu_list as $menu)
{
$menu_name = $menu->attrs->name;
@ -886,12 +887,31 @@ class moduleModel extends module
if(is_array($actions)) $action_list = $actions;
else $action_list[] = $actions;
if(!isset($info->permission))
{
$buff[] = '$info->permission = new stdClass;';
$info->permission = new stdClass();
}
$buff[] = '$info->action = new stdClass;';
$info->action = new stdClass();
foreach($action_list as $action)
{
$name = $action->attrs->name;
// <action permission="...">
if($action->attrs->permission)
{
$info->permission->$name = $action->attrs->permission;
$info->permission_check->$name->key = $action->attrs->check_var ?: '';
$info->permission_check->$name->type = $action->attrs->check_type ?: '';
$buff[] = sprintf('$info->permission->%s = \'%s\';', $name, $info->permission->$name);
$buff[] = sprintf('$info->permission_check->%s->key = \'%s\';', $name, $info->permission_check->$name->key);
$buff[] = sprintf('$info->permission_check->%s->type = \'%s\';', $name, $info->permission_check->$name->type);
}
$type = $action->attrs->type;
$grant = $action->attrs->grant?$action->attrs->grant:'guest';
$standalone = $action->attrs->standalone=='false'?'false':'true';