Menu
▾
▴
[Gemstracker-svn] SF.net SVN: gemstracker:[128] trunk/library/classes/Gems
|
From: <gem...@li...> - 2011-10-24 11:18:36
|
Revision: 128
http://gemstracker.svn.sourceforge.net/gemstracker/?rev=128&view=rev
Author: mennodekker
Date: 2011-10-24 11:18:29 +0000 (Mon, 24 Oct 2011)
Log Message:
-----------
Make super and nologin special roles so super always has all privileges
Modified Paths:
--------------
trunk/library/classes/Gems/Default/IndexAction.php
trunk/library/classes/Gems/Default/RoleAction.php
trunk/library/classes/Gems/Roles.php
Modified: trunk/library/classes/Gems/Default/IndexAction.php
===================================================================
--- trunk/library/classes/Gems/Default/IndexAction.php 2011-10-24 10:20:26 UTC (rev 127)
+++ trunk/library/classes/Gems/Default/IndexAction.php 2011-10-24 11:18:29 UTC (rev 128)
@@ -61,6 +61,11 @@
public $escort;
/**
+ * @var Gems_Menu
+ */
+ public $menu;
+
+ /**
* Extension point, use different auth adapter if needed depending on the provided formValues
*
* This could be an organization passed in the login-form or something else.
@@ -135,8 +140,17 @@
public function loginAction()
{
+ /**
+ * If already logged in, try to redirect to the first allowed and visible menu item
+ * if that fails, try to reroute to respondent/index
+ */
if (isset($this->session->user_id)) {
- $this->_reroute(array('controller' => 'respondent'));
+ if ($menuItem = $this->menu->findFirst(array('allowed' => true, 'visible' => true))) {
+ $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
+ $redirector->gotoRoute($menuItem->toRouteUrl($this->getRequest()));
+ } else {
+ $this->_reroute(array('controller' => 'respondent', 'action'=>'index'));
+ }
}
$form = $this->_getLoginForm();
Modified: trunk/library/classes/Gems/Default/RoleAction.php
===================================================================
--- trunk/library/classes/Gems/Default/RoleAction.php 2011-10-24 10:20:26 UTC (rev 127)
+++ trunk/library/classes/Gems/Default/RoleAction.php 2011-10-24 11:18:29 UTC (rev 128)
@@ -139,6 +139,14 @@
$data['grl_parents'] = implode(',', $data['grl_parents']);
}
+ //Always add nologin privilege to 'nologin' role
+ if (isset($data['grl_name']) && $data['grl_name'] == 'nologin') {
+ $data['grl_privileges'][] = 'pr.nologin';
+ } elseif (isset($data['grl_name']) && $data['grl_name'] !== 'nologin') {
+ //Assign islogin to all other roles
+ $data['grl_privileges'][] = 'pr.islogin';
+ }
+
if (isset($data['grl_privileges'])) {
$data['grl_privileges'] = implode(',', $data['grl_privileges']);
}
@@ -171,6 +179,20 @@
return $model;
}
+ public function editAction()
+ {
+ $model = $this->getModel();
+ $data = $model->loadFirst();
+
+ //If we try to edit super, add an error message and reroute
+ if (isset($data['grl_name']) && $data['grl_name']=='super') {
+ $this->addMessage($this->_('Editing `super` is not allowed'));
+ $this->_reroute(array('action'=>'index'), true);
+ }
+
+ parent::editAction();
+ }
+
public function formatLongLine($line)
{
if (strlen($line) > 50) {
@@ -195,6 +217,10 @@
$privileges = $this->menu->getUsedPrivileges();
asort($privileges);
+ //don't allow to edit the pr.nologin and pr.islogin privilege
+ unset($privileges['pr.nologin']);
+ unset($privileges['pr.islogin']);
+
return $privileges;
}
Modified: trunk/library/classes/Gems/Roles.php
===================================================================
--- trunk/library/classes/Gems/Roles.php 2011-10-24 10:20:26 UTC (rev 127)
+++ trunk/library/classes/Gems/Roles.php 2011-10-24 11:18:29 UTC (rev 128)
@@ -4,7 +4,7 @@
/**
* Copyright (c) 2011, Erasmus MC
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
@@ -15,7 +15,7 @@
* * Neither the name of Erasmus MC nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
@@ -103,7 +103,7 @@
public function getAcl() {
return $this->_acl;
}
-
+
public static function getInstance()
{
if (!isset(self::$_instanceOfSelf)) {
@@ -124,11 +124,11 @@
$this->loadDbAcl();
} catch (Exception $e) {
Gems_Log::getLogger()->logError($e);
-
+
// Reset all roles
unset($this->_acl);
$this->_acl = new MUtil_Acl();
-
+
//Voeg standaard rollen en privileges in
$this->loadDefaultRoles();
$this->loadDefaultPrivileges();
@@ -137,6 +137,10 @@
$this->loadProjectRoles();
$this->loadProjectPrivileges();
}
+
+ //Now allow super admin all access, except for the actions that have the nologin privilege (->the login action)
+ $this->_acl->allow('super');
+ $this->_acl->deny('super', null, 'pr.nologin');
}
public function load() {
@@ -154,7 +158,7 @@
$this->build();
}
}
-
+
/**
* Recursively expands roles into Zend_Acl_Role objects
* @param array $roleList
@@ -163,31 +167,31 @@
private function _expandRole(&$roleList, $roleName, $depth = 0)
{
$role = $roleList[$roleName];
-
+
if (isset($role['marked']) && $role['marked']) {
return;
}
-
+
// possible circular reference!
if ($depth > 5) {
throw new Exception("Possible circular reference detected while expanding role '{$roleName}'");
}
-
+
if (!empty($role['grl_parents'])) {
$parents = explode(",", $role['grl_parents']);
-
+
foreach ($parents as $parent) {
$this->_expandRole($roleList, $parent, $depth + 1);
}
} else {
$parents = array();
}
-
+
$this->addRole(new Zend_Acl_Role($role['grl_name']), $parents);
-
+
$privileges = explode(",", $role['grl_privileges']);
$this->addPrivilege($role['grl_name'], $privileges);
-
+
$roleList[$roleName]['marked'] = true;
}
@@ -199,19 +203,19 @@
$db = Zend_Registry::get('db');
$sql = "SELECT grl_id_role,grl_name,grl_privileges,grl_parents FROM gems__roles";
-
+
$roles = $db->fetchAll($sql);
-
+
if (empty($roles)) {
throw new Exception("No roles stored in db");
}
-
+
$roleList = array_combine(array_map(function($value) { return $value['grl_name']; }, $roles), $roles);
-
+
foreach ($roleList as $role) {
$this->_expandRole($roleList, $role['grl_name']);
}
-
+
return true;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
