[Gemstracker-svn] SF.net SVN: gemstracker:[128] trunk/library/classes/Gems

[<gem...@li...>]

Revision: 128
          http://gemstracker.svn.sourceforge.net/gemstracker/?rev=128&view=rev
Author:   mennodekker
Date:     2011-10-24 11:18:29 +0000 (Mon, 24 Oct 2011)
Log Message:
-----------
Make super and nologin special roles so super always has all privileges

Modified Paths:
--------------
    trunk/library/classes/Gems/Default/IndexAction.php
    trunk/library/classes/Gems/Default/RoleAction.php
    trunk/library/classes/Gems/Roles.php

Modified: trunk/library/classes/Gems/Default/IndexAction.php
===================================================================
--- trunk/library/classes/Gems/Default/IndexAction.php	2011-10-24 10:20:26 UTC (rev 127)
+++ trunk/library/classes/Gems/Default/IndexAction.php	2011-10-24 11:18:29 UTC (rev 128)
@@ -61,6 +61,11 @@
     public $escort;
 
     /**
+     * @var Gems_Menu
+     */
+    public $menu;
+
+    /**
      * Extension point, use different auth adapter if needed depending on the provided formValues
      *
      * This could be an organization passed in the login-form or something else.
@@ -135,8 +140,17 @@
 
     public function loginAction()
     {
+        /**
+         * If already logged in, try to redirect to the first allowed and visible menu item
+         * if that fails, try to reroute to respondent/index
+         */
         if (isset($this->session->user_id)) {
-            $this->_reroute(array('controller' => 'respondent'));
+            if ($menuItem = $this->menu->findFirst(array('allowed' => true, 'visible' => true))) {
+                $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
+                $redirector->gotoRoute($menuItem->toRouteUrl($this->getRequest()));
+            } else {
+                $this->_reroute(array('controller' => 'respondent', 'action'=>'index'));
+            }
         }
 
         $form = $this->_getLoginForm();

Modified: trunk/library/classes/Gems/Default/RoleAction.php
===================================================================
--- trunk/library/classes/Gems/Default/RoleAction.php	2011-10-24 10:20:26 UTC (rev 127)
+++ trunk/library/classes/Gems/Default/RoleAction.php	2011-10-24 11:18:29 UTC (rev 128)
@@ -139,6 +139,14 @@
             $data['grl_parents'] = implode(',', $data['grl_parents']);
         }
 
+        //Always add nologin privilege to 'nologin' role
+        if (isset($data['grl_name']) && $data['grl_name'] == 'nologin') {
+            $data['grl_privileges'][] = 'pr.nologin';
+        } elseif (isset($data['grl_name']) && $data['grl_name'] !== 'nologin') {
+            //Assign islogin to all other roles
+            $data['grl_privileges'][] = 'pr.islogin';
+        }
+
         if (isset($data['grl_privileges'])) {
             $data['grl_privileges'] = implode(',', $data['grl_privileges']);
         }
@@ -171,6 +179,20 @@
         return $model;
     }
 
+    public function editAction()
+    {
+        $model   = $this->getModel();
+        $data    = $model->loadFirst();
+
+        //If we try to edit super, add an error message and reroute
+        if (isset($data['grl_name']) && $data['grl_name']=='super') {
+            $this->addMessage($this->_('Editing `super` is not allowed'));
+            $this->_reroute(array('action'=>'index'), true);
+        }
+
+        parent::editAction();
+    }
+
     public function formatLongLine($line)
     {
         if (strlen($line) > 50) {
@@ -195,6 +217,10 @@
         $privileges = $this->menu->getUsedPrivileges();
 
         asort($privileges);
+        //don't allow to edit the pr.nologin and pr.islogin privilege
+        unset($privileges['pr.nologin']);
+        unset($privileges['pr.islogin']);
+
         return $privileges;
     }
 

Modified: trunk/library/classes/Gems/Roles.php
===================================================================
--- trunk/library/classes/Gems/Roles.php	2011-10-24 10:20:26 UTC (rev 127)
+++ trunk/library/classes/Gems/Roles.php	2011-10-24 11:18:29 UTC (rev 128)
@@ -4,7 +4,7 @@
 /**
  * Copyright (c) 2011, Erasmus MC
  * All rights reserved.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *    * Redistributions of source code must retain the above copyright
@@ -15,7 +15,7 @@
  *    * Neither the name of Erasmus MC nor the
  *      names of its contributors may be used to endorse or promote products
  *      derived from this software without specific prior written permission.
- *      
+ *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
@@ -103,7 +103,7 @@
     public function getAcl() {
         return $this->_acl;
     }
-    
+
     public static function getInstance()
     {
         if (!isset(self::$_instanceOfSelf)) {
@@ -124,11 +124,11 @@
             $this->loadDbAcl();
         } catch (Exception $e) {
             Gems_Log::getLogger()->logError($e);
-                        
+
             // Reset all roles
             unset($this->_acl);
             $this->_acl = new MUtil_Acl();
-            
+
             //Voeg standaard rollen en privileges in
             $this->loadDefaultRoles();
             $this->loadDefaultPrivileges();
@@ -137,6 +137,10 @@
             $this->loadProjectRoles();
             $this->loadProjectPrivileges();
         }
+
+        //Now allow super admin all access, except for the actions that have the nologin privilege (->the login action)
+        $this->_acl->allow('super');
+        $this->_acl->deny('super', null, 'pr.nologin');
     }
 
     public function load() {
@@ -154,7 +158,7 @@
             $this->build();
         }
     }
-    
+
     /**
      * Recursively expands roles into Zend_Acl_Role objects
      * @param array  $roleList
@@ -163,31 +167,31 @@
     private function _expandRole(&$roleList, $roleName, $depth = 0)
     {
         $role = $roleList[$roleName];
-        
+
         if (isset($role['marked']) && $role['marked']) {
             return;
         }
-        
+
         // possible circular reference!
         if ($depth > 5) {
             throw new Exception("Possible circular reference detected while expanding role '{$roleName}'");
         }
-        
+
         if (!empty($role['grl_parents'])) {
             $parents = explode(",", $role['grl_parents']);
-            
+
             foreach ($parents as $parent) {
                 $this->_expandRole($roleList, $parent, $depth + 1);
             }
         } else {
             $parents = array();
         }
-        
+
         $this->addRole(new Zend_Acl_Role($role['grl_name']), $parents);
-        
+
         $privileges = explode(",", $role['grl_privileges']);
         $this->addPrivilege($role['grl_name'], $privileges);
-        
+
         $roleList[$roleName]['marked'] = true;
     }
 
@@ -199,19 +203,19 @@
         $db = Zend_Registry::get('db');
 
         $sql = "SELECT grl_id_role,grl_name,grl_privileges,grl_parents FROM gems__roles";
-        
+
         $roles = $db->fetchAll($sql);
-        
+
         if (empty($roles)) {
             throw new Exception("No roles stored in db");
         }
-        
+
         $roleList = array_combine(array_map(function($value) { return $value['grl_name']; }, $roles), $roles);
-        
+
         foreach ($roleList as $role) {
             $this->_expandRole($roleList, $role['grl_name']);
         }
-                
+
         return true;
     }
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.