Menu
▾
▴
[Gemstracker-svn] SF.net SVN: gemstracker:[136] trunk/library/classes
|
From: <gem...@li...> - 2011-10-25 12:17:46
|
Revision: 136
http://gemstracker.svn.sourceforge.net/gemstracker/?rev=136&view=rev
Author: mennodekker
Date: 2011-10-25 12:17:39 +0000 (Tue, 25 Oct 2011)
Log Message:
-----------
project.ini login gets role 'master' with all privileges, existing 'super' user can be edited again.
It is now a choice if one wants to create a group that has the master role or not. when there is no such group the right can not be assigned to staff.
When decided so, the elevation of rights can be done by updating the role in the session to 'master'.
Also removed obsolete methods as project Roles are not allowed since the introduction of db-storage.
Modified Paths:
--------------
trunk/library/classes/Gems/Default/IndexAction.php
trunk/library/classes/Gems/Default/RoleAction.php
trunk/library/classes/Gems/Default/StaffAction.php
trunk/library/classes/Gems/Roles.php
trunk/library/classes/Gems/Util/DbLookup.php
trunk/library/classes/GemsEscort.php
Modified: trunk/library/classes/Gems/Default/IndexAction.php
===================================================================
--- trunk/library/classes/Gems/Default/IndexAction.php 2011-10-25 11:59:29 UTC (rev 135)
+++ trunk/library/classes/Gems/Default/IndexAction.php 2011-10-25 12:17:39 UTC (rev 136)
@@ -161,10 +161,10 @@
$this->session->user_id = 2000;
$this->session->user_name = $_POST['userlogin'];
$this->session->user_group = 800;
- $this->session->user_role = 'super';
+ $this->session->user_role = 'master';
$this->session->user_organization_id = 70;
$this->session->user_organization_name = 'SUPER ADMIN';
- $this->session->user_style = 'pulse';
+ $this->session->user_style = 'gems';
//Als er nog geen tabellen zijn, moet dit ingesteld worden
//@@TODO Nog kijken hoe beter op te lossen (met try op tabel ofzo)
$this->session->allowedOrgs = array($this->session->user_organization_id=>$this->session->user_organization_name);
Modified: trunk/library/classes/Gems/Default/RoleAction.php
===================================================================
--- trunk/library/classes/Gems/Default/RoleAction.php 2011-10-25 11:59:29 UTC (rev 135)
+++ trunk/library/classes/Gems/Default/RoleAction.php 2011-10-25 12:17:39 UTC (rev 136)
@@ -120,7 +120,7 @@
$disabled = $checkbox->getAttrib('disable');
if ($disabled) {
- $values = array_merge($values, $disabled);
+ $values = array_merge((array) $values, $disabled);
}
$checkbox->setValue($values);
return $form;
@@ -151,6 +151,11 @@
$data['grl_privileges'] = implode(',', $data['grl_privileges']);
}
+ if(isset($data['grl_name']) && $data['grl_name'] == 'master') {
+ $form->getElement('grl_name')->setErrors(array($this->_('Illegal name')));
+ return false;
+ }
+
return true;
}
@@ -184,9 +189,9 @@
$model = $this->getModel();
$data = $model->loadFirst();
- //If we try to edit super, add an error message and reroute
- if (isset($data['grl_name']) && $data['grl_name']=='super') {
- $this->addMessage($this->_('Editing `super` is not allowed'));
+ //If we try to edit master, add an error message and reroute
+ if (isset($data['grl_name']) && $data['grl_name']=='master') {
+ $this->addMessage($this->_('Editing `master` is not allowed'));
$this->_reroute(array('action'=>'index'), true);
}
Modified: trunk/library/classes/Gems/Default/StaffAction.php
===================================================================
--- trunk/library/classes/Gems/Default/StaffAction.php 2011-10-25 11:59:29 UTC (rev 135)
+++ trunk/library/classes/Gems/Default/StaffAction.php 2011-10-25 12:17:39 UTC (rev 136)
@@ -92,7 +92,7 @@
{
$dbLookup = $this->util->getDbLookup();
- $model->set('gsf_id_primary_group', 'multiOptions', MUtil_Lazy::call($dbLookup->getActiveStaffGroups));
+ $model->set('gsf_id_primary_group', 'multiOptions', MUtil_Lazy::call($dbLookup->getAllowedStaffGroups));
if ($new) {
$model->set('gsf_id_primary_group', 'default', $dbLookup->getDefaultGroup());
} else {
@@ -125,11 +125,10 @@
if ($this->escort->hasPrivilege('pr.staff.edit.all')) {
$bridge->addSelect('gsf_id_organization');
- $bridge->addSelect('gsf_id_primary_group');
} else {
$bridge->addExhibitor('gsf_id_organization');
- $bridge->addSelect( 'gsf_id_primary_group', 'multiOptions', $dbLookup->getAllowedStaffGroups());
}
+ $bridge->addSelect('gsf_id_primary_group');
$bridge->addCheckbox('gsf_logout_on_survey', 'description', $this->_('If checked the user will logoff when answering a survey.'));
$bridge->addSelect('gsf_iso_lang');
Modified: trunk/library/classes/Gems/Roles.php
===================================================================
--- trunk/library/classes/Gems/Roles.php 2011-10-25 11:59:29 UTC (rev 135)
+++ trunk/library/classes/Gems/Roles.php 2011-10-25 12:17:39 UTC (rev 136)
@@ -1,6 +1,4 @@
<?php
-
-
/**
* Copyright (c) 2011, Erasmus MC
* All rights reserved.
@@ -26,27 +24,29 @@
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * @package Gems
+ * @subpackage Roles
+ * @copyright Copyright (c) 2011 Erasmus MC
+ * @license New BSD License
+ * @version $Id$
*/
/**
- * This is the generic Roles class to be extended by the project
+ * This is the generic Roles class
*
- * It loads the ACL in four stages:
+ * It loads the ACL in two stages when there is no db present, otherwise it just loads from the db:
*
* 1. $this->loadDefaultRoles()
* 2. $this->loadDefaultPrivileges()
* Normally you should not touch this to make upgrading easier
*
- * 3. $this->loadProjectRoles()
- * 4. $this->loadProjectPrivileges()
- * This is where you can revoke or add privileges and/or add your own roles.
*
- *
- * @version $Id$
- * @author user
- * @filesource
- * @package Gems
+ * @package Gems
* @subpackage Roles
+ * @copyright Copyright (c) 2011 Erasmus MC
+ * @license New BSD License
+ * @version $Id$
*/
class Gems_Roles
{
@@ -134,15 +134,15 @@
//Voeg standaard rollen en privileges in
$this->loadDefaultRoles();
$this->loadDefaultPrivileges();
-
- //Voeg project rollen em privileges in
- $this->loadProjectRoles();
- $this->loadProjectPrivileges();
}
- //Now allow super admin all access, except for the actions that have the nologin privilege (->the login action)
- // $this->_acl->allow('super');
- // $this->_acl->deny('super', null, 'pr.nologin');
+ //Now allow 'master' all access, except for the actions that have the nologin privilege (->the login action)
+ if (!$this->_acl->hasRole('master')) {
+ //Add role if not already present
+ $this->_acl->addRole('master');
+ }
+ $this->_acl->allow('master');
+ $this->_acl->deny('master', null, 'pr.nologin');
}
public function load() {
@@ -222,98 +222,22 @@
}
public function loadDefaultPrivileges() {
+ /**
+ * Only add the nologin role, as the others should come from the database when it is initialized
+ */
$this->addPrivilege('nologin',
'pr.contact.bugs', 'pr.contact.support',
'pr.nologin'
- )
- ->addPrivilege('guest',
- 'pr.ask',
- 'pr.contact.bugs', 'pr.contact.support',
- 'pr.islogin',
- 'pr.respondent'
- )
- // ->allow('respondent', null, array('islogin'))
- ->addPrivilege('staff',
- 'pr.option.edit', 'pr.option.password',
- 'pr.plan', 'pr.plan.overview', 'pr.plan.token',
- 'pr.project', 'pr.project.questions',
- 'pr.respondent.create', 'pr.respondent.edit',
- 'pr.respondent.who', //Who filled out the survey instead of just the role
- 'pr.setup',
- 'pr.staff',
- 'pr.survey', 'pr.survey.create',
- 'pr.token', 'pr.token.answers', 'pr.token.delete', 'pr.token.edit', 'pr.token.mail', 'pr.token.print',
- 'pr.track', 'pr.track.create', 'pr.track.delete', 'pr.track.edit'
- )
- ->addPrivilege('researcher',
- 'pr.invitation',
- 'pr.result',
- 'pr.islogin'
- )
- // ->allow('security', null, array())
- ->addPrivilege('admin',
- 'pr.consent', 'pr.consent.create', 'pr.consent.edit',
- 'pr.group',
- 'pr.role',
- 'pr.mail', 'pr.mail.create', 'pr.mail.delete', 'pr.mail.edit',
- 'pr.organization', 'pr.organization-switch',
- 'pr.plan.overview.excel', 'pr.plan.respondent', 'pr.plan.respondent.excel', 'pr.plan.token.excel',
- 'pr.project-information',
- 'pr.reception', 'pr.reception.create', 'pr.reception.edit',
- 'pr.respondent.choose-org', 'pr.respondent.delete',
- 'pr.respondent.result', //Show the result of the survey in the overview
- 'pr.source',
- 'pr.staff.create', 'pr.staff.delete', 'pr.staff.edit',
- 'pr.survey-maintenance',
- 'pr.track-maintenance',
- 'pr.token.mail.freetext'
- )
- ->addPrivilege('super',
- 'pr.consent.delete',
- 'pr.country', 'pr.country.create', 'pr.country.delete', 'pr.country.edit',
- 'pr.database', 'pr.database.create', 'pr.database.delete', 'pr.database.edit', 'pr.database.execute', 'pr.database.patches',
- 'pr.group.create', 'pr.group.edit',
- 'pr.role.create', 'pr.role.edit',
- 'pr.language',
- 'pr.organization.create', 'pr.organization.edit',
- 'pr.plan.choose-org', 'pr.plan.mail-as-application',
- 'pr.reception.delete',
- 'pr.source.create', 'pr.source.edit',
- 'pr.staff.edit.all',
- 'pr.survey-maintenance.edit',
- 'pr.track-maintenance.create', 'pr.track-maintenance.edit'
- );
-
- /* * ***************************************
- * UNASSIGNED RIGHTS (by default)
- *
- * 'pr.group.delete'
- * 'pr.organization.delete'
- * 'pr.source.delete'
- * 'pr.track-maintenance.delete'
- * *************************************** */
+ );
}
public function loadDefaultRoles() {
- $this->addRole(new Zend_Acl_Role('nologin'))
- ->addRole(new Zend_Acl_Role('guest'))
- ->addRole(new Zend_Acl_Role('respondent'), 'guest')
- ->addRole(new Zend_Acl_Role('staff'), 'guest')
- ->addRole(new Zend_Acl_Role('physician'), 'staff')
- ->addRole(new Zend_Acl_Role('researcher'))
- ->addRole(new Zend_Acl_Role('security'), 'guest')
- ->addRole(new Zend_Acl_Role('admin'), array('staff', 'researcher', 'security'))
- ->addRole(new Zend_Acl_Role('super'), 'admin');
+ /**
+ * Only add the nologin role, as the others should come from the database when it is initialized
+ */
+ $this->addRole(new Zend_Acl_Role('nologin'));
}
- public function loadProjectPrivileges() {
-
- }
-
- public function loadProjectRoles() {
-
- }
-
private function save() {
if ($this->_cache instanceof Zend_Cache_Core) {
if (!$this->_cache->save($this->_acl, $this->_cacheid, array(), null))
Modified: trunk/library/classes/Gems/Util/DbLookup.php
===================================================================
--- trunk/library/classes/Gems/Util/DbLookup.php 2011-10-25 11:59:29 UTC (rev 135)
+++ trunk/library/classes/Gems/Util/DbLookup.php 2011-10-25 12:17:39 UTC (rev 136)
@@ -131,7 +131,7 @@
public function getAllowedStaffGroups()
{
$groups = $this->getActiveStaffGroups();
- if ($this->session->user_role === 'super') {
+ if ($this->session->user_role === 'master') {
return $groups;
} else {
Modified: trunk/library/classes/GemsEscort.php
===================================================================
--- trunk/library/classes/GemsEscort.php 2011-10-25 11:59:29 UTC (rev 135)
+++ trunk/library/classes/GemsEscort.php 2011-10-25 12:17:39 UTC (rev 136)
@@ -1533,8 +1533,8 @@
* directory with the name lock.txt
*/
if (file_exists($this->getMaintenanceLockFilename())) {
- if ($this->session->user_id && $this->session->user_role !== 'super') {
- //Still allow logoff so we can relogin as super
+ if ($this->session->user_id && $this->session->user_role !== 'master') {
+ //Still allow logoff so we can relogin as master
if (!('index' == $request->getControllerName() && 'logoff' == $request->getActionName())) {
$this->setError(
$this->_('Please check back later.'),
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
