mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-03-18 07:29:51 +00:00
Updating AclComponent for distributed ACL system
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4503 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
nate
parent
2a954b5fbf
commit
d312737d84
4 changed files with 61 additions and 35 deletions
|
|
@ -174,6 +174,16 @@ class AuthComponent extends Object {
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
var $params = array();
|
var $params = array();
|
||||||
|
/**
|
||||||
|
* Initializes AuthComponent for use in the controller
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @param object $controller A reference to the instantiating controller object
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
function initialize(&$controller) {
|
||||||
|
$this->params = $controller->params;
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* Main execution method. Handles redirecting of invalid users, and processing
|
* Main execution method. Handles redirecting of invalid users, and processing
|
||||||
* of login form data.
|
* of login form data.
|
||||||
|
|
@ -186,12 +196,11 @@ class AuthComponent extends Object {
|
||||||
if (low($controller->name) == 'app' || (low($controller->name) == 'tests' && DEBUG > 0)) {
|
if (low($controller->name) == 'app' || (low($controller->name) == 'tests' && DEBUG > 0)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (!$this->_setDefaults($controller)) {
|
if (!$this->_setDefaults()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$this->hashPasswords($controller);
|
$this->hashPasswords($controller);
|
||||||
$this->data = $controller->data;
|
$this->data = $controller->data;
|
||||||
$this->params = $controller->params;
|
|
||||||
|
|
||||||
if ($this->allowedActions == array('*') || in_array($controller->action, $this->allowedActions)) {
|
if ($this->allowedActions == array('*') || in_array($controller->action, $this->allowedActions)) {
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -238,7 +247,7 @@ class AuthComponent extends Object {
|
||||||
if (isset($this->validate[0])) {
|
if (isset($this->validate[0])) {
|
||||||
$assoc = $this->validate[0];
|
$assoc = $this->validate[0];
|
||||||
}
|
}
|
||||||
} elseif (is_string($this->validate)) {
|
} else {
|
||||||
$type = $this->validate;
|
$type = $this->validate;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -269,16 +278,14 @@ class AuthComponent extends Object {
|
||||||
* @param object $controller A reference to the instantiating controller object
|
* @param object $controller A reference to the instantiating controller object
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
function _setDefaults(&$controller) {
|
function _setDefaults() {
|
||||||
if (empty($this->userModel)) {
|
if (empty($this->userModel)) {
|
||||||
trigger_error(__('Could not find $userModel. Please set AuthComponent::$userModel in beforeFilter().'), E_USER_WARNING);
|
trigger_error(__('Could not find $userModel. Please set AuthComponent::$userModel in beforeFilter().'), E_USER_WARNING);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($this->loginAction)) {
|
if (empty($this->loginAction)) {
|
||||||
$this->loginAction = Inflector::underscore(Inflector::pluralize($this->userModel)) . '/login';
|
$this->loginAction = Inflector::underscore(Inflector::pluralize($this->userModel)) . '/login';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($this->sessionKey)) {
|
if (empty($this->sessionKey)) {
|
||||||
$this->sessionKey = 'Auth.' . $this->userModel;
|
$this->sessionKey = 'Auth.' . $this->userModel;
|
||||||
}
|
}
|
||||||
|
|
@ -315,6 +322,7 @@ class AuthComponent extends Object {
|
||||||
* @return boolean True on login success, false on failure
|
* @return boolean True on login success, false on failure
|
||||||
*/
|
*/
|
||||||
function login($data = null) {
|
function login($data = null) {
|
||||||
|
$this->_setDefaults();
|
||||||
$this->_loggedIn = false;
|
$this->_loggedIn = false;
|
||||||
|
|
||||||
if (empty($data)) {
|
if (empty($data)) {
|
||||||
|
|
@ -336,6 +344,7 @@ class AuthComponent extends Object {
|
||||||
* @see AuthComponent::$loginAction
|
* @see AuthComponent::$loginAction
|
||||||
*/
|
*/
|
||||||
function logout() {
|
function logout() {
|
||||||
|
$this->_setDefaults();
|
||||||
$this->Session->del($this->sessionKey);
|
$this->Session->del($this->sessionKey);
|
||||||
$this->Session->del('Auth.redirect');
|
$this->Session->del('Auth.redirect');
|
||||||
$this->_loggedIn = false;
|
$this->_loggedIn = false;
|
||||||
|
|
@ -348,6 +357,7 @@ class AuthComponent extends Object {
|
||||||
* @return array User record, or null if no user is logged in.
|
* @return array User record, or null if no user is logged in.
|
||||||
*/
|
*/
|
||||||
function user($key = null) {
|
function user($key = null) {
|
||||||
|
$this->_setDefaults();
|
||||||
if (!$this->Session->check($this->sessionKey)) {
|
if (!$this->Session->check($this->sessionKey)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
@ -355,7 +365,6 @@ class AuthComponent extends Object {
|
||||||
return array($this->userModel => $this->Session->read($this->sessionKey));
|
return array($this->userModel => $this->Session->read($this->sessionKey));
|
||||||
} else {
|
} else {
|
||||||
$user = $this->Session->read($this->sessionKey);
|
$user = $this->Session->read($this->sessionKey);
|
||||||
|
|
||||||
if (isset($user[$key])) {
|
if (isset($user[$key])) {
|
||||||
return $user[$key];
|
return $user[$key];
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -390,8 +399,9 @@ class AuthComponent extends Object {
|
||||||
* @see AuthComponent::identify()
|
* @see AuthComponent::identify()
|
||||||
* @return boolean True if the user validates, false otherwise.
|
* @return boolean True if the user validates, false otherwise.
|
||||||
*/
|
*/
|
||||||
function validate($object, $user = null) {
|
function validate($object, $user = null, $action = null) {
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
|
$this->getUserModel();
|
||||||
$user = $this->user();
|
$user = $this->user();
|
||||||
}
|
}
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
|
|
@ -430,17 +440,26 @@ class AuthComponent extends Object {
|
||||||
* @return object A reference to a model object.
|
* @return object A reference to a model object.
|
||||||
*/
|
*/
|
||||||
function &getUserModel() {
|
function &getUserModel() {
|
||||||
|
$user = null;
|
||||||
|
|
||||||
if (!ClassRegistry::isKeySet($this->userModel)) {
|
if (!ClassRegistry::isKeySet($this->userModel)) {
|
||||||
if (!loadModel($this->userModel)) {
|
if (!loadModel(Inflector::underscore($this->userModel))) {
|
||||||
trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found') . $this->userModel, E_USER_WARNING);
|
trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found') . $this->userModel, E_USER_WARNING);
|
||||||
return null;
|
return null;
|
||||||
|
} else {
|
||||||
|
$model = $this->userModel;
|
||||||
|
$user = new $model();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (PHP5) {
|
|
||||||
$user = ClassRegistry::getObject($this->userModel);
|
if (empty($user)) {
|
||||||
} else {
|
if (PHP5) {
|
||||||
$user =& ClassRegistry::getObject($this->userModel);
|
$user = ClassRegistry::getObject($this->userModel);
|
||||||
|
} else {
|
||||||
|
$user =& ClassRegistry::getObject($this->userModel);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found ') . $this->userModel, E_USER_WARNING);
|
trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found ') . $this->userModel, E_USER_WARNING);
|
||||||
return null;
|
return null;
|
||||||
|
|
|
||||||
|
|
@ -71,49 +71,49 @@ class DB_ACL extends AclBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
$permKeys = $this->_getAcoKeys($Perms->loadInfo());
|
$permKeys = $this->_getAcoKeys($Perms->loadInfo());
|
||||||
$aroPath = $Aro->getPath($aro);
|
$aroNode = $Aro->node($aro);
|
||||||
$tmpAcoPath = $Aco->getPath($aco);
|
$acoNode = $Aco->node($aco);
|
||||||
|
|
||||||
if ($tmpAcoPath === null) {
|
if (empty($aroNode) || empty($acoNode)) {
|
||||||
|
trigger_error('DB_ACL::check() - Attempted to check permissions on a node that does not exist', E_USER_WARNING);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
$aroPath = $Aro->getPath($aroNode['id']);
|
||||||
|
$acoPath = new Set($Aco->getPath($acoNode['id']));
|
||||||
|
|
||||||
$tmpAcoPath = array_reverse($tmpAcoPath);
|
if ($acoPath->get() == null || $acoPath->get() == array()) {
|
||||||
$acoPath = array();
|
return false;
|
||||||
|
}
|
||||||
if ($action != '*' && !in_array('_' . $action, $permKeys)) {
|
if ($action != '*' && !in_array('_' . $action, $permKeys)) {
|
||||||
trigger_error(sprintf(__("ACO permissions key %s does not exist in DB_ACL::check()", true), $action), E_USER_NOTICE);
|
trigger_error(sprintf(__("ACO permissions key %s does not exist in DB_ACL::check()", true), $action), E_USER_NOTICE);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach($tmpAcoPath as $a) {
|
|
||||||
$acoPath[] = $a['Aco']['id'];
|
|
||||||
}
|
|
||||||
|
|
||||||
for($i = count($aroPath) - 1; $i >= 0; $i--) {
|
for($i = count($aroPath) - 1; $i >= 0; $i--) {
|
||||||
$perms = $Perms->findAll(array(
|
$perms = $Perms->findAll(
|
||||||
'Permission.aro_id' => $aroPath[$i]['Aro']['id'],
|
array(
|
||||||
'Permission.aco_id' => $acoPath), null,
|
'Permission.aro_id' => $aroPath[$i]['Aro']['id'],
|
||||||
'Aco.lft desc'
|
'Permission.aco_id' => $acoPath->extract('{n}.Aco.id')
|
||||||
|
),
|
||||||
|
null, array('Aco.lft' => 'desc'), null, null, 0
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($perms == null || count($perms) == 0) {
|
if (empty($perms)) {
|
||||||
continue;
|
continue;
|
||||||
} else {
|
} else {
|
||||||
foreach($perms as $perm) {
|
foreach(Set::extract($perms, '{n}.Permission') as $perm) {
|
||||||
if ($action == '*') {
|
if ($action == '*') {
|
||||||
// ARO must be cleared for ALL ACO actions
|
// ARO must be cleared for ALL ACO actions
|
||||||
foreach($permKeys as $key) {
|
foreach($permKeys as $key) {
|
||||||
if (isset($perm['Permission'])) {
|
if (!empty($perm)) {
|
||||||
if ($perm['Permission'][$key] != 1) {
|
if ($perm[$key] != 1) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
switch($perm['Permission']['_' . $action]) {
|
switch($perm['_' . $action]) {
|
||||||
case -1:
|
case -1:
|
||||||
return false;
|
return false;
|
||||||
case 0:
|
case 0:
|
||||||
|
|
|
||||||
|
|
@ -86,9 +86,10 @@ class AclNode extends AppModel {
|
||||||
}
|
}
|
||||||
} elseif (is_object($ref) && is_a($ref, 'Model')) {
|
} elseif (is_object($ref) && is_a($ref, 'Model')) {
|
||||||
$ref = array('model' => $ref->name, 'foreign_key' => $ref->id);
|
$ref = array('model' => $ref->name, 'foreign_key' => $ref->id);
|
||||||
} elseif (is_array($ref) && !isset($ref['model'])) {
|
} elseif (is_array($ref) && !(isset($ref['model']) && isset($ref['foreign_key']))) {
|
||||||
$name = key($ref);
|
$name = key($ref);
|
||||||
if (!ClassRegistry::isKeySet($name)) {
|
if (!ClassRegistry::isKeySet($name)) {
|
||||||
|
trigger_error("Model class '$name' not found in AclNode::node() when trying to bind {$this->name} object", E_USER_WARNING);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
$model =& ClassRegistry::getObject($name);
|
$model =& ClassRegistry::getObject($name);
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,12 @@ class Permission extends AppModel {
|
||||||
* @var unknown_type
|
* @var unknown_type
|
||||||
*/
|
*/
|
||||||
var $useTable = 'aros_acos';
|
var $useTable = 'aros_acos';
|
||||||
|
/**
|
||||||
|
* Enter description here...
|
||||||
|
*
|
||||||
|
* @var unknown_type
|
||||||
|
*/
|
||||||
|
var $belongsTo = 'Aro,Aco';
|
||||||
/**
|
/**
|
||||||
* Enter description here...
|
* Enter description here...
|
||||||
*
|
*
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue