Updating AclComponent for distributed ACL system

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4503 3807eeeb-6ff5-0310-8944-8be069107fe0
2025-01-31 09:06:17 +00:00 · 2007-02-11 00:29:23 +00:00 · 2007-02-11 00:29:23 +00:00 · d312737d84
commit d312737d84
parent 2a954b5fbf
4 changed files with 61 additions and 35 deletions
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@ -174,6 +174,16 @@ class AuthComponent extends Object {
 * @access public
 */
 	var $params = array();
+/**
+ * Initializes AuthComponent for use in the controller
+ *
+ * @access public
+ * @param object $controller A reference to the instantiating controller object
+ * @return void
+ */
+	function initialize(&$controller) {
+		$this->params = $controller->params;
+	}
 /**
 * Main execution method.  Handles redirecting of invalid users, and processing
 * of login form data.
@ -186,12 +196,11 @@ class AuthComponent extends Object {
 		if (low($controller->name) == 'app' || (low($controller->name) == 'tests' && DEBUG > 0)) {
 			return;
 		}
-		if (!$this->_setDefaults($controller)) {
+		if (!$this->_setDefaults()) {
 			return;
 		}
 		$this->hashPasswords($controller);
 		$this->data = $controller->data;
-		$this->params = $controller->params;

 		if ($this->allowedActions == array('*') || in_array($controller->action, $this->allowedActions)) {
 			return false;
@ -238,7 +247,7 @@ class AuthComponent extends Object {
 			if (isset($this->validate[0])) {
 				$assoc = $this->validate[0];
 			}
-		} elseif (is_string($this->validate)) {
+		} else {
 			$type = $this->validate;
 		}

@ -269,16 +278,14 @@ class AuthComponent extends Object {
 * @param object $controller A reference to the instantiating controller object
 * @return void
 */
-	function _setDefaults(&$controller) {
+	function _setDefaults() {
 		if (empty($this->userModel)) {
 			trigger_error(__('Could not find $userModel.  Please set AuthComponent::$userModel in beforeFilter().'), E_USER_WARNING);
 			return false;
 		}
-
 		if (empty($this->loginAction)) {
 			$this->loginAction = Inflector::underscore(Inflector::pluralize($this->userModel)) . '/login';
 		}
-
 		if (empty($this->sessionKey)) {
 			$this->sessionKey = 'Auth.' . $this->userModel;
 		}
@ -315,6 +322,7 @@ class AuthComponent extends Object {
 * @return boolean True on login success, false on failure
 */
 	function login($data = null) {
+		$this->_setDefaults();
 		$this->_loggedIn = false;

 		if (empty($data)) {
@ -336,6 +344,7 @@ class AuthComponent extends Object {
 * @see AuthComponent::$loginAction
 */
 	function logout() {
+		$this->_setDefaults();
 		$this->Session->del($this->sessionKey);
 		$this->Session->del('Auth.redirect');
 		$this->_loggedIn = false;
@ -348,6 +357,7 @@ class AuthComponent extends Object {
 * @return array User record, or null if no user is logged in.
 */
 	function user($key = null) {
+		$this->_setDefaults();
 		if (!$this->Session->check($this->sessionKey)) {
 			return null;
 		}
@ -355,7 +365,6 @@ class AuthComponent extends Object {
 			return array($this->userModel => $this->Session->read($this->sessionKey));
 		} else {
 			$user = $this->Session->read($this->sessionKey);
-
 			if (isset($user[$key])) {
 				return $user[$key];
 			} else {
@ -390,8 +399,9 @@ class AuthComponent extends Object {
 * @see AuthComponent::identify()
 * @return boolean True if the user validates, false otherwise.
 */
-	function validate($object, $user = null) {
+	function validate($object, $user = null, $action = null) {
 		if (empty($user)) {
+			$this->getUserModel();
 			$user = $this->user();
 		}
 		if (empty($user)) {
@ -430,17 +440,26 @@ class AuthComponent extends Object {
 * @return object A reference to a model object.
 */
 	function &getUserModel() {
+		$user = null;
+
 		if (!ClassRegistry::isKeySet($this->userModel)) {
-			if (!loadModel($this->userModel)) {
+			if (!loadModel(Inflector::underscore($this->userModel))) {
 				trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found') . $this->userModel, E_USER_WARNING);
 				return null;
+			} else {
+				$model = $this->userModel;
+				$user = new $model();
 			}
 		}
-		if (PHP5) {
-			$user = ClassRegistry::getObject($this->userModel);
-		} else {
-			$user =& ClassRegistry::getObject($this->userModel);
+		
+		if (empty($user)) {
+			if (PHP5) {
+				$user = ClassRegistry::getObject($this->userModel);
+			} else {
+				$user =& ClassRegistry::getObject($this->userModel);
+			}
 		}
+
 		if (empty($user)) {
 			trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found ') . $this->userModel, E_USER_WARNING);
 			return null;
--- a/cake/libs/controller/components/dbacl/db_acl.php
+++ b/cake/libs/controller/components/dbacl/db_acl.php
@ -71,49 +71,49 @@ class DB_ACL extends AclBase {
 		}

 		$permKeys = $this->_getAcoKeys($Perms->loadInfo());
-		$aroPath = $Aro->getPath($aro);
-		$tmpAcoPath = $Aco->getPath($aco);
+		$aroNode = $Aro->node($aro);
+		$acoNode = $Aco->node($aco);

-		if ($tmpAcoPath === null) {
+		if (empty($aroNode) ||  empty($acoNode)) {
+			trigger_error('DB_ACL::check() - Attempted to check permissions on a node that does not exist', E_USER_WARNING);
 			return false;
 		}
+		$aroPath = $Aro->getPath($aroNode['id']);
+		$acoPath = new Set($Aco->getPath($acoNode['id']));

-		$tmpAcoPath = array_reverse($tmpAcoPath);
-		$acoPath = array();
-
+		if ($acoPath->get() == null || $acoPath->get() == array()) {
+			return false;
+		}
 		if ($action != '*' && !in_array('_' . $action, $permKeys)) {
 			trigger_error(sprintf(__("ACO permissions key %s does not exist in DB_ACL::check()", true), $action), E_USER_NOTICE);
 			return false;
 		}

-		foreach($tmpAcoPath as $a) {
-			$acoPath[] = $a['Aco']['id'];
-		}
-
 		for($i = count($aroPath) - 1; $i >= 0; $i--) {
-			$perms = $Perms->findAll(array(
-				'Permission.aro_id' => $aroPath[$i]['Aro']['id'],
-				'Permission.aco_id' => $acoPath), null,
-				'Aco.lft desc'
+			$perms = $Perms->findAll(
+				array(
+					'Permission.aro_id' => $aroPath[$i]['Aro']['id'],
+					'Permission.aco_id' => $acoPath->extract('{n}.Aco.id')
+				),
+				null, array('Aco.lft' => 'desc'), null, null, 0
 			);

-			if ($perms == null || count($perms) == 0) {
+			if (empty($perms)) {
 				continue;
 			} else {
-				foreach($perms as $perm) {
+				foreach(Set::extract($perms, '{n}.Permission') as $perm) {
 					if ($action == '*') {
 						// ARO must be cleared for ALL ACO actions
 						foreach($permKeys as $key) {
-							if (isset($perm['Permission'])) {
-								if ($perm['Permission'][$key] != 1) {
-										return false;
+							if (!empty($perm)) {
+								if ($perm[$key] != 1) {
+									return false;
 								}
 							}
 						}
-
 						return true;
 					} else {
-						switch($perm['Permission']['_' . $action]) {
+						switch($perm['_' . $action]) {
 							case -1:
 								return false;
 							case 0:
--- a/cake/libs/controller/components/dbacl/models/aclnode.php
+++ b/cake/libs/controller/components/dbacl/models/aclnode.php
@ -86,9 +86,10 @@ class AclNode extends AppModel {
 			}
 		} elseif (is_object($ref) && is_a($ref, 'Model')) {
 			$ref = array('model' => $ref->name, 'foreign_key' => $ref->id);
-		} elseif (is_array($ref) && !isset($ref['model'])) {
+		} elseif (is_array($ref) && !(isset($ref['model']) && isset($ref['foreign_key']))) {
 			$name = key($ref);
 			if (!ClassRegistry::isKeySet($name)) {
+				trigger_error("Model class '$name' not found in AclNode::node() when trying to bind {$this->name} object", E_USER_WARNING);
 				return null;
 			}
 			$model =& ClassRegistry::getObject($name);
--- a/cake/libs/controller/components/dbacl/models/permission.php
+++ b/cake/libs/controller/components/dbacl/models/permission.php
@ -58,6 +58,12 @@ class Permission extends AppModel {
 * @var unknown_type
 */
 	 var $useTable = 'aros_acos';
+/**
+ * Enter description here...
+ *
+ * @var unknown_type
+ */
+	 var $belongsTo = 'Aro,Aco';
 /**
 * Enter description here...
 *