class Koward {
+ const PERM_GET = 1;
+
/**
* The singleton instance.
*
$this->objects = Horde::loadConfiguration('objects.php', 'objects');
$this->attributes = Horde::loadConfiguration('attributes.php', 'attributes');
$this->labels = Horde::loadConfiguration('labels.php', 'labels');
+ $this->perms = Horde::loadConfiguration('perms.php', 'perms');
$this->order = Horde::loadConfiguration('order.php', 'order');
$this->visible = Horde::loadConfiguration('visible.php', 'visible');
$this->search = Horde::loadConfiguration('search.php', 'search');
* here. But for the first draft this would be too much as the permission
* system would also require integration with the group system etc.
*/
- public function hasPermission($permission, $user = null, $perm = null)
+ public function hasPermission($id, $user = null, $perm = null)
{
+ $global = $this->_hasPermission($this->perms,
+ $id, $perm);
+
if ($user === null) {
$session = Horde_Kolab_Session::singleton();
- $object = $this->getObject($session->user_uid);
- $class_name = get_class($object);
+ if (!empty($session->user_uid)) {
+ $user = $this->getObject($session->user_uid);
+ }
}
- if (!isset($this->objects[$type]['permission'])) {
- return false;
+ if (empty($user)) {
+ return $global;
}
- return $this->_hasPermission($this->objects[$type]['permission'],
- $id, $perm);
+
+ if (isset($this->objects[$type]['permission'])) {
+ $object = $this->_hasPermission($this->objects[$type]['permission'],
+ $id, $perm);
+ } else {
+ return $global;
+ }
+
+ return $objects || $global;
}
private function _hasPermission(&$root, $id, $perm)
return $perm & $root;
}
if (is_array($root)) {
- list($sub, $id) = explode(':', $id, 2);
+ list($sub, $path) = explode('/', $id, 2);
if (!isset($root[$sub])) {
return false;
}
- return $this->_hasPermission($root[$sub], $id, $perm);
+ return $this->_hasPermission($root[$sub], $path, $perm);
}
}
throw new Koward_Exception('No object types have been configured!');
}
+ if (!$this->koward->hasPermission($this->getPermissionId(), null, Koward::PERM_GET)) {
+ $this->koward->notification->push(_("Access denied."), 'horde.error');
+ if (Auth::getAuth()) {
+ $url = $this->urlFor(array('controller' => 'index', 'action' => 'index'));
+ } else {
+ $url = $this->urlFor(array('controller' => 'index', 'action' => 'login'));
+ }
+ header('Location: ' . $url);
+ exit;
+ }
+
$this->menu = $this->getMenu();
$this->theme = isset($this->koward->conf['koward']['theme']) ? $this->koward->conf['koward']['theme'] : 'koward';
public function getPermissionId()
{
- return $this->params['controller'] . ':' . $this->params['action'];
+ return $this->params['controller'] . '/' . $this->params['action'];
}
}
projects / horde.git / commitdiff