From 2e919141a3b3687778cd793ed7af291b21740528 Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Fri, 1 May 2009 17:08:16 +0200 Subject: [PATCH] Rough permission system in place. --- koward/lib/Koward.php | 32 ++++++++++++++++++++-------- koward/lib/Koward/Controller/Application.php | 13 ++++++++++- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/koward/lib/Koward.php b/koward/lib/Koward.php index 01d1ac303..0f226aad0 100644 --- a/koward/lib/Koward.php +++ b/koward/lib/Koward.php @@ -10,6 +10,8 @@ class Koward { + const PERM_GET = 1; + /** * The singleton instance. * @@ -36,6 +38,7 @@ class Koward { $this->objects = Horde::loadConfiguration('objects.php', 'objects'); $this->attributes = Horde::loadConfiguration('attributes.php', 'attributes'); $this->labels = Horde::loadConfiguration('labels.php', 'labels'); + $this->perms = Horde::loadConfiguration('perms.php', 'perms'); $this->order = Horde::loadConfiguration('order.php', 'order'); $this->visible = Horde::loadConfiguration('visible.php', 'visible'); $this->search = Horde::loadConfiguration('search.php', 'search'); @@ -208,19 +211,30 @@ class Koward { * here. But for the first draft this would be too much as the permission * system would also require integration with the group system etc. */ - public function hasPermission($permission, $user = null, $perm = null) + public function hasPermission($id, $user = null, $perm = null) { + $global = $this->_hasPermission($this->perms, + $id, $perm); + if ($user === null) { $session = Horde_Kolab_Session::singleton(); - $object = $this->getObject($session->user_uid); - $class_name = get_class($object); + if (!empty($session->user_uid)) { + $user = $this->getObject($session->user_uid); + } } - if (!isset($this->objects[$type]['permission'])) { - return false; + if (empty($user)) { + return $global; } - return $this->_hasPermission($this->objects[$type]['permission'], - $id, $perm); + + if (isset($this->objects[$type]['permission'])) { + $object = $this->_hasPermission($this->objects[$type]['permission'], + $id, $perm); + } else { + return $global; + } + + return $objects || $global; } private function _hasPermission(&$root, $id, $perm) @@ -232,11 +246,11 @@ class Koward { return $perm & $root; } if (is_array($root)) { - list($sub, $id) = explode(':', $id, 2); + list($sub, $path) = explode('/', $id, 2); if (!isset($root[$sub])) { return false; } - return $this->_hasPermission($root[$sub], $id, $perm); + return $this->_hasPermission($root[$sub], $path, $perm); } } diff --git a/koward/lib/Koward/Controller/Application.php b/koward/lib/Koward/Controller/Application.php index c24f60179..96e29e9b1 100644 --- a/koward/lib/Koward/Controller/Application.php +++ b/koward/lib/Koward/Controller/Application.php @@ -29,6 +29,17 @@ class Koward_Controller_Application extends Horde_Controller_Base throw new Koward_Exception('No object types have been configured!'); } + if (!$this->koward->hasPermission($this->getPermissionId(), null, Koward::PERM_GET)) { + $this->koward->notification->push(_("Access denied."), 'horde.error'); + if (Auth::getAuth()) { + $url = $this->urlFor(array('controller' => 'index', 'action' => 'index')); + } else { + $url = $this->urlFor(array('controller' => 'index', 'action' => 'login')); + } + header('Location: ' . $url); + exit; + } + $this->menu = $this->getMenu(); $this->theme = isset($this->koward->conf['koward']['theme']) ? $this->koward->conf['koward']['theme'] : 'koward'; @@ -69,6 +80,6 @@ class Koward_Controller_Application extends Horde_Controller_Base public function getPermissionId() { - return $this->params['controller'] . ':' . $this->params['action']; + return $this->params['controller'] . '/' . $this->params['action']; } } -- 2.11.0