From 72043f26abdcaa1d9db101920a264a9f433b8b09 Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Mon, 4 May 2009 08:07:18 +0200 Subject: [PATCH] Complete the permission handling. --- koward/lib/Koward.php | 43 ++++++----- koward/lib/Koward/Controller/Application.php | 50 ++++++++----- koward/lib/Koward/Controller/ObjectController.php | 88 ++++++++++++++++++++--- koward/lib/Koward/Form/Actions.php | 21 +----- koward/lib/Koward/Form/Object.php | 3 + koward/lib/Koward/View/Object/add.html.php | 4 ++ koward/lib/Koward/View/Object/listall.html.php | 24 ++++--- koward/lib/Koward/View/Object/view.html.php | 4 +- koward/package.xml | 2 + 9 files changed, 166 insertions(+), 73 deletions(-) create mode 100644 koward/lib/Koward/View/Object/add.html.php diff --git a/koward/lib/Koward.php b/koward/lib/Koward.php index 0f226aad0..a0d110c99 100644 --- a/koward/lib/Koward.php +++ b/koward/lib/Koward.php @@ -10,7 +10,10 @@ class Koward { - const PERM_GET = 1; + const PERM_SHOW = 1; + const PERM_READ = 2; + const PERM_EDIT = 4; + const PERM_DELETE = 8; /** * The singleton instance. @@ -206,6 +209,12 @@ class Koward { } } + + public function hasAccess($id, $permission = Koward::PERM_SHOW) + { + return $this->hasPermission($id, null, $permission); + } + /** * In the long run we might wish to use the Horde permission system * here. But for the first draft this would be too much as the permission @@ -217,24 +226,21 @@ class Koward { $id, $perm); if ($user === null) { - $session = Horde_Kolab_Session::singleton(); - if (!empty($session->user_uid)) { - $user = $this->getObject($session->user_uid); + try { + $session = Horde_Kolab_Session::singleton(); + if (!empty($session->user_uid)) { + $user = $this->getObject($session->user_uid); + $type = $this->getType($user); + if (isset($this->objects[$type]['permission'])) { + return $this->_hasPermission($this->objects[$type]['permission'], + $id, $perm); + } + } + } catch (Exception $e) { + Horde::logMessage($e->getMessage(), __FILE__, __LINE__, PEAR_LOG_DEBUG); } } - - if (empty($user)) { - return $global; - } - - if (isset($this->objects[$type]['permission'])) { - $object = $this->_hasPermission($this->objects[$type]['permission'], - $id, $perm); - } else { - return $global; - } - - return $objects || $global; + return $global; } private function _hasPermission(&$root, $id, $perm) @@ -246,6 +252,9 @@ class Koward { return $perm & $root; } if (is_array($root)) { + if (empty($id)) { + return true; + } list($sub, $path) = explode('/', $id, 2); if (!isset($root[$sub])) { return false; diff --git a/koward/lib/Koward/Controller/Application.php b/koward/lib/Koward/Controller/Application.php index 96e29e9b1..0fd97e77d 100644 --- a/koward/lib/Koward/Controller/Application.php +++ b/koward/lib/Koward/Controller/Application.php @@ -29,16 +29,7 @@ class Koward_Controller_Application extends Horde_Controller_Base throw new Koward_Exception('No object types have been configured!'); } - if (!$this->koward->hasPermission($this->getPermissionId(), null, Koward::PERM_GET)) { - $this->koward->notification->push(_("Access denied."), 'horde.error'); - if (Auth::getAuth()) { - $url = $this->urlFor(array('controller' => 'index', 'action' => 'index')); - } else { - $url = $this->urlFor(array('controller' => 'index', 'action' => 'login')); - } - header('Location: ' . $url); - exit; - } + $this->checkAccess(); $this->menu = $this->getMenu(); @@ -58,12 +49,21 @@ class Koward_Controller_Application extends Horde_Controller_Base require_once 'Horde/Menu.php'; $menu = new Menu(); - $menu->add($this->urlFor(array('controller' => 'object', 'action' => 'listall')), - _("_Objects"), 'user.png', $registry->getImageDir('horde')); - $menu->add($this->urlFor(array('controller' => 'object', 'action' => 'edit')), - _("_Add"), 'plus.png', $registry->getImageDir('horde')); - $menu->add($this->urlFor(array('controller' => 'object', 'action' => 'search')), - _("_Search"), 'search.png', $registry->getImageDir('horde')); + if ($this->koward->hasAccess('object/listall')) { + $menu->add($this->urlFor(array('controller' => 'object', 'action' => 'listall')), + _("_Objects"), 'user.png', $registry->getImageDir('horde')); + } + + if ($this->koward->hasAccess('object/add', Koward::PERM_EDIT)) { + $menu->add($this->urlFor(array('controller' => 'object', 'action' => 'add')), + _("_Add"), 'plus.png', $registry->getImageDir('horde')); + } + + if ($this->koward->hasAccess('object/search')) { + $menu->add($this->urlFor(array('controller' => 'object', 'action' => 'search')), + _("_Search"), 'search.png', $registry->getImageDir('horde')); + } + if (!empty($this->koward->conf['koward']['menu']['queries'])) { $menu->add(Horde::applicationUrl('Queries'), _("_Queries"), 'query.png', $registry->getImageDir('koward')); } @@ -82,4 +82,22 @@ class Koward_Controller_Application extends Horde_Controller_Base { return $this->params['controller'] . '/' . $this->params['action']; } + + public function checkAccess($id = null, $permission = Koward::PERM_SHOW) + { + if ($id === null) { + $id = $this->getPermissionId(); + } + + if (!$this->koward->hasAccess($id, $permission)) { + $this->koward->notification->push(_("Access denied."), 'horde.error'); + if (Auth::getAuth()) { + $url = $this->urlFor(array('controller' => 'index', 'action' => 'index')); + } else { + $url = $this->urlFor(array('controller' => 'index', 'action' => 'login')); + } + header('Location: ' . $url); + exit; + } + } } diff --git a/koward/lib/Koward/Controller/ObjectController.php b/koward/lib/Koward/Controller/ObjectController.php index 1157b1714..ef3b5852e 100644 --- a/koward/lib/Koward/Controller/ObjectController.php +++ b/koward/lib/Koward/Controller/ObjectController.php @@ -23,6 +23,13 @@ class ObjectController extends Koward_Controller_Application $this->object_type = $this->params->get('id', $this->types[0]); + $this->checkAccess($this->getPermissionId() . '/' . $this->object_type); + + $this->allowEdit = $this->koward->hasAccess('object/edit/' . $this->object_type, + Koward::PERM_EDIT); + $this->allowDelete = $this->koward->hasAccess('object/delete/' . $this->object_type, + Koward::PERM_DELETE); + if (isset($this->koward->objects[$this->object_type]['list_attributes'])) { $this->attributes = $this->koward->objects[$this->object_type]['list_attributes']; } else if (isset($this->koward->objects[$this->object_type]['attributes']['fields'])) { @@ -54,15 +61,20 @@ class ObjectController extends Koward_Controller_Application _("Delete")) . Horde::img('delete.png', _("Delete"), '', $GLOBALS['registry']->getImageDir('horde')) . ''; - $this->objectlist[$uid]['view_url'] = Horde::link( - $this->urlFor(array('controller' => 'object', - 'action' => 'view', - 'id' => $uid)), _("View")); + if ($this->koward->hasAccess('object/view/' . $this->object_type, Koward::PERM_READ)) { + $this->objectlist[$uid]['view_url'] = Horde::link( + $this->urlFor(array('controller' => 'object', + 'action' => 'view', + 'id' => $uid)), _("View")); + } } } $this->tabs = new Horde_UI_Tabs(null, Variables::getDefaultVariables()); foreach ($this->koward->objects as $key => $configuration) { + if (!$this->koward->hasAccess($this->getPermissionId() . '/' . $key)) { + continue; + } $this->tabs->addTab($configuration['list_label'], $this->urlFor(array('controller' => 'object', 'action' => 'listall', @@ -81,6 +93,10 @@ class ObjectController extends Koward_Controller_Application 'horde.error'); } else { $this->object = $this->koward->getObject($this->params->id); + + $this->checkAccess($this->getPermissionId() . '/' . $this->koward->getType($this->object), + Koward::PERM_DELETE); + $this->submit_url = $this->urlFor(array('controller' => 'object', 'action' => 'delete', 'id' => $this->params->id, @@ -127,10 +143,29 @@ class ObjectController extends Koward_Controller_Application $this->object = $this->koward->getObject($this->params->id); + $this->object_type = $this->koward->getType($this->object); + + $this->checkAccess($this->getPermissionId() . '/' . $this->object_type, + Koward::PERM_READ); + + $this->allowEdit = $this->koward->hasAccess('object/edit/' . $this->object_type, + Koward::PERM_EDIT); + $actions = $this->object->getActions(); if (!empty($actions)) { + $buttons = array(); + foreach ($actions as $action) { + if (isset($this->koward->objects[$this->object_type]['actions'][$action]) + && $this->koward->hasAccess('object/action/' . $this->object_type . '/' . $action, + Koward::PERM_EDIT)) { + $buttons[] = $this->koward->objects[$this->object_type]['actions'][$action]; + } + } + } + + if (!empty($buttons)) { try { - $this->actions = new Koward_Form_Actions($this->object); + $this->actions = new Koward_Form_Actions($buttons); $this->post = $this->urlFor(array('controller' => 'object', 'action' => 'view', @@ -169,15 +204,46 @@ class ObjectController extends Koward_Controller_Application $this->render(); } + public function add() + { + $this->object = null; + + require_once 'Horde/Util.php'; + $type = Util::getFormData('type'); + + if (!empty($type)) { + $this->checkAccess($this->getPermissionId() . '/' . $type, + Koward::PERM_EDIT); + } else { + $this->checkAccess($this->getPermissionId(), + Koward::PERM_EDIT); + } + + $this->_edit(); + } + public function edit() { - try { - if (empty($this->params->id)) { - $this->object = null; - } else { + if (empty($this->params->id)) { + $this->koward->notification->push(_("The object that should be viewed has not been specified."), + 'horde.error'); + } else { + try { $this->object = $this->koward->getObject($this->params->id); + } catch (Exception $e) { + $this->koward->notification->push($e->getMessage(), 'horde.error'); } + $this->checkAccess($this->getPermissionId() . '/' . $this->koward->getType($this->object), + Koward::PERM_EDIT); + + $this->_edit(); + } + } + + private function _edit() + { + try { require_once 'Horde/Variables.php'; $this->vars = Variables::getDefaultVariables(); foreach ($this->params as $key => $value) { @@ -205,8 +271,8 @@ class ObjectController extends Koward_Controller_Application $this->koward->notification->push($e->getMessage(), 'horde.error'); } - $this->post = $this->urlFor(array('controller' => 'object', - 'action' => 'edit', + $this->post = $this->urlFor(array('controller' => $this->params['controller'], + 'action' => $this->params['action'], 'id' => $this->params->id)); $this->render(); diff --git a/koward/lib/Koward/Form/Actions.php b/koward/lib/Koward/Form/Actions.php index 2dadc8b42..69db861f0 100644 --- a/koward/lib/Koward/Form/Actions.php +++ b/koward/lib/Koward/Form/Actions.php @@ -15,33 +15,14 @@ class Koward_Form_Actions extends Horde_Form { */ protected $koward; - public function __construct(&$object) + public function __construct($buttons) { $this->koward = &Koward::singleton(); - $this->object = &$object; - parent::Horde_Form(Variables::getDefaultVariables()); $this->setTitle(_("Object actions")); - $class_name = get_class($this->object); - foreach ($this->koward->objects as $name => $config) { - if ($config['class'] == $class_name) { - $this->type = $name; - if (!empty($config['preferred'])) { - break; - } - } - } - - $buttons = array(); - foreach ($this->object->getActions() as $action) { - if (isset($this->koward->objects[$this->type]['actions'][$action])) { - $buttons[] = $this->koward->objects[$this->type]['actions'][$action]; - } - } - if (!empty($buttons)) { $this->setButtons($buttons); } diff --git a/koward/lib/Koward/Form/Object.php b/koward/lib/Koward/Form/Object.php index 5eb7ddbc7..dc8001700 100644 --- a/koward/lib/Koward/Form/Object.php +++ b/koward/lib/Koward/Form/Object.php @@ -30,6 +30,9 @@ class Koward_Form_Object extends Horde_Form { $this->setButtons(_("Add")); foreach ($this->koward->objects as $key => $config) { + if (!$this->koward->hasAccess('object/add/' . $key, Koward::PERM_EDIT)) { + continue; + } $options[$key] = $config['label']; } diff --git a/koward/lib/Koward/View/Object/add.html.php b/koward/lib/Koward/View/Object/add.html.php new file mode 100644 index 000000000..5185924e7 --- /dev/null +++ b/koward/lib/Koward/View/Object/add.html.php @@ -0,0 +1,4 @@ +renderPartial('header'); ?> +renderPartial('menu'); ?> +form->renderActive(new Horde_Form_Renderer(), $this->vars, + $this->post, 'post'); ?> \ No newline at end of file diff --git a/koward/lib/Koward/View/Object/listall.html.php b/koward/lib/Koward/View/Object/listall.html.php index a790967fd..724ac0a5e 100644 --- a/koward/lib/Koward/View/Object/listall.html.php +++ b/koward/lib/Koward/View/Object/listall.html.php @@ -8,8 +8,12 @@ - - + allowEdit): ?> + + + allowDelete): ?> + + attributes as $attribute => $info): ?> @@ -18,12 +22,16 @@ objectlist as $dn => $info): ?> - - + allowEdit): ?> + + + allowDelete): ?> + + attributes as $attribute => $ainfo): ?>
getImageDir('horde')) ?>getImageDir('horde')) ?>getImageDir('horde')) ?>getImageDir('horde')) ?>
- - - - + + + + diff --git a/koward/lib/Koward/View/Object/view.html.php b/koward/lib/Koward/View/Object/view.html.php index b9da7d298..282be9606 100644 --- a/koward/lib/Koward/View/Object/view.html.php +++ b/koward/lib/Koward/View/Object/view.html.php @@ -9,5 +9,7 @@ if (isset($this->actions)) { if (isset($this->form)) { echo $this->form->renderInactive(new Horde_Form_Renderer(), $this->vars); - echo $this->edit; + if ($this->allowEdit) { + echo $this->edit; + } } diff --git a/koward/package.xml b/koward/package.xml index 89cdc5628..a9241c6ab 100644 --- a/koward/package.xml +++ b/koward/package.xml @@ -82,6 +82,7 @@ http://pear.php.net/dtd/package-2.0.xsd"> + @@ -305,6 +306,7 @@ http://pear.php.net/dtd/package-2.0.xsd"> + -- 2.11.0