X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxnetsession.php;h=b7a8c1fcf734000cce971f39bb5338982499054d;hb=bfe9f4c752e8889ab5a269bddd27ea43b31d567e;hp=f6427804d5ad934d5cf198a03a8948f4ec0a3310;hpb=e5539fd7d9aa7dae6151ec0636c8efdf65ee1c47;p=platal.git diff --git a/classes/xnetsession.php b/classes/xnetsession.php index f642780..b7a8c1f 100644 --- a/classes/xnetsession.php +++ b/classes/xnetsession.php @@ -1,6 +1,6 @@ start(AUTH_MDP)) { + if (!$this->start(AUTH_PASSWD)) { return false; } } global $globals; - if (!S::logged()) { + if (!S::logged() && $globals->xnet->auth_baseurl) { // prevent connection to be linked to disconnection if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false) $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i); else $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}"; - $url = "https://www.polytechnique.org/auth-groupex"; + $url = $globals->xnet->auth_baseurl; $url .= "?session=" . session_id(); $url .= "&challenge=" . S::v('challenge'); $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret); @@ -77,7 +77,7 @@ class XnetSession extends XorgSession protected function doAuth($level) { - if (S::identified()) { // ok, c'est bon, on n'a rien à faire + if (S::identified()) { // Nothing to do there return User::getSilentWithValues(null, array('uid' => S::i('uid'))); } if (!Get::has('auth')) { @@ -88,26 +88,35 @@ class XnetSession extends XorgSession return null; } Get::kill('auth'); - S::set('auth', AUTH_MDP); + S::set('auth', AUTH_PASSWD); return User::getSilentWithValues(null, array('uid' => Get::i('uid'))); } protected function startSessionAs($user, $level) { + // The user must have 'groups' permission to access X.net + if (!$user->checkPerms('groups')) { + return false; + } + if ($level == AUTH_SUID) { - S::set('auth', AUTH_MDP); + S::set('auth', AUTH_PASSWD); } - $res = XDB::query("SELECT a.uid, a.hruid, a.display_name, a.full_name, - a.sex = 'female' AS femme, - a.email_format, a.token, - at.perms, a.is_admin - FROM accounts AS a - INNER JOIN account_types AS at ON (at.type = a.type) - WHERE a.uid = {?} AND a.state = 'active' - LIMIT 1", $user->id()); - $sess = $res->fetchOneAssoc(); - $_SESSION = array_merge($_SESSION, $sess); - $this->makePerms(S::s('perms'), S::b('is_admin')); + + S::set('uid', $user->uid); + S::set('hruid', $user->hruid); + + // XXX: Transition code, should not be in session anymore + S::set('display_name', $user->display_name); + S::set('full_name', $user->full_name); + S::set('femme', $user->isFemale()); + S::set('email_format', $user->email_format); + S::set('token', $user->token); + S::set('perms', $user->perms); + S::set('is_admin', $user->is_admin); + + // Add the 'user' perms to the user. + $this->makePerms($user->perms . ',' . PERMS_USER, $user->is_admin); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); @@ -128,7 +137,7 @@ class XnetSession extends XorgSession if (!$this->startSUID($user)) { return false; } - S::set('perms', User::makePerms('user')); + S::set('perms', User::makePerms(PERMS_USER . ",groups")); return true; }