* Reimplement tokenAuth using the User object.
* Move (Xorg|Xnet)Session::makePerms in the User class.
* perms is a MainField.
Still remain the PlWikiPage::prepareFeed() to port the this new scheme.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
// Implementation of the data loader.
protected function loadMainFields()
{
- if ($this->hruid != null && $this->forlife != null &&
- $this->bestalias != null && $this->display_name != null &&
- $this->full_name != null && $this->promo != NULL) {
+ if ($this->hruid !== null && $this->forlife !== null &&
+ $this->bestalias !== null && $this->display_name !== null &&
+ $this->full_name !== null && $this->promo !== null && $this->perms !== null) {
return;
}
CONCAT(af.alias, '@{$globals->mail->domain}') AS forlife,
CONCAT(ab.alias, '@{$globals->mail->domain}') AS bestalias,
CONCAT(u.prenom, ' ', u.nom) AS full_name,
- IF(u.prenom != '', u.prenom, u.nom) AS display_name
+ IF(u.prenom != '', u.prenom, u.nom) AS display_name,
+ u.perms
FROM auth_user_md5 AS u
LEFT JOIN aliases AS af ON (af.id = u.user_id AND af.type = 'a_vie')
LEFT JOIN aliases AS ab ON (ab.id = u.user_id AND FIND_IN_SET('bestalias', ab.flags))
parent::fillFromArray($values);
}
+ // Specialization of the buildPerms method
+ // This function build 'generic' permissions for the user. It does not take
+ // into account page specific permissions (e.g X.net group permissions)
+ protected function buildPerms()
+ {
+ if (!is_null($this->perm_flags)) {
+ return;
+ }
+ if ($this->perms === null) {
+ $this->loadMainFields();
+ }
+ $this->perm_flags = self::makePerms($this->perms);
+ }
+
+ // Return permission flags for a given permission level.
+ public static function makePerms($perms)
+ {
+ $flags = new PlFlagSet();
+ if (is_null($flags) || $perms == 'disabled' || $perms == 'ext') {
+ return $flags;
+ }
+ $flags->addFlag(PERMS_USER);
+ if ($perms == 'admin') {
+ $flags->addFlag(PERMS_ADMIN);
+ }
+ return $flags;
+ }
+
// Implementation of the default user callback.
public static function _default_user_callback($login, $results)
{
$perms = $sess['perms'];
unset($sess['perms']);
$_SESSION = array_merge($_SESSION, $sess);
- $this->makePerms($perms);
+ S::set('perms', User::makePerms($perms));
S::kill('challenge');
S::kill('loginX');
S::kill('may_update');
public function tokenAuth($login, $token)
{
- // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
- // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
- // be able to return a simple 'PlUser' object here without trying to alterate the
- // session.
- $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
+ $res = XDB::query('SELECT u.hruid
FROM aliases AS a
INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login);
if ($res->numRows() == 1) {
- $sess = $res->fetchOneAssoc();
- if (!S::has('uid')) {
- $_SESSION = $sess;
- $this->makePerms($sess['perms']);
- return S::i('uid');
- } else if (S::i('uid') == $sess['uid']) {
- return S::i('uid');
- } else {
- Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
- }
+ $data = $res->fetchOneAssoc();
+ return new User($res->fetchOneCell());
}
return null;
}
if (!$this->startSUID(S::i('uid'))) {
return false;
}
- $this->makePerms('user');
+ S::set('perms', User::makePerms('user'));
return true;
}
return true;
}
- public function makePerms($perm)
- {
- $flags = new PlFlagSet();
- if ($perm == 'disabled' || $perm == 'ext') {
- S::set('perms', $flags);
- S::set('perms_backup', $flags);
- return;
- }
- $flags->addFlag(PERMS_USER);
- if ($perm == 'admin') {
- $flags->addFlag(PERMS_ADMIN);
- }
- S::set('perms', $flags);
- S::set('perms_backup', $flags);
- }
-
public function sureLevel()
{
return AUTH_MDP;
}
// Finalizes the session setup.
- $this->makePerms($perms);
+ S::set('perms', User::makePerms($perms));
$this->securityChecks();
$this->setSkin();
$this->updateNbNotifs();
public function tokenAuth($login, $token)
{
- // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
- // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
- // be able to return a simple 'PlUser' object here without trying to alterate the
- // session.
- $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
+ $res = XDB::query('SELECT u.hruid
FROM aliases AS a
INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login);
if ($res->numRows() == 1) {
- $sess = $res->fetchOneAssoc();
- if (!S::has('uid')) {
- $_SESSION = $sess;
- $this->makePerms($sess['perms']);
- return S::i('uid');
- } else if (S::i('uid') == $sess['uid']) {
- return S::i('uid');
- } else {
- Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
- }
+ $data = $res->fetchOneAssoc();
+ return new User($data['hruid'], $data);
}
return null;
}
- public function makePerms($perm)
- {
- $flags = new PlFlagSet();
- if ($perm == 'disabled' || $perm == 'ext') {
- S::set('perms', $flags);
- S::set('perms_backup', $flags);
- return;
- }
- $flags->addFlag(PERMS_USER);
- if ($perm == 'admin') {
- $flags->addFlag(PERMS_ADMIN);
- }
- S::set('perms', $flags);
- S::set('perms_backup', $flags);
- }
-
public function setSkin()
{
global $globals;
-Subproject commit 380e2a5ab0f7c9edbf73c76259cb0c38119e53af
+Subproject commit f8b161ad3b2bd9aa5f176328fe9f2ee1b6ca9ee9
{
$page =& Platal::page();
$page->changeTpl($template, NO_SKIN);
- $uid = Platal::session()->tokenAuth($alias, $hash);
- if (empty($uid)) {
+ $user = Platal::session()->tokenAuth($alias, $hash);
+ if (is_null($user)) {
if ($require_uid) {
exit;
} else {
- $uid = null;
+ $user = null;
}
}
$page->assign('rss_hash', $hash);
header('Content-Type: application/rss+xml; charset=utf8');
}
- return $uid;
+ return is_null($user) ? null : $user->id();
}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
projects / platal.git / commitdiff