Copy handler_get_rigths from module core to module admin. Fix calls to

startSUID to use a User object. Fix auth by cookie.

WARNING: this will be removed from the core later.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/classes/xnetsession.php b/classes/xnetsession.php
index 0ce7438..6f44dbd 100644 (file)
--- a/classes/xnetsession.php
+++ b/classes/xnetsession.php
@@ -122,7 +122,8 @@ class XnetSession extends XorgSession
 
     public function doSelfSuid()
     {
-        if (!$this->startSUID(S::i('uid'))) {
+        $user =& S::user();
+        if (!$this->startSUID($user)) {
             return false;
         }
         S::set('perms', User::makePerms('user'));

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index ccae18f..9dfca1d 100644 (file)
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -108,7 +108,7 @@ class XorgSession extends PlSession
             if (!S::logged()) {
                 S::set('auth', AUTH_COOKIE);
             }
-            return S::i('auth_by_cookie');
+            return User::getSilentWithValues(null, array('user_id' => S::i('auth_by_cookie')));
         }
 
 
@@ -170,12 +170,6 @@ class XorgSession extends PlSession
 
     protected function startSessionAs($user, $level)
     {
-        if (!($user instanceof User)) {
-            $user = User::getSilent($user);
-            if ($user === false) {
-                return false;
-            }
-        }
         if ((!is_null(S::v('user')) && S::i('user') != $user->id())
             || (S::has('uid') && S::i('uid') != $user->id())) {
             return false;

diff --git a/core b/core
index f1c8bb7..0709dd7 160000 (submodule)
--- a/core
+++ b/core
@@ -1 +1 @@
-Subproject commit f1c8bb75eaae934ac2dd1cbd7f8bbc10960413ee
+Subproject commit 0709dd7d7f98df88be921553740e43114fe684f4

diff --git a/modules/admin.php b/modules/admin.php
index 94945cf..501b030 100644 (file)
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -25,6 +25,7 @@ class AdminModule extends PLModule
     {
         return array(
             'phpinfo'                      => $this->make_hook('phpinfo', AUTH_MDP, 'admin'),
+            'get_rights'                   => $this->make_hook('get_rights', AUTH_MDP, 'admin'),
             'admin'                        => $this->make_hook('default', AUTH_MDP, 'admin'),
             'admin/ax-xorg'                => $this->make_hook('ax_xorg', AUTH_MDP, 'admin'),
             'admin/dead-but-active'        => $this->make_hook('dead_but_active', AUTH_MDP, 'admin'),
@@ -57,6 +58,17 @@ class AdminModule extends PLModule
         exit;
     }
 
+    function handler_get_rights(&$page, $level)
+    {
+        if (S::suid()) {
+            $page->kill('Déjà en SUID');
+        }
+        $user =& S::user();
+        Platal::session()->startSUID($user, $level);
+
+        pl_redirect('/');
+    }
+
     function handler_default(&$page)
     {
         $page->changeTpl('admin/index.tpl');
@@ -388,7 +400,7 @@ class AdminModule extends PLModule
         }
 
         if(Env::has('suid_button') && $registered) {
-            if (!Platal::session()->startSUID($user->id())) {
+            if (!Platal::session()->startSUID($user)) {
                 $page->trigError('Impossible d\'effectuer un SUID sur ' . $user->id());
             } else {
                 pl_redirect("");