Remove my old and ugly hack to check permissions and set up a new flexible way to...

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1548 839d8a87-29fc-0310-9880-83ba4fa771e5

diff --git a/classes/flagset.php b/classes/flagset.php
index 7fe89b6..d06115f 100644 (file)
--- a/classes/flagset.php
+++ b/classes/flagset.php
@@ -44,7 +44,7 @@ class Flagset
      * @param $flag XXX
      * @return VOID
      */
-    public function addflag($flag) 
+    public function addFlag($flag) 
     {
         if (!$flag) return;
         if (!$this->hasflag($flag)) {
@@ -59,7 +59,7 @@ class Flagset
      * @param $flag XXX
      * @return 1 || 0
      */
-    public function hasflag($flag) 
+    public function hasFlag($flag) 
     {
         $tok = strtok($this->value,$this->sep);
         while ($tok) {
@@ -74,7 +74,7 @@ class Flagset
      * @param $flag XXX
      * @return VOID
      */
-    public function rmflag($flag) 
+    public function rmFlag($flag) 
     {
         if (!$flag) return;
         $newvalue = "";
@@ -90,6 +90,12 @@ class Flagset
         $this->value=$newvalue;
     }
 
+    /** return the flagset
+     */
+    public function flags()
+    {
+        return $this->value;
+    }
 } 
 
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:

diff --git a/classes/platal.php b/classes/platal.php
index 5716199..cdfb3cb 100644 (file)
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -175,6 +175,31 @@ class Platal
         return null;
     }
 
+    protected function check_perms($perms)
+    {
+        if (!$perms) { // No perms, no check
+            return true;
+        }
+        $s_perms = S::v('perms');
+
+        // hook perms syntax is
+        $perms = explode(',', $perms);
+        foreach ($perms as $perm)
+        {
+            $ok = true;
+            $rights = explode(':', $perm);
+            foreach ($rights as $right) {
+                if (($right{0} == '!' && $s_perms->hasFlag(substr($right, 1))) || !$s_perms->hasFlag($right)) {
+                    $ok = false;
+                }
+            }
+            if ($ok) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private function call_hook(PlatalPage &$page)
     {
         $hook = $this->find_hook();
@@ -196,8 +221,7 @@ class Platal
                 return PL_FORBIDDEN;
             }
         }
-
-        if (!empty($hook['perms']) && $hook['perms'] != S::v('perms')) {
+        if ($hook['auth'] != AUTH_PUBLIC && !$this->check_perms($hook['perms'])) {
             return PL_FORBIDDEN;
         }
 

diff --git a/classes/plmodule.php b/classes/plmodule.php
index 8a5e6ca..4cd113c 100644 (file)
--- a/classes/plmodule.php
+++ b/classes/plmodule.php
@@ -19,11 +19,25 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
-class PLModule
+abstract class PLModule
 {
-    function handlers()     { die("implement me"); }
+    abstract function handlers();
 
-    public function make_hook($fun, $auth, $perms = '', $type = DO_AUTH)
+    /** Register a hook
+     * @param fun name of the handler (the exact name will be handler_$fun)
+     * @param auth authentification level of needed to run this handler
+     * @param perms permission required to run this handler
+     * @param type additionnal flags
+     *
+     * Perms syntax is the following:
+     * perms = rights(,rights)*
+     * rights = right(:right)*
+     * right is an atomic right permission (like 'admin', 'user', 'groupadmin', 'groupmember'...)
+     *
+     * If type is set to NO_AUTH, the system will return 403 instead of asking auth data
+     * this is useful for Ajax handlers
+     */
+    public function make_hook($fun, $auth, $perms = 'user', $type = DO_AUTH)
     {
         return array('hook'  => array($this, 'handler_'.$fun),
                      'auth'  => $auth,

diff --git a/classes/session.php b/classes/session.php
index 004066e..a06662b 100644 (file)
--- a/classes/session.php
+++ b/classes/session.php
@@ -58,7 +58,7 @@ class Session
 
     public static function has_perms()
     {
-        return Session::logged() && Session::v('perms') == PERMS_ADMIN;
+        return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
     }
 
     public static function logged()

diff --git a/include/xnet/session.inc.php b/include/xnet/session.inc.php
index de75d23..d798261 100644 (file)
--- a/include/xnet/session.inc.php
+++ b/include/xnet/session.inc.php
@@ -41,6 +41,20 @@ class XnetSession
             $url .= "&url=".urlencode($returl);
             $_SESSION['loginX'] = $url;
         }
+
+        if (S::logged() && $globals->asso()) {
+            $perms = S::v('perms');
+            $perms->rmFlag('groupadmin');
+            $perms->rmFlag('groupmember');
+            if (may_update()) {
+                $perms->addFlag('groupadmin');
+                $perms->addFlag('groupmember');
+            }
+            if (is_member()) {
+                $perms->addFlag('groupmember');
+            }
+            $_SESSION['perms'] = $perms;
+        }
     }
 
     // }}}
@@ -81,7 +95,8 @@ class XnetSession
     // }}}
     // {{{ doAuthX
 
-    public static function doAuthX() {
+    public static function doAuthX() 
+    {
         global $globals, $page;
 
         if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
@@ -99,6 +114,8 @@ class XnetSession
              LIMIT  1", Get::i('uid'));
         $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
         $_SESSION['auth'] = AUTH_MDP;
+        require_once 'xorg/session.inc.php';
+        $_SESSION['perms'] =& XorgSession::make_perms(S::v('perms'));
         S::kill('challenge');
         S::kill('loginX');
         S::kill('may_update');
@@ -125,7 +142,8 @@ class XnetSession
         if (!S::has('suid')) {
             $_SESSION['suid'] = $_SESSION;
         }
-        $_SESSION['perms'] = 'user';
+        require_once 'xorg/session.inc.php';
+        $_SESSION['perms'] =& XorgSession::make_perms('user');
     }
 
     // }}}

diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php
index 2681c2c..c6ea8e4 100644 (file)
--- a/include/xorg/session.inc.php
+++ b/include/xorg/session.inc.php
@@ -158,6 +158,7 @@ class XorgSession
      * @param page the calling page (by reference)
      */
     public static function doAuthCookie()
+        
     {
         if (S::logged()) {
             return true;
@@ -175,6 +176,22 @@ class XorgSession
     }
 
     // }}}
+    // {{{ public static function make_perms()
+
+    public static function &make_perms($perm)
+    {
+        $flags = new FlagSet();
+        if ($perm == 'disabled' || $perm == 'ext') {
+            return $flags;
+        }
+        $flags->addFlag(PERMS_USER);
+        if ($perm == 'admin') {
+            $flags->addFlag(PERMS_ADMIN);
+        }
+        return $flags;
+    }
+
+    // }}}
 }
 
 // {{{ function try_cookie()
@@ -250,6 +267,7 @@ function start_connexion ($uid, $identified)
     $_SESSION         = array_merge($_SESSION, $sess);
     $_SESSION['log']  = $logger;
     $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
+    $_SESSION['perms'] =& XorgSession::make_perms($_SESSION['perms']);
     $mail_subject = null;
     if (check_account()) {
         $mail_subject = "Connexion d'un utilisateur surveillé";

diff --git a/modules/core.php b/modules/core.php
index 3354449..2165d27 100644 (file)
--- a/modules/core.php
+++ b/modules/core.php
@@ -101,7 +101,7 @@ class CoreModule extends PLModule
             $_SESSION['log']->log("suid_start", "login by ".S::v('forlife'));
         }    
         $_SESSION['suid'] = $_SESSION;
-        $_SESSION['perms'] = $level;
+        $_SESSION['perms'] =& XorgSession::make_perms($level);
 
         pl_redirect('/');
     }

diff --git a/templates/events/index.tpl b/templates/events/index.tpl
index 7e64ba8..06de324 100644 (file)
--- a/templates/events/index.tpl
+++ b/templates/events/index.tpl
@@ -175,7 +175,7 @@ Bienvenue {$smarty.session.prenom}
           {/if}
         </div>
         <div style="float:right">
-          {if $smarty.session.perms eq 'admin'}
+          {if $smarty.session.perms->hasFlag('admin')}
           <a href="admin/events/edit/{$ev.id}">{icon name=page_edit title="Editer cet article"}</a>
           {/if}
           <a href="events/read/{$ev.id}{if $previd}/newsid{$previd}{/if}" onclick="return readEvent('{$ev.id}')">{icon name=cross title="Cacher cet article"}</a>

diff --git a/templates/include/minifiche.tpl b/templates/include/minifiche.tpl
index f1b8ddd..371026a 100644 (file)
--- a/templates/include/minifiche.tpl
+++ b/templates/include/minifiche.tpl
@@ -73,7 +73,7 @@
     {/if}
     {/if}
 
-    {if $smarty.session.perms eq admin}
+    {if $smarty.session.perms->hasFlag('admin')}
       [{if !$c.wasinscrit && !$c.dcd}
         <a href="marketing/private/{$c.user_id}">{*
           *}{icon name=email title="marketter user"}</a>

diff --git a/templates/include/trombi.tpl b/templates/include/trombi.tpl
index 83192b9..fcea502 100644 (file)
--- a/templates/include/trombi.tpl
+++ b/templates/include/trombi.tpl
@@ -31,7 +31,7 @@
       <a href="{if $urlmainsite}{$urlmainsite}{/if}profile/{$p.forlife}" class="popup2">
         <img src="{$globals->baseurl}/photo/{$p.forlife}" width="110" alt=" [ PHOTO ] " />
       </a>
-      {if $trombi_admin && $smarty.session.perms eq 'admin' && !$urlmainsite}
+      {if $trombi_admin && $smarty.session.perms->hasFlag('admin') && !$urlmainsite}
       <a href="admin/trombino/{$p.user_id}">
         {icon name=wrench title="[admin]"}</a>
       {/if}

diff --git a/templates/lists/header_listes.tpl b/templates/lists/header_listes.tpl
index 708534b..695879b 100644 (file)
--- a/templates/lists/header_listes.tpl
+++ b/templates/lists/header_listes.tpl
@@ -46,7 +46,7 @@
       {/if}
     </td>
   </tr>
-  {if $details.own || $smarty.session.perms eq admin || ($it_is_xnet && $is_admin)}
+  {if $details.own || $smarty.session.perms->hasFlag('admin') || $smarty.session.perms->hasFlag('groupadmin')}
   <tr>
     <td><strong>Administrer la liste :</strong></td>
     <td>
@@ -73,7 +73,7 @@
     </td>
   </tr>
   {/if}
-  {if $smarty.session.perms eq admin || ($it_is_xnet && $is_admin)}
+  {if $smarty.session.perms->hasFlag('admin') || $smarty.session.perms->hasFlag('groupadmin')}
 
   <tr>
     <td><strong>Administrer (avancé) :</strong></td>

diff --git a/templates/newsletter/show.tpl b/templates/newsletter/show.tpl
index e3df5df..3cf0ce9 100644 (file)
--- a/templates/newsletter/show.tpl
+++ b/templates/newsletter/show.tpl
@@ -31,7 +31,7 @@
 {else}
 [<a href='nl/show/{$nl->id()}?text=1'>version Texte</a>]
 {/if}
-{if $smarty.session.perms eq admin}
+{if $smarty.session.perms->hasFlag('admin')}
 [<a href='admin/newsletter/edit/{$nl->id()}'>Editer</a>]
 {/if}
 </p>

diff --git a/templates/profile/profile.tpl b/templates/profile/profile.tpl
index 1b49918..2d62265 100644 (file)
--- a/templates/profile/profile.tpl
+++ b/templates/profile/profile.tpl
@@ -60,7 +60,7 @@ function chgMainWinLoc(strPage) {
         <a href="javascript:chgMainWinLoc('carnet/contacts?action=retirer&amp;user={$x.forlife}')">
           {icon name=cross title="Retirer de mes contacts"}</a>
         {/if}
-        {if $smarty.session.perms eq admin}
+        {if $smarty.session.perms->hasFlag('admin')}
         <a href="javascript:chgMainWinLoc('admin/user/{$x.forlife}')">
           {icon name=wrench title="administrer user"}</a>
         {/if}

diff --git a/templates/skin/common.menu.tpl b/templates/skin/common.menu.tpl
index 4965e51..0209b25 100644 (file)
--- a/templates/skin/common.menu.tpl
+++ b/templates/skin/common.menu.tpl
@@ -74,7 +74,7 @@
 <div class="menu_item"><a href="Xorg/NousContacter">Nous contacter</a></div>
 <div class="menu_item"><a href="send_bug" class="popup2">Signaler un bug</a></div>
 
-{if $smarty.session.perms eq admin}
+{if $smarty.session.perms->hasFlag('admin')}
 <div class="menu_title">***</div>
 <div class="menu_item"><a href="marketing">Marketing</a></div>
 <div class="menu_item"><a href="admin/">Administration</a></div>

diff --git a/templates/skin/default.tpl b/templates/skin/default.tpl
index f98f53f..f0496bf 100644 (file)
--- a/templates/skin/default.tpl
+++ b/templates/skin/default.tpl
@@ -33,7 +33,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/espace.tpl b/templates/skin/espace.tpl
index 8754b82..a81f38e 100644 (file)
--- a/templates/skin/espace.tpl
+++ b/templates/skin/espace.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/humlinux.tpl b/templates/skin/humlinux.tpl
index eb0bcda..5ae3ce3 100644 (file)
--- a/templates/skin/humlinux.tpl
+++ b/templates/skin/humlinux.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/keynote.tpl b/templates/skin/keynote.tpl
index 24f8613..35bffa9 100644 (file)
--- a/templates/skin/keynote.tpl
+++ b/templates/skin/keynote.tpl
@@ -33,7 +33,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/linux.tpl b/templates/skin/linux.tpl
index ea20999..319307c 100644 (file)
--- a/templates/skin/linux.tpl
+++ b/templates/skin/linux.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/liteskin.tpl b/templates/skin/liteskin.tpl
index 028740b..c4d671a 100644 (file)
--- a/templates/skin/liteskin.tpl
+++ b/templates/skin/liteskin.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/nbviolet.tpl b/templates/skin/nbviolet.tpl
index b1f4114..13290bf 100644 (file)
--- a/templates/skin/nbviolet.tpl
+++ b/templates/skin/nbviolet.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/newxorg.tpl b/templates/skin/newxorg.tpl
index b5d432e..e81232c 100644 (file)
--- a/templates/skin/newxorg.tpl
+++ b/templates/skin/newxorg.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/register.tpl b/templates/skin/register.tpl
index 3c99e2b..7ec1859 100644 (file)
--- a/templates/skin/register.tpl
+++ b/templates/skin/register.tpl
@@ -33,7 +33,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/spectral.tpl b/templates/skin/spectral.tpl
index 1277076..cad2865 100644 (file)
--- a/templates/skin/spectral.tpl
+++ b/templates/skin/spectral.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/skin/trapped.tpl b/templates/skin/trapped.tpl
index 7a2ba5e..2c1d2d9 100644 (file)
--- a/templates/skin/trapped.tpl
+++ b/templates/skin/trapped.tpl
@@ -34,7 +34,7 @@
     {if $smarty.session.suid}
     <div id="suid">
       <a href="exit">
-        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms})
+        Quitter le SU sur {$smarty.session.forlife} ({$smarty.session.perms->flags()})
       </a>
     </div>
     {/if}

diff --git a/templates/xnet/skin.tpl b/templates/xnet/skin.tpl
index f68bf83..fba4654 100644 (file)
--- a/templates/xnet/skin.tpl
+++ b/templates/xnet/skin.tpl
@@ -132,10 +132,10 @@
               <div style="display: inline">
                 <small>voir le site en tant que...
                 <select name="right" onchange="this.form.submit()">
-                  {if $smarty.session.perms eq 'admin' || $smarty.session.suid.perms eq 'admin'}
-                  <option value="admin" {if $smarty.session.perms eq 'admin'}selected="selected"{/if}>Administrateur</option>
+                  {if $smarty.session.perms->hasFlag('admin') || $smarty.session.suid.perms->hasFlag('admin')}
+                  <option value="admin" {if $smarty.session.perms->hasFlag('admin')}selected="selected"{/if}>Administrateur</option>
                   {/if}
-                  <option value="anim" {if $is_admin && $smarty.session.perms neq 'admin'}selected="selected"{/if}>Animateur</option>
+                  <option value="anim" {if $is_admin && !$smarty.session.perms->hasFlag('admin')}selected="selected"{/if}>Animateur</option>
                   <option value="member" {if !$is_admin && $is_member}selected="selected"{/if}>Membre</option>
                   <option value="logged" {if !$is_admin && !$is_member}selected="selected"{/if}>Non-membre</option>
                 </select>
@@ -211,7 +211,7 @@
               {/if}
             </td>
             <td class="right" style="vertical-align: middle">
-              {if $smarty.session.perms eq admin}
+              {if $smarty.session.perms->hasFlag('admin')}
               <a href="admin" title="Administration des groupes">
                 Gérer les groupes
                 {icon name=wrench title="Administration"}