From: Florent Bruneau Date: Sun, 27 Jul 2008 21:45:03 +0000 (+0200) Subject: Permission checks in the User object. X-Git-Tag: xorg/0.10.0~86^2~50 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=50d5ec0b4116030114b1c9d9dcde980524f3a028;hp=a8b4ccb6c163277c49fb92427a7bb4ace8469660;p=platal.git Permission checks in the User object. * Reimplement tokenAuth using the User object. * Move (Xorg|Xnet)Session::makePerms in the User class. * perms is a MainField. Still remain the PlWikiPage::prepareFeed() to port the this new scheme. Signed-off-by: Florent Bruneau --- diff --git a/classes/user.php b/classes/user.php index b99b2dd..a6da9bc 100644 --- a/classes/user.php +++ b/classes/user.php @@ -109,9 +109,9 @@ class User extends PlUser // Implementation of the data loader. protected function loadMainFields() { - if ($this->hruid != null && $this->forlife != null && - $this->bestalias != null && $this->display_name != null && - $this->full_name != null && $this->promo != NULL) { + if ($this->hruid !== null && $this->forlife !== null && + $this->bestalias !== null && $this->display_name !== null && + $this->full_name !== null && $this->promo !== null && $this->perms !== null) { return; } @@ -120,7 +120,8 @@ class User extends PlUser CONCAT(af.alias, '@{$globals->mail->domain}') AS forlife, CONCAT(ab.alias, '@{$globals->mail->domain}') AS bestalias, CONCAT(u.prenom, ' ', u.nom) AS full_name, - IF(u.prenom != '', u.prenom, u.nom) AS display_name + IF(u.prenom != '', u.prenom, u.nom) AS display_name, + u.perms FROM auth_user_md5 AS u LEFT JOIN aliases AS af ON (af.id = u.user_id AND af.type = 'a_vie') LEFT JOIN aliases AS ab ON (ab.id = u.user_id AND FIND_IN_SET('bestalias', ab.flags)) @@ -153,6 +154,34 @@ class User extends PlUser parent::fillFromArray($values); } + // Specialization of the buildPerms method + // This function build 'generic' permissions for the user. It does not take + // into account page specific permissions (e.g X.net group permissions) + protected function buildPerms() + { + if (!is_null($this->perm_flags)) { + return; + } + if ($this->perms === null) { + $this->loadMainFields(); + } + $this->perm_flags = self::makePerms($this->perms); + } + + // Return permission flags for a given permission level. + public static function makePerms($perms) + { + $flags = new PlFlagSet(); + if (is_null($flags) || $perms == 'disabled' || $perms == 'ext') { + return $flags; + } + $flags->addFlag(PERMS_USER); + if ($perms == 'admin') { + $flags->addFlag(PERMS_ADMIN); + } + return $flags; + } + // Implementation of the default user callback. public static function _default_user_callback($login, $results) { diff --git a/classes/xnetsession.php b/classes/xnetsession.php index caca61c..0183a76 100644 --- a/classes/xnetsession.php +++ b/classes/xnetsession.php @@ -117,7 +117,7 @@ class XnetSession extends PlSession $perms = $sess['perms']; unset($sess['perms']); $_SESSION = array_merge($_SESSION, $sess); - $this->makePerms($perms); + S::set('perms', User::makePerms($perms)); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); @@ -134,26 +134,14 @@ class XnetSession extends PlSession public function tokenAuth($login, $token) { - // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require - // a valid nome and checks the permissions. When the PlUser object will be ready, we'll - // be able to return a simple 'PlUser' object here without trying to alterate the - // session. - $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe + $res = XDB::query('SELECT u.hruid FROM aliases AS a INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user")) INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?}) WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login); if ($res->numRows() == 1) { - $sess = $res->fetchOneAssoc(); - if (!S::has('uid')) { - $_SESSION = $sess; - $this->makePerms($sess['perms']); - return S::i('uid'); - } else if (S::i('uid') == $sess['uid']) { - return S::i('uid'); - } else { - Platal::page()->kill('Invalid state. To be fixed when hruid is ready'); - } + $data = $res->fetchOneAssoc(); + return new User($res->fetchOneCell()); } return null; } @@ -163,7 +151,7 @@ class XnetSession extends PlSession if (!$this->startSUID(S::i('uid'))) { return false; } - $this->makePerms('user'); + S::set('perms', User::makePerms('user')); return true; } @@ -181,22 +169,6 @@ class XnetSession extends PlSession return true; } - public function makePerms($perm) - { - $flags = new PlFlagSet(); - if ($perm == 'disabled' || $perm == 'ext') { - S::set('perms', $flags); - S::set('perms_backup', $flags); - return; - } - $flags->addFlag(PERMS_USER); - if ($perm == 'admin') { - $flags->addFlag(PERMS_ADMIN); - } - S::set('perms', $flags); - S::set('perms_backup', $flags); - } - public function sureLevel() { return AUTH_MDP; diff --git a/classes/xorgsession.php b/classes/xorgsession.php index 249de0a..73c03e6 100644 --- a/classes/xorgsession.php +++ b/classes/xorgsession.php @@ -239,7 +239,7 @@ class XorgSession extends PlSession } // Finalizes the session setup. - $this->makePerms($perms); + S::set('perms', User::makePerms($perms)); $this->securityChecks(); $this->setSkin(); $this->updateNbNotifs(); @@ -271,46 +271,18 @@ class XorgSession extends PlSession public function tokenAuth($login, $token) { - // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require - // a valid nome and checks the permissions. When the PlUser object will be ready, we'll - // be able to return a simple 'PlUser' object here without trying to alterate the - // session. - $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe + $res = XDB::query('SELECT u.hruid FROM aliases AS a INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user")) INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?}) WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login); if ($res->numRows() == 1) { - $sess = $res->fetchOneAssoc(); - if (!S::has('uid')) { - $_SESSION = $sess; - $this->makePerms($sess['perms']); - return S::i('uid'); - } else if (S::i('uid') == $sess['uid']) { - return S::i('uid'); - } else { - Platal::page()->kill('Invalid state. To be fixed when hruid is ready'); - } + $data = $res->fetchOneAssoc(); + return new User($data['hruid'], $data); } return null; } - public function makePerms($perm) - { - $flags = new PlFlagSet(); - if ($perm == 'disabled' || $perm == 'ext') { - S::set('perms', $flags); - S::set('perms_backup', $flags); - return; - } - $flags->addFlag(PERMS_USER); - if ($perm == 'admin') { - $flags->addFlag(PERMS_ADMIN); - } - S::set('perms', $flags); - S::set('perms_backup', $flags); - } - public function setSkin() { global $globals; diff --git a/core b/core index 380e2a5..f8b161a 160000 --- a/core +++ b/core @@ -1 +1 @@ -Subproject commit 380e2a5ab0f7c9edbf73c76259cb0c38119e53af +Subproject commit f8b161ad3b2bd9aa5f176328fe9f2ee1b6ca9ee9 diff --git a/include/rss.inc.php b/include/rss.inc.php index 9d38d31..e45a822 100644 --- a/include/rss.inc.php +++ b/include/rss.inc.php @@ -23,12 +23,12 @@ function init_rss($template, $alias, $hash, $require_uid = true) { $page =& Platal::page(); $page->changeTpl($template, NO_SKIN); - $uid = Platal::session()->tokenAuth($alias, $hash); - if (empty($uid)) { + $user = Platal::session()->tokenAuth($alias, $hash); + if (is_null($user)) { if ($require_uid) { exit; } else { - $uid = null; + $user = null; } } @@ -36,7 +36,7 @@ function init_rss($template, $alias, $hash, $require_uid = true) $page->assign('rss_hash', $hash); header('Content-Type: application/rss+xml; charset=utf8'); } - return $uid; + return is_null($user) ? null : $user->id(); } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: