From 20b087ff2e4bb918f601a9bcc2c67d1fbc5b2231 Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Wed, 6 Oct 2010 10:59:53 +0200 Subject: [PATCH] Fix and improves the 'become user' feature. You can now select an account type among all available types and see the site with the permissions of this type. Leaving a SUID session go back to the page where the SUID session has been started. Note: The site seen by someone with this account type might be a bit different since some parameters are independent from the type (like the fact your account is attached to a profile). Signed-off-by: Florent Bruneau --- classes/direnum.php | 15 +++++++++++++++ classes/user.php | 6 ++++++ classes/xorgpage.php | 11 +++++++++++ modules/admin.php | 23 ++++++++++++++++++----- modules/platal.php | 10 ++++++++-- templates/skin/common.menu.tpl | 12 +++++++++++- 6 files changed, 69 insertions(+), 8 deletions(-) diff --git a/classes/direnum.php b/classes/direnum.php index 0c22dc6..f083af9 100644 --- a/classes/direnum.php +++ b/classes/direnum.php @@ -56,6 +56,8 @@ class DirEnum const MEDALS = 'medals'; + const ACCOUNTTYPES = 'accounttypes'; + static private $enumerations = array(); static private function init($type) @@ -686,5 +688,18 @@ class DE_Medals extends DirEnumeration } // }}} +/** ACCOUNTS + */ +// {{{ class DE_AccountTypes +class DE_AccountTypes extends DirEnumeration +{ + public $capabilities = 0x005; // self::HAS_OPTIONS | self::SAVE_IN_SESSION; + + protected $from = 'account_types'; + protected $valfield = 'perms'; + protected $idfield = 'type'; +} +// }}} + // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?> diff --git a/classes/user.php b/classes/user.php index 60919a3..4d4a28a 100644 --- a/classes/user.php +++ b/classes/user.php @@ -244,6 +244,12 @@ class User extends PlUser $this->perm_flags = self::makePerms($this->perms, $this->is_admin); } + public function setPerms($perms) + { + $this->perms = $perms; + $this->perm_flags = null; + } + // We do not want to store the password in the object. // So, fetch it 'on demand' public function password() diff --git a/classes/xorgpage.php b/classes/xorgpage.php index 14bc3ff..3c5cc1c 100644 --- a/classes/xorgpage.php +++ b/classes/xorgpage.php @@ -34,6 +34,17 @@ class XorgPage extends PlPage $this->addJsLink('wiki.js'); $this->addJsLink('xorg.js'); $this->setTitle('le site des élèves et anciens élèves de l\'École polytechnique'); + if (S::user()->checkPerms('admin')) { + $types = array(S::user()->type); + $perms = DirEnum::getOptions(DirEnum::ACCOUNTTYPES); + ksort($perms); + foreach ($perms as $type => $perm) { + if (!empty($perm) && $type != $types[0]) { + $types[] = $type; + } + } + $this->assign('account_types_list', $types); + } } public function run() diff --git a/modules/admin.php b/modules/admin.php index 5c3a1ac..6d6660b 100644 --- a/modules/admin.php +++ b/modules/admin.php @@ -59,15 +59,28 @@ class AdminModule extends PLModule exit; } - function handler_get_rights(&$page, $level) + function handler_get_rights(&$page) { if (S::suid()) { $page->kill('Déjà en SUID'); } - $user =& S::user(); - Platal::session()->startSUID($user, $level); - - pl_redirect('/'); + S::assert_xsrf_token(); + $level = Post::s('account_type'); + if ($level != 'admin') { + $user = User::getSilentWithUID(S::user()->id()); + $user->is_admin = false; + $types = DirEnum::getOptions(DirEnum::ACCOUNTTYPES); + if (!empty($types[$level])) { + $user->setPerms($types[$level]); + } + S::set('suid_startpage', $_SERVER['HTTP_REFERER']); + Platal::session()->startSUID($user); + } + if (!empty($_SERVER['HTTP_REFERER'])) { + http_redirect($_SERVER['HTTP_REFERER']); + } else { + pl_redirect('/'); + } } function handler_default(&$page) diff --git a/modules/platal.php b/modules/platal.php index aacc560..7c3093b 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -422,9 +422,15 @@ Adresse de secours : " . Post::v('email') : "")); function handler_exit(&$page, $level = null) { if (S::suid()) { - S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid')); + $old = S::user()->login(); + S::logger()->log('suid_stop', $old . " by " . S::suid('hruid')); Platal::session()->stopSUID(); - pl_redirect('admin/user/' . S::user()->login()); + $target = S::s('suid_startpage'); + S::kill('suid_startpage'); + if (!empty($target)) { + http_redirect($target); + } + pl_redirect('admin/user/' . $old); } if ($level == 'forget' || $level == 'forgetall') { diff --git a/templates/skin/common.menu.tpl b/templates/skin/common.menu.tpl index 361bd17..575fe0a 100644 --- a/templates/skin/common.menu.tpl +++ b/templates/skin/common.menu.tpl @@ -97,9 +97,19 @@
Marketing
Administration
Clear cache
-
Devenir utilisateur
Trackers
Support
+
+ {xsrf_token_field} +
+ +
+
-- 2.1.4
Validations