From: Florent Bruneau Date: Sat, 31 May 2008 11:26:31 +0000 (+0200) Subject: Some cleanup, use 'sudo' to gain SU rights X-Git-Url: http://git.polytechnique.org/?p=dotclear.git;a=commitdiff_plain;h=f33c2acf07b76a165cc61529a4029df5eabba61b Some cleanup, use 'sudo' to gain SU rights Signed-off-by: Florent Bruneau --- diff --git a/_admin.php b/_admin.php index 9007044..faf3d83 100644 --- a/_admin.php +++ b/_admin.php @@ -5,6 +5,7 @@ require_once dirname(__FILE__) . '/widget.post.perms.php'; /* Declare the authentication widget on public page */ $core->addBehavior('initWidgets', array('xorgAuthWidget', 'behavior_initWidgets')); + /* Declare stuff to set permissions on each post */ $core->addBehavior('adminPostFormSidebar', array('xorgPostPermsWidget', 'behavior_adminPostFormSidebar')); $core->addBehavior('adminBeforePostCreate', array('xorgPostPermsWidget', 'behavior_adminBeforePostCreate')); @@ -13,5 +14,4 @@ $core->addBehavior('adminBeforePostUpdate', array('xorgPostPermsWidget', 'behavi /* Stuff to set user preferences about post permissions */ $core->addBehavior('adminPreferencesForm', array('xorgPostPermsWidget', 'behavior_adminPreferencesForm')); $core->addBehavior('adminBeforeUserUpdate', array('xorgPostPermsWidget', 'behavior_adminBeforeUserUpdate')); - ?> diff --git a/class.xorg.auth.php b/class.xorg.auth.php index d7e4391..738b956 100644 --- a/class.xorg.auth.php +++ b/class.xorg.auth.php @@ -1,8 +1,6 @@ null, 'prenom' => null, 'nom' => null); @@ -11,7 +9,7 @@ class xorgAuth extends dcAuth { parent::__construct($core); } - private function buildFromSession() { + public function buildFromSession() { global $core; @header('Last-Modified:'); if (!isset($core) || !isset($core->session)) { @@ -25,9 +23,42 @@ class xorgAuth extends dcAuth { } $this->user_id = $user; parent::checkUser($this->user_id); + if (isset($core->blog)) { + $this->sudo(array($this, 'updateUserPerms')); + } } } + public function createUser() { + global $core; + if (!$core->userExists($_SESSION['auth-xorg'])) { + $cur = new cursor($this->con, 'dc_user'); + $cur->user_id = $_SESSION['auth-xorg']; + $cur->user_pwd = md5(rand()); + $cur->user_lang = 'fr'; + $cur->user_name = $_SESSION['auth-xorg-nom']; + $cur->user_firstname = $_SESSION['auth-xorg-prenom']; + $cur->user_displayname = $cur->user_firstname . ' ' . $cur->user_name; + $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org'; + $cur->user_options = $core->userDefaults(); + $cur->user_options['post_xorg_perms'] = 'public'; + $cur->user_default_blog = 'default'; // FIXME + $core->addUser($cur); + } + } + + private function updateUserPerms() { + global $core; + $core->setUserBlogPermissions($_SESSION['auth-xorg'], + $core->blog->id, + array('usage' => true, + 'contentadmin' => true, + 'admin' => true)); + } + + + /** Xorg SSO API */ + public function callXorg($path = null) { if (is_null($path)) { $path = $_SERVER['REQUEST_URI']; @@ -55,36 +86,6 @@ class xorgAuth extends dcAuth { exit; } - private function acquireAdminRights() { - $this->forceSU = true; - } - - private function releaseAdminRights() { - $this->forceSU = false; - } - - private function createUser() { - global $core; - $this->acquireAdminRights(); - if (!$core->userExists($_SESSION['auth-xorg'])) { - $cur = new cursor($this->con, 'dc_user'); - $cur->user_id = $_SESSION['auth-xorg']; - $cur->user_pwd = md5(rand()); - $cur->user_lang = 'fr'; - $cur->user_name = $_SESSION['auth-xorg-nom']; - $cur->user_firstname = $_SESSION['auth-xorg-prenom']; - $cur->user_displayname = $cur->user_firstname . ' ' . $cur->user_name; - $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org'; - $cur->user_options = $core->userDefaults(); - $cur->user_default_blog = 'default'; // FIXME - $core->addUser($cur); - $core->setUserBlogPermissions($_SESSION['auth-xorg'], 'default', array('usage' => true, - 'contentadmin' => true, - 'admin' => true)); - } - $this->releaseAdminRights(); - } - public function returnXorg() { if (!isset($_GET['auth'])) { return false; @@ -106,7 +107,7 @@ class xorgAuth extends dcAuth { $_SESSION['sess_user_id'] = $_SESSION['auth-xorg'] = $_GET['forlife']; $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); $_SESSION['sess_blog_id'] = 'default'; - $this->createUser(); + $this->sudo(array($this, 'createUser')); $path = $_GET['path']; header("Location: http://murphy.m4x.org" . $_GET['path']); exit; @@ -126,6 +127,9 @@ class xorgAuth extends dcAuth { exit; } + + /** Dotclear dcAuth API */ + public function checkUser($user_id, $pwd = null, $user_key = null) { return $this->callXorg(); } @@ -165,7 +169,7 @@ class xorgAuth extends dcAuth { } public function isSuperAdmin() { - return $this->forceSU || ($this->user_id == 'florent.bruneau.2003'); + return parent::isSuperAdmin() || ($this->user_id == 'florent.bruneau.2003'); } public function getOptions() { diff --git a/widget.post.perms.php b/widget.post.perms.php index 89d5d94..988851a 100644 --- a/widget.post.perms.php +++ b/widget.post.perms.php @@ -111,7 +111,7 @@ class xorgPostPermsFilter extends rsExtPostPublic { if (self::canRead($rs)) { return parent::getContent(&$rs, $absolute_urls); } else if (!self::isExtended($rs)) { - return '

Vous n\'avez pas les droits suffisant pour lire ce billet

'; + return '

Vous n\'avez pas les droits suffisants pour lire ce billet

'; } else { return null; } @@ -121,7 +121,7 @@ class xorgPostPermsFilter extends rsExtPostPublic { if (self::canRead($rs)) { return parent::getContent(&$rs, $absolute_urls); } else if (self::isExtended($rs)) { - return 'Vous n\'avez pas les droits suffisant pour lire ce billet'; + return '

Vous n\'avez pas les droits suffisants pour lire ce billet

'; } else { return null; }