From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Sat, 31 May 2008 21:16:00 +0000 (+0200)
Subject: Update perms on connection.
X-Git-Url: http://git.polytechnique.org/?p=dotclear.git;a=commitdiff_plain;h=f525ba66a3fff2a09d08b01b99ce3acca55f00f3

Update perms on connection.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/_admin.php b/_admin.php
index 0da0d37..85dc80f 100644
--- a/_admin.php
+++ b/_admin.php
@@ -1,6 +1,10 @@
 <?php
 require_once dirname(__FILE__) . '/widget.auth.php';
 require_once dirname(__FILE__) . '/widget.post.perms.php';
+require_once dirname(__FILE__) . '/widget.blog.owner.php';
+
+$core->addBehavior('coreBlogConstruct', array('xorgAuth', 'behavior_coreBlogConstruct'));
+
 
 /* Declare the authentication widget on public page */
 $core->addBehavior('initWidgets', array('xorgAuthWidget', 'behavior_initWidgets'));
@@ -19,40 +23,4 @@ $core->addBehavior('adminBeforeUserUpdate', array('xorgPostPermsWidget', 'behavi
 /* Declare the form to assign the ownership of the blog */
 $core->addBehavior('adminBlogPreferencesForm', array('xorgBlogOwnerWidget', 'behavior_adminBlogPreferencesForm'));
 $core->addBehavior('adminBeforeBlogSettingsUpdate', array('xorgBlogOwnerWidget', 'behavior_adminBeforeBlogSettingsUpdate'));
-
-class xorgBlogOwnerWidget {
-  public static function behavior_adminBlogPreferencesForm(&$core) {
-    if ($core->auth->isSuperAdmin()) {
-      $types = array('user' => array('text' => 'Blog d\'utilisateur',
-                                     'selected' => false),
-                     'group-member' => array('text' => 'Blog de groupe, édition par les membres',
-                                      'selected' => false),
-                     'group-admin' => array('text' => 'Blog de groupe, édition par les administrateurs',
-                                            'selected' => false));
-      $type = $core->blog->settings->get('xorg_blog_type');
-      if (!$type) {
-        $type = 'user';
-      }
-      $types[$type]['selected'] = true;
-      echo '<fieldset><legend>Authentification X.org</legend><div class="two-cols"><div class="col">';
-      echo '<p><label>Type de blog&nbsp;:'
-         . '<select name="xorg_blog_type">';
-      foreach ($types as $key => $fields) {
-        echo '<option value="' . $key . '"' . ($fields['selected'] ? ' selected="selected"' : '') . '>'
-           . $fields['text'] . '</option>';
-      }
-      echo '</select></label></p></div>';
-      echo '<div class="col"><p><label>Propriétaire du blog (*)&nbsp;:<input type="text" name="xorg_blog_owner" value="' . $core->blog->settings->get('xorg_blog_owner') . '" /></label></p>';
-      echo '<p><label>(*) Dans le cas d\'un blog de groupe, le propriétaire est le diminutif X.net du groupe<br />(*) Dans le cas d\'un blog d\'utilisateur, le propriétaire est le forlife de l\'utilisateur</label></p></div></div></fieldset>';
-    }
-  }
-
-  public static function behavior_adminBeforeBlogSettingsUpdate(&$settings) {
-    global $core;
-    if ($core->auth->isSuperAdmin()) {
-      $settings->put('xorg_blog_type', $_POST['xorg_blog_type'], 'string', 'Type de blog X.org');
-      $settings->put('xorg_blog_owner', $_POST['xorg_blog_owner'], 'string', 'Propriétaire X.org du blog');
-    }
-  }
-}
 ?>
diff --git a/_public.php b/_public.php
index 882432b..1403395 100644
--- a/_public.php
+++ b/_public.php
@@ -2,6 +2,7 @@
 require_once dirname(__FILE__) . '/page.auth.php';
 require_once dirname(__FILE__) . '/widget.auth.php';
 require_once dirname(__FILE__) . '/widget.post.perms.php';
+require_once dirname(__FILE__) . '/class.xorg.auth.php';
 
 $core->url->register('xorgAuth', 'Xorg', '^auth/(.*)$', array('xorgAuthentifier', 'doAuth'));
 
diff --git a/class.xorg.auth.php b/class.xorg.auth.php
index a13bd5a..03f340a 100644
--- a/class.xorg.auth.php
+++ b/class.xorg.auth.php
@@ -3,10 +3,18 @@
 class xorgAuth extends dcAuth {
   public $xorg_infos = array('forlife' => null,
                              'prenom' => null,
-                             'nom' => null);
+                             'nom' => null,
+                             'grpauth' => null,
+                             'perms' => null);
+  static public function behavior_coreBlogConstruct(&$blog) {
+    global $core;
+    $core->auth->sudo(array($core->auth, 'updateUserPerms'), $blog);
+  }
+
 
   public function __construct(&$core) {
     parent::__construct($core);
+    $core->addBehavior('coreBlogConstruct', array('xorgAuth', 'behavior_coreBlogConstruct'));
   }
 
   public function buildFromSession() {
@@ -25,9 +33,6 @@ class xorgAuth extends dcAuth {
       }
       $this->user_id = $user;
       parent::checkUser($this->user_id);
-      if (isset($core->blog)) {
-        $this->sudo(array($this, 'updateUserPerms'));
-      }
       $core->getUserBlogs();
     }
   }
@@ -50,13 +55,40 @@ class xorgAuth extends dcAuth {
     }
   }
 
-  private function updateUserPerms() {
+  public function updateUserPerms(&$blog) {
     global $core;
+    $this->buildFromSession();
+    if (!isset($_SESSION['auth-xorg'])) {
+      return;
+    }
+    $type = $blog->settings->get('xorg_blog_type');
+    $owner = $blog->settings->get('xorg_blog_owner');
+    $level = $this->xorg_infos['grpauth'];
+    if (($type == 'group-admin' || $type == 'group-member') && $level == 'admin') {
+      if ($owner != $_SESSION['xorg-group']) {
+        return;
+      }
+      $perms = array('usage' => true,
+                     'contentadmin' => true,
+                     'admin' => true);
+    } else if ($type == 'group-member' && $level == 'membre') {
+      if ($owner != $_SESSION['xorg-group']) {
+        return;
+      }
+      $perms = array('usage' => true);
+    } else if ($type == 'user' && $owner == $this->xorg_infos['forlife']) {
+      $perms = array('usage' => true,
+                     'contentadmin' => true,
+                     'admin' => true);
+    } else {
+      $perms = array();
+    }
+/*    echo $level;
+    echo "Setting perms : " . $_SESSION['auth-xorg'] . ' ' . $blog->id . '<br/>';
+    var_dump($perms);*/
     $core->setUserBlogPermissions($_SESSION['auth-xorg'],
-                                  $core->blog->id,
-                                  array('usage' => true,
-                                        'contentadmin' => true,
-                                        'admin' => true));
+                                  $blog->id,
+                                  $perms);
   }
 
 
@@ -79,6 +111,13 @@ class xorgAuth extends dcAuth {
     $url .= "?session=" . session_id();
     $url .= "&challenge=" . $_SESSION["auth-x-challenge"];
     $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY);
+    $type = $core->blog->settings->get('xorg_blog_type');
+    if ($type == 'group-member' || $type == 'group-admin') {
+      $_SESSION['xorg-group'] = $core->blog->settings->get('xorg_blog_owner');
+      $url .= '&group=' . $core->blog->settings->get('xorg_blog_owner');
+    } else {
+      unset($_SESSION['xorg-group']);
+    }
     $url .= "&url=" . urlencode($core->blog->url . "auth/XorgReturn?path=" . $path);
     session_write_close();
     header("Location: $url");
@@ -139,7 +178,7 @@ class xorgAuth extends dcAuth {
 
   public function check($permissions, $blog_id) {
     $this->buildFromSession();
-    return parent::check($permissions, $blog_id);
+    return $this->isSuperAdmin() || parent::check($permissions, $blog_id);
   }
 
   public function checkPassword($pwd) {
@@ -172,7 +211,8 @@ class xorgAuth extends dcAuth {
   }
 
   public function isSuperAdmin() {
-    return parent::isSuperAdmin() || ($this->user_id == 'florent.bruneau.2003');
+//    var_dump($this->xorg_infos);
+    return parent::isSuperAdmin() || $this->xorg_infos['perms'] == 'admin';
   }
 
   public function getOptions() {
diff --git a/widget.blog.owner.php b/widget.blog.owner.php
new file mode 100644
index 0000000..272716c
--- /dev/null
+++ b/widget.blog.owner.php
@@ -0,0 +1,39 @@
+<?php
+
+class xorgBlogOwnerWidget {
+  public static function behavior_adminBlogPreferencesForm(&$core) {
+    if ($core->auth->isSuperAdmin()) {
+      $types = array('user' => array('text' => 'Blog d\'utilisateur',
+                                     'selected' => false),
+                     'group-member' => array('text' => 'Blog de groupe, édition par les membres',
+                                      'selected' => false),
+                     'group-admin' => array('text' => 'Blog de groupe, édition par les administrateurs',
+                                            'selected' => false));
+      $type = $core->blog->settings->get('xorg_blog_type');
+      if (!$type) {
+        $type = 'user';
+      }
+      $types[$type]['selected'] = true;
+      echo '<fieldset><legend>Authentification X.org</legend><div class="two-cols"><div class="col">';
+      echo '<p><label>Type de blog&nbsp;:'
+         . '<select name="xorg_blog_type">';
+      foreach ($types as $key => $fields) {
+        echo '<option value="' . $key . '"' . ($fields['selected'] ? ' selected="selected"' : '') . '>'
+           . $fields['text'] . '</option>';
+      }
+      echo '</select></label></p></div>';
+      echo '<div class="col"><p><label>Propriétaire du blog (*)&nbsp;:<input type="text" name="xorg_blog_owner" value="' . $core->blog->settings->get('xorg_blog_owner') . '" /></label></p>';
+      echo '<p><label>(*) Dans le cas d\'un blog de groupe, le propriétaire est le diminutif X.net du groupe<br />(*) Dans le cas d\'un blog d\'utilisateur, le propriétaire est le forlife de l\'utilisateur</label></p></div></div></fieldset>';
+    }
+  }
+
+  public static function behavior_adminBeforeBlogSettingsUpdate(&$settings) {
+    global $core;
+    if ($core->auth->isSuperAdmin()) {
+      $settings->put('xorg_blog_type', $_POST['xorg_blog_type'], 'string', 'Type de blog X.org');
+      $settings->put('xorg_blog_owner', $_POST['xorg_blog_owner'], 'string', 'Propriétaire X.org du blog');
+    }
+  }
+}
+
+?>