public function _login() { $oView = new _view('auth::login'); $this->oLayout->add('main', $oView); if (_root::getRequest()->isPost()) { $sLogin = _root::getParam('login'); $sPass = sha1(_root::getParam('password')); $oModelAccount = new model_account(); $tAccount = $oModelAccount->getListAccount(); if (_root::getAuth()->checkLoginPass($tAccount, $sLogin, $sPass)) { $oAccount = _root::getAuth()->getAccount(); $tPermission = model_permission::getInstance()->findByGroup($oAccount->groupe); //on purge les permissions en session _root::getACL()->purge(); //boucle sur les permissions if ($tPermission) { foreach ($tPermission as $oPermission) { if ($oPermission->allowdeny == 'ALLOW') { _root::getACL()->allow($oPermission->action, $oPermission->element); } else { _root::getACL()->deny($oPermission->action, $oPermission->element); } } } _root::redirect('prive::list'); } } }
public function delete() { if (!_root::getRequest()->isPost()) { //si ce n'est pas une requete POST on ne soumet pas return null; } $oPluginXsrf = new plugin_xsrf(); if (!$oPluginXsrf->checkToken(_root::getParam('token'))) { //on verifie que le token est valide return array('token' => $oPluginXsrf->getMessage()); } $oPermissionModel = new model_permission(); $iId = _root::getParam('id', null); if ($iId != null) { $oPermission = $oPermissionModel->findById(_root::getParam('id', null)); } $oPermission->delete(); //une fois enregistre on redirige (vers la page d'edition) _root::redirect('permission::list'); }