public function check()
{
// Check rights for setup instance
// Check if neccessary fields are all set
if (!$this->table) {
throw new Exception("Table not set!");
return;
}
if (!$this->id) {
throw new Exception("ID not set!");
return;
}
if (!is_object($this->user)) {
throw new Exception("User not set!");
return;
}
// Check users access rights to any object
$cachekey = "access:" . $this->table . ":" . $this->id . ":" . $this->user->getID();
$this->access = Cache::load($cachekey);
if (is_null($this->access)) {
// No cache found, load access rights from database
$this->access = true;
$sql = new SqlManager();
$sql->setQuery("\n\t\t\t\tSELECT * FROM access\n\t\t\t\tWHERE object_table = '{{table}}'\n\t\t\t\t\tAND object_id = {{id}}\n\t\t\t\t");
$sql->bindParam("{{table}}", $this->table);
$sql->bindParam("{{id}}", $this->id, "int");
$sql->execute();
$rulescnt = 0;
while ($row = $sql->fetch()) {
$rulescnt++;
switch ($row['access_type']) {
case "password":
// Check somehow if user entered password already
$this->access = false;
$this->access_data = $row;
break;
case "usergroup":
// Check if user is part of the usergroup
if (!in_array($row['access_key'], $this->user->getUserGroups())) {
$this->access = false;
$this->access_data = $row;
}
break;
default:
$this->access = false;
break;
}
if ($this->access) {
// If one of the access settings allows access, it's enough
// Stop loop
$this->access_data = array();
break;
}
}
if ($this->access && count($this->parents) > 0) {
foreach ($this->parents as $parent) {
$check = $this->parents[count($this->parents) - 1];
unset($this->parents[count($this->parents) - 1]);
$check = new AccessOfficer($this->table, $check, $this->user, $this->parents);
$this->access = $check->check();
$this->access_data = $check->getAccessData();
}
}
// Save determined access in cahce for later use
Cache::save($cachekey, $this->access);
}
return $this->access;
}
public function analyzeUrl()
{
// Check if URL is set in general
if (is_null($this->url)) {
throw new Exception("No request URL set!");
return;
}
// Check for rewrtite rules
$rewrite = new Rewrite($this->url);
$rewrite->applyRules();
if ($rewrite->getTargetUrl() != $this->url) {
if (!$rewrite->transportQueryParameter()) {
$_GET = array();
$_POST = array();
}
if ($rewrite->isRedirect()) {
$this->redirectToUrl($rewrite->getTargetUrl(), $_POST);
}
$this->setUrl($rewrite->getTargetUrl());
$this->analyzeRequest(!$rewrite->isLastForward());
}
// Check access rights to requested content
$access = new AccessOfficer("content", $this->content_id, $this->session->getUser(), $this->content_parents);
if (!$access->check()) {
// Access denied
if (!$access->getDeniedContentID()) {
// No content to be shown as 403 page set
// TODO set up default 403 (and 404) templates
throw new Exception("Access denied and no denied content defined!");
return;
}
// Should parameters be transported through the redirects / rewrites
if (!$access->transportQueryParameter()) {
$_GET = array();
$_POST = array();
}
// Show 403 error page or redirect if neccessary
$newcontent = new Content($access->getDeniedContentID());
if ($access->isRedirect() && $newcontent->getID() != $this->content_id) {
// Redirect, but keep requested URL as origin parameter
// TODO: keep origin request parameters as well!
$this->redirectToUrl("/" . $newcontent->getUrl() . "?origin=" . $this->url, $_POST);
}
$this->setUrl($newcontent->getUrl());
$this->analyzeRequest(!$access->isLastForward());
}
// TODO: HookPoints to manipulate this behaviour
}