public function check() { // Check rights for setup instance // Check if neccessary fields are all set if (!$this->table) { throw new Exception("Table not set!"); return; } if (!$this->id) { throw new Exception("ID not set!"); return; } if (!is_object($this->user)) { throw new Exception("User not set!"); return; } // Check users access rights to any object $cachekey = "access:" . $this->table . ":" . $this->id . ":" . $this->user->getID(); $this->access = Cache::load($cachekey); if (is_null($this->access)) { // No cache found, load access rights from database $this->access = true; $sql = new SqlManager(); $sql->setQuery("\n\t\t\t\tSELECT * FROM access\n\t\t\t\tWHERE object_table = '{{table}}'\n\t\t\t\t\tAND object_id = {{id}}\n\t\t\t\t"); $sql->bindParam("{{table}}", $this->table); $sql->bindParam("{{id}}", $this->id, "int"); $sql->execute(); $rulescnt = 0; while ($row = $sql->fetch()) { $rulescnt++; switch ($row['access_type']) { case "password": // Check somehow if user entered password already $this->access = false; $this->access_data = $row; break; case "usergroup": // Check if user is part of the usergroup if (!in_array($row['access_key'], $this->user->getUserGroups())) { $this->access = false; $this->access_data = $row; } break; default: $this->access = false; break; } if ($this->access) { // If one of the access settings allows access, it's enough // Stop loop $this->access_data = array(); break; } } if ($this->access && count($this->parents) > 0) { foreach ($this->parents as $parent) { $check = $this->parents[count($this->parents) - 1]; unset($this->parents[count($this->parents) - 1]); $check = new AccessOfficer($this->table, $check, $this->user, $this->parents); $this->access = $check->check(); $this->access_data = $check->getAccessData(); } } // Save determined access in cahce for later use Cache::save($cachekey, $this->access); } return $this->access; }
public function analyzeUrl() { // Check if URL is set in general if (is_null($this->url)) { throw new Exception("No request URL set!"); return; } // Check for rewrtite rules $rewrite = new Rewrite($this->url); $rewrite->applyRules(); if ($rewrite->getTargetUrl() != $this->url) { if (!$rewrite->transportQueryParameter()) { $_GET = array(); $_POST = array(); } if ($rewrite->isRedirect()) { $this->redirectToUrl($rewrite->getTargetUrl(), $_POST); } $this->setUrl($rewrite->getTargetUrl()); $this->analyzeRequest(!$rewrite->isLastForward()); } // Check access rights to requested content $access = new AccessOfficer("content", $this->content_id, $this->session->getUser(), $this->content_parents); if (!$access->check()) { // Access denied if (!$access->getDeniedContentID()) { // No content to be shown as 403 page set // TODO set up default 403 (and 404) templates throw new Exception("Access denied and no denied content defined!"); return; } // Should parameters be transported through the redirects / rewrites if (!$access->transportQueryParameter()) { $_GET = array(); $_POST = array(); } // Show 403 error page or redirect if neccessary $newcontent = new Content($access->getDeniedContentID()); if ($access->isRedirect() && $newcontent->getID() != $this->content_id) { // Redirect, but keep requested URL as origin parameter // TODO: keep origin request parameters as well! $this->redirectToUrl("/" . $newcontent->getUrl() . "?origin=" . $this->url, $_POST); } $this->setUrl($newcontent->getUrl()); $this->analyzeRequest(!$access->isLastForward()); } // TODO: HookPoints to manipulate this behaviour }