コード例 #1
0
 function view()
 {
     // Grab the view to easily assign variables
     $view = $this->getView();
     // Get all warnings from Ajde_Dump::warn()
     if (Ajde_Dump::getWarnings()) {
         $view->assign('warn', Ajde_Dump::getWarnings());
     }
     // Get all dumps from Ajde_Dump::dump() [Aliased as a global function dump()]
     if (Ajde_Dump::getAll()) {
         $view->assign('dump', Ajde_Dump::getAll());
     }
     // Get request parameters
     $view->assign('request', Ajde::app()->getRequest());
     // Get Configuration stage
     $view->assign('configstage', Config::$stage);
     // Get database queries
     if (Ajde_Core_Autoloader::exists('Ajde_Db_PDO')) {
         $view->assign('database', Ajde_Db_PDO::getLog());
     }
     // Get language
     $view->assign('lang', Ajde_Lang::getInstance()->getLang());
     // Get session
     $view->assign('session', $_SESSION);
     // Get ACL
     if (Ajde_Core_Autoloader::exists('Ajde_Acl')) {
         $view->assign('acl', Ajde_Acl::getLog());
     }
     // Get the application timer
     Ajde::app()->endTimer(0);
     Ajde::app()->endTimer(Ajde::app()->getLastTimerKey());
     $view->assign('timers', Ajde::app()->getTimers());
     return $this->render();
 }
コード例 #2
0
ファイル: Controller.php プロジェクト: nabble/ajde
 public function validateAccess($conditions = null)
 {
     if (!isset($conditions)) {
         $conditions = $this->getAclConditions();
     }
     return Ajde_Acl::validateController($conditions['module'], $conditions['action'], $conditions['extra']);
 }
コード例 #3
0
 private function validateAclFor($uid, $usergroup, $module, $action, $extra)
 {
     /**
      * TODO: Nasty code...
      * TODO: refactor to Ajde_Acl
      */
     /**
      * Allright, this is how things go down here:
      * We want to check for at least one allowed or owner record in this direction:
      * 		 
      * 1. Wildcard usergroup AND module/action
      * 2. Wildcard user AND module/action
      * 3. Specific usergroup AND module/action
      * 4. Specific user AND module/action
      * 5. Public AND module/action
      * 
      * Module/action goes down in this order:
      * 
      * A1. Wildcard module AND wildcard action
      * A2. Wildcard module AND wildcard action (with extra)
      * B1. Wildcard module AND specific action
      * B2. Wildcard module AND specific action (with extra)
      * C1. Specific module AND wildcard action
      * C2. Specific module AND wildcard action (with extra)
      * D1. Specific module AND specific action
      * D2. Specific module AND specific action (with extra)
      * 
      * This makes for 20 checks.
      * 
      * If a denied record is found and no allowed or owner record is present
      * further down, deny access.
      */
     $access = false;
     $moduleAction = array("A1" => array('module' => '*', 'action' => '*', 'extra' => '*'), "A2" => array('module' => '*', 'action' => '*', 'extra' => $extra), "B1" => array('module' => '*', 'action' => $action, 'extra' => '*'), "B2" => array('module' => '*', 'action' => $action, 'extra' => $extra), "C1" => array('module' => $module, 'action' => '*', 'extra' => '*'), "C2" => array('module' => $module, 'action' => '*', 'extra' => $extra), "D1" => array('module' => $module, 'action' => $action, 'extra' => '*'), "D2" => array('module' => $module, 'action' => $action, 'extra' => $extra));
     $userGroup = array(1 => array('usergroup', null), 2 => array('user', null), 3 => array('usergroup', $usergroup), 4 => array('user', $uid), 5 => array('public', null));
     /**
      * Allright, let's prepare the SQL!
      */
     $rules = $this->getAclCollection();
     $rules->reset();
     //		$moduleActionWhereGroup = new Ajde_Filter_WhereGroup(Ajde_Query::OP_AND);
     //		foreach($moduleAction as $moduleActionPart) {
     //			$group = new Ajde_Filter_WhereGroup(Ajde_Query::OP_OR);
     //			foreach($moduleActionPart as $key => $value) {
     //				$group->addFilter(new Ajde_Filter_Where($key, Ajde_Filter::FILTER_EQUALS, $value, Ajde_Query::OP_AND));
     //			}
     //			$moduleActionWhereGroup->addFilter($group);
     //		}
     //
     //		foreach($userGroup as $userGroupPart) {
     //			$group = new Ajde_Filter_WhereGroup(Ajde_Query::OP_OR);
     //			$comparison = is_null($userGroupPart[1]) ? Ajde_Filter::FILTER_IS : Ajde_Filter::FILTER_EQUALS;
     //			$group->addFilter(new Ajde_Filter_Where('type', Ajde_Filter::FILTER_EQUALS, $userGroupPart[0], Ajde_Query::OP_AND));
     //			if ($userGroupPart[0] !== 'public') {
     //				$group->addFilter(new Ajde_Filter_Where($userGroupPart[0], $comparison, $userGroupPart[1], Ajde_Query::OP_AND));
     //			}
     //			$group->addFilter($moduleActionWhereGroup, Ajde_Query::OP_AND);
     //			$rules->addFilter($group, Ajde_Query::OP_OR);
     //		}
     $rules->load();
     /**
      * Oempfff... now let's traverse and set the order
      * 
      * TODO: It seems that we can just load the entire ACL table in the collection
      * and use this traversal to find matching rules instead of executing this
      * overly complicated SQL query constructed above...
      */
     $orderedRules = array();
     foreach ($userGroup as $ugpKey => $userGroupPart) {
         $type = $userGroupPart[0];
         $ugId = $userGroupPart[1];
         foreach ($moduleAction as $maKey => $moduleActionPart) {
             $module = $moduleActionPart['module'];
             $action = $moduleActionPart['action'];
             $extra = $moduleActionPart['extra'];
             $rule = $rules->findRule($type, $ugId, $module, $action, $extra);
             if ($rule !== false) {
                 $orderedRules[$ugpKey . $maKey] = $rule;
             }
         }
     }
     /**
      * Finally, determine access
      */
     $extra = $extra !== '*' ? ' (' . $extra . ')' : '';
     foreach ($orderedRules as $key => $rule) {
         if ($rule->type === 'public') {
             Ajde_Acl::$log[] = $key . ' match with ACL rule id ' . $rule->getPK() . ' allows access for ' . $module . '/' . $action . $extra . ' (public)';
             $access = true;
         } else {
             if (parent::getLoggedInUser()) {
                 switch ($rule->permission) {
                     case "deny":
                         Ajde_Acl::$log[] = $key . ' match with ACL rule id ' . $rule->getPK() . ' denies access for ' . $module . '/' . $action . $extra;
                         $access = false;
                         break;
                     case "own":
                         if ((int) $this->getOwnerId() === (int) $uid) {
                             Ajde_Acl::$log[] = $key . ' match with ACL rule id ' . $rule->getPK() . ' allows access for ' . $module . '/' . $action . $extra . ' (owner)';
                             $access = true;
                         } else {
                             Ajde_Acl::$log[] = $key . ' match with ACL rule id ' . $rule->getPK() . ' denies access for ' . $module . '/' . $action . $extra . ' (owner)';
                             // TODO: or inherit?
                             $access = false;
                         }
                         break;
                     case "allow":
                         Ajde_Acl::$log[] = $key . ' match with ACL rule id ' . $rule->getPK() . ' allows access for ' . $module . '/' . $action . $extra;
                         $access = true;
                         break;
                 }
             } else {
                 Ajde_Acl::$log[] = $key . ' match with ACL rule id ' . $rule->getPK() . ' denies access for ' . $module . '/' . $action . $extra . ' (not logged in)';
                 $access = false;
             }
         }
     }
     Ajde_Acl::$access = $access;
     return $access;
 }
コード例 #4
0
ファイル: Acl.php プロジェクト: nabble/ajde-core
 public static function validateController($module, $action, $extra)
 {
     $access = self::validatePage($module, $action, $extra);
     Ajde_Acl::$access = $access;
     return $access;
 }