public function _login()
{
$oView = new _view('auth::login');
$this->oLayout->add('main', $oView);
if (_root::getRequest()->isPost()) {
$sLogin = _root::getParam('login');
$sPass = sha1(_root::getParam('password'));
$oModelAccount = new model_account();
$tAccount = $oModelAccount->getListAccount();
if (_root::getAuth()->checkLoginPass($tAccount, $sLogin, $sPass)) {
$oAccount = _root::getAuth()->getAccount();
$tPermission = model_permission::getInstance()->findByGroup($oAccount->groupe);
//on purge les permissions en session
_root::getACL()->purge();
//boucle sur les permissions
if ($tPermission) {
foreach ($tPermission as $oPermission) {
if ($oPermission->allowdeny == 'ALLOW') {
_root::getACL()->allow($oPermission->action, $oPermission->element);
} else {
_root::getACL()->deny($oPermission->action, $oPermission->element);
}
}
}
_root::redirect('prive::list');
}
}
}
public function delete()
{
if (!_root::getRequest()->isPost()) {
//si ce n'est pas une requete POST on ne soumet pas
return null;
}
$oPluginXsrf = new plugin_xsrf();
if (!$oPluginXsrf->checkToken(_root::getParam('token'))) {
//on verifie que le token est valide
return array('token' => $oPluginXsrf->getMessage());
}
$oAccountModel = new model_account();
$iId = _root::getParam('id', null);
if ($iId != null) {
$oAccount = $oAccountModel->findById(_root::getParam('id', null));
}
$oAccount->delete();
//une fois enregistre on redirige (vers la page d'edition)
_root::redirect('account::list');
}
