function getAcl($object) { global $members; switch (get_class($object)) { case 'Community': return opCommunityTopicAclBuilder::buildCollection($object, $members); case 'CommunityTopic': return opCommunityTopicAclBuilder::buildResource($object, $members); } }
function init() { include dirname(__FILE__) . '/../../bootstrap/functional.php'; include dirname(__FILE__) . '/../../bootstrap/database.php'; include dirname(__FILE__) . '/../../bootstrap/functional.php'; $conn = Doctrine_Manager::getInstance()->getCurrentConnection(); $listener = $conn->getListener(); if ($listener['symfony_profiler']) { $listener['symfony_profiler']->setOption('logging', false); } opCommunityTopicAclBuilder::clearCache(); }
/** * preExecute */ public function preExecute() { if ($this->getRoute() instanceof sfDoctrineRoute) { $object = $this->getRoute()->getObject(); if ($object instanceof Community) { $this->community = $object; $this->acl = opCommunityTopicAclBuilder::buildCollection($this->community, array($this->getUser()->getMember())); } elseif ($object instanceof CommunityTopic) { $this->communityTopic = $object; $this->community = $this->communityTopic->getCommunity(); $this->acl = opCommunityTopicAclBuilder::buildResource($this->communityTopic, array($this->getUser()->getMember())); } } }
<?php $acl = opCommunityTopicAclBuilder::buildResource($communityTopic, array($sf_user->getMember())); op_mobile_page_title($community->getName(), $communityTopic->getName()); ?> <?php echo op_within_page_link(); echo op_format_date($communityTopic->getCreatedAt(), 'MM/dd HH:mm'); if ($communityTopic->getMemberId() === $sf_user->getMemberId()) { } ?> <br> <?php if ($communityTopic->getMember() && $communityTopic->getMember()->getName()) { echo link_to($communityTopic->getMember()->getName(), 'member/profile?id=' . $communityTopic->getMember()->getId()); } if ($communityTopic->isEditable($sf_user->getMemberId())) { ?> [<?php echo link_to(__('Edit'), '@communityTopic_edit?id=' . $communityTopic->getId()); ?> ] <?php } ?> <br> <?php echo nl2br($communityTopic->getBody()); ?> <br>
<?php use_helper('Date'); $acl = opCommunityTopicAclBuilder::buildCollection($community, array($sf_user->getMember())); ?> <?php /* ** added for opNicePlugin ** */ include_customizes("topicDetailBox", "top"); ?> <div class="dparts topicDetailBox"><div class="parts"> <div class="partsHeading"> <h3><?php echo '[' . $community->getName() . '] ' . __('Topic'); ?> </h3> </div> <dl> <dt><?php echo nl2br(op_format_date($communityTopic->getCreatedAt(), 'XDateTimeJaBr')); ?> </dt> <dd> <div class="title"> <p><?php echo $communityTopic->getName(); ?> </p> </div> <div class="name">
public static function clearCache() { self::$collection = array(); self::$resource = array(); }
protected function isAllowed(opDoctrineRecord $object, Member $member, $action) { if ($object instanceof Community) { $acl = opCommunityTopicAclBuilder::buildCollection($object, array($this->member)); } elseif ($object instanceof CommunityTopic || $object instanceof CommunityEvent) { $acl = opCommunityTopicAclBuilder::buildResource($object, array($this->member)); } return $acl->isAllowed($this->member->getId(), null, $action); }
<?php include dirname(__FILE__) . '/../../bootstrap/functional.php'; $user = new opTestFunctional(new opBrowser(), new lime_test(null)); $user->info('1. Testing alien')->info('public_flag: public')->get('/community/2')->info('1-1. Alien cannot access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->begin()->isStatusCode(404)->end()->info('public_flag: open')->get('/community/3')->info('1-2. Alien can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200); opCommunityAclBuilder::clearCache(); if (class_exists('opCommunityTopicAclBuilder')) { opCommunityTopicAclBuilder::clearCache(); } $user->login('*****@*****.**', 'password'); $user->info('2. Testing Community Member')->info('public_flag: public')->get('/community/2')->info('2-1. Community Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200)->info('public_flag: open')->get('/community/3')->info('2-2. Community Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200); opCommunityAclBuilder::clearCache(); if (class_exists('opCommunityTopicAclBuilder')) { opCommunityTopicAclBuilder::clearCache(); } $user->login('*****@*****.**', 'password'); $user->info('3. Testing SNS Member')->info('public_flag: public')->get('/community/2')->info('3-1. SNS Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200)->info('public_flag: open')->get('/community/3')->info('3-2. SNS Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200); $user->login('*****@*****.**', 'password'); $user->info('community/search')->get('/community/search')->with('html_escape')->begin()->isAllEscapedData('CommunityCategory', 'name')->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityConfig', 'value', array('width' => 36, 'rows' => 3))->end()->info('/community/edit - CSRF')->post('/community/edit')->checkCSRF()->info('/config/communityTopicNotificationMail/1 - CSRF')->post('/config/communityTopicNotificationMail/1', array('topic_notify' => array()))->followRedirect()->checkCSRF()->info('/community/dropMember/id/1/member_id/2 - CSRF')->post('/community/dropMember/id/1/member_id/2')->checkCSRF()->info('/community/subAdminRequest/id/1/member_id/2 - CSRF')->post('/community/subAdminRequest/id/1/member_id/2', array('admin_request' => array()))->checkCSRF()->info('/community/removeSubAdmin/id/5/member_id/2 - CSRF')->post('/community/removeSubAdmin/id/5/member_id/2')->checkCSRF()->info('/community/changeAdminRequest/id/1/member_id/2 - CSRF')->post('/community/changeAdminRequest/id/1/member_id/2', array('admin_request' => array()))->checkCSRF()->info('community/delete/1 - CSRF')->post('community/delete/1', array('is_delete' => 1))->checkCSRF()->login('*****@*****.**', 'password')->info('/community/quit?id=1 - CSRF')->post('/community/quit?id=1')->checkCSRF()->login('*****@*****.**', 'password')->info('/community/join?id=1 - CSRF')->post('/community/join?id=1', array('community_join' => array()))->checkCSRF()->login('*****@*****.**', 'password')->info('/member/home - XSS')->get('/member/home')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end()->info('/community/changeAdminRequest/id/1055/member_id/1056 - XSS')->get('/community/changeAdminRequest/id/1055/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Community', 'name')->end()->info('/community/changeAdminRequest/id/1055/member_id/1056 - XSS')->get('/community/changeAdminRequest/id/1055/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Community', 'name')->end()->info('/community/dropMember/id/1055/member_id/1056 - XSS')->get('/community/dropMember/id/1055/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/joinlist - XSS')->get('/community/joinlist')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end()->info('/community/memberList/id/1055 - XSS')->get('/community/memberList/id/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/memberManage/id/1055 - XSS')->get('/community/memberManage/id/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/search - XSS')->get('/community/search', array('community' => array('name' => 'Community.name')))->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityConfig', 'value', array('width' => 36))->end()->info('/community/removeSubAdmin/id/1056/member_id/1056 - XSS')->get('/community/removeSubAdmin/id/1056/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/1055 - XSS')->get('/community/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityConfig', 'value', array('width' => 36))->end()->login('*****@*****.**', 'password')->info('/community/quit/id/1055 - XSS')->get('/community/quit/id/1055')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end()->login('*****@*****.**', 'password')->info('/community/join?id=1055 - XSS')->get('/community/join?id=1055')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end();
protected function getResourceAcl($communityTopic, $member) { return opCommunityTopicAclBuilder::buildResource($communityTopic, array($member)); }