示例#1
0
 /**
  * fallback method for authenticating menu access on observe_table/observe_row level
  * positive authentication if auth_parameter contains a table name found in the admins table access setting
  *
  * @param Menu $m
  * @return boolean
  */
 protected function authenticateMenuByTableRowAccess(Menu $m)
 {
     $p = $m->getAuthParameters();
     if (empty($p)) {
         return FALSE;
     }
     $admin = User::getSessionUser();
     if (!$admin) {
         return FALSE;
     }
     $tables = preg_split('/\\s*,\\s*/', trim($p));
     $matching = array_intersect($tables, $admin->getTableAccess());
     return !empty($matching);
 }
示例#2
0
文件: Config.php 项目: vectrex/vxphp
 /**
  * Parse XML menu entries and creates menu instance
  *
  * @param simpleXmlElement $menu
  * @return Menu
  */
 private function parseMenu(\SimpleXMLElement $menu)
 {
     $a = $menu->attributes();
     $root = isset($a->script) ? (string) $a->script : $this->site->root_document;
     $type = isset($a->type) && (string) $a->type === 'dynamic' ? 'dynamic' : 'static';
     $service = !empty($a->service) ? (string) $a->service : NULL;
     $id = !empty($a->id) ? (string) $a->id : NULL;
     if ($type === 'dynamic' && !$service) {
         throw new ConfigException("A dynamic menu requires a configured service.");
     }
     $m = new Menu($root, $id, $type, $service);
     if (isset($a->auth)) {
         // set optional authentication level; if level is not defined, menu is locked for everyone
         // if auth level is defined, additional authentication parameters can be set
         $menuAuth = strtoupper(trim((string) $a->auth));
         if (defined("vxPHP\\User\\User::AUTH_{$menuAuth}")) {
             $m->setAuth(constant("vxPHP\\User\\User::AUTH_{$menuAuth}"));
             if (isset($a->auth_parameters)) {
                 $m->setAuthParameters((string) $a->auth_parameters);
             }
         } else {
             $m->setAuth(-1);
         }
     } else {
         $menuAuth = NULL;
     }
     foreach ($menu->children() as $entry) {
         if ($entry->getName() == 'menuentry') {
             $a = $entry->attributes();
             if (isset($a->page) && isset($a->path)) {
                 throw new ConfigException(sprintf("Menu entry with both page ('%s') and path ('%s') attribute found.", (string) $a->page, (string) $a->path));
             }
             // menu entry comes with a path attribute (which can also link an external resource)
             if (isset($a->path)) {
                 $path = (string) $a->path;
                 $local = strpos($path, '/') !== 0 && !preg_match('~^[a-z]+://~', $path);
                 $e = new MenuEntry($path, $a, $local);
             } else {
                 if (isset($a->page)) {
                     $page = (string) $a->page;
                     if (!isset($this->routes[$m->getScript()][$page])) {
                         throw new ConfigException(sprintf("No route for menu entry ('%s') found. Available routes for script '%s' are '%s'.", $page, $m->getScript(), empty($this->routes[$m->getScript()]) ? 'none' : implode("', '", array_keys($this->routes[$m->getScript()]))));
                     }
                     $e = new MenuEntry((string) $this->routes[$m->getScript()][$page]->getPath(NULL, TRUE), $a, TRUE);
                 }
             }
             // handle authentication settings of menu entry
             if ($menuAuth || isset($a->auth)) {
                 // fallback to menu settings, when auth attribute is not set
                 if (!isset($a->auth)) {
                     $e->setAuth($m->getAuth());
                     $e->setAuthParameters($m->getAuthParameters());
                 } else {
                     // set optional authentication level; if level is not defined, entry is locked for everyone
                     // if auth level is defined, additional authentication parameters can be set
                     $auth = strtoupper(trim((string) $a->auth));
                     if (defined("UserAbstract::AUTH_{$auth}")) {
                         $e->setAuth(constant("UserAbstract::AUTH_{$auth}"));
                         if (isset($a->auth_parameters)) {
                             $e->setAuthParameters((string) $a->auth_parameters);
                         }
                     } else {
                         $e->setAuth(-1);
                     }
                 }
             }
             $m->appendEntry($e);
             if (isset($entry->menu)) {
                 $e->appendMenu($this->parseMenu($entry->menu));
             }
         } else {
             if ($entry->getName() == 'menuentry_placeholder') {
                 $a = $entry->attributes();
                 $e = new DynamicMenuEntry(NULL, $a);
                 $m->appendEntry($e);
             }
         }
     }
     return $m;
 }