coderkun/questlab
1
0
Fork 0
Code Issues 15 Pull requests Projects Releases Wiki Activity

implement user roles and user seminary roles as basic ACL

Browse source
This commit is contained in:
coderkun 2014-01-30 00:59:02 +01:00
commit 21f6625c68
10 changed files with 481 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

11
agents/ToplevelAgent.inc
View file

@ -153,6 +153,17 @@
} }
/**
* Return the IntermediateAgent.
*
* @return IntermediateAgent IntermediateAgent
*/
public function getIntermediateAgent()
{
return $this->intermediateAgent;
}
/** /**

56
app/Controller.inc
View file

@ -25,24 +25,12 @@
* @var array * @var array
*/ */
public $components = array('auth'); public $components = array('auth');
/**
* Required models
*
* @var array
*/
public $models = array('users');
/** /**
* Linker instance * Linker instance
* *
* @var Linker * @var Linker
*/ */
protected $linker = null; protected $linker = null;
/**
* Data of currently logged in user if any
*
* @var array
*/
protected static $user = null;
@ -76,9 +64,6 @@
{ {
parent::preFilter($request, $response); parent::preFilter($request, $response);
// Check rights
$this->checkPermission();
// Create linker // Create linker
$this->linker = new \nre\core\Linker($this->request); $this->linker = new \nre\core\Linker($this->request);
@ -95,9 +80,6 @@
\IntlDateFormatter::SHORT, \IntlDateFormatter::SHORT,
NULL NULL
)); ));
// Set userdata
$this->set('loggedUser', static::$user);
} }
@ -112,44 +94,6 @@
parent::postFilter($request, $response); parent::postFilter($request, $response);
} }
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission()
{
// Determine user
try {
$userId = $this->Auth->getUserId();
if(!is_null($userId)) {
static::$user = $this->Users->getUserById($this->Auth->getUserId());
}
}
catch(\nre\exceptions\IdNotFoundException $e) {
}
// Determine permissions
$action = $this->request->getParam(2, 'action');
if(!property_exists($this, 'permissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $this->permissions)) {
return; // Allow if Action is not specified
}
$permissions = $this->permissions[$action];
// Check permissions
if(is_null(static::$user)) {
throw new \nre\exceptions\AccessDeniedException();
}
}
} }
?> ?>

129
app/controllers/SeminaryRoleController.inc Normal file
View file

@ -0,0 +1,129 @@
<?php
/**
* The Legend of Z
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
* @copyright 2014 Heinrich-Heine-Universität Düsseldorf
* @license http://www.gnu.org/licenses/gpl.html
* @link https://bitbucket.org/coderkun/the-legend-of-z
*/
namespace hhu\z\controllers;
/**
* Abstract class for implementing a Controller of a ToplevelAgent.
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
abstract class SeminaryroleController extends \hhu\z\Controller
{
/**
* Required models
*
* @var array
*/
public $models = array('userseminaryroles');
/**
* Data of currently logged in user if any
*
* @var array
*/
public static $user = null;
/**
* Construct a new SeminaryRole Controller.
*
* @throws DriverNotFoundException
* @throws DriverNotValidException
* @throws ModelNotValidException
* @throws ModelNotFoundException
* @throws ViewNotFoundException
* @param string $layoutName Name of the current Layout
* @param string $action Current Action
* @param Agent $agent Corresponding Agent
*/
public function __construct($layoutName, $action, $agent)
{
parent::__construct($layoutName, $action, $agent);
}
/**
* Prefilter that is executed before running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function preFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::preFilter($request, $response);
// Check permissions
$this->checkPermission($request, $response);
}
/**
* Postfilter that is executed after running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function postFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::postFilter($request, $response);
}
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission(\nre\core\Request $request, \nre\core\Response $response)
{
// Do not check index page
if(is_null($request->getParam(3))) {
return;
}
// Determine user and seminary
$userId = $this->Auth->getUserId();
$seminary = $this->Seminaries->getSeminaryByUrl($request->getParam(3));
// Determine user seminary roles
$userSeminaryRoles = array();
$roles = $this->Userseminaryroles->getUserseminaryrolesForUserById($userId, $seminary['id']);
foreach($roles as &$role) {
$userSeminaryRoles[] = $role['name'];
}
// Determine permissions for current action
$action = $this->request->getParam(2, 'action');
if(!property_exists($this, 'seminaryPermissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $this->seminaryPermissions)) {
return; // Allow if Action is not specified
}
$permissions = $this->seminaryPermissions[$action];
// Check permissions
if(count(array_intersect($userSeminaryRoles, $permissions)) == 0) {
throw new \nre\exceptions\AccessDeniedException();
}
}
}
?>

149
app/controllers/ToplevelController.inc Normal file
View file

@ -0,0 +1,149 @@
<?php
/**
* The Legend of Z
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
* @copyright 2014 Heinrich-Heine-Universität Düsseldorf
* @license http://www.gnu.org/licenses/gpl.html
* @link https://bitbucket.org/coderkun/the-legend-of-z
*/
namespace hhu\z\controllers;
/**
* Abstract class for implementing a Controller of a ToplevelAgent.
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
abstract class ToplevelController extends \hhu\z\Controller
{
/**
* Required models
*
* @var array
*/
public $models = array('users', 'userroles');
/**
* Current user
*
* @var array
*/
public static $user = null;
/**
* Construct a new application Controller.
*
* @throws DriverNotFoundException
* @throws DriverNotValidException
* @throws ModelNotValidException
* @throws ModelNotFoundException
* @throws ViewNotFoundException
* @param string $layoutName Name of the current Layout
* @param string $action Current Action
* @param Agent $agent Corresponding Agent
*/
public function __construct($layoutName, $action, $agent)
{
parent::__construct($layoutName, $action, $agent);
}
/**
* Prefilter that is executed before running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function preFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::preFilter($request, $response);
// Get userdata
try {
static::$user = $this->Users->getUserById($this->Auth->getUserId());
}
catch(\nre\exceptions\IdNotFoundException $e) {
}
// Check permissions
$this->checkPermission($request, $response);
// Set userdata
$this->set('loggedUser', static::$user);
}
/**
* Postfilter that is executed after running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function postFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::postFilter($request, $response);
}
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission(\nre\core\Request $request, \nre\core\Response $response)
{
// Determine user
$userId = $this->Auth->getUserId();
// Do not check error pages
if($response->getParam(0, 'toplevel') == \nre\core\Config::getDefault('toplevel-error')) {
return;
}
if($response->getParam(1, 'intermediate') == \nre\core\Config::getDefault('intermediate-error')) {
return;
}
// Determine user roles
if($userId > 0)
{
$userRoles = array();
$roles = $this->Userroles->getUserrolesForUserById($userId);
foreach($roles as &$role) {
$userRoles[] = $role['name'];
}
}
else {
$userRoles = array('guest');
}
// Determine permissions of Intermediate Controller for current action
$controller = $this->agent->getIntermediateAgent()->controller;
$action = $this->request->getParam(2, 'action');
if(!property_exists($controller, 'permissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $controller->permissions)) {
return; // Allow if Action is not specified
}
$permissions = $controller->permissions[$action];
// Check permissions
if(count(array_intersect($userRoles, $permissions)) == 0) {
throw new \nre\exceptions\AccessDeniedException();
}
}
}
?>

3
controllers/HtmlController.inc
View file

@ -17,7 +17,7 @@
* *
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de> * @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/ */
class HtmlController extends \hhu\z\Controller class HtmlController extends \hhu\z\controllers\ToplevelController
{ {
@ -33,7 +33,6 @@
{ {
parent::preFilter($request, $response); parent::preFilter($request, $response);
// Set content-type // Set content-type
$this->response->addHeader("Content-type: text/html; charset=utf-8"); $this->response->addHeader("Content-type: text/html; charset=utf-8");
} }

15
controllers/MenuController.inc
View file

@ -23,6 +23,21 @@
/**
* Prefilter.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function preFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::preFilter($request, $response);
// Set userdata
$this->set('loggedUser', HtmlController::$user);
}
/** /**
* Action: index. * Action: index.
*/ */

19
controllers/SeminariesController.inc
View file

@ -17,7 +17,7 @@
* *
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de> * @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/ */
class SeminariesController extends \hhu\z\Controller class SeminariesController extends \hhu\z\controllers\SeminaryRoleController
{ {
/** /**
* Required models * Required models
@ -31,8 +31,21 @@
* @var array * @var array
*/ */
public $permissions = array( public $permissions = array(
'index' => array(), 'index' => array('admin', 'moderator', 'user'),
'seminary' => array() 'seminary' => array('admin', 'moderator', 'user'),
'create' => array('admin', 'moderator'),
'edit' => array('admin', 'moderator', 'user'),
'delete' => array('admin', 'moderator', 'user')
);
/**
* User seminary permissions
*
* @var array
*/
public $seminaryPermissions = array(
'seminary' => array('admin', 'moderator', 'user', 'guest'),
'edit' => array('admin', 'moderator'),
'delete' => array('admin', 'moderator')
); );

11
controllers/UsersController.inc
View file

@ -25,17 +25,16 @@
* @var array * @var array
*/ */
public $permissions = array( public $permissions = array(
'index' => array(), 'index' => array('admin', 'moderator'),
'user' => array(), 'user' => array('admin', 'moderator', 'user'),
'create' => array(), 'create' => array('admin', 'moderator'),
'edit' => array(), 'edit' => array('admin', 'moderator'),
'delete' => array() 'delete' => array('admin')
); );
/** /**
* Action: index. * Action: index.
*/ */

77
models/UserrolesModel.inc Normal file
View file

@ -0,0 +1,77 @@
<?php
/**
* The Legend of Z
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
* @copyright 2014 Heinrich-Heine-Universität Düsseldorf
* @license http://www.gnu.org/licenses/gpl.html
* @link https://bitbucket.org/coderkun/the-legend-of-z
*/
namespace hhu\z\models;
/**
* Model to interact with userroles-table.
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
class UserrolesModel extends \hhu\z\Model
{
/**
* Construct a new UserrolesModel.
*/
public function __construct()
{
parent::__construct();
}
/**
* Get all userroles for an user referenced by its ID.
*
* @param int $userId ID of an user
* @return array Userroles for an user
*/
public function getUserrolesForUserById($userId)
{
return $this->db->query(
'SELECT userroles.id, userroles.created, userroles.name '.
'FROM users_userroles '.
'LEFT JOIN userroles ON userroles.id = users_userroles.userrole_id '.
'WHERE users_userroles.user_id = ?',
'i',
$userId
);
}
/**
* Get all userroles for an user referenced by its URL-username.
*
* @param string $userUrl URL-Username of an user
* @return array Userroles for an user
*/
public function getUserrolesForUserByUrl($userUrl)
{
return $this->db->query(
'SELECT userroles.id, userroles.created, userroles.name '.
'FROM users '.
'LEFT JOIN users_userroles ON users_userroles.user_id = users.id '.
'LEFT JOIN userroles ON userroles.id = users_userroles.userrole_id '.
'WHERE users.url = ?',
's',
$userUrl
);
}
}
?>

78
models/UserseminaryrolesModel.inc Normal file
View file

@ -0,0 +1,78 @@
<?php
/**
* The Legend of Z
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
* @copyright 2014 Heinrich-Heine-Universität Düsseldorf
* @license http://www.gnu.org/licenses/gpl.html
* @link https://bitbucket.org/coderkun/the-legend-of-z
*/
namespace hhu\z\models;
/**
* Model to interact with userseminaryroles-table.
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
class UserseminaryrolesModel extends \hhu\z\Model
{
/**
* Construct a new UserseminaryrolesModel.
*/
public function __construct()
{
parent::__construct();
}
/**
* Get all userseminaryroles for an user referenced by its ID.
*
* @param int $userId ID of an user
* @return array Userseminaryroles for an user
*/
public function getUserseminaryrolesForUserById($userId, $seminaryId)
{
return $this->db->query(
'SELECT userseminaryroles.id, userseminaryroles.created, userseminaryroles.name '.
'FROM users_userseminaryroles '.
'LEFT JOIN userseminaryroles ON userseminaryroles.id = users_userseminaryroles.userseminaryrole_id '.
'WHERE users_userseminaryroles.user_id = ? AND users_userseminaryroles.seminary_id = ?',
'ii',
$userId, $seminaryId
);
}
/**
* Get all userseminaryroles for an user referenced by its
* URL-username.
*
* @param string $userUrl URL-Username of an user
* @return array Userseminaryroles for an user
*/
public function getUserrolesForUserByUrl($userUrl)
{
return $this->db->query(
'SELECT userroles.id, userroles.created, userroles.name '.
'FROM users '.
'LEFT JOIN users_userseminaryroles ON users_userseminaryroles.user_id = users.id '.
'LEFT JOIN userseminaryroles ON userseminaryroles.id = users_userseminaryroles.userseminaryrole_id '.
'WHERE users.url = ?',
's',
$userUrl
);
}
}
?>