coderkun/questlab
1
0
Fork 0
Code Issues 15 Pull requests Projects Releases Wiki Activity

implement user roles and user seminary roles as basic ACL

Browse source
This commit is contained in:
coderkun 2014-01-30 00:59:02 +01:00
commit fcc7e89fcd
10 changed files with 481 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

56
app/Controller.inc
View file

@ -25,24 +25,12 @@
* @var array
*/
public $components = array('auth');
/**
* Required models
*
* @var array
*/
public $models = array('users');
/**
* Linker instance
*
* @var Linker
*/
protected $linker = null;
/**
* Data of currently logged in user if any
*
* @var array
*/
protected static $user = null;
@ -76,9 +64,6 @@
{
parent::preFilter($request, $response);
// Check rights
$this->checkPermission();
// Create linker
$this->linker = new \nre\core\Linker($this->request);
@ -95,9 +80,6 @@
\IntlDateFormatter::SHORT,
NULL
));
// Set userdata
$this->set('loggedUser', static::$user);
}
@ -112,44 +94,6 @@
parent::postFilter($request, $response);
}
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission()
{
// Determine user
try {
$userId = $this->Auth->getUserId();
if(!is_null($userId)) {
static::$user = $this->Users->getUserById($this->Auth->getUserId());
}
}
catch(\nre\exceptions\IdNotFoundException $e) {
}
// Determine permissions
$action = $this->request->getParam(2, 'action');
if(!property_exists($this, 'permissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $this->permissions)) {
return; // Allow if Action is not specified
}
$permissions = $this->permissions[$action];
// Check permissions
if(is_null(static::$user)) {
throw new \nre\exceptions\AccessDeniedException();
}
}
}
?>

129
app/controllers/SeminaryRoleController.inc Normal file
View file

@ -0,0 +1,129 @@
<?php
/**
* The Legend of Z
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
* @copyright 2014 Heinrich-Heine-Universität Düsseldorf
* @license http://www.gnu.org/licenses/gpl.html
* @link https://bitbucket.org/coderkun/the-legend-of-z
*/
namespace hhu\z\controllers;
/**
* Abstract class for implementing a Controller of a ToplevelAgent.
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
abstract class SeminaryroleController extends \hhu\z\Controller
{
/**
* Required models
*
* @var array
*/
public $models = array('userseminaryroles');
/**
* Data of currently logged in user if any
*
* @var array
*/
public static $user = null;
/**
* Construct a new SeminaryRole Controller.
*
* @throws DriverNotFoundException
* @throws DriverNotValidException
* @throws ModelNotValidException
* @throws ModelNotFoundException
* @throws ViewNotFoundException
* @param string $layoutName Name of the current Layout
* @param string $action Current Action
* @param Agent $agent Corresponding Agent
*/
public function __construct($layoutName, $action, $agent)
{
parent::__construct($layoutName, $action, $agent);
}
/**
* Prefilter that is executed before running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function preFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::preFilter($request, $response);
// Check permissions
$this->checkPermission($request, $response);
}
/**
* Postfilter that is executed after running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function postFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::postFilter($request, $response);
}
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission(\nre\core\Request $request, \nre\core\Response $response)
{
// Do not check index page
if(is_null($request->getParam(3))) {
return;
}
// Determine user and seminary
$userId = $this->Auth->getUserId();
$seminary = $this->Seminaries->getSeminaryByUrl($request->getParam(3));
// Determine user seminary roles
$userSeminaryRoles = array();
$roles = $this->Userseminaryroles->getUserseminaryrolesForUserById($userId, $seminary['id']);
foreach($roles as &$role) {
$userSeminaryRoles[] = $role['name'];
}
// Determine permissions for current action
$action = $this->request->getParam(2, 'action');
if(!property_exists($this, 'seminaryPermissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $this->seminaryPermissions)) {
return; // Allow if Action is not specified
}
$permissions = $this->seminaryPermissions[$action];
// Check permissions
if(count(array_intersect($userSeminaryRoles, $permissions)) == 0) {
throw new \nre\exceptions\AccessDeniedException();
}
}
}
?>

149
app/controllers/ToplevelController.inc Normal file
View file

@ -0,0 +1,149 @@
<?php
/**
* The Legend of Z
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
* @copyright 2014 Heinrich-Heine-Universität Düsseldorf
* @license http://www.gnu.org/licenses/gpl.html
* @link https://bitbucket.org/coderkun/the-legend-of-z
*/
namespace hhu\z\controllers;
/**
* Abstract class for implementing a Controller of a ToplevelAgent.
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
abstract class ToplevelController extends \hhu\z\Controller
{
/**
* Required models
*
* @var array
*/
public $models = array('users', 'userroles');
/**
* Current user
*
* @var array
*/
public static $user = null;
/**
* Construct a new application Controller.
*
* @throws DriverNotFoundException
* @throws DriverNotValidException
* @throws ModelNotValidException
* @throws ModelNotFoundException
* @throws ViewNotFoundException
* @param string $layoutName Name of the current Layout
* @param string $action Current Action
* @param Agent $agent Corresponding Agent
*/
public function __construct($layoutName, $action, $agent)
{
parent::__construct($layoutName, $action, $agent);
}
/**
* Prefilter that is executed before running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function preFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::preFilter($request, $response);
// Get userdata
try {
static::$user = $this->Users->getUserById($this->Auth->getUserId());
}
catch(\nre\exceptions\IdNotFoundException $e) {
}
// Check permissions
$this->checkPermission($request, $response);
// Set userdata
$this->set('loggedUser', static::$user);
}
/**
* Postfilter that is executed after running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
*/
public function postFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::postFilter($request, $response);
}
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission(\nre\core\Request $request, \nre\core\Response $response)
{
// Determine user
$userId = $this->Auth->getUserId();
// Do not check error pages
if($response->getParam(0, 'toplevel') == \nre\core\Config::getDefault('toplevel-error')) {
return;
}
if($response->getParam(1, 'intermediate') == \nre\core\Config::getDefault('intermediate-error')) {
return;
}
// Determine user roles
if($userId > 0)
{
$userRoles = array();
$roles = $this->Userroles->getUserrolesForUserById($userId);
foreach($roles as &$role) {
$userRoles[] = $role['name'];
}
}
else {
$userRoles = array('guest');
}
// Determine permissions of Intermediate Controller for current action
$controller = $this->agent->getIntermediateAgent()->controller;
$action = $this->request->getParam(2, 'action');
if(!property_exists($controller, 'permissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $controller->permissions)) {
return; // Allow if Action is not specified
}
$permissions = $controller->permissions[$action];
// Check permissions
if(count(array_intersect($userRoles, $permissions)) == 0) {
throw new \nre\exceptions\AccessDeniedException();
}
}
}
?>