Changeset 1261 for trunk/wifidog-auth/wifidog/classes/Security.php

Timestamp:

07/21/07 00:59:33 (5 years ago)

Author:

benoitg

Message:

• At long last, implement #9: Automatic new node creation. When attempting to login from an unknown node, the user (if he has the permissions) will be prompted to create the node, or "steal" en existing one (for hardware swaps).
• Refactor Node:getSelectNodeUI().
• Menu.php: Fix small oversight causing menu not to clear.

Files:

• trunk/wifidog-auth/wifidog/classes/Security.php (modified) (7 diffs)

trunk/wifidog-auth/wifidog/classes/Security.php

@@ -76 +76 @@
                 $permission = $permissionsCheck[0];
                 $targetObject = $permissionsCheck[1];
-                $object_class = get_class($targetObject);
-                if($permission->getTargetObjectClass()!=$object_class) {
-                    throw new Exception(sprintf("Tried to check if an object of class %s has a permission of type %s",$object_class, $permission->getTargetObjectClass()));
-                }
-                $table = strtolower($object_class).'_stakeholders';
-                $object_id = $db->escapeString($targetObject->getId());
+                $objectClass = $permission->getTargetObjectClass();
+                if($targetObject) {
+                    if($objectClass!=get_class($targetObject)) {
+                        throw new Exception(sprintf("Tried to check if an object of class %s has a permission of type %s",$objectClass, get_class($targetObject)));
+                    }
+                    $objectId = $db->escapeString($targetObject->getId());
+                    $objectSqlAnd = "\n AND object_id = '$objectId' \n";
+                }
+                else {
+                    $objectSqlAnd = '';
+                }
+                $table = strtolower($objectClass).'_stakeholders';
                 $permissionIdStr = $db->escapeString($permission->getId());
-
-
-                $sqlSelect = "SELECT permission_id FROM $table JOIN role_has_permissions USING (role_id) WHERE object_id = '$object_id' AND user_id='{$user->getId()}' AND permission_id = '$permissionIdStr'";
+                $sqlSelect = "SELECT permission_id FROM $table JOIN role_has_permissions USING (role_id) WHERE user_id='{$user->getId()}' $objectSqlAnd AND permission_id = '$permissionIdStr'";
                 if($operator == 'OR') {
                     $first?$sql .= " ($sqlSelect)\n":$sql .= ", ($sqlSelect)\n";
@@ -122 +126 @@
     /* Check if the current user has the requested permission
      * @param permission The permission to check
-     * @param $targetObject The Object on which the permssion applies (Network, Server, etc.)
-     * @param user User object, optional, if unspecified, the current user is used.  Note that there may be no current user (annonymous)
-     */
-    public static function hasPermission(Permission $permission, $targetObject, $user=null)
+     * @param $targetObject The Object on which the permssion applies (Network, Server, etc.)  If null, the user must have this permission on at least one object
+     * @param user User object, optional, if unspecified, the current user is used.  Note that there may be no current user (annonymous)
+     */
+    public static function hasPermission(Permission $permission, $targetObject=null, $user=null)
     {
         return self::hasPermissionsHelper(array(array($permission, $targetObject)), 'AND', $user);
     }
-    
-        /* Check if the current user has ANY of the requested permission
+
+    /* Check if the current user has ANY of the requested permission
      * @param $permissionsArray An two dimensionnal array of permissions to check
      * permissionsArray[]=array($permission, $targetObject);
@@ -149 +153 @@
         return self::hasPermissionsHelper($permissionsArray, 'AND', $user);
     }
-    
+
     /* require that the user has the current permission, otherwise, throw up an interface to deal with the proplem
      * @param permission The permission to check
-     * @param $targetObject The Object on which the permssion applies (Network, Server, etc.)
-     * @param user User object, optional, if unspecified, the current user is used.  Note that there may be no current user (annonymous)
-     */
-    public static function requirePermission(Permission $permission, $targetObject)
+     * @param $targetObject The Object on which the permission applies (Network, Server, etc.).  If null, the user must have this permission on at least one object
+     * @param user User object, optional, if unspecified, the current user is used.  Note that there may be no current user (annonymous)
+     */
+    public static function requirePermission(Permission $permission, $targetObject=null)
     {
         $hasPermission = self::hasPermission($permission, $targetObject, User::getCurrentUser());
@@ -177 +181 @@
         return true;
     }
-    
+
     /* Require that the user has ALL of the requested permissions
      * @param $permissionsArray A two dimensionnal array of permissions to check
@@ -191 +195 @@
         return true;
     }
-    
+
     private static function handleMissingPermissions(Array $permissionsArray)
     {
@@ -199 +203 @@
             $targetObject = $permissionsCheck[1];
             if(!self::hasPermission($permission, $targetObject)) {
-                $missingPerms .= sprintf(_("%s (%s) on  %s object %s")."<br/>\n", $permission->getId(), $permission->getDescription(), get_class($targetObject), (string)$targetObject);
+                $missingPerms .= sprintf(_("%s (%s) on  %s: %s")."<br/>\n", $permission->getId(), $permission->getDescription(), $permission->getTargetObjectClass(), $targetObject?(string)$targetObject:_('Any'));
             }
         }
@@ -205 +209 @@
         throw new SecurityException($msg);
     }
-    
+
     /* Returns an array of objects for which the user has the specified permission
      * @param permission The permission to check