Changeset 1278

Timestamp:

08/04/07 19:25:41 (5 years ago)

Author:

drazzib

Message:

2007-08-05 Damien Raude-Morvan <drazzib@…>

• Security.php : A permission can be acquired by a user via multiples roles, this means that, for the moment, we have to use DISTINCT to check if a user had correct permission (otherwise the SQL request is invalid : subrequest return more than one line).
• Locale.php : If the browser send Accept-Value header without any quality (i.e. q=x.y) we have to use order of the locales to select between them (and don't use a rand() number).

Location:

trunk/wifidog-auth

Files:

• CHANGELOG (modified) (1 diff)
• wifidog/classes/Locale.php (modified) (1 diff)
• wifidog/classes/Security.php (modified) (1 diff)

trunk/wifidog-auth/CHANGELOG

@@ -1 +1 @@
 # $Id$
+2007-08-05 Damien Raude-Morvan <drazzib@drazzib.com>
+        * Security.php : A permission can be acquired by a user via multiples roles, this means
+        that, for the moment, we have to use DISTINCT to check if a user had correct permission
+        (otherwise the SQL request is invalid : subrequest return more than one line).
+        * Locale.php : If the browser send Accept-Value header without any quality (i.e. q=x.y)
+        we have to use order of the locales to select between them (and don't use a rand() number).
+
 2007-06-04 Benoit Grégoire  <bock@step.polymtl.ca>
         * Portugese (from portugal) translation contributed by MiguelCMA

trunk/wifidog-auth/wifidog/classes/Locale.php

@@ -173 +173 @@
 
                 $browser_preferences = array();
+                // $appendIdx help differentiation between same quality locales
+                // first locale in string get better quality than next
+                $appendIdx = 9999;
                 foreach(explode(',', empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? DEFAULT_LANG : $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) {
                         //echo $lang."\n";
                         if (preg_match('/^\s*([a-z_-]+).*?(?:;\s*q=([0-9.]+))?/i', $lang.';q=1.0', $split)) {
-                                $browser_preferences[sprintf('%f%d', $split[2], rand(0,9999))] = strtolower($split[1]);
+                                $browser_preferences[sprintf('%f%d', $split[2], $appendIdx)] = strtolower($split[1]);
                         }
+                        $appendIdx--;
                 }
 

trunk/wifidog-auth/wifidog/classes/Security.php

@@ -89 +89 @@
                 $table = strtolower($objectClass).'_stakeholders';
                 $permissionIdStr = $db->escapeString($permission->getId());
-                $sqlSelect = "SELECT permission_id FROM $table JOIN role_has_permissions USING (role_id) WHERE user_id='{$user->getId()}' $objectSqlAnd AND permission_id = '$permissionIdStr'";
+                $sqlSelect = "SELECT DISTINCT permission_id FROM $table JOIN role_has_permissions USING (role_id) WHERE user_id='{$user->getId()}' $objectSqlAnd AND permission_id = '$permissionIdStr'";
                 if($operator == 'OR') {
                     $first?$sql .= " ($sqlSelect)\n":$sql .= ", ($sqlSelect)\n";