Module: nagvis Branch: master Commit: 84994b2b59c81dd9ec6efbcb7232a20c59e22a10 URL: http://nagvis.git.sourceforge.net/git/gitweb.cgi?p=nagvis/nagvis;a=commit;h=84994b2b59c81dd9ec6efbcb7232a20c59e22a10
Author: Lars Michelsen <[email protected]> Date: Thu Aug 5 01:36:52 2010 +0200 #337 Tried to fix the authorization method with overruling permissions --- .../core/classes/CoreAuthorisationHandler.php | 64 +++++++++----------- 1 files changed, 29 insertions(+), 35 deletions(-) diff --git a/share/server/core/classes/CoreAuthorisationHandler.php b/share/server/core/classes/CoreAuthorisationHandler.php index 7559175..908811a 100644 --- a/share/server/core/classes/CoreAuthorisationHandler.php +++ b/share/server/core/classes/CoreAuthorisationHandler.php @@ -247,53 +247,47 @@ class CoreAuthorisationHandler { } public function isPermitted($sModule, $sAction, $sObj = null) { - $bAutorized = false; - // Module access? - $modAccess = false; - if(isset($this->aPermissions[$sModule])) { - $modAccess = $sModule; - } elseif(isset($this->aPermissions[AUTH_PERMISSION_WILDCARD])) { - $modAccess = AUTH_PERMISSION_WILDCARD; - } + $access = Array(); + if(isset($this->aPermissions[$sModule])) + $access[$sModule] = Array(); + if(isset($this->aPermissions[AUTH_PERMISSION_WILDCARD])) + $access[AUTH_PERMISSION_WILDCARD] = Array(); - if($modAccess !== false) { + if(count($access) > 0) { // Action access? - $actAccess = false; - if(isset($this->aPermissions[$modAccess][$sAction])) { - $actAccess = $sAction; - } elseif(isset($this->aPermissions[$modAccess][AUTH_PERMISSION_WILDCARD])) { - $actAccess = AUTH_PERMISSION_WILDCARD; + foreach($access AS $mod => $acts) { + if(isset($this->aPermissions[$mod][$sAction])) + $access[$mod][$sAction] = Array(); + if(isset($this->aPermissions[$mod][AUTH_PERMISSION_WILDCARD])) + $access[$mod][AUTH_PERMISSION_WILDCARD] = Array(); } - if($actAccess !== false) { - // Have to check a particular object? - if($sObj !== null) { - // Object access? - if(isset($this->aPermissions[$modAccess][$actAccess][$sObj])) { - $bAutorized = true; - } elseif(isset($this->aPermissions[$modAccess][$actAccess][AUTH_PERMISSION_WILDCARD])) { - $bAutorized = true; - } else { - if(DEBUG&&DEBUGLEVEL&2) - debug('Object access denied (Mod: '.$sModule.' Act: '.$sAction.' Object: '.$sObj); - $bAutorized = false; + if(count($access[$mod]) > 0) { + // Don't check object permissions + if($sObj === null) + return true; + + // Object access? + foreach($access AS $mod => $acts) { + foreach($acts AS $act => $objs) { + if(isset($this->aPermissions[$mod][$act][$sObj])) + return true; + elseif(isset($this->aPermissions[$mod][$act][AUTH_PERMISSION_WILDCARD])) + return true; + else + if(DEBUG&&DEBUGLEVEL&2) + debug('Object access denied (Mod: '.$sModule.' Act: '.$sAction.' Object: '.$sObj); } - } else { - $bAutorized = true; } - } else { + } else if(DEBUG&&DEBUGLEVEL&2) debug('Action access denied (Mod: '.$sModule.' Act: '.$sAction.' Object: '.$sObj); - $bAutorized = false; - } - } else { + } else if(DEBUG&&DEBUGLEVEL&2) debug('Module access denied (Mod: '.$sModule.' Act: '.$sAction.' Object: '.$sObj); - $bAutorized = false; - } - return $bAutorized; + return false; } } ?> ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Nagvis-checkins mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
