Module: nagvis Branch: master Commit: 6c0c90ab894fc0e52fa2c6783c5d7af0eb6579f4 URL: http://nagvis.git.sourceforge.net/git/gitweb.cgi?p=nagvis/nagvis;a=commit;h=6c0c90ab894fc0e52fa2c6783c5d7af0eb6579f4
Author: Lars Michelsen <[email protected]> Date: Wed Oct 20 21:36:44 2010 +0200 #376 Fixed object permission check problem on map/automap views --- .../nagvis-js/classes/FrontendModAutoMap.php | 2 +- .../frontend/nagvis-js/classes/FrontendModMap.php | 2 +- share/frontend/wui/classes/WuiModMap.php | 2 +- share/server/core/classes/CoreModAutoMap.php | 2 +- share/server/core/classes/CoreModMap.php | 2 +- share/server/core/classes/CoreModule.php | 7 ++++++- share/server/core/classes/GlobalCore.php | 8 ++++---- share/server/core/defines/global.php | 1 + 8 files changed, 16 insertions(+), 10 deletions(-) diff --git a/share/frontend/nagvis-js/classes/FrontendModAutoMap.php b/share/frontend/nagvis-js/classes/FrontendModAutoMap.php index ec3dd75..8ce2fc5 100644 --- a/share/frontend/nagvis-js/classes/FrontendModAutoMap.php +++ b/share/frontend/nagvis-js/classes/FrontendModAutoMap.php @@ -86,7 +86,7 @@ class FrontendModAutoMap extends FrontendModule { ); // Register valid objects - $this->aObjects = $this->CORE->getAvailableAutomaps(); + $this->aObjects = $this->CORE->getAvailableAutomaps(null, SET_KEYS); // Set the requested object for later authorisation $this->setObject($this->name); diff --git a/share/frontend/nagvis-js/classes/FrontendModMap.php b/share/frontend/nagvis-js/classes/FrontendModMap.php index 3f52c43..dedba5e 100644 --- a/share/frontend/nagvis-js/classes/FrontendModMap.php +++ b/share/frontend/nagvis-js/classes/FrontendModMap.php @@ -66,7 +66,7 @@ class FrontendModMap extends FrontendModule { ); // Register valid objects - $this->aObjects = $this->CORE->getAvailableMaps(); + $this->aObjects = $this->CORE->getAvailableMaps(null, SET_KEYS); // Set the requested object for later authorisation $this->setObject($this->name); diff --git a/share/frontend/wui/classes/WuiModMap.php b/share/frontend/wui/classes/WuiModMap.php index 04a5588..974e59c 100644 --- a/share/frontend/wui/classes/WuiModMap.php +++ b/share/frontend/wui/classes/WuiModMap.php @@ -18,7 +18,7 @@ class WuiModMap extends WuiModule { ); // Register valid objects - $this->aObjects = $this->CORE->getAvailableMaps(); + $this->aObjects = $this->CORE->getAvailableMaps(null, SET_KEYS); // Set the requested object for later authorisation $this->setObject($this->name); diff --git a/share/server/core/classes/CoreModAutoMap.php b/share/server/core/classes/CoreModAutoMap.php index 7b8f47f..dc5b35b 100644 --- a/share/server/core/classes/CoreModAutoMap.php +++ b/share/server/core/classes/CoreModAutoMap.php @@ -69,7 +69,7 @@ class CoreModAutoMap extends CoreModule { ); // Register valid objects - $this->aObjects = $this->CORE->getAvailableAutomaps(); + $this->aObjects = $this->CORE->getAvailableAutomaps(null, SET_KEYS); // Set the requested object for later authorisation $this->setObject($this->name); diff --git a/share/server/core/classes/CoreModMap.php b/share/server/core/classes/CoreModMap.php index 9e328c1..366d270 100644 --- a/share/server/core/classes/CoreModMap.php +++ b/share/server/core/classes/CoreModMap.php @@ -61,7 +61,7 @@ class CoreModMap extends CoreModule { ); // Register valid objects - $this->aObjects = $this->CORE->getAvailableMaps(); + $this->aObjects = $this->CORE->getAvailableMaps(null, SET_KEYS); } public function initObject() { diff --git a/share/server/core/classes/CoreModule.php b/share/server/core/classes/CoreModule.php index 313a330..d682730 100644 --- a/share/server/core/classes/CoreModule.php +++ b/share/server/core/classes/CoreModule.php @@ -89,8 +89,13 @@ abstract class CoreModule { * @author Lars Michelsen <[email protected]> */ public function setObject($sObject) { - if(!$this->offersObject($sObject)) + if(!$this->offersObject($sObject)) { + // Set sObject to an empty string. This tells the isPermitted() check that + // this module uses object based authorisation checks. In that case it + // won't pass the object authorisation check. + $this->sObject = ''; return false; + } $this->sObject = $sObject; return true; diff --git a/share/server/core/classes/GlobalCore.php b/share/server/core/classes/GlobalCore.php index 431f67d..e0c28f5 100644 --- a/share/server/core/classes/GlobalCore.php +++ b/share/server/core/classes/GlobalCore.php @@ -311,8 +311,8 @@ class GlobalCore { * @return Array Array of maps * @author Lars Michelsen <[email protected]> */ - public function getAvailableAutomaps($strMatch = NULL) { - return self::listDirectory(self::getMainCfg()->getValue('paths', 'automapcfg'), MATCH_CFG_FILE, null, $strMatch, null, null, true); + public function getAvailableAutomaps($strMatch = null, $setKey = null) { + return self::listDirectory(self::getMainCfg()->getValue('paths', 'automapcfg'), MATCH_CFG_FILE, null, $strMatch, null, $setKey); } /** @@ -322,8 +322,8 @@ class GlobalCore { * @return Array Array of maps * @author Lars Michelsen <[email protected]> */ - public function getAvailableMaps($strMatch = NULL) { - return self::listDirectory(self::getMainCfg()->getValue('paths', 'mapcfg'), MATCH_CFG_FILE, null, $strMatch, null, null, true); + public function getAvailableMaps($strMatch = null, $setKey = null) { + return self::listDirectory(self::getMainCfg()->getValue('paths', 'mapcfg'), MATCH_CFG_FILE, null, $strMatch, null, $setKey); } /** diff --git a/share/server/core/defines/global.php b/share/server/core/defines/global.php index 745147f..b054f1c 100644 --- a/share/server/core/defines/global.php +++ b/share/server/core/defines/global.php @@ -103,6 +103,7 @@ define('GET_SINGLE_MEMBER_STATES', true); define('IS_VIEW', true); define('ONLY_GLOBAL', true); define('GET_CHILDS', true); +define('SET_KEYS', true); // Maximum length for usernames/passwords define('AUTH_MAX_PASSWORD_LENGTH', 15); ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Nagvis-checkins mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
