r3864 - trunk/plugins/qbAclPlugin/lib

[david]

Author: david
Date: Tue Nov  3 13:32:05 2009
New Revision: 3864

Log:
Don't check user permissions if userid == null (user is not logged in) and 
assign user to 'anonymous' group. Fixes issue #1103.

Modified:
   trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php

Modified: trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php
==============================================================================
--- trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php    Tue Nov  3 12:08:58 
2009        (r3863)
+++ trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php    Tue Nov  3 13:32:05 
2009        (r3864)
@@ -370,22 +370,31 @@
   public static function getRepositoryAccess($actionId, $options = array())
   {
     $repositoryAccess = array();
+    $userGroupIds = array();
 
-    // Test user permissions
-    $criteria = new Criteria;
-    $criteria->add(QubitAclPermission::ACTION_ID, $actionId);
-    $criteria->add(QubitAclPermission::USER_ID, 
sfContext::getInstance()->getUser()->getUserId());
-    $criteria->addDescendingOrderByColumn(QubitAclPermission::ID);
+    // If user is logged in
+    if (null !== ($userId = sfContext::getInstance()->getUser()->getUserId()))
+    {
+      // Test user permissions
+      $criteria = new Criteria;
+      $criteria->add(QubitAclPermission::ACTION_ID, $actionId);
+      $criteria->add(QubitAclPermission::USER_ID, $userId);
+      $criteria->addDescendingOrderByColumn(QubitAclPermission::ID);
 
-    if (0 < count($permissions = QubitAclPermission::get($criteria)))
+      if (0 < count($permissions = QubitAclPermission::get($criteria)))
+      {
+        $repositoryAccess = self::addRepositoryAccess($repositoryAccess, 
$permissions);
+      }
+    }
+    else
     {
-      $repositoryAccess = self::addRepositoryAccess($repositoryAccess, 
$permissions);
+      // Add anonymous group if user is not logged in
+      $userGroupIds[] = QubitAclGroup::ANONYMOUS_ID;
     }
 
     if (0 == count($repositoryAccess) || '*' != 
$repositoryAccess[count($repositoryAccess) - 1]['id'])
     {
       // Test user group permissions
-      $userGroupIds = array();
       foreach (sfContext::getInstance()->getUser()->listGroups() as $group)
       {
         $userGroupIds[] = $group->id;
@@ -508,6 +517,7 @@
   {
     // Filter out 'draft' items by repository
     $repositoryViewDrafts = 
QubitAcl::getRepositoryAccess(QubitAclAction::VIEW_DRAFT_ID);
+
     if (1 == count($repositoryViewDrafts))
     {
       if (QubitAcl::DENY == $repositoryViewDrafts[0]['access'])

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Qubit Toolkit Commits" group.
To post to this group, send email to qubit-commits@googlegroups.com
To unsubscribe from this group, send email to 
qubit-commits+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.ca/group/qubit-commits?hl=en
-~----------~----~----~----~------~----~------~--~---