r3871 - trunk/plugins/qbAclPlugin/lib

[david]

Author: david
Date: Thu Nov  5 17:07:59 2009
New Revision: 3871

Log:
Don't add conflicting rules for same repository to access list, and don't 
splice array that we're currently iterating over for collapsing ruleset.  Fixes 
issue #1116.

Modified:
   trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php

Modified: trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php
==============================================================================
--- trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php    Thu Nov  5 09:10:48 
2009        (r3870)
+++ trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php    Thu Nov  5 17:07:59 
2009        (r3871)
@@ -350,10 +350,23 @@
         break;
       }
 
-      // Add repository access if it isn't set already
-      else if (!in_array($repository->id, array_keys($repositoryAccess)))
+      // Add repository access if there is no pre-existing rule for that repo
+      else
       {
-        $repositoryAccess[] = array('id' => $repository->id, 'access' => 
$access);
+        $preExistingRule = false;
+        foreach ($repositoryAccess as $rule)
+        {
+          if ($repository->id == $rule['id'])
+          {
+            $preExistingRule = true;
+            break;
+          }
+        }
+
+        if (!$preExistingRule)
+        {
+          $repositoryAccess[] = array('id' => $repository->id, 'access' => 
$access);
+        }
       }
     }
 
@@ -421,15 +434,16 @@
     // ('1' => deny, '2' => allow, '*' => deny) -> ('2' => allow, '*' => deny)
     // ('1' => deny, '2' => allow, '*' => allow) -> (1' => deny, '*' => allow)
     $globalPermission = $repositoryAccess[count($repositoryAccess) - 
1]['access'];
+    $collapsedRules = array();
     foreach ($repositoryAccess as $i => $val)
     {
-      if ('*' != $val['id'] && $globalPermission == $val['access'])
+      if ('*' == $val['id'] || $globalPermission != $val['access'])
       {
-        array_splice($repositoryAccess, $i, 1);
+        $collapsedRules[] = $val;
       }
     }
 
-    return $repositoryAccess;
+    return $collapsedRules;
   }
 
   public static function forwardUnauthorized()
@@ -517,7 +531,6 @@
   {
     // Filter out 'draft' items by repository
     $repositoryViewDrafts = 
QubitAcl::getRepositoryAccess(QubitAclAction::VIEW_DRAFT_ID);
-
     if (1 == count($repositoryViewDrafts))
     {
       if (QubitAcl::DENY == $repositoryViewDrafts[0]['access'])

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Qubit Toolkit Commits" group.
To post to this group, send email to qubit-commits@googlegroups.com
To unsubscribe from this group, send email to 
qubit-commits+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.ca/group/qubit-commits?hl=en
-~----------~----~----~----~------~----~------~--~---