gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-01 22:47:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

getAccessMode() takes user/group rights in acls into account for guests

Browse Source
This commit is contained in:
Uwe Steinmann 2015-08-19 08:21:15 +02:00
parent 4358eb9a39
commit 123cccc72a
2 changed files with 53 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
SeedDMS_Core/Core/inc.ClassDocument.php
View File

@ -806,35 +806,42 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
/* The owner of the document has unrestricted access */ /* The owner of the document has unrestricted access */
if ($user->getID() == $this->_ownerID) return M_ALL; if ($user->getID() == $this->_ownerID) return M_ALL;
/* The guest users do not have more than read access */
if ($user->isGuest()) {
$mode = $this->getDefaultAccess();
if ($mode >= M_READ) return M_READ;
else return M_NONE;
}
/* Check ACLs */ /* Check ACLs */
$accessList = $this->getAccessList(); $accessList = $this->getAccessList();
if (!$accessList) return false; if (!$accessList) return false;
foreach ($accessList["users"] as $userAccess) { foreach ($accessList["users"] as $userAccess) {
if ($userAccess->getUserID() == $user->getID()) { if ($userAccess->getUserID() == $user->getID()) {
return $userAccess->getMode(); $mode = $userAccess->getMode();
if ($user->isGuest()) {
if ($mode >= M_READ) $mode = M_READ;
}
return $mode;
} }
} }
/* Get the highest right defined by a group */ /* Get the highest right defined by a group */
$result = 0; if($accessList['groups']) {
$mode = 0;
foreach ($accessList["groups"] as $groupAccess) { foreach ($accessList["groups"] as $groupAccess) {
if ($user->isMemberOfGroup($groupAccess->getGroup())) { if ($user->isMemberOfGroup($groupAccess->getGroup())) {
if ($groupAccess->getMode() > $result) if ($groupAccess->getMode() > $mode)
$result = $groupAccess->getMode(); $mode = $groupAccess->getMode();
// return $groupAccess->getMode();
} }
} }
if($result) if($mode) {
return $result; if ($user->isGuest()) {
$result = $this->getDefaultAccess(); if ($mode >= M_READ) $mode = M_READ;
return $result; }
return $mode;
}
}
$mode = $this->getDefaultAccess();
if ($user->isGuest()) {
if ($mode >= M_READ) $mode = M_READ;
}
return $mode;
} /* }}} */ } /* }}} */
/** /**

45
SeedDMS_Core/Core/inc.ClassFolder.php
View File

@ -1029,41 +1029,48 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
if(!$user) if(!$user)
return M_NONE; return M_NONE;
/* Admins have full access */ /* Administrators have unrestricted access */
if ($user->isAdmin()) return M_ALL; if ($user->isAdmin()) return M_ALL;
/* User has full access if he/she is the owner of the document */ /* The owner of the document has unrestricted access */
if ($user->getID() == $this->_ownerID) return M_ALL; if ($user->getID() == $this->_ownerID) return M_ALL;
/* Guest has read access by default, if guest login is allowed at all */ /* Check ACLs */
if ($user->isGuest()) {
$mode = $this->getDefaultAccess();
if ($mode >= M_READ) return M_READ;
else return M_NONE;
}
/* check ACLs */
$accessList = $this->getAccessList(); $accessList = $this->getAccessList();
if (!$accessList) return false; if (!$accessList) return false;
foreach ($accessList["users"] as $userAccess) { foreach ($accessList["users"] as $userAccess) {
if ($userAccess->getUserID() == $user->getID()) { if ($userAccess->getUserID() == $user->getID()) {
return $userAccess->getMode(); $mode = $userAccess->getMode();
if ($user->isGuest()) {
if ($mode >= M_READ) $mode = M_READ;
}
return $mode;
} }
} }
/* Get the highest right defined by a group */ /* Get the highest right defined by a group */
$result = 0; if($accessList['groups']) {
$mode = 0;
foreach ($accessList["groups"] as $groupAccess) { foreach ($accessList["groups"] as $groupAccess) {
if ($user->isMemberOfGroup($groupAccess->getGroup())) { if ($user->isMemberOfGroup($groupAccess->getGroup())) {
if ($groupAccess->getMode() > $result) if ($groupAccess->getMode() > $mode)
$result = $groupAccess->getMode(); $mode = $groupAccess->getMode();
// return $groupAccess->getMode();
} }
} }
if($result) if($mode) {
return $result; if ($user->isGuest()) {
$result = $this->getDefaultAccess(); if ($mode >= M_READ) $mode = M_READ;
return $result; }
return $mode;
}
}
$mode = $this->getDefaultAccess();
if ($user->isGuest()) {
if ($mode >= M_READ) $mode = M_READ;
}
return $mode;
} /* }}} */ } /* }}} */
/** /**