From 44621c0bb633bd059e9469539cdbe6ab2f06d2c5 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 29 Apr 2024 13:05:59 +0200 Subject: [PATCH] add legacy access check for controllers --- CHANGELOG | 1 + inc/inc.ClassAccessOperation.php | 33 +++++++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index ecac07174..15e9c2a3e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,6 +9,7 @@ - checkout info does not depend on whether the logged in user was substituted - add new endpoints for managing roles by rest api - add transmittals in menu +- add legacy access check for controllers -------------------------------------------------------------------------------- Changes in version 6.0.26 diff --git a/inc/inc.ClassAccessOperation.php b/inc/inc.ClassAccessOperation.php index 9c7630306..77e4804ea 100644 --- a/inc/inc.ClassAccessOperation.php +++ b/inc/inc.ClassAccessOperation.php @@ -48,7 +48,7 @@ class SeedDMS_AccessOperation { private $_aro; /** - * @var array $legacy_access list of objects with access + * @var array $legacy_access list of objects with access use for view and controller * @access protected */ private $legacy_access; @@ -65,6 +65,8 @@ class SeedDMS_AccessOperation { 'Search', 'ViewDocument', 'ViewFolder', + 'ViewOnline', + 'Download', ); $this->legacy_access['user'] = array( 'AddDocument', @@ -559,6 +561,32 @@ class SeedDMS_AccessOperation { return false; } /* }}} */ + protected function check_controller_legacy_access($controller, $get=array()) { /* {{{ */ + if($this->user->isAdmin()) + return true; + + if(is_string($controller)) { + $scripts = array($controller); + } elseif(is_array($controller)) { + $scripts = $controller; + } elseif(is_subclass_of($controller, 'SeedDMS_Controller_Common')) { + $scripts = array($controller->getParam('class')); + } else { + return false; + } + + if($this->user->isGuest()) { + $user_allowed = $this->legacy_access['guest']; + } else { + $user_allowed = $this->legacy_access['user']; + } + + if(array_intersect($scripts, $user_allowed)) + return true; + + return false; + } /* }}} */ + /** * Check for access permission on view * @@ -618,6 +646,8 @@ class SeedDMS_AccessOperation { */ function check_controller_access($controller, $get=array()) { /* {{{ */ if(!$this->settings->_advancedAcl) { + return $this->check_controller_legacy_access($controller, $get); + /* if($this->user->isGuest()) return false; elseif($this->user->isAdmin()) @@ -627,6 +657,7 @@ class SeedDMS_AccessOperation { return false; return true; } + */ } if(is_string($controller)) { $scripts = array($controller);