gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-01 14:37:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cache aro, first param of check_view_access() can be string, array, object

Browse Source
This commit is contained in:
Uwe Steinmann 2016-03-04 09:27:29 +01:00
parent 1fe2b3bdc2
commit bd3fbd5cf7
1 changed files with 32 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
inc/inc.ClassAccessOperation.php
View File

@ -27,19 +27,25 @@ class SeedDMS_AccessOperation {
* @var object $dms reference to dms * @var object $dms reference to dms
* @access protected * @access protected
*/ */
private $dms; protected $dms;
/** /**
* @var object $user user requesting the access * @var object $user user requesting the access
* @access protected * @access protected
*/ */
private $user; protected $user;
/** /**
* @var object $settings SeedDMS Settings * @var object $settings SeedDMS Settings
* @access protected * @access protected
*/ */
private $settings; protected $settings;
/**
* @var object $aro access request object for caching
* @access protected
*/
private $_aro;
function __construct($dms, $user, $settings) { /* {{{ */ function __construct($dms, $user, $settings) { /* {{{ */
$this->dms = $dms; $this->dms = $dms;
@ -307,21 +313,36 @@ class SeedDMS_AccessOperation {
/** /**
* Check for access permission * Check for access permission
* *
* @param object $dms Instanz of dms * If the parameter $view is an array then each element is considered the
* @param object $role role of currently logged in user * name of a view and true will be returned if one is accesible.
* @param string $scope 'Views', 'Controllers' *
* @param string $script Scriptname without 'out.' and '.php' * @param mixed $view Instanz of view, name of view or array of view names
* @param string $get query parameters * @param string $get query parameters
* @return boolean true if access is allowed otherwise false * @return boolean true if access is allowed otherwise false
*/ */
function check_view_access($view, $get=array()) { /* {{{ */ function check_view_access($view, $get=array()) { /* {{{ */
if(!$this->settings->_advancedAcl)
return false;
if(is_string($view)) {
$scripts = array($view);
} elseif(is_array($view)) {
$scripts = $view;
} elseif(is_subclass_of($view, 'SeedDMS_View_Common')) {
$scripts = array($view->getParam('class'));
} else {
return false;
}
$scope = 'Views'; $scope = 'Views';
$script = $view->getParam('class');
$action = (isset($get['action']) && $get['action']) ? $get['action'] : 'show'; $action = (isset($get['action']) && $get['action']) ? $get['action'] : 'show';
$acl = new SeedDMS_Acl($this->dms); $acl = new SeedDMS_Acl($this->dms);
$aro = SeedDMS_Aro::getInstance($this->user->getRole(), $this->dms); if(!$this->_aro)
$aco = SeedDMS_Aco::getInstance($scope.'/'.$script.'/'.$action, $this->dms); $this->_aro = SeedDMS_Aro::getInstance($this->user->getRole(), $this->dms);
return $acl->check($aro, $aco); foreach($scripts as $script) {
$aco = SeedDMS_Aco::getInstance($scope.'/'.$script.'/'.$action, $this->dms);
if($acl->check($this->_aro, $aco))
return true;
}
return false;
} /* }}} */ } /* }}} */
} }
?> ?>