Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Change DefaultRights management: update Root Group, do not update per…
Browse files Browse the repository at this point in the history 
…sonal roles anymore, otherwise it always takes precedency on parent groups/roles.

Do not skip the AJXP_CLEAR_VALUE, set to the merged role.
  • Loading branch information
@cdujeu
cdujeu committed Nov 26, 2015
1 parent de81b04 commit 388e73a
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 27 deletions.
2 changes: 1 addition & 1 deletion core/src/core/classes/class.AJXP_Role.php
View file
Expand Up @@ -399,7 +399,7 @@ public function override(AJXP_Role $role)
$roleAcl = $role->listAcls();
$newAcls = $this->array_merge_recursive2($roleAcl, $this->listAcls());
foreach ($newAcls as $repoId => $rightString) {
if($rightString == AJXP_VALUE_CLEAR) continue;
//if($rightString == AJXP_VALUE_CLEAR) continue;
if(empty($rightString) && !empty($roleAcl[$repoId])){
$rightString = $roleAcl[$repoId];
}
Expand Down
2 changes: 2 additions & 0 deletions core/src/core/classes/class.AuthService.php
View file
Expand Up @@ -620,6 +620,7 @@ public static function updateAdminRights($adminUser)
public static function updateDefaultRights(&$userObject)
{
if (!$userObject->hasParent()) {
/*
$changes = false;
$repoList = ConfService::getRepositoriesList("all");
foreach ($repoList as $repositoryId => $repoObject) {
Expand All @@ -633,6 +634,7 @@ public static function updateDefaultRights(&$userObject)
if ($changes) {
$userObject->recomputeMergedRole();
}
*/
$rolesList = self::getRolesList(array(), true);
foreach ($rolesList as $roleId => $roleObject) {
if(!self::allowedForCurrentGroup($roleObject, $userObject)) continue;
Expand Down
2 changes: 1 addition & 1 deletion core/src/core/classes/class.ConfService.php
View file
Expand Up @@ -935,7 +935,7 @@ public static function addRepository($oRepository)
return self::getInstance()->addRepositoryInst($oRepository);
}
/**
* @param $oRepository
* @param Repository $oRepository
* @return -1|null on error
*/
public function addRepositoryInst($oRepository)
Expand Down
53 changes: 28 additions & 25 deletions core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php
View file
Expand Up @@ -451,6 +451,11 @@ public function switchAction($action, $httpVars, $fileVars)
if ($currentUserIsGroupAdmin && ConfService::getAuthDriverImpl()->isAjxpAdmin(AuthService::getLoggedUser()->getId())) {
$currentUserIsGroupAdmin = false;
}
$currentAdminBasePath = "/";
if (AuthService::getLoggedUser()!=null && AuthService::getLoggedUser()->getGroupPath()!=null) {
$currentAdminBasePath = AuthService::getLoggedUser()->getGroupPath();
}


switch ($action) {
//------------------------------------
Expand Down Expand Up @@ -948,12 +953,10 @@ public function switchAction($action, $httpVars, $fileVars)
AuthService::createUser($new_user_login, $httpVars["new_user_pwd"]);
$confStorage = ConfService::getConfStorageImpl();
$newUser = $confStorage->createUserObject($new_user_login);
$basePath = AuthService::getLoggedUser()->getGroupPath();
if(empty ($basePath)) $basePath = "/";
if (!empty($httpVars["group_path"])) {
$newUser->setGroupPath(rtrim($basePath, "/")."/".ltrim($httpVars["group_path"], "/"));
$newUser->setGroupPath(rtrim($currentAdminBasePath, "/")."/".ltrim($httpVars["group_path"], "/"));
} else {
$newUser->setGroupPath($basePath);
$newUser->setGroupPath($currentAdminBasePath);
}

$newUser->save("superuser");
Expand Down Expand Up @@ -1061,12 +1064,10 @@ public function switchAction($action, $httpVars, $fileVars)
$userId = null;
$usersMoved = array();

$basePath = (AuthService::getLoggedUser()!=null ? AuthService::getLoggedUser()->getGroupPath(): "/");
if(empty ($basePath)) $basePath = "/";
if (!empty($groupPath)) {
$targetPath = rtrim($basePath, "/")."/".ltrim($groupPath, "/");
$targetPath = rtrim($currentAdminBasePath, "/")."/".ltrim($groupPath, "/");
} else {
$targetPath = $basePath;
$targetPath = $currentAdminBasePath;
}

foreach ($userSelection->getFiles() as $selectedUser) {
Expand Down Expand Up @@ -1468,11 +1469,7 @@ public function switchAction($action, $httpVars, $fileVars)
if ($currentUserIsGroupAdmin) {
$newRep->setGroupPath(AuthService::getLoggedUser()->getGroupPath());
} else if (!empty($options["AJXP_GROUP_PATH_PARAMETER"])) {
$basePath = "/";
if (AuthService::getLoggedUser()!=null && AuthService::getLoggedUser()->getGroupPath()!=null) {
$basePath = AuthService::getLoggedUser()->getGroupPath();
}
$value = AJXP_Utils::securePath(rtrim($basePath, "/")."/".ltrim($options["AJXP_GROUP_PATH_PARAMETER"], "/"));
$value = AJXP_Utils::securePath(rtrim($currentAdminBasePath, "/")."/".ltrim($options["AJXP_GROUP_PATH_PARAMETER"], "/"));
$newRep->setGroupPath($value);
}

Expand All @@ -1481,6 +1478,11 @@ public function switchAction($action, $httpVars, $fileVars)
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]);
} else {
$defaultRights = $newRep->getDefaultRight();
if(!empty($defaultRights)){
$groupRole = AuthService::getRole("AJXP_GRP_".$currentAdminBasePath, true);
$groupRole->setAcl($newRep->getId(), $defaultRights);
}
$loggedUser = AuthService::getLoggedUser();
$loggedUser->personalRole->setAcl($newRep->getUniqueId(), "rw");
$loggedUser->recomputeMergedRole();
Expand Down Expand Up @@ -1562,12 +1564,8 @@ public function switchAction($action, $httpVars, $fileVars)
// Add SLUG
if(!$repository->isTemplate) print("<param name=\"AJXP_SLUG\" value=\"".$repository->getSlug()."\"/>");
if ($repository->getGroupPath() != null) {
$basePath = "/";
if (AuthService::getLoggedUser()!=null && AuthService::getLoggedUser()->getGroupPath()!=null) {
$basePath = AuthService::getLoggedUser()->getGroupPath();
}
$groupPath = $repository->getGroupPath();
if($basePath != "/") $groupPath = substr($repository->getGroupPath(), strlen($basePath));
if($currentAdminBasePath != "/") $groupPath = substr($repository->getGroupPath(), strlen($currentAdminBasePath));
print("<param name=\"AJXP_GROUP_PATH_PARAMETER\" value=\"".$groupPath."\"/>");
}

Expand Down Expand Up @@ -1628,6 +1626,7 @@ public function switchAction($action, $httpVars, $fileVars)
case "edit_repository_data" :
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
$initialDefaultRights = $repo->getDefaultRight();
if(!$repo->isWriteable()){
if (isSet($httpVars["permission_mask"]) && !empty($httpVars["permission_mask"])){
$mask = json_decode($httpVars["permission_mask"], true);
Expand Down Expand Up @@ -1681,11 +1680,7 @@ public function switchAction($action, $httpVars, $fileVars)
}
}
} elseif ($key == "AJXP_GROUP_PATH_PARAMETER") {
$basePath = "/";
if (AuthService::getLoggedUser()!=null && AuthService::getLoggedUser()->getGroupPath()!=null) {
$basePath = AuthService::getLoggedUser()->getGroupPath();
}
$value = AJXP_Utils::securePath(rtrim($basePath, "/")."/".ltrim($value, "/"));
$value = AJXP_Utils::securePath(rtrim($currentAdminBasePath, "/")."/".ltrim($value, "/"));
$repo->setGroupPath($value);
continue;
}
Expand Down Expand Up @@ -1727,10 +1722,10 @@ public function switchAction($action, $httpVars, $fileVars)
return;
}
}
// TODO : WHAT TO DO FOR SUB ADMINS ?

$rootGroup = AuthService::getRole("AJXP_GRP_".$currentAdminBasePath, true);
if (isSet($httpVars["permission_mask"]) && !empty($httpVars["permission_mask"])){
$mask = json_decode($httpVars["permission_mask"], true);
$rootGroup = AuthService::getRole("AJXP_GRP_/");
if(count($mask)){
$perm = new AJXP_PermissionMask($mask);
$rootGroup->setMask($repId, $perm);
Expand All @@ -1739,6 +1734,14 @@ public function switchAction($action, $httpVars, $fileVars)
}
AuthService::updateRole($rootGroup);
}
$defaultRights = $repo->getDefaultRight();
if($defaultRights != $initialDefaultRights){
$currentDefaultRights = $rootGroup->getAcl($repId);
if(!empty($defaultRights) || !empty($currentDefaultRights)){
$rootGroup->setAcl($repId, empty($defaultRights) ? "" : $defaultRights);
AuthService::updateRole($rootGroup);
}
}
ConfService::replaceRepository($repId, $repo);
}
AJXP_XMLWriter::header();
Expand Down

0 comments on commit 388e73a

Please sign in to comment.