Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remake the ACL::required() method #60

Closed
sergeyklay opened this issue Jan 20, 2013 · 3 comments
Closed

Remake the ACL::required() method #60

sergeyklay opened this issue Jan 20, 2013 · 3 comments

Comments

@sergeyklay
Copy link
Contributor

Maybe makes sense remake the ACL::required method?
For example:

/**
 * If the active user does not have this permission,
 * failed with an Exception_403.
 *
 * @throws  Exception_403 If the user doesn't have permission.
 * @param   string        $perm_name
 * @param   object        User object
 * @param   callable      $callbak         What to run if there is no privilege
 * @return  boolean
 */
public static function required($perm_name, Model_User $user = NULL, $callback = NULL)
{
  if ( ! ACL::check($perm_name, $user) )
  {
    if( ! is_null($callback) )
    {
      call_user_func($callback);
    }

    // If the action is set and the role hasn't been matched,
    // the user doesn't have permission.
    throw new HTTP_Exception_403('Unauthorised access attempt to action :act.',
      array(
        ':act' => $perm_name
      )
    );

  }
}

It is necessary for ease of use:

<?php defined('SYSPATH') OR die('No direct script access.');

class Controller_Admin extends Template {

  public function before()
  {
    // Inform that we're in admin section for themers/developers
    Theme::$is_admin = TRUE;

    ACL::required('administer site', NULL, Request::$current->redirect(Route::get('user')->uri(array('action' => 'login'))));
    parent::before();
  }

  public function index()
  {
    $this->response->body(__('Welcome to admin'));
  }
}

or

ACL::required('administer site', NULL, Kohana::$log->add(Log::ERROR, 'An attempt of unauthorized access'));

I'm not sure that's a good idea, but can you suggest a better idea?
@sergeyklay
Copy link
Contributor Author

and I think in ACL::required() method the second parameter (Model_User $user = NULL) is not needed because always runs the following code:

    if (is_null($user))
    {
      $user = User::active_user();
    }

@sandeepone
Copy link
Member

Second parameter is useful in many cases, like when you want to perform a background job as a particular user, in that case we need to pass the user object, because the active user will be the guest in that case, but we need to run as different user.

Callback would be helpful in some cases,

@sergeyklay
Copy link
Contributor Author

#61

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sandeepone @sergeyklay