Add option to allow content edit only for users who are authenticated…

… or who have specific credentials
michaelperrin · Jun 5, 2012 · 8002403 · 8002403
1 parent 601c4d8
commit 8002403
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 4 deletions.
diff --git a/config/app.yml b/config/app.yml
@@ -17,6 +17,18 @@ all:
       - common/align
       - sfAloha/save
       - sfAloha/image-upload
-    autoAdd: true # Tells whether new content can be automatically created or not
-    image_upload_dir: aloha-images
-    backend: sfAlohaBackendDoctrine
+
+    # Tells whether new content can be automatically created or not
+    autoAdd:                              true
+
+    image_upload_dir:                     aloha-images
+    backend:                              sfAlohaBackendDoctrine
+
+    security:
+      edit:
+        # Tells whether only authenticated users can edit content or not
+        authenticated:                    true
+
+        # Tells whether only users with the given credential(s) can edit content or not
+        # ~ for no specific credentials, a table for several allowed credentials (e.g. [admin, writer]), string for only one
+        credentials:                      ~
diff --git a/lib/helper/AlohaHelper.php b/lib/helper/AlohaHelper.php
@@ -11,10 +11,16 @@
  */
 function aloha_init_page(array $activatedPlugins = null)
 {
+  if (!sfAloha::getInstance()->checkAccess())
+  {
+    // The user doesn't have credentials to edit content.
+    // No need to load the Aloha Editor library
+    return '';
+  }
+
   if ($activatedPlugins === null)
   {
     // Load default activated plugins
-
     $activatedPlugins = sfConfig::get('app_aloha_defaultPlugins');
   }
 
@@ -33,6 +39,7 @@ function aloha_init_page(array $activatedPlugins = null)
 
   if (array_search('sfAloha/image-upload', $activatedPlugins))
   {
+    // Image upload plugin is activated
     $result .= aloha_init_upload_image_plugin();
   }
 

diff --git a/lib/sfAloha/sfAloha.class.php b/lib/sfAloha/sfAloha.class.php
@@ -72,4 +72,48 @@ protected function getBackend()
   {
     return self::$_backend;
   }
+
+  /**
+   * Checks if the current user has rights to edit content
+   *
+   * @return boolean false if user doesn't have rights, true otherwise
+   */
+  public function checkAccess()
+  {
+    $user = sfContext::getInstance()->getUser();
+
+    $securityConf = sfConfig::get('app_aloha_security');
+
+    // If no configuration is found regarding security, do not allow any action
+    if (empty($securityConf) || !isset($securityConf['edit']))
+    {
+      return false;
+    }
+
+    $editSecurity = $securityConf['edit'];
+
+    // Check authentication
+    if (!array_key_exists('authenticated', $editSecurity))
+    {
+      return false;
+    }
+
+    if ($editSecurity['authenticated'] != false && !$user->isAuthenticated())
+    {
+      return false;
+    }
+
+    // Check credentials
+    if (!array_key_exists('credentials', $editSecurity))
+    {
+      return false;
+    }
+
+    if ($editSecurity['credentials'] != false && !$user->hasCredential($editSecurity['credentials']))
+    {
+      return false;
+    }
+
+    return true;
+  }
 }
diff --git a/modules/sfAlohaContent/actions/actions.class.php b/modules/sfAlohaContent/actions/actions.class.php
@@ -5,6 +5,11 @@
  */
 class sfAlohaContentActions extends sfActions
 {
+  public function preExecute()
+  {
+    $this->_checkSecurity();
+  }
+
   /**
    * Save content action
    *
@@ -112,4 +117,12 @@ protected function _generateImageName($path, $originalName)
 
     return $newFileName;
   }
+
+  /**
+   * Checks if the current user is allowed to edit content
+   */
+  protected function _checkSecurity()
+  {
+    $this->forward404Unless(sfAloha::getInstance()->checkAccess());
+  }
 }