Add ability to reload permissions for all authenticated users

NOTE: Anonymous users cannot reload permissions, you must flush sessions to reload permissions for anonymous users that still have a session.
modxcms · Jan 13, 2012 · f8464cda20b411c9db489639912d477557d0f2a9 · f8464cd
1 parent 111e546
commit f8464cda20b411c9db489639912d477557d0f2a9
diff --git a/_build/build.sample.properties b/_build/build.sample.properties
@@ -11,8 +11,8 @@ git.command = git
 #project.name.fs = modx
 
 # Override to set the version and release strings
-#modx.core.version = 2.2.0
-#modx.core.release = pl2
+#modx.core.version = 2.2.1
+#modx.core.release = dev
 
 # these properties require a local Git clone in order to produce distributions
 # Set this property to produce distribution packages from a Git archive
@@ -25,7 +25,7 @@ git.command = git
 #build.nominify = true
 
 # Override to pull source from a specific ref in the git repository
-#build.src.tree = v2.2.0-pl2
+#build.src.tree = v2.2.1-dev
 
 # Override to turn off the additional of timestamps to the distribution packages (used for nightlies)
 #build.timestamp = false
diff --git a/_build/build.xml b/_build/build.xml
@@ -19,8 +19,8 @@
     <property name="project.manager.dir" value="${project.root.dir}/manager" />
 
     <!-- Set the project version -->
-    <property name="modx.core.version" value="2.2.0" />
-    <property name="modx.core.release" value="pl2" />
+    <property name="modx.core.version" value="2.2.1" />
+    <property name="modx.core.release" value="dev" />
 
     <!-- Set some common build properties -->
     <property name="build.dir" value="${project.basedir}" />

diff --git a/core/docs/changelog.txt b/core/docs/changelog.txt
@@ -2,6 +2,7 @@
 This file shows the changes in recent releases of MODX. The most current release is usually the
 development release, and is only shown to give an idea of what's currently in the pipeline.
 
+- Add ability to reload permissions for all authenticated users
 - [#6651] Add properties field and API methods for modResource
 - [#6613] Ensure page redirects if removing Element via tree that is currently being edited
 - [#6608] Fix search text in package management when doing empty search

diff --git a/core/docs/version.inc.php b/core/docs/version.inc.php
@@ -3,10 +3,9 @@
 $v['version']= '2'; // Current version.
 $v['major_version']= '2'; // Current major version.
 $v['minor_version']= '1'; // Current minor version.
-$v['patch_level']= 'pl'; // Current patch level.
+$v['patch_level']= 'dev'; // Current patch level.
 $v['code_name']= 'Revolution'; // Current codename.
 $v['distro']= '@git@';
 $v['full_version']= $v['version'] . ($v['major_version'] ? ".{$v['major_version']}" : ".0") . ($v['minor_version'] ? ".{$v['minor_version']}" : ".0") . ($v['patch_level'] ? "-{$v['patch_level']}" : "");
 $v['full_appname']= 'MODX' . ($v['code_name'] ? " {$v['code_name']} " : " ") . $v['full_version'] . ' (' . trim($v['distro'], '@') . ')';
 return $v;
-?>
diff --git a/core/model/modx/modprincipal.class.php b/core/model/modx/modprincipal.class.php
@@ -50,14 +50,7 @@ public function getAttributes($targets = array(), $context = '', $reload = false
             $targets = explode(',', $this->xpdo->getOption('principal_targets', null, 'modAccessContext,modAccessResourceGroup,modAccessCategory,sources.modAccessMediaSource'));
             array_walk($targets, 'trim');
         }
-        if (is_array($targets)) {
-            foreach ($targets as $target) {
-                $this->loadAttributes($target, $context, $reload);
-            }
-        }
-        elseif (is_string($targets)) {
-            $this->loadAttributes($targets, $context, $reload);
-        }
+        $this->loadAttributes($targets, $context, $reload);
         return $this->_attributes[$context];
     }
 }
diff --git a/core/model/modx/moduser.class.php b/core/model/modx/moduser.class.php
@@ -117,6 +117,16 @@ public function remove(array $ancestors = array()) {
     public function loadAttributes($target, $context = '', $reload = false) {
         $context = !empty($context) ? $context : $this->xpdo->context->get('key');
         $id = $this->get('id') ? (string) $this->get('id') : '0';
+        if ($this->get('id') && !$reload) {
+            $staleContexts = $this->get('session_stale');
+            $stale = array_search($context, $staleContexts);
+            if ($stale !== false) {
+                $reload = true;
+                $staleContexts = array_diff($staleContexts, array($context));
+                $this->set('session_stale', $staleContexts);
+                $this->save();
+            }
+        }
         if ($this->_attributes === null || $reload) {
             $this->_attributes = array();
             if (isset($_SESSION["modx.user.{$id}.attributes"])) {
@@ -127,18 +137,23 @@ public function loadAttributes($target, $context = '', $reload = false) {
                 }
             }
         }
-        if (!isset($this->_attributes[$context])) $this->_attributes[$context] = array();
-        if (!isset($this->_attributes[$context][$target])) {
-            $this->_attributes[$context][$target] = $this->xpdo->call(
-                $target,
-                'loadAttributes',
-                array(&$this->xpdo, $context, $this->get('id'))
-            );
-            if (!isset($this->_attributes[$context][$target]) || !is_array($this->_attributes[$context][$target])) {
-                $this->_attributes[$context][$target] = array();
+        if (!isset($this->_attributes[$context])) {
+            $this->_attributes[$context] = array();
+        }
+        $target = (array) $target;
+        foreach ($target as $t) {
+            if (!isset($this->_attributes[$context][$t])) {
+                $this->_attributes[$context][$t] = $this->xpdo->call(
+                    $t,
+                    'loadAttributes',
+                    array(&$this->xpdo, $context, $this->get('id'))
+                );
+                if (!isset($this->_attributes[$context][$t]) || !is_array($this->_attributes[$context][$t])) {
+                    $this->_attributes[$context][$t] = array();
+                }
             }
-            $_SESSION["modx.user.{$id}.attributes"] = $this->_attributes;
         }
+        $_SESSION["modx.user.{$id}.attributes"] = $this->_attributes;
     }
 
     /**

diff --git a/core/model/modx/mysql/moduser.map.inc.php b/core/model/modx/mysql/moduser.map.inc.php
@@ -19,6 +19,7 @@
     'hash_class' => 'hashing.modPBKDF2',
     'salt' => '',
     'primary_group' => 0,
+    'session_stale' => NULL,
   ),
   'fieldMeta' => 
   array (
@@ -105,6 +106,12 @@
       'default' => 0,
       'index' => 'index',
     ),
+    'session_stale' => 
+    array (
+      'dbtype' => 'text',
+      'phptype' => 'array',
+      'null' => true,
+    ),
   ),
   'indexes' => 
   array (

diff --git a/core/model/modx/processors/security/access/flush.class.php b/core/model/modx/processors/security/access/flush.class.php
@@ -11,8 +11,14 @@ public function checkPermissions() {
     }
 
     public function process() {
-        if ($this->modx->getUser()) {
-            $this->modx->user->getAttributes(array(), '', true);
+        $ctxQuery = $this->modx->newQuery('modContext');
+        $ctxQuery->select($this->modx->getSelectColumns('modContext', '', '', array('key')));
+        if ($ctxQuery->prepare() && $ctxQuery->stmt->execute()) {
+            $contexts = $ctxQuery->stmt->fetchAll(PDO::FETCH_COLUMN);
+            if ($contexts) {
+                $serialized = serialize($contexts);
+                $this->modx->exec("UPDATE {$this->modx->getTableName('modUser')} SET {$this->modx->escape('session_stale')} = {$this->modx->quote($serialized)}");
+            }
         }
         return $this->success();
     }

diff --git a/core/model/modx/processors/security/login.php b/core/model/modx/processors/security/login.php
@@ -48,6 +48,7 @@
     unset($key,$value);
 }
 
+/** @var $user modUser */
 $user= $modx->getObjectGraph('modUser', '{"Profile":{},"UserSettings":{}}', array ('modUser.username' => $username));
 
 if (!$user) {

diff --git a/core/model/modx/sqlsrv/moduser.map.inc.php b/core/model/modx/sqlsrv/moduser.map.inc.php
@@ -19,6 +19,7 @@
     'hash_class' => 'hashing.modPBKDF2',
     'salt' => '',
     'primary_group' => 0,
+    'session_stale' => NULL,
   ),
   'fieldMeta' => 
   array (
@@ -102,6 +103,13 @@
       'default' => 0,
       'index' => 'index',
     ),
+    'session_stale' => 
+    array (
+      'dbtype' => 'nvarchar',
+      'precision' => 'max',
+      'phptype' => 'array',
+      'null' => true,
+    ),
   ),
   'indexes' => 
   array (

diff --git a/core/model/schema/modx.mysql.schema.xml b/core/model/schema/modx.mysql.schema.xml
@@ -1117,6 +1117,7 @@
         <field key="hash_class" dbtype="varchar" precision="100" phptype="string" null="false" default="hashing.modPBKDF2" />
         <field key="salt" dbtype="varchar" precision="100" phptype="string" null="false" default="" />
         <field key="primary_group" dbtype="int" precision="10" phptype="integer" attributes="unsigned" null="false" default="0" index="index" />
+        <field key="session_stale" dbtype="text" phptype="array" null="true" />
 
         <index alias="username" name="username" primary="false" unique="true" type="BTREE">
             <column key="username" length="" collation="A" null="false" />

diff --git a/core/model/schema/modx.sqlsrv.schema.xml b/core/model/schema/modx.sqlsrv.schema.xml
@@ -1109,6 +1109,7 @@
         <field key="hash_class" dbtype="nvarchar" precision="100" phptype="string" null="false" default="hashing.modPBKDF2" />
         <field key="salt" dbtype="nvarchar" precision="100" phptype="string" null="false" default="" />
         <field key="primary_group" dbtype="int" phptype="integer" null="false" default="0" index="index" />
+        <field key="session_stale" dbtype="nvarchar" precision="max" phptype="array" null="true" />
 
         <index alias="username" name="username" primary="false" unique="true" type="BTREE">
             <column key="username" length="" collation="A" null="false" />

diff --git a/setup/includes/upgrades/mysql/2.2.1-pl.php b/setup/includes/upgrades/mysql/2.2.1-pl.php
@@ -18,4 +18,10 @@
 $class = 'modResource';
 $table = $modx->getTableName($class);
 $description = $this->install->lexicon('add_column',array('column' => 'properties','table' => $table));
-$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+
+/* add session_stale field to modUser */
+$class = 'modUser';
+$table = $modx->getTableName($class);
+$description = $this->install->lexicon('add_column',array('column' => 'session_stale','table' => $table));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'session_stale'));
diff --git a/setup/includes/upgrades/sqlsrv/2.2.1-pl.php b/setup/includes/upgrades/sqlsrv/2.2.1-pl.php
@@ -18,4 +18,10 @@
 $class = 'modResource';
 $table = $modx->getTableName($class);
 $description = $this->install->lexicon('add_column',array('column' => 'properties','table' => $table));
-$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+
+/* add session_stale field to modUser */
+$class = 'modUser';
+$table = $modx->getTableName($class);
+$description = $this->install->lexicon('add_column',array('column' => 'session_stale','table' => $table));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'session_stale'));