Add ability to reload permissions for all authenticated users

NOTE: Anonymous users cannot reload permissions, you must flush sessions to reload permissions for anonymous users that still have a session.

Author: opengeek

_build/build.sample.properties

@@ -11,8 +11,8 @@ git.command = git
 #project.name.fs = modx
 
 # Override to set the version and release strings
-#modx.core.version = 2.2.0
-#modx.core.release = pl2
+#modx.core.version = 2.2.1
+#modx.core.release = dev
 
 # these properties require a local Git clone in order to produce distributions
 # Set this property to produce distribution packages from a Git archive
@@ -25,7 +25,7 @@ git.command = git
 #build.nominify = true
 
 # Override to pull source from a specific ref in the git repository
-#build.src.tree = v2.2.0-pl2
+#build.src.tree = v2.2.1-dev
 
 # Override to turn off the additional of timestamps to the distribution packages (used for nightlies)
 #build.timestamp = false

_build/build.xml

@@ -19,8 +19,8 @@
     <property name="project.manager.dir" value="${project.root.dir}/manager" />
 
     <!-- Set the project version -->
-    <property name="modx.core.version" value="2.2.0" />
-    <property name="modx.core.release" value="pl2" />
+    <property name="modx.core.version" value="2.2.1" />
+    <property name="modx.core.release" value="dev" />
 
     <!-- Set some common build properties -->
     <property name="build.dir" value="${project.basedir}" />

core/docs/changelog.txt

@@ -2,6 +2,7 @@
 This file shows the changes in recent releases of MODX. The most current release is usually the
 development release, and is only shown to give an idea of what's currently in the pipeline.
 
+- Add ability to reload permissions for all authenticated users
 - [#6651] Add properties field and API methods for modResource
 - [#6613] Ensure page redirects if removing Element via tree that is currently being edited
 - [#6608] Fix search text in package management when doing empty search

core/docs/version.inc.php

@@ -3,10 +3,9 @@
 $v['version']= '2'; // Current version.
 $v['major_version']= '2'; // Current major version.
 $v['minor_version']= '1'; // Current minor version.
-$v['patch_level']= 'pl'; // Current patch level.
+$v['patch_level']= 'dev'; // Current patch level.
 $v['code_name']= 'Revolution'; // Current codename.
 $v['distro']= '@git@';
 $v['full_version']= $v['version'] . ($v['major_version'] ? ".{$v['major_version']}" : ".0") . ($v['minor_version'] ? ".{$v['minor_version']}" : ".0") . ($v['patch_level'] ? "-{$v['patch_level']}" : "");
 $v['full_appname']= 'MODX' . ($v['code_name'] ? " {$v['code_name']} " : " ") . $v['full_version'] . ' (' . trim($v['distro'], '@') . ')';
 return $v;
-?>

core/model/modx/modprincipal.class.php

@@ -50,14 +50,7 @@ public function getAttributes($targets = array(), $context = '', $reload = false
             $targets = explode(',', $this->xpdo->getOption('principal_targets', null, 'modAccessContext,modAccessResourceGroup,modAccessCategory,sources.modAccessMediaSource'));
             array_walk($targets, 'trim');
         }
-        if (is_array($targets)) {
-            foreach ($targets as $target) {
-                $this->loadAttributes($target, $context, $reload);
-            }
-        }
-        elseif (is_string($targets)) {
-            $this->loadAttributes($targets, $context, $reload);
-        }
+        $this->loadAttributes($targets, $context, $reload);
         return $this->_attributes[$context];
     }
 }

core/model/modx/moduser.class.php

@@ -117,6 +117,16 @@ public function remove(array $ancestors = array()) {
     public function loadAttributes($target, $context = '', $reload = false) {
         $context = !empty($context) ? $context : $this->xpdo->context->get('key');
         $id = $this->get('id') ? (string) $this->get('id') : '0';
+        if ($this->get('id') && !$reload) {
+            $staleContexts = $this->get('session_stale');
+            $stale = array_search($context, $staleContexts);
+            if ($stale !== false) {
+                $reload = true;
+                $staleContexts = array_diff($staleContexts, array($context));
+                $this->set('session_stale', $staleContexts);
+                $this->save();
+            }
+        }
         if ($this->_attributes === null || $reload) {
             $this->_attributes = array();
             if (isset($_SESSION["modx.user.{$id}.attributes"])) {
@@ -127,18 +137,23 @@ public function loadAttributes($target, $context = '', $reload = false) {
                 }
             }
         }
-        if (!isset($this->_attributes[$context])) $this->_attributes[$context] = array();
-        if (!isset($this->_attributes[$context][$target])) {
-            $this->_attributes[$context][$target] = $this->xpdo->call(
-                $target,
-                'loadAttributes',
-                array(&$this->xpdo, $context, $this->get('id'))
-            );
-            if (!isset($this->_attributes[$context][$target]) || !is_array($this->_attributes[$context][$target])) {
-                $this->_attributes[$context][$target] = array();
+        if (!isset($this->_attributes[$context])) {
+            $this->_attributes[$context] = array();
+        }
+        $target = (array) $target;
+        foreach ($target as $t) {
+            if (!isset($this->_attributes[$context][$t])) {
+                $this->_attributes[$context][$t] = $this->xpdo->call(
+                    $t,
+                    'loadAttributes',
+                    array(&$this->xpdo, $context, $this->get('id'))
+                );
+                if (!isset($this->_attributes[$context][$t]) || !is_array($this->_attributes[$context][$t])) {
+                    $this->_attributes[$context][$t] = array();
+                }
             }
-            $_SESSION["modx.user.{$id}.attributes"] = $this->_attributes;
         }
+        $_SESSION["modx.user.{$id}.attributes"] = $this->_attributes;
     }
 
     /**

core/model/modx/mysql/moduser.map.inc.php

@@ -19,6 +19,7 @@
     'hash_class' => 'hashing.modPBKDF2',
     'salt' => '',
     'primary_group' => 0,
+    'session_stale' => NULL,
   ),
   'fieldMeta' => 
   array (
@@ -105,6 +106,12 @@
       'default' => 0,
       'index' => 'index',
     ),
+    'session_stale' => 
+    array (
+      'dbtype' => 'text',
+      'phptype' => 'array',
+      'null' => true,
+    ),
   ),
   'indexes' => 
   array (

core/model/modx/processors/security/access/flush.class.php

@@ -11,8 +11,14 @@ public function checkPermissions() {
     }
 
     public function process() {
-        if ($this->modx->getUser()) {
-            $this->modx->user->getAttributes(array(), '', true);
+        $ctxQuery = $this->modx->newQuery('modContext');
+        $ctxQuery->select($this->modx->getSelectColumns('modContext', '', '', array('key')));
+        if ($ctxQuery->prepare() && $ctxQuery->stmt->execute()) {
+            $contexts = $ctxQuery->stmt->fetchAll(PDO::FETCH_COLUMN);
+            if ($contexts) {
+                $serialized = serialize($contexts);
+                $this->modx->exec("UPDATE {$this->modx->getTableName('modUser')} SET {$this->modx->escape('session_stale')} = {$this->modx->quote($serialized)}");
+            }
         }
         return $this->success();
     }

core/model/modx/processors/security/login.php

@@ -48,6 +48,7 @@
     unset($key,$value);
 }
 
+/** @var $user modUser */
 $user= $modx->getObjectGraph('modUser', '{"Profile":{},"UserSettings":{}}', array ('modUser.username' => $username));
 
 if (!$user) {

core/model/modx/sqlsrv/moduser.map.inc.php

@@ -19,6 +19,7 @@
     'hash_class' => 'hashing.modPBKDF2',
     'salt' => '',
     'primary_group' => 0,
+    'session_stale' => NULL,
   ),
   'fieldMeta' => 
   array (
@@ -102,6 +103,13 @@
       'default' => 0,
       'index' => 'index',
     ),
+    'session_stale' => 
+    array (
+      'dbtype' => 'nvarchar',
+      'precision' => 'max',
+      'phptype' => 'array',
+      'null' => true,
+    ),
   ),
   'indexes' => 
   array (

core/model/schema/modx.mysql.schema.xml

@@ -1117,6 +1117,7 @@
         <field key="hash_class" dbtype="varchar" precision="100" phptype="string" null="false" default="hashing.modPBKDF2" />
         <field key="salt" dbtype="varchar" precision="100" phptype="string" null="false" default="" />
         <field key="primary_group" dbtype="int" precision="10" phptype="integer" attributes="unsigned" null="false" default="0" index="index" />
+        <field key="session_stale" dbtype="text" phptype="array" null="true" />
 
         <index alias="username" name="username" primary="false" unique="true" type="BTREE">
             <column key="username" length="" collation="A" null="false" />

core/model/schema/modx.sqlsrv.schema.xml

@@ -1109,6 +1109,7 @@
         <field key="hash_class" dbtype="nvarchar" precision="100" phptype="string" null="false" default="hashing.modPBKDF2" />
         <field key="salt" dbtype="nvarchar" precision="100" phptype="string" null="false" default="" />
         <field key="primary_group" dbtype="int" phptype="integer" null="false" default="0" index="index" />
+        <field key="session_stale" dbtype="nvarchar" precision="max" phptype="array" null="true" />
 
         <index alias="username" name="username" primary="false" unique="true" type="BTREE">
             <column key="username" length="" collation="A" null="false" />

setup/includes/upgrades/mysql/2.2.1-pl.php

@@ -18,4 +18,10 @@
 $class = 'modResource';
 $table = $modx->getTableName($class);
 $description = $this->install->lexicon('add_column',array('column' => 'properties','table' => $table));
-$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+
+/* add session_stale field to modUser */
+$class = 'modUser';
+$table = $modx->getTableName($class);
+$description = $this->install->lexicon('add_column',array('column' => 'session_stale','table' => $table));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'session_stale'));

setup/includes/upgrades/sqlsrv/2.2.1-pl.php

@@ -18,4 +18,10 @@
 $class = 'modResource';
 $table = $modx->getTableName($class);
 $description = $this->install->lexicon('add_column',array('column' => 'properties','table' => $table));
-$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'properties'));
+
+/* add session_stale field to modUser */
+$class = 'modUser';
+$table = $modx->getTableName($class);
+$description = $this->install->lexicon('add_column',array('column' => 'session_stale','table' => $table));
+$this->processResults($class, $description, array($modx->manager, 'addField'), array($class, 'session_stale'));