Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*.admin.controller.php 구조 재정비 필요 #10

Closed
largeden opened this issue Oct 3, 2013 · 5 comments
Closed

*.admin.controller.php 구조 재정비 필요 #10

largeden opened this issue Oct 3, 2013 · 5 comments
Assignees
@largeden
Labels
bug discussion enhancement priority-high
Milestone
0.1.0

Comments

@largeden
Copy link
Member

largeden commented Oct 3, 2013

*.admin.controller.php의 역할대로 모순이 발생하지 않도록 manager 접근으로 permission을 재정비해야한다고 생각합니다.

member 모듈을 예로 설명하면,

member.admin.controller.php 파일안에 기능들은 admin에서만 동작하도록 형태를 취하고 있지만 관리자체크를 하지 않고 있습니다. 최근 csrf 보안이슈때문에 임시적으로 is_admin체크를 올려놨지만 본래대로라면 권한체크는 module.xml에서 permission으로 정의해야하고 init()를 통해 csrf를 지정했어야합니다.
@misol
Copy link
Member

misol commented Oct 3, 2013

admin.view.php 도 마찬가지

@largeden
Copy link
Member Author

largeden commented Oct 3, 2013

옳소!! :p

@ghost ghost assigned largeden Oct 3, 2013
@largeden
Copy link
Member Author

largeden commented Oct 8, 2013

정리해야할 사항을 이곳에 정리해뒀으니 참고하시기 바랍니다. 문제가 없다면 내용대로 진행하고자 합니다.
https://docs.google.com/document/d/1S45L8KCCucTyup8v0po-gZ3_i9usDghrYvsRy0Hdimc/

@largeden
Copy link
Member Author

6eb5750

@largeden largeden mentioned this issue Oct 14, 2013
Merged
largeden added a commit that referenced this issue Oct 15, 2013
@largeden
#10 module.xml의 권한 재정비
9026eec
largeden added a commit that referenced this issue Oct 15, 2013
@largeden
Merge branch 'module.xml_opti' into develop
ceff0aa 
* module.xml_opti:
  Merge develop into module.xml_opti(2)
  permission root권한 검사에 관리자권한과 CSRF검사 기능을 추가
  #10 module.xml의 권한 재정비

Conflicts:
	modules/editor/conf/module.xml
	modules/widget/conf/module.xml
largeden added a commit that referenced this issue Oct 17, 2013
@largeden
#10 불필요한 권한처리 기능 제거
188d6fd
largeden added a commit that referenced this issue Oct 17, 2013
@largeden
#10 permission root처리 코드 리팩토링
fdf0c11
@misol
Copy link
Member

misol commented Oct 17, 2013

이 부분 완전 찬성입니다!!

largeden added a commit that referenced this issue Nov 1, 2013
@largeden
module.xml action에 standalone, grant기능 제거
6eb5750 
#10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@largeden largeden

Labels
bug discussion enhancement priority-high
Projects
None yet
Milestone
0.1.0
Development

No branches or pull requests
2 participants
@misol @largeden