Permalink
Browse files

#577 access control - improve implementation and add access control f…

…or displaying navigation entries
  • Loading branch information...
danielp
danielp committed Jan 13, 2012
1 parent b26123a commit eaa3a57cd48aea00b49a90600742954b01d370d5
View
@@ -35,10 +35,10 @@ class owa_logoutController extends owa_controller {
function action() {
$auth = &owa_auth::get_instance();
$auth = owa_auth::get_instance();
$auth->deleteCredentials();
$this->setRedirectAction('base.loginForm');
}
}
?>
?>
View
@@ -66,6 +66,8 @@ function render($data) {
// Set navigation
$this->body->set('top_level_report_nav', $this->get('top_level_report_nav'));
$this->body->set('currentSiteId', $this->get('currentSiteId'));
// load body template
$this->body->set_template('report.tpl');
@@ -100,6 +102,7 @@ function render($data) {
$this->setCss("base/css/owa.report.css");
$this->setCss('base/css/ui.jqgrid.css');
$this->setCss('base/css/chosen/chosen.css');
}
/**
View
@@ -42,7 +42,7 @@ function __construct($params) {
function action() {
$s = owa_coreAPI::entityFactory('base.site');
$sites = $this->getAllowedSitesForCurrentUserAndControllerCap();
$sites = $this->getSitesAllowedForCurrentUser();
$this->set('tracked_sites', $sites);
$this->setSubview('base.sites');
$this->setView('base.options');
@@ -26,7 +26,7 @@ jQuery(document).ready(function(){
<TD valign="top" class="owa_reportLeftNavColumn">
<div class="reportSectionContainer">
<div id="owa_reportNavPanel">
<?php echo $this->makeNavigationMenu($top_level_report_nav);?>
<?php echo $this->makeNavigationMenu($top_level_report_nav, $currentSiteId);?>
</div>
</div>
</TD>
@@ -2,6 +2,7 @@
<UL>
<?php foreach ($links as $kl => $l): ?>
<?php if (!$this->getCurrentUser()->isCapable($l['priviledge'], $currentSiteId)) continue; ?>
<LI>
<div class="owa_admin_nav_topmenu">
@@ -18,6 +19,7 @@
<div id="owa_admin_nav_subgroup_<?php echo $kl;?>" class="owa_admin_nav_subgroup">
<UL>
<?php foreach ($l['subgroup'] as $sgl): ?>
<?php if (!$this->getCurrentUser()->isCapable($sgl['priviledge'], $currentSiteId)) continue; ?>
<LI>
<div class="owa_admin_nav_subgroup_item">
<a href="<?php echo $this->makeLink(array('do' => $sgl['ref']), true);?>"><?php echo $sgl['anchortext'];?></a>
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php $cu = $this->getCurrentUser(); ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -9,7 +9,7 @@
<?php include($this->getTemplatePath('base','css.tpl'));?>
</head>
<body>
<body class="<?php if ($cu->user->isOWAAdmin()) echo 'owaadmin'; ?>">
<style>
html {background-color: #F2F2F2;}
</style>
View
@@ -64,18 +64,9 @@ function registerAdminPanels() {
}
function registerNavigation() {
/*$this->addNavigationLink(array('view' => 'base.reportDocument',
'nav_name' => 'subnav',
'ref' => 'base.reportClicks',
'priviledge' => 'viewer',
'anchortext' => 'Click Map Report',
'order' => 1));
*/
return;
public function registerNavigation() {
$this->addNavigationSubGroup('Hello World', 'hello.reportDashboard', 'Hello Dashboard');
$this->addNavigationLinkInSubGroup('Hello World','hello.reportSearchterms','also to the dashboard',1);
}
View
@@ -49,7 +49,7 @@ class owa_base {
/**
* Configuration Entity
*
* @var Object global configuration object
* @var owa_settings Object global configuration object
*/
var $c;
View
@@ -524,9 +524,13 @@ function setStatusMsg($msg) {
$this->data['status_message'] = $msg;
}
function authenticatedButNotCapableAction($additionalMessage = '') {
function authenticatedButNotCapableAction($additionalMessage = '') {
if ( empty($additionalMessage) ) {
$additionalMessage = '('.$this->getRequiredCapability().' / '.$this->getCurrentSiteId() .')';
$siteIdMsg = $this->getCurrentSiteId();
if ( empty ($siteIdMsg) ) {
$siteIdMsg = 'No access to any site for the permission "'.$this->getRequiredCapability().'"';
}
$additionalMessage = $siteIdMsg;
}
$this->setView('base.error');
$this->set('error_msg', $this->getMsg(2003).' '.$additionalMessage);
@@ -567,39 +571,42 @@ function getSetting($module, $name) {
/**
* Returns array of owa_site entities where the current user has access to, taken the current controller cap into account
* @return array
*/
protected function getAllowedSitesForCurrentUserAndControllerCap() {
protected function getSitesAllowedForCurrentUser() {
$currentUser = owa_coreAPI::getCurrentUser();
$allSites = owa_coreAPI::getSitesList();
$allowedSites=array();
foreach ($allSites as $siteRow) {
if ($currentUser->isCapable($this->capability,$siteRow['site_id'])) {
$site = owa_coreAPI::entityFactory('base.site');
$site->load($siteRow['id']);
$site = owa_coreAPI::entityFactory('base.site');
$site->load($siteRow['id']);
if ($site->isUserAssigned($currentUser->user->get('id'))) {
$allowedSites[$siteRow['site_id']] = $site;
}
}
return $allowedSites;
}
/**
* gets the siteid taking the site access permissions into account
* If not a typical siteId parameter is set or user lacks permission, the first availabe site is used
*
* @return string or false if no site access
*/
protected function getCurrentSiteId() {
$allowedSites = $this->getAllowedSitesForCurrentUserAndControllerCap();
$allowedSites = $this->getSitesAllowedForCurrentUser();
$siteParameterValue = $this->getSiteIdParameterValue();
// set siteId from Request if set
if ( $siteParameterValue !== false && isset($allowedSites[$siteParameterValue])) {
return $siteParameterValue;
}
elseif (isset($allowedSites[0])) {
elseif ( current($allowedSites) instanceof owa_site) {
//set default
return $allowedSites[0]->get('site_id');
return current($allowedSites)->get('site_id');
}
return false;
}
View
@@ -32,7 +32,6 @@
class owa_coreAPI {
const OWA_ROLE_VIEWER = 'viewer';
// @depricated
// @todo remove
@@ -675,6 +674,8 @@ public static function getGroupNavigation($group_name, $sortby ='order') {
if (array_key_exists($group, $links)) {
// check to see if link is already present in the main array
if (array_key_exists($link['anchortext'], $links[$group])) {
// merge various elements?? not now.
View
@@ -387,12 +387,12 @@ function addAdminPanel($panel) {
* Registers Group Link with a particular View
* @DEPRICATED - use addNavigationSubGroup and addNavigationLinkInSubGroup
*/
function addNavigationLink($group, $subgroup = '', $ref, $anchortext, $order = 0, $priviledge = 'viewer') {
function addNavigationLink($group, $subgroup = '', $ref, $anchortext, $order = 0, $priviledge = 'view_reports') {
if (!empty($subgroup)):
$this->addNavigationLinkInSubGroup($subgroup,$ref, $anchortext, $order = 0, $priviledge = 'viewer',$group);
$this->addNavigationLinkInSubGroup($subgroup,$ref, $anchortext, $order = 0, $priviledge ,$group);
else:
$this->addNavigationSubGroup($anchortext,$ref, $anchortext, $order = 0, $priviledge = 'viewer',$group);
$this->addNavigationSubGroup($anchortext,$ref, $anchortext, $order = 0, $priviledge ,$group);
endif;
return;
@@ -408,7 +408,7 @@ function addNavigationLink($group, $subgroup = '', $ref, $anchortext, $order = 0
* @param string $priviledge
* @param string $groupName
*/
public function addNavigationSubGroup($subgroupName, $ref, $anchortext, $order = 0, $priviledge = owa_coreAPI::OWA_ROLE_VIEWER, $groupName = 'Reports') {
public function addNavigationSubGroup($subgroupName, $ref, $anchortext, $order = 0, $priviledge = 'view_reports', $groupName = 'Reports') {
$this->nav_links[$groupName][$subgroupName] = $this->getLinkStruct($ref, $anchortext, $order,$priviledge);
}
@@ -422,7 +422,7 @@ public function addNavigationSubGroup($subgroupName, $ref, $anchortext, $order =
* @param string $priviledge
* @param string $groupName
*/
public function addNavigationLinkInSubGroup($subgroupName, $ref, $anchortext, $order = 0, $priviledge = owa_coreAPI::OWA_ROLE_VIEWER, $groupName = 'Reports') {
public function addNavigationLinkInSubGroup($subgroupName, $ref, $anchortext, $order = 0, $priviledge = 'view_reports', $groupName = 'Reports') {
if (!isset($this->nav_links[$groupName][$subgroupName]) || !is_array($this->nav_links[$groupName][$subgroupName])) {
throw new Exception('Subgroup "'.$subgroupName.'" is not existend - add Subgroup first with addNavigationSubGroup ');
}
View
@@ -41,7 +41,7 @@ class owa_reportController extends owa_adminController {
*/
function __construct($params) {
$this->setControllerType('report');
$this->_setCapability('view_reports');
$this->setRequiredCapability('view_reports');
return parent::__construct($params);
}
@@ -53,7 +53,7 @@ function __construct($params) {
*/
function pre() {
$this->set('sites', $this->getAllowedSitesForCurrentUserAndControllerCap());
$this->set('sites', $this->getSitesAllowedForCurrentUser());
$this->setParam('siteId', $this->getCurrentSiteId());
// pass full set of params to view
$this->data['params'] = $this->params;
@@ -143,7 +143,8 @@ function pre() {
unset($nav['Ecommerce']);
}
$this->set('top_level_report_nav', $nav);
$this->set('top_level_report_nav', $nav);
$this->set('currentSiteId', $this->getCurrentSiteId());
}
View
@@ -783,12 +783,14 @@ function substituteValue($string, $var_name) {
}
}
function makeNavigationMenu($links) {
function makeNavigationMenu($links, $currentSiteId) {
if (!empty($links)) {
if (!empty($links) && !empty($currentSiteId)) {
$t = new owa_template;
$t->set('links', $links);
$t->set('currentSiteId', $currentSiteId);
$t->caller_params['link_state'] = $this->caller_params['link_state'];
$t->set_template('report_nav.tpl');
return $t->fetch();

0 comments on commit eaa3a57

Please sign in to comment.