Changeset 26285


Ignore:
Timestamp:
06/06/10 12:14:25 (7 years ago)
Author:
flack
Message:

Determine the user identifier further up in the stack and pass it around instead of the full object, refs #1848

Location:
branches/ragnaroek/midcom/midcom.core/midcom
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/ragnaroek/midcom/midcom.core/midcom/core/privilege.php

    r26283 r26285  
    599599     * @access private
    600600     * @param mixed &$arg A reference to the GUID or the full object instance for which we should load privileges.
    601      * @param midcom_core_user $user The MidCOM user for which we should collect the privileges, null uses the currently authenticated user.
     601     * @param string $user_id The MidCOM user assignee for which we should collect the privileges.
    602602     * @return Array An array of privilege_name => privilege_value pairs valid for the given user.
    603603     * @static
    604604     */
    605     public static function collect_content_privileges($arg, $user = null)
     605    public static function collect_content_privileges($arg, $user_id)
    606606    {
    607607        // set $object and $guid
     
    636636        static $cached_collected_privileges = array();
    637637
    638         if (is_null($user))
    639         {
    640             $user = $_MIDCOM->auth->user;
    641         }
    642 
    643         if (!is_object($user))
    644         {
    645             $cache_key = $guid;
    646         }
    647         else
    648         {
    649             $cache_key = $guid . '::' . $user->guid;
    650         }
     638        $cache_key = $user_id . '::' . $guid;
    651639
    652640        // check cache
     
    688676        {
    689677            // recursion
    690             $base_privileges = self::collect_content_privileges($parent_guid, $user);
     678            $base_privileges = self::collect_content_privileges($parent_guid, $user_id);
    691679        }
    692680        else
     
    696684
    697685            // recursion
    698             $base_privileges = self::collect_content_privileges($parent_dummy_object, $user);
     686            $base_privileges = self::collect_content_privileges($parent_dummy_object, $user_id);
    699687        }
    700688
     
    726714        {
    727715            // Check whether we need to take this privilege into account
    728             if (!$privilege->_does_privilege_apply($user))
     716            if (!$privilege->_does_privilege_apply($user_id))
    729717            {
    730718                continue;
     
    841829     * This function may be called statically.
    842830     *
    843      * @param midcom_core_user $user The user in question or null for anonymous access.
     831     * @param string $user The user id in question.
    844832     * @return boolean Indicating whether the privilege record applies for the user, or not.
    845833     */
    846     private function _does_privilege_apply($user)
     834    private function _does_privilege_apply($user_id)
    847835    {
    848836        if (!is_array($this->__privilege))
     
    851839        }
    852840
    853         if (   is_null($user)
    854             || !$user
    855             || (   is_string($user)
    856                 && $user == 'EVERYONE'))
     841        if (   is_null($user_id)
     842            || !$user_id
     843            || $user_id == 'EVERYONE'
     844            || $user_id == 'ANONYMOUS')
    857845        {
    858846            if (   $this->__privilege['assignee'] != 'EVERYONE'
     
    869857            }
    870858            if (    strstr($this->__privilege['assignee'], 'user:') !== false
    871                 && $this->__privilege['assignee'] != $user->id)
     859                && $this->__privilege['assignee'] != $user_id)
    872860            {
    873861                return false;
     
    875863            if (strstr($this->__privilege['assignee'], 'group:') !== false)
    876864            {
    877                 if (! $user->is_in_group($this->__privilege['assignee']))
     865                $user = $_MIDCOM->auth->get_user($user_id);
     866                if (   !is_object($user)
     867                    || !$user->is_in_group($this->__privilege['assignee']))
    878868                {
    879869                    return false;
  • branches/ragnaroek/midcom/midcom.core/midcom/services/auth.php

    r26277 r26285  
    218218 *
    219219 * - <i>midcom:approve</i> grants the user the right to approve or unapprove objects.
    220  * - <i>midcom:component_config</i> grants the user access to configuration management system, 
     220 * - <i>midcom:component_config</i> grants the user access to configuration management system,
    221221 *   it is granted by default only for owners.
    222222 * - <i>midcom:isonline</i> is needed to see the online state of another user. It is not granted
     
    609609            // No password logging for security reasons.
    610610            debug_pop();
    611            
     611
    612612            if (   isset($GLOBALS['midcom_config']['auth_failure_callback'])
    613613                && !empty($GLOBALS['midcom_config']['auth_failure_callback'])
     
    620620                call_user_func($GLOBALS['midcom_config']['auth_failure_callback'], $credentials['username']);
    621621            }
    622            
     622
    623623            return false;
    624624        }
     
    642642            $this->user->_storage->parameter('midcom', 'first_login', time());
    643643        }
    644        
     644
    645645        if (   isset($GLOBALS['midcom_config']['auth_success_callback'])
    646646            && !empty($GLOBALS['midcom_config']['auth_success_callback'])
     
    653653            call_user_func($GLOBALS['midcom_config']['auth_success_callback']);
    654654        }
    655        
     655
    656656        // There was form data sent before authentication was re-required
    657657        if (   isset($_POST['restore_form_data'])
     
    849849            return false;
    850850        }
    851        
     851
    852852        // Prevent deleting from outside the language context
    853853        if ($privilege === 'midgard:delete')
     
    860860            }
    861861        }
    862        
     862
    863863        return $this->can_do_byguid($privilege, $content_object->guid, get_class($content_object), $user);
    864864    }
     
    992992                $classname = $class;
    993993            }
    994            
     994
    995995            debug_push_class(__CLASS__, __FUNCTION__);
    996996            debug_add("Querying privilege {$privilege} for user {$user->id} to class {$classname}", MIDCOM_LOG_DEBUG);
     
    10291029                    }
    10301030                }
    1031                
     1031
    10321032                $tmp_object = new $class();
    10331033            }
     
    12151215
    12161216        // Check for a cache Hit.
    1217         $cache_id = "{$cache_user_id}:{$object_guid}";
     1217        $cache_id = "{$cache_user_id}::{$object_guid}";
     1218
    12181219        if (array_key_exists($cache_id, $this->_privileges_cache))
    12191220        {
     
    12251226        //debug_pop();
    12261227
    1227         /* FIXME! We create new instance of the same class, which means we will check privileges once again 
     1228        /* FIXME! We create new instance of the same class, which means we will check privileges once again
    12281229         * for newly created object, which means we will create another one object once again.... and so on.
    12291230         * This may produce very ugly loops */
    1230         $dummy_object_init = new $object_class(); 
     1231        $dummy_object_init = new $object_class();
    12311232        if ($_MIDCOM->dbclassloader->is_midcom_db_object($dummy_object_init))
    12321233        {
     
    12501251
    12511252        // content privileges
    1252         $collect_user = ($cache_user_id == 'EVERYONE') ? 'EVERYONE' : $user;
    1253         $content_privileges = midcom_core_privilege::collect_content_privileges($dummy_object, $collect_user);
     1253        $content_privileges = midcom_core_privilege::collect_content_privileges($dummy_object, $cache_user_id);
    12541254
    12551255        // user privileges
     
    17111711        static $persons_by_email = array();
    17121712
    1713         if (empty($email)) 
     1713        if (empty($email))
    17141714        {
    17151715            return false;
    17161716        }
    1717        
     1717
    17181718        if (array_key_exists($email, $persons_by_email))
    17191719        {
     
    17441744                $person_guids[] = $guid;
    17451745            }
    1746            
     1746
    17471747            if (empty($person_guids))
    17481748            {
    17491749                return false;
    17501750            }
    1751            
     1751
    17521752            $qb = new midgard_query_builder($GLOBALS['midcom_config']['person_class']);
    17531753            $qb->add_constraint('guid', 'IN', $person_guids);
     
    17571757
    17581758            $results = @$qb->execute();
    1759            
     1759
    17601760            if (empty($results))
    17611761            {
     
    22612261            $login_warning = $_MIDCOM->i18n->get_string('login message - user or password wrong', 'midcom');
    22622262        }
    2263        
     2263
    22642264        if (   isset($_MIDGARD['config']['ragnaland'])
    22652265            && $_MIDGARD['config']['ragnaland'])
Note: See TracChangeset for help on using the changeset viewer.