Начало Каталог Помощ
Вход
usic
/
ums
Наблюдаван 2
Харесван 0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
Клон: master
Клонове Маркери
ums
/
lib
/
DBSecurityFilter.class.php

DBSecurityFilter.class.php 2.0 KB
Постоянна връзка История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. <?php
    2. 

  2. 

  3. class DBSecurityFilter extends sfBasicSecurityFilter
    4. 

  4. {
    5. 

  5. 	protected function getUserCredentials()
    6. 

  6. 	{
    7. 

  7. 		$c = new Criteria();
    8. 

  8. 		$c->add(LinksTablePeer::ACTION_NAME,$this->context->getActionName());
    9. 

  9. 		$c->add(LinksTablePeer::MODULE_NAME,$this->context->getModuleName());
    10. 

  10. 		$link = LinksTablePeer::doSelectOne($c);
    11. 

  11. //		if (! @($link->getId()) ) 
    12. 

  12. //			$this->forwardToSecureAction();
    13. 

  13. 		$gids = PermissionsTablePeer::getGidsForLink($link->getId());
    14. 

  14. 		return $gids;
    15. 

  15. 	}
    16. 

  16. 	public function execute($filterChain)
    17. 

  17. 	{
    18. 

  18. 		// disable security on login and secure actions
    19. 

  19. 		if (
    20. 

  20. 		  (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName())
    21. 

  21. 		  ||
    22. 

  22. 		  (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName())
    23. 

  23. 		  )
    24. 

  24. 		{
    25. 

  25. 		    $filterChain->execute();
    26. 

  26. 		    return;
    27. 

  27. 		}
    28. 

  28. 		
    29. 

  29. 		// NOTE: the nice thing about the Action class is that getCredential()
    30. 

  30. 		//       is vague enough to describe any level of security and can be
    31. 

  31. 		//       used to retrieve such data and should never have to be altered
    32. 

  32. 		if (!$this->context->getUser()->isAuthenticated())
    33. 

  33. 		{
    34. 

  34. 		  // the user is not authenticated
    35. 

  35. 		  $this->forwardToLoginAction();
    36. 

  36. 		}
    37. 

  37. 		
    38. 

  38. 		// the user is authenticated
    39. 

  39. 		$credentials = $this->getUserCredentials();
    40. 

  40. 		//var_dump($credentials);var_dump($this->context->getUser()->listCredentials());
    41. 

  41. 		foreach($credentials as $credential)
    42. 

  42. 		{
    43. 

  43. 		    // checking for administrators
    44. 

  44. 		    if ($credential == 'www')
    45. 

  45. 			if ( $this->context->getUser()->getAttribute('www') ) {
    46. 

  46. 			    // o, it's the admin!
    47. 

  47. 			    $filterChain->execute();
    48. 

  48. 			    return;
    49. 

  49. 			} else break;	// you can't argue with 'www' :(
    50. 

  50. 

  51. 		    if (!is_null($credential) && $this->context->getUser()->hasCredential($credential))
    52. 

  52. 		    {
    53. 

  53.     			// the user has access, continue
    54. 

  54. 			$filterChain->execute(); return;
    55. 

  55. 		    }
    56. 

  56. 		}
    57. 

  57. 		    // the user doesn't have access
    58. 

  58. 		    $this->forwardToSecureAction(); return;
    59. 

  59. 

  60. 	}
    61. 

  61. 	
    62. 

  62. }
    63. 

  63.