Peter M. Groen / knowledgetree

Commit 552554e9d727211b61335a0435057dddbc52cbcf

Authored by jacquiz
1 parent 0007c652

Type: functionality change 

Description:	Rationalised some fot he permissions checks, eg sysadmin and unit admin checks
to avoid redundant db accesses


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2872 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 51 additions and 9 deletions
lib/session/SiteMap.inc
  View file @552554e
... ... @@ -43,6 +43,16 @@ class SiteMap {
43 43 * Whether to use the database to store the sitemap or not
44 44 */
45 45 var $bUseDB;
  46 +
  47 + /**
  48 + * Whether to the user accessing the page is a Sysadmin
  49 + */
  50 + var $isSysAdmin;
  51 +
  52 + /**
  53 + * * Whether to the user accessing the page is a Unitadmin
  54 + */
  55 + var $isUnitAdmin;
46 56  
47 57 /**
48 58 * Constructs a new SiteMap
... ... @@ -137,10 +147,36 @@ class SiteMap {
137 147 return true;
138 148 } else {
139 149 // if you're a system administrator, you've got access to everything
140   - if (Permission::userIsSystemAdministrator()) {
  150 +
  151 + // check whether global var intialised
  152 + if ($this->isSysAdmin)
  153 + {
  154 + $default->log->debug("-- SiteMap - checking whether a sys admin - GLOBAL VAR SET ");
  155 + return true;
  156 + }
  157 + else if ($this->isSysAdmin = Permission::userIsSystemAdministrator())
  158 + {
  159 + $default->log->debug("-- SiteMap - checking whether a sys admin ...");
  160 + return true;
  161 + } else {
  162 + if ($this->isUnitAdmin || $this->isUnitAdmin = Permission::userIsUnitAdministrator()) {
  163 + // if you're a unit administrator, then you have access to everything
  164 + // including and less than UA
  165 + return ($requiredAccess <= UnitAdmin) ? true : false;
  166 + } else if (Permission::userIsGuest()) {
  167 + return ($requiredAccess == Guest) ? true : false;
  168 + } else {
  169 + // you're a "normal" unit user
  170 + return ($requiredAccess <= User) ? true : false;
  171 + }
  172 + }
  173 +
  174 + // check whether global var intialised
  175 + if ($isSysAdmin || $isSysAdmin = Permission::userIsSystemAdministrator()) {
  176 + $default->log->debug("-- SiteMap - checking whether a sys admin ...");
141 177 return true;
142 178 } else {
143   - if (Permission::userIsUnitAdministrator()) {
  179 + if ($isUnitAdmin || $isUnitAdmin = Permission::userIsUnitAdministrator()) {
144 180 // if you're a unit administrator, then you have access to everything
145 181 // including and less than UA
146 182 return ($requiredAccess <= UnitAdmin) ? true : false;
... ... @@ -191,6 +227,7 @@ class SiteMap {
191 227 "AND is_enabled=1 AND is_default=0" . ( $bSortLinks ? " ORDER BY link_text ASC" : "" ) ) ) {
192 228 while ($sql->next_record()) {
193 229 // check permissions
  230 + $default->log->info("SiteMap:: getSectionLinksDB calling hasPermission with access: " . $sql->f("access_id"));
194 231 if ($this->hasPermission($sql->f("access_id"))) {
195 232 // add this array to the resultset array if there is link text
196 233 if (strlen($sql->f("link_text")) > 0) {
... ... @@ -233,7 +270,9 @@ class SiteMap {
233 270 // need to loop through all (access, page) arrays in this section
234 271 foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) {
235 272 //$default->log->info("SECTION:$sSectionName; access=" . arrayToString($requiredAccess) . ";pages=" . arrayToString($pages));
  273 + $default->log->info("SiteMap:: getSectionLinksArray calling hasPermission with requiredAccess: " . $requiredAccess);
236 274 if ($this->hasPermission($requiredAccess)) {
  275 +
237 276 foreach ($pages as $action => $pageDetail) {
238 277 // add this array to the resultset array if there is link text and it is enabled
239 278 // but not if it is the default page
... ... @@ -289,6 +328,7 @@ class SiteMap {
289 328 foreach ($pageArr as $ackshin => $page) {
290 329 if ($ackshin == $sAction) {
291 330 $default->log->info("loop:$ackshin; test:$sAction");
  331 + $default->log->info("SiteMap:: getPageLinkText calling hasPermission with access: " . $requiredAccess);
292 332 if ($this->hasPermission($requiredAccess)) {
293 333 return $page["description"];
294 334 }
... ... @@ -326,6 +366,7 @@ class SiteMap {
326 366 if ($sql->query("SELECT page, access_id FROM $default->sitemap_table WHERE action='$action'")) {
327 367 if ($sql->next_record()) {
328 368 // check permissions
  369 + $default->log->info("SiteMap:: getPageDB calling hasPermission with access: " . $sql->f("access_id"));
329 370 if ($this->hasPermission($sql->f("access_id"))) {
330 371 // return the page
331 372 return $sql->f("page");
... ... @@ -354,13 +395,13 @@ class SiteMap {
354 395  
355 396 // for each section
356 397 foreach ($this->aSiteMap as $section => $valArr) {
357   - $default->log->debug("Sitemap::getPage section=$section");
  398 + //$default->log->debug("Sitemap::getPage section=$section");
358 399 // for each group, page array combination
359 400 foreach ($valArr as $requiredAccess => $pageArr) {
360 401 // now loop through pages until we find the right one
361 402 foreach ($pageArr as $ackshin => $page) {
362 403 if ($ackshin == $action) {
363   - $default->log->debug("Sitemap::getPage current requiredAccess=$requiredAccess, action=$ackshin");
  404 + $default->log->debug("Sitemap::getPageArray calling hasPermission current requiredAccess=$requiredAccess, action=$ackshin");
364 405 if ($this->hasPermission($requiredAccess)) {
365 406 return $page["page"];
366 407 }
... ... @@ -496,6 +537,7 @@ class SiteMap {
496 537 $results = array();
497 538 // need to loop through all (groupName, page) arrays in this section
498 539 foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) {
  540 + $default->log->debug("Sitemap::getDefaultActionArray calling hasPermission current requiredAccess=$requiredAccess");
499 541 if ($this->hasPermission($requiredAccess)) {
500 542 foreach ($pages as $action => $pageArray) {
501 543 if ($pageArray["default"] && $pageArray["enabled"]) {
... ... @@ -562,18 +604,18 @@ class SiteMap {
562 604 */
563 605 function getActionFromPageArray($sPage) {
564 606 global $default;
565   - $default->log->debug("Sitemap::getActionFromPage: page=$sPage");
  607 + // $default->log->debug("Sitemap::getActionFromPage: page=$sPage");
566 608 // for each section
567 609 foreach ($this->aSiteMap as $section => $valArr) {
568   - $default->log->debug("Sitemap::getActionFromPage section=$section");
  610 + //$default->log->debug("Sitemap::getActionFromPage section=$section");
569 611 // for each group, page array combination
570 612 foreach ($valArr as $requiredAccess => $pageArr) {
571   - $default->log->debug("Sitemap::getActionFromPage access=$requiredAccess");
  613 + //$default->log->debug("Sitemap::getActionFromPage access=$requiredAccess");
572 614 // now loop through pages until we find the right one
573 615 foreach ($pageArr as $action => $page) {
574   - $default->log->debug("Sitemap::getActionFromPage action=$action, reqPage=$sPage; page=" . $page["page"]);
  616 + //$default->log->debug("Sitemap::getActionFromPage action=$action, reqPage=$sPage; page=" . $page["page"]);
575 617 if ($sPage == $page["page"]) {
576   - $default->log->debug("Sitemap::getActionFromPage found action=$action for page=$sPage");
  618 + //$default->log->debug("Sitemap::getActionFromPage found action=$action for page=$sPage");
577 619 return $action;
578 620 }
579 621 }
... ...