Commit 552554e9d727211b61335a0435057dddbc52cbcf
1 parent
0007c652
Type: functionality change
Description: Rationalised some fot he permissions checks, eg sysadmin and unit admin checks to avoid redundant db accesses git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2872 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
51 additions
and
9 deletions
lib/session/SiteMap.inc
| @@ -43,6 +43,16 @@ class SiteMap { | @@ -43,6 +43,16 @@ class SiteMap { | ||
| 43 | * Whether to use the database to store the sitemap or not | 43 | * Whether to use the database to store the sitemap or not |
| 44 | */ | 44 | */ |
| 45 | var $bUseDB; | 45 | var $bUseDB; |
| 46 | + | ||
| 47 | + /** | ||
| 48 | + * Whether to the user accessing the page is a Sysadmin | ||
| 49 | + */ | ||
| 50 | + var $isSysAdmin; | ||
| 51 | + | ||
| 52 | + /** | ||
| 53 | + * * Whether to the user accessing the page is a Unitadmin | ||
| 54 | + */ | ||
| 55 | + var $isUnitAdmin; | ||
| 46 | 56 | ||
| 47 | /** | 57 | /** |
| 48 | * Constructs a new SiteMap | 58 | * Constructs a new SiteMap |
| @@ -137,10 +147,36 @@ class SiteMap { | @@ -137,10 +147,36 @@ class SiteMap { | ||
| 137 | return true; | 147 | return true; |
| 138 | } else { | 148 | } else { |
| 139 | // if you're a system administrator, you've got access to everything | 149 | // if you're a system administrator, you've got access to everything |
| 140 | - if (Permission::userIsSystemAdministrator()) { | 150 | + |
| 151 | + // check whether global var intialised | ||
| 152 | + if ($this->isSysAdmin) | ||
| 153 | + { | ||
| 154 | + $default->log->debug("-- SiteMap - checking whether a sys admin - GLOBAL VAR SET "); | ||
| 155 | + return true; | ||
| 156 | + } | ||
| 157 | + else if ($this->isSysAdmin = Permission::userIsSystemAdministrator()) | ||
| 158 | + { | ||
| 159 | + $default->log->debug("-- SiteMap - checking whether a sys admin ..."); | ||
| 160 | + return true; | ||
| 161 | + } else { | ||
| 162 | + if ($this->isUnitAdmin || $this->isUnitAdmin = Permission::userIsUnitAdministrator()) { | ||
| 163 | + // if you're a unit administrator, then you have access to everything | ||
| 164 | + // including and less than UA | ||
| 165 | + return ($requiredAccess <= UnitAdmin) ? true : false; | ||
| 166 | + } else if (Permission::userIsGuest()) { | ||
| 167 | + return ($requiredAccess == Guest) ? true : false; | ||
| 168 | + } else { | ||
| 169 | + // you're a "normal" unit user | ||
| 170 | + return ($requiredAccess <= User) ? true : false; | ||
| 171 | + } | ||
| 172 | + } | ||
| 173 | + | ||
| 174 | + // check whether global var intialised | ||
| 175 | + if ($isSysAdmin || $isSysAdmin = Permission::userIsSystemAdministrator()) { | ||
| 176 | + $default->log->debug("-- SiteMap - checking whether a sys admin ..."); | ||
| 141 | return true; | 177 | return true; |
| 142 | } else { | 178 | } else { |
| 143 | - if (Permission::userIsUnitAdministrator()) { | 179 | + if ($isUnitAdmin || $isUnitAdmin = Permission::userIsUnitAdministrator()) { |
| 144 | // if you're a unit administrator, then you have access to everything | 180 | // if you're a unit administrator, then you have access to everything |
| 145 | // including and less than UA | 181 | // including and less than UA |
| 146 | return ($requiredAccess <= UnitAdmin) ? true : false; | 182 | return ($requiredAccess <= UnitAdmin) ? true : false; |
| @@ -191,6 +227,7 @@ class SiteMap { | @@ -191,6 +227,7 @@ class SiteMap { | ||
| 191 | "AND is_enabled=1 AND is_default=0" . ( $bSortLinks ? " ORDER BY link_text ASC" : "" ) ) ) { | 227 | "AND is_enabled=1 AND is_default=0" . ( $bSortLinks ? " ORDER BY link_text ASC" : "" ) ) ) { |
| 192 | while ($sql->next_record()) { | 228 | while ($sql->next_record()) { |
| 193 | // check permissions | 229 | // check permissions |
| 230 | + $default->log->info("SiteMap:: getSectionLinksDB calling hasPermission with access: " . $sql->f("access_id")); | ||
| 194 | if ($this->hasPermission($sql->f("access_id"))) { | 231 | if ($this->hasPermission($sql->f("access_id"))) { |
| 195 | // add this array to the resultset array if there is link text | 232 | // add this array to the resultset array if there is link text |
| 196 | if (strlen($sql->f("link_text")) > 0) { | 233 | if (strlen($sql->f("link_text")) > 0) { |
| @@ -233,7 +270,9 @@ class SiteMap { | @@ -233,7 +270,9 @@ class SiteMap { | ||
| 233 | // need to loop through all (access, page) arrays in this section | 270 | // need to loop through all (access, page) arrays in this section |
| 234 | foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) { | 271 | foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) { |
| 235 | //$default->log->info("SECTION:$sSectionName; access=" . arrayToString($requiredAccess) . ";pages=" . arrayToString($pages)); | 272 | //$default->log->info("SECTION:$sSectionName; access=" . arrayToString($requiredAccess) . ";pages=" . arrayToString($pages)); |
| 273 | + $default->log->info("SiteMap:: getSectionLinksArray calling hasPermission with requiredAccess: " . $requiredAccess); | ||
| 236 | if ($this->hasPermission($requiredAccess)) { | 274 | if ($this->hasPermission($requiredAccess)) { |
| 275 | + | ||
| 237 | foreach ($pages as $action => $pageDetail) { | 276 | foreach ($pages as $action => $pageDetail) { |
| 238 | // add this array to the resultset array if there is link text and it is enabled | 277 | // add this array to the resultset array if there is link text and it is enabled |
| 239 | // but not if it is the default page | 278 | // but not if it is the default page |
| @@ -289,6 +328,7 @@ class SiteMap { | @@ -289,6 +328,7 @@ class SiteMap { | ||
| 289 | foreach ($pageArr as $ackshin => $page) { | 328 | foreach ($pageArr as $ackshin => $page) { |
| 290 | if ($ackshin == $sAction) { | 329 | if ($ackshin == $sAction) { |
| 291 | $default->log->info("loop:$ackshin; test:$sAction"); | 330 | $default->log->info("loop:$ackshin; test:$sAction"); |
| 331 | + $default->log->info("SiteMap:: getPageLinkText calling hasPermission with access: " . $requiredAccess); | ||
| 292 | if ($this->hasPermission($requiredAccess)) { | 332 | if ($this->hasPermission($requiredAccess)) { |
| 293 | return $page["description"]; | 333 | return $page["description"]; |
| 294 | } | 334 | } |
| @@ -326,6 +366,7 @@ class SiteMap { | @@ -326,6 +366,7 @@ class SiteMap { | ||
| 326 | if ($sql->query("SELECT page, access_id FROM $default->sitemap_table WHERE action='$action'")) { | 366 | if ($sql->query("SELECT page, access_id FROM $default->sitemap_table WHERE action='$action'")) { |
| 327 | if ($sql->next_record()) { | 367 | if ($sql->next_record()) { |
| 328 | // check permissions | 368 | // check permissions |
| 369 | + $default->log->info("SiteMap:: getPageDB calling hasPermission with access: " . $sql->f("access_id")); | ||
| 329 | if ($this->hasPermission($sql->f("access_id"))) { | 370 | if ($this->hasPermission($sql->f("access_id"))) { |
| 330 | // return the page | 371 | // return the page |
| 331 | return $sql->f("page"); | 372 | return $sql->f("page"); |
| @@ -354,13 +395,13 @@ class SiteMap { | @@ -354,13 +395,13 @@ class SiteMap { | ||
| 354 | 395 | ||
| 355 | // for each section | 396 | // for each section |
| 356 | foreach ($this->aSiteMap as $section => $valArr) { | 397 | foreach ($this->aSiteMap as $section => $valArr) { |
| 357 | - $default->log->debug("Sitemap::getPage section=$section"); | 398 | + //$default->log->debug("Sitemap::getPage section=$section"); |
| 358 | // for each group, page array combination | 399 | // for each group, page array combination |
| 359 | foreach ($valArr as $requiredAccess => $pageArr) { | 400 | foreach ($valArr as $requiredAccess => $pageArr) { |
| 360 | // now loop through pages until we find the right one | 401 | // now loop through pages until we find the right one |
| 361 | foreach ($pageArr as $ackshin => $page) { | 402 | foreach ($pageArr as $ackshin => $page) { |
| 362 | if ($ackshin == $action) { | 403 | if ($ackshin == $action) { |
| 363 | - $default->log->debug("Sitemap::getPage current requiredAccess=$requiredAccess, action=$ackshin"); | 404 | + $default->log->debug("Sitemap::getPageArray calling hasPermission current requiredAccess=$requiredAccess, action=$ackshin"); |
| 364 | if ($this->hasPermission($requiredAccess)) { | 405 | if ($this->hasPermission($requiredAccess)) { |
| 365 | return $page["page"]; | 406 | return $page["page"]; |
| 366 | } | 407 | } |
| @@ -496,6 +537,7 @@ class SiteMap { | @@ -496,6 +537,7 @@ class SiteMap { | ||
| 496 | $results = array(); | 537 | $results = array(); |
| 497 | // need to loop through all (groupName, page) arrays in this section | 538 | // need to loop through all (groupName, page) arrays in this section |
| 498 | foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) { | 539 | foreach ($this->aSiteMap[$sSectionName] as $requiredAccess => $pages) { |
| 540 | + $default->log->debug("Sitemap::getDefaultActionArray calling hasPermission current requiredAccess=$requiredAccess"); | ||
| 499 | if ($this->hasPermission($requiredAccess)) { | 541 | if ($this->hasPermission($requiredAccess)) { |
| 500 | foreach ($pages as $action => $pageArray) { | 542 | foreach ($pages as $action => $pageArray) { |
| 501 | if ($pageArray["default"] && $pageArray["enabled"]) { | 543 | if ($pageArray["default"] && $pageArray["enabled"]) { |
| @@ -562,18 +604,18 @@ class SiteMap { | @@ -562,18 +604,18 @@ class SiteMap { | ||
| 562 | */ | 604 | */ |
| 563 | function getActionFromPageArray($sPage) { | 605 | function getActionFromPageArray($sPage) { |
| 564 | global $default; | 606 | global $default; |
| 565 | - $default->log->debug("Sitemap::getActionFromPage: page=$sPage"); | 607 | + // $default->log->debug("Sitemap::getActionFromPage: page=$sPage"); |
| 566 | // for each section | 608 | // for each section |
| 567 | foreach ($this->aSiteMap as $section => $valArr) { | 609 | foreach ($this->aSiteMap as $section => $valArr) { |
| 568 | - $default->log->debug("Sitemap::getActionFromPage section=$section"); | 610 | + //$default->log->debug("Sitemap::getActionFromPage section=$section"); |
| 569 | // for each group, page array combination | 611 | // for each group, page array combination |
| 570 | foreach ($valArr as $requiredAccess => $pageArr) { | 612 | foreach ($valArr as $requiredAccess => $pageArr) { |
| 571 | - $default->log->debug("Sitemap::getActionFromPage access=$requiredAccess"); | 613 | + //$default->log->debug("Sitemap::getActionFromPage access=$requiredAccess"); |
| 572 | // now loop through pages until we find the right one | 614 | // now loop through pages until we find the right one |
| 573 | foreach ($pageArr as $action => $page) { | 615 | foreach ($pageArr as $action => $page) { |
| 574 | - $default->log->debug("Sitemap::getActionFromPage action=$action, reqPage=$sPage; page=" . $page["page"]); | 616 | + //$default->log->debug("Sitemap::getActionFromPage action=$action, reqPage=$sPage; page=" . $page["page"]); |
| 575 | if ($sPage == $page["page"]) { | 617 | if ($sPage == $page["page"]) { |
| 576 | - $default->log->debug("Sitemap::getActionFromPage found action=$action for page=$sPage"); | 618 | + //$default->log->debug("Sitemap::getActionFromPage found action=$action for page=$sPage"); |
| 577 | return $action; | 619 | return $action; |
| 578 | } | 620 | } |
| 579 | } | 621 | } |