routeSQL : beginning of authorization
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2016 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
127
routeSQL.php
127
routeSQL.php
@@ -40,6 +40,8 @@ class routeSQL
|
||||
/** The cookie path used to determine the old parameters
|
||||
It is automatically generated with the URL */
|
||||
public $path = "";
|
||||
/** Authentication */
|
||||
public $auth = array ("email"=>"anonymous");
|
||||
/** The model file containing the database description */
|
||||
private $model_file = "";
|
||||
/** The model class included in the model file */
|
||||
@@ -245,7 +247,7 @@ class routeSQL
|
||||
}
|
||||
|
||||
/** Create the routes and the associated actions */
|
||||
public function routes ()
|
||||
public function routesHTML ()
|
||||
{
|
||||
/** Add HTML routes */
|
||||
$route = new route ();
|
||||
@@ -254,10 +256,18 @@ class routeSQL
|
||||
$route->redirect ("/".$this->url_prefix, "");
|
||||
});
|
||||
|
||||
$route->get ($this->url_prefix."(\?({p1}=({v1})?)(&{p2}=({v2})?(&{p3}=({v3})?)?)?)?",
|
||||
$route->get ($this->url_prefix.
|
||||
"(\?({p1}=({v1})?)(&{p2}=({v2})?(&{p3}=({v3})?)?)?)?",
|
||||
function ($p1, $v1, $p2, $v2, $p3, $v3) use ($route)
|
||||
{
|
||||
// LIST ALL THE OBJECTS OF THE TABLE
|
||||
// List all the objects of the table
|
||||
if ($this->accessright () !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
|
||||
// num is the number of elements displayed by page
|
||||
// page is the page to display
|
||||
// Allow the parameters to be sent in any order
|
||||
@@ -456,7 +466,22 @@ echo $content;
|
||||
$route->get ($this->url_prefix."/{id}/delete/{token}",
|
||||
function ($id, $token)
|
||||
{
|
||||
echo "DELETE AN EXISTING OBJECT IF THE TOKEN IS VALID !";
|
||||
// Delete an existing object if the token is valid
|
||||
if ($this->accessright ($id) !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->editright ($id) !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->readonly ($id) === TRUE)
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
|
||||
$this->connect();
|
||||
$csrf = new csrf ();
|
||||
$renderer = new renderer ();
|
||||
@@ -479,6 +504,21 @@ echo $content;
|
||||
$route->get ($this->url_prefix."/add", function ()
|
||||
{
|
||||
// Add a new entry : form to be filled by the user
|
||||
if ($this->accessright () !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->editright () !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->readonly () === TRUE)
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
|
||||
$this->connect();
|
||||
$content = $this->showflash ();
|
||||
$values = array ();
|
||||
@@ -525,6 +565,21 @@ echo $content;
|
||||
$route->post ($this->url_prefix."/add", function () use ($route)
|
||||
{
|
||||
// Add a new entry : effective save of the datas
|
||||
if ($this->accessright () !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->editright () !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->readonly () === TRUE)
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
|
||||
$this->connect();
|
||||
$f = new form ();
|
||||
$values = $f->values ();
|
||||
@@ -560,7 +615,16 @@ echo $content;
|
||||
|
||||
$route->get ($this->url_prefix."/{id}", function ($id)
|
||||
{
|
||||
// LIST THE DETAILS OF ONE EXISTING OBJECT !
|
||||
// List the details of one existing object
|
||||
if ($this->accessright ($id) !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
$editright = $this->editright ($id);
|
||||
$readonly = $this->readonly ($id);
|
||||
|
||||
$this->connect();
|
||||
$content = $this->showflash ();
|
||||
$values = array ();
|
||||
@@ -595,15 +659,20 @@ echo $content;
|
||||
$field->mandatory = true;
|
||||
if (in_array ("autoincrement", $this->objectDB->fields[$key]))
|
||||
$field->type = "hidden";
|
||||
if ($readonly === true || $editright === false)
|
||||
$field->readonly = true;
|
||||
$fields[] = $field;
|
||||
unset ($field);
|
||||
}
|
||||
|
||||
$field = new formfield ("submit", _("Save the zone"));
|
||||
$field->defaults = _("Save the zone");
|
||||
$field->type = "submit";
|
||||
$fields[] = $field;
|
||||
unset ($field);
|
||||
if ($readonly === false && $editright === true)
|
||||
{
|
||||
$field = new formfield ("submit", _("Save the datas"));
|
||||
$field->defaults = _("Save the datas");
|
||||
$field->type = "submit";
|
||||
$fields[] = $field;
|
||||
unset ($field);
|
||||
}
|
||||
$f->fields ($fields);
|
||||
$content .= $f->printHTML ("post", $values, $errors);
|
||||
echo $content;
|
||||
@@ -611,7 +680,22 @@ echo $content;
|
||||
|
||||
$route->post ($this->url_prefix."/{id}", function ($id) use ($route)
|
||||
{
|
||||
// SAVE THE DETAILS OF ONE EXISTING OBJECT !
|
||||
// Save the details of one existing object
|
||||
if ($this->accessright ($id) !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->editright ($id) !== TRUE)
|
||||
{
|
||||
if ($this->auth["email"] === "anonymous")
|
||||
throw new Exception (_("Anonymous not allowed"), 401);
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
}
|
||||
if ($this->readonly ($id) === TRUE)
|
||||
throw new Exception (_("Access forbidden"), 403);
|
||||
|
||||
$this->connect();
|
||||
$oldvalues = $this->objectDB->read (array (array
|
||||
($this->objectDB->primary, $id)));
|
||||
@@ -652,4 +736,25 @@ echo $content;
|
||||
$route->redirect ("/".$this->url_prefix."/$id", "");
|
||||
});
|
||||
}
|
||||
|
||||
/** Authorization : Return TRUE if the user right allow to see the datas
|
||||
Return FALSE else */
|
||||
public function accessright ()
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/** Authorization : Return TRUE if the user right allow to edit the datas
|
||||
Return FALSE else */
|
||||
public function editright ()
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/** Authorization : Return TRUE if the $id is in READONLY for the user or
|
||||
FALSE if the user have the RW rights */
|
||||
public function readonly ()
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user