Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

routeSQL : Limit the list to the authorized of elements

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2044 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2015-03-22 04:55:10 +00:00
parent f7c0395a31
commit 74f5fed52c
1 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
routeSQL.php
View File

@@ -357,6 +357,13 @@ class routeSQL
$data = $this->objectDB->read ($criteria, array_keys ($titles), null, $data = $this->objectDB->read ($criteria, array_keys ($titles), null,
true, $foreignSelect); true, $foreignSelect);
} }
// Limiting access to data only to data with read access right
foreach ($data as $key=>$vals)
{
if ($this->accessright ($this->authHTML["email"],
$vals[$this->objectDB->primary]) !== TRUE)
unset ($data[$key]);
}
$this->renderrest ($extension, $data); $this->renderrest ($extension, $data);
}); });
@@ -667,6 +674,13 @@ class routeSQL
$data = $this->objectDB->read ($criteria, array_keys ($titles), null, $data = $this->objectDB->read ($criteria, array_keys ($titles), null,
true, $foreignSelect); true, $foreignSelect);
} }
// Limiting access to data only to data with read access right
foreach ($data as $key=>$vals)
{
if ($this->accessright ($this->authHTML["email"],
$vals[$this->objectDB->primary]) !== TRUE)
unset ($data[$key]);
}
$nbentries = count ($data); $nbentries = count ($data);
if ($num > 1000) if ($num > 1000)
$route->redirect ("/".str_replace ("{chain}", $chain, $this->url_prefix) $route->redirect ("/".str_replace ("{chain}", $chain, $this->url_prefix)
@@ -1308,7 +1322,8 @@ class routeSQL
// var_export($this->model_class, TRUE)."\n"; // var_export($this->model_class, TRUE)."\n";
if ($this->authorization !== null) if ($this->authorization !== null)
{ {
$result = $this->authorization->allow ($this->module, $auth, "/$id"); $result = $this->authorization->allow ($this->module, $auth,
"/".$this->model_class."/$id");
// echo "RESULT=$result\n"; // echo "RESULT=$result\n";
if ($result === "RO") return TRUE; if ($result === "RO") return TRUE;
if ($result === "RW") return TRUE; if ($result === "RW") return TRUE;
@@ -1325,7 +1340,8 @@ class routeSQL
// var_export($this->model_class, TRUE)."\n"; // var_export($this->model_class, TRUE)."\n";
if ($this->authorization !== null) if ($this->authorization !== null)
{ {
$result = $this->authorization->allow ($this->module, $auth, "/$id"); $result = $this->authorization->allow ($this->module, $auth,
"/".$this->model_class."/$id");
// echo "RESULT=$result\n"; // echo "RESULT=$result\n";
if ($result === "RW") return TRUE; if ($result === "RW") return TRUE;
return FALSE; return FALSE;
@@ -1341,7 +1357,8 @@ class routeSQL
// var_export($this->model_class, TRUE)."\n"; // var_export($this->model_class, TRUE)."\n";
if ($this->authorization !== null) if ($this->authorization !== null)
{ {
$result = $this->authorization->allow ($this->module, $auth, "/$id"); $result = $this->authorization->allow ($this->module, $auth,
"/".$this->model_class."/$id");
// echo "RESULT=$result\n"; // echo "RESULT=$result\n";
if ($result === "RO") return TRUE; if ($result === "RO") return TRUE;
return FALSE; return FALSE;