From a0e0e6b022d04a600b3633f0e6520e29d7ff092e Mon Sep 17 00:00:00 2001 From: Dominique Fournier Date: Sat, 21 Mar 2015 16:40:08 +0000 Subject: [PATCH] routeSQL : allow to users to authorize : authHTML and authREST git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2040 bf3deb0d-5f1a-0410-827f-c0cc1f45334c --- routeSQL.php | 165 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 114 insertions(+), 51 deletions(-) diff --git a/routeSQL.php b/routeSQL.php index 8af8776..473e757 100644 --- a/routeSQL.php +++ b/routeSQL.php @@ -42,8 +42,10 @@ class routeSQL /** The cookie path used to determine the old parameters It is automatically generated with the URL */ public $path = ""; - /** Authentication */ - public $auth = array ("email"=>"anonymous"); + /** Authentication for HTML part */ + public $authHTML = array ("email"=>"anonymous"); + /** Authentication for REST part */ + public $authREST = array ("email"=>"anonymous"); /** Authorization object. Should allow a method named "allow ($module, $user, $object)" which return - NO if the object is not defined @@ -290,6 +292,15 @@ class routeSQL "(\?({p1}=({v1})?)(&{p2}=({v2})?(&{p3}=({v3})?)?)?)?", function ($extension, $p1, $v1, $p2, $v2, $p3, $v3, $chain) { + if ($this->accessright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework", + "Anonymous not allowed"), 401); + throw new Exception (dgettext("domframework", + "Access forbidden"), 403); + } + if ($p1 === "search") $search = $v1; if ($p2 === "search") $search = $v2; if ($p3 === "search") $search = $v3; @@ -335,6 +346,22 @@ class routeSQL $route->post ("rest/".$this->url_prefix."(\.{extension})?", function ($extension) { + if ($this->accessright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); + } + if ($this->editright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); + } + if ($this->readonly ($this->authREST["email"]) === TRUE) + throw new Exception (dgettext("domframework","Access forbidden"), 403); if (!isset ($extension) || $extension === null || $extension === "") $extension = reset ($this->extensionsAllowed); if (!in_array ($extension, $this->extensionsAllowed)) @@ -359,6 +386,22 @@ class routeSQL $route->put ("rest/".$this->url_prefix."(\.{extension})?/{id}", function ($extension, $id) { + if ($this->accessright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); + } + if ($this->editright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); + } + if ($this->readonly ($this->authREST["email"]) === TRUE) + throw new Exception (dgettext("domframework","Access forbidden"), 403); if (!isset ($extension) || $extension === null || $extension === "") $extension = reset ($this->extensionsAllowed); if (!in_array ($extension, $this->extensionsAllowed)) @@ -383,6 +426,22 @@ class routeSQL $route->delete ("rest/".$this->url_prefix."(\.{extension})?/{id}", function ($extension, $id) { + if ($this->accessright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); + } + if ($this->editright ($this->authREST["email"]) !== TRUE) + { + if ($this->authREST["email"] === "anonymous") + throw new Exception (dgettext("domframework","Anonymous not allowed"), + 401); + throw new Exception (dgettext("domframework","Access forbidden"), 403); + } + if ($this->readonly ($this->authREST["email"]) === TRUE) + throw new Exception (dgettext("domframework","Access forbidden"), 403); if (!isset ($extension) || $extension === null || $extension === "") $extension = reset ($this->extensionsAllowed); if (!in_array ($extension, $this->extensionsAllowed)) @@ -430,9 +489,10 @@ class routeSQL // List all the objects of the table if ($this->chained !== null) { - if ($this->chained->accessright ($chain) !== TRUE) + if ($this->chained->accessright ($this->authHTML["email"], $chain) !== + TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework", @@ -445,9 +505,9 @@ class routeSQL throw new Exception (dgettext("domframework", "Object not found"), 404); } - if ($this->accessright () !== TRUE) + if ($this->accessright ($this->authHTML["email"]) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework", @@ -455,7 +515,7 @@ class routeSQL } if ($this->chained !== null && - $this->chained->editright ($chain) !== true) + $this->chained->editright ($this->authHTML["email"], $chain) !== true) $this->readwriteAllowed = false; // num is the number of elements displayed by page @@ -692,9 +752,10 @@ class routeSQL // Delete an existing object if the token is valid if ($this->chained !== null) { - if ($this->chained->editright ($chain) !== TRUE) + if ($this->chained->editright ($this->authHTML["email"], $chain) !== + TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), @@ -707,21 +768,21 @@ class routeSQL throw new Exception (dgettext("domframework", "Object not found"), 404); } - if ($this->accessright ($id) !== TRUE) + if ($this->accessright ($this->authHTML["email"], $id) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->editright ($id) !== TRUE) + if ($this->editright ($this->authHTML["email"], $id) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->readonly ($id) === TRUE) + if ($this->readonly ($this->authHTML["email"], $id) === TRUE) throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); @@ -752,9 +813,10 @@ class routeSQL // Add a new entry : form to be filled by the user if ($this->chained !== null) { - if ($this->chained->editright ($chain) !== TRUE) + if ($this->chained->editright ($this->authHTML["email"], $chain) !== + TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), @@ -767,21 +829,21 @@ class routeSQL throw new Exception (dgettext("domframework", "Object not found"), 404); } - if ($this->accessright () !== TRUE) + if ($this->accessright ($this->authHTML["email"]) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->editright () !== TRUE) + if ($this->editright ($this->authHTML["email"]) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->readonly () === TRUE) + if ($this->readonly ($this->authHTML["email"]) === TRUE) throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); @@ -864,9 +926,10 @@ class routeSQL // Add a new entry : effective save of the datas if ($this->chained !== null) { - if ($this->chained->editright ($chain) !== TRUE) + if ($this->chained->editright ($this->authHTML["email"], $chain) !== + TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), @@ -879,21 +942,21 @@ class routeSQL throw new exception (dgettext("domframework", "Object not found"), 404); } - if ($this->accessright () !== TRUE) + if ($this->accessright ($this->authHTML["email"]) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->editright () !== TRUE) + if ($this->editright ($this->authHTML["email"]) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->readonly () === TRUE) + if ($this->readonly ($this->authHTML["email"]) === TRUE) throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); @@ -938,9 +1001,10 @@ class routeSQL // List the details of one existing object if ($this->chained !== null) { - if ($this->chained->accessright ($chain) !== TRUE) + if ($this->chained->accessright ($this->authHTML["email"], $chain) !== + TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), @@ -953,19 +1017,20 @@ class routeSQL throw new exception (dgettext("domframework", "Object not found"), 404); } - if ($this->accessright ($id) !== TRUE) + if ($this->accessright ($this->authHTML["email"], $id) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } if ($this->chained !== null && - $this->chained->editright ($chain) !== true) + $this->chained->editright ($this->authHTML["email"], $chain) !== true) $this->readwriteAllowed = false; if ($this->readwriteAllowed === true) - $this->readwriteAllowed = $this->editright ($id); - $readonly = $this->readonly ($id); + $this->readwriteAllowed = $this->editright ($this->authHTML["email"], + $id); + $readonly = $this->readonly ($this->authHTML["email"], $id); $this->connect(); $content = $this->showflash (); @@ -1057,9 +1122,10 @@ class routeSQL // Save the details of one existing object if ($this->chained !== null) { - if ($this->chained->editright ($chain) !== TRUE) + if ($this->chained->editright ($this->authHTML["email"], $chain) !== + TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), @@ -1072,21 +1138,21 @@ class routeSQL throw new exception (dgettext("domframework", "Object not found"), 404); } - if ($this->accessright ($id) !== TRUE) + if ($this->accessright ($this->authHTML["email"], $id) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->editright ($id) !== TRUE) + if ($this->editright ($this->authHTML["email"], $id) !== TRUE) { - if ($this->auth["email"] === "anonymous") + if ($this->authHTML["email"] === "anonymous") throw new Exception (dgettext("domframework","Anonymous not allowed"), 401); throw new Exception (dgettext("domframework","Access forbidden"), 403); } - if ($this->readonly ($id) === TRUE) + if ($this->readonly ($this->authHTML["email"], $id) === TRUE) throw new Exception (dgettext("domframework","Access forbidden"), 403); $this->connect(); @@ -1144,14 +1210,13 @@ class routeSQL /** Authorization : Return TRUE if the user right allow to see the datas Return FALSE else */ - public function accessright ($id=null) + public function accessright ($auth, $id=null) { // echo "accessright=".var_export ($id, TRUE)." for ". // var_export($this->model_class, TRUE)."\n"; if ($this->authorization !== null) { - $result = $this->authorization->allow ($this->module, - $this->auth["email"], "/$id"); + $result = $this->authorization->allow ($this->module, $auth, "/$id"); // echo "RESULT=$result\n"; if ($result === "RO") return TRUE; if ($result === "RW") return TRUE; @@ -1162,14 +1227,13 @@ class routeSQL /** Authorization : Return TRUE if the user right allow to edit the datas Return FALSE else */ - public function editright ($id=null) + public function editright ($auth, $id=null) { // echo "editright=".var_export ($id, TRUE)." for ". // var_export($this->model_class, TRUE)."\n"; if ($this->authorization !== null) { - $result = $this->authorization->allow ($this->module, - $this->auth["email"], "/$id"); + $result = $this->authorization->allow ($this->module, $auth, "/$id"); // echo "RESULT=$result\n"; if ($result === "RW") return TRUE; return FALSE; @@ -1179,14 +1243,13 @@ class routeSQL /** Authorization : Return TRUE if the $id is in READONLY for the user or FALSE if the user have the RW rights */ - public function readonly ($id=null) + public function readonly ($auth, $id=null) { // echo "readonly=".var_export ($id, TRUE)." for ". // var_export($this->model_class, TRUE)."\n"; if ($this->authorization !== null) { - $result = $this->authorization->allow ($this->module, - $this->auth["email"], "/$id"); + $result = $this->authorization->allow ($this->module, $auth, "/$id"); // echo "RESULT=$result\n"; if ($result === "RO") return TRUE; return FALSE;