Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

routeSQL : allow to users to authorize : authHTML and authREST

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2040 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2015-03-21 16:40:08 +00:00
parent fc40f729b2
commit a0e0e6b022
1 changed files with 114 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
routeSQL.php
View File

@@ -42,8 +42,10 @@ class routeSQL
/** The cookie path used to determine the old parameters
It is automatically generated with the URL */
public $path = "";
/** Authentication */
public $auth = array ("email"=>"anonymous");
/** Authentication for HTML part */
public $authHTML = array ("email"=>"anonymous");
/** Authentication for REST part */
public $authREST = array ("email"=>"anonymous");
/** Authorization object. Should allow a method named
"allow ($module, $user, $object)" which return
- NO if the object is not defined
@@ -290,6 +292,15 @@ class routeSQL
"(\?({p1}=({v1})?)(&{p2}=({v2})?(&{p3}=({v3})?)?)?)?",
function ($extension, $p1, $v1, $p2, $v2, $p3, $v3, $chain)
{
if ($this->accessright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework",
"Access forbidden"), 403);
}
if ($p1 === "search") $search = $v1;
if ($p2 === "search") $search = $v2;
if ($p3 === "search") $search = $v3;
@@ -335,6 +346,22 @@ class routeSQL
$route->post ("rest/".$this->url_prefix."(\.{extension})?",
function ($extension)
{
if ($this->accessright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly ($this->authREST["email"]) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
if (!isset ($extension) || $extension === null || $extension === "")
$extension = reset ($this->extensionsAllowed);
if (!in_array ($extension, $this->extensionsAllowed))
@@ -359,6 +386,22 @@ class routeSQL
$route->put ("rest/".$this->url_prefix."(\.{extension})?/{id}",
function ($extension, $id)
{
if ($this->accessright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly ($this->authREST["email"]) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
if (!isset ($extension) || $extension === null || $extension === "")
$extension = reset ($this->extensionsAllowed);
if (!in_array ($extension, $this->extensionsAllowed))
@@ -383,6 +426,22 @@ class routeSQL
$route->delete ("rest/".$this->url_prefix."(\.{extension})?/{id}",
function ($extension, $id)
{
if ($this->accessright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright ($this->authREST["email"]) !== TRUE)
{
if ($this->authREST["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly ($this->authREST["email"]) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
if (!isset ($extension) || $extension === null || $extension === "")
$extension = reset ($this->extensionsAllowed);
if (!in_array ($extension, $this->extensionsAllowed))
@@ -430,9 +489,10 @@ class routeSQL
// List all the objects of the table
if ($this->chained !== null)
{
if ($this->chained->accessright ($chain) !== TRUE)
if ($this->chained->accessright ($this->authHTML["email"], $chain) !==
TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework",
@@ -445,9 +505,9 @@ class routeSQL
throw new Exception (dgettext("domframework",
"Object not found"), 404);
}
if ($this->accessright () !== TRUE)
if ($this->accessright ($this->authHTML["email"]) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework",
@@ -455,7 +515,7 @@ class routeSQL
}
if ($this->chained !== null &&
$this->chained->editright ($chain) !== true)
$this->chained->editright ($this->authHTML["email"], $chain) !== true)
$this->readwriteAllowed = false;
// num is the number of elements displayed by page
@@ -692,9 +752,10 @@ class routeSQL
// Delete an existing object if the token is valid
if ($this->chained !== null)
{
if ($this->chained->editright ($chain) !== TRUE)
if ($this->chained->editright ($this->authHTML["email"], $chain) !==
TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework","Access forbidden"),
@@ -707,21 +768,21 @@ class routeSQL
throw new Exception (dgettext("domframework",
"Object not found"), 404);
}
if ($this->accessright ($id) !== TRUE)
if ($this->accessright ($this->authHTML["email"], $id) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright ($id) !== TRUE)
if ($this->editright ($this->authHTML["email"], $id) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly ($id) === TRUE)
if ($this->readonly ($this->authHTML["email"], $id) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
$this->connect();
@@ -752,9 +813,10 @@ class routeSQL
// Add a new entry : form to be filled by the user
if ($this->chained !== null)
{
if ($this->chained->editright ($chain) !== TRUE)
if ($this->chained->editright ($this->authHTML["email"], $chain) !==
TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework","Access forbidden"),
@@ -767,21 +829,21 @@ class routeSQL
throw new Exception (dgettext("domframework",
"Object not found"), 404);
}
if ($this->accessright () !== TRUE)
if ($this->accessright ($this->authHTML["email"]) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright () !== TRUE)
if ($this->editright ($this->authHTML["email"]) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly () === TRUE)
if ($this->readonly ($this->authHTML["email"]) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
$this->connect();
@@ -864,9 +926,10 @@ class routeSQL
// Add a new entry : effective save of the datas
if ($this->chained !== null)
{
if ($this->chained->editright ($chain) !== TRUE)
if ($this->chained->editright ($this->authHTML["email"], $chain) !==
TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework","Access forbidden"),
@@ -879,21 +942,21 @@ class routeSQL
throw new exception (dgettext("domframework",
"Object not found"), 404);
}
if ($this->accessright () !== TRUE)
if ($this->accessright ($this->authHTML["email"]) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright () !== TRUE)
if ($this->editright ($this->authHTML["email"]) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly () === TRUE)
if ($this->readonly ($this->authHTML["email"]) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
$this->connect();
@@ -938,9 +1001,10 @@ class routeSQL
// List the details of one existing object
if ($this->chained !== null)
{
if ($this->chained->accessright ($chain) !== TRUE)
if ($this->chained->accessright ($this->authHTML["email"], $chain) !==
TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework","Access forbidden"),
@@ -953,19 +1017,20 @@ class routeSQL
throw new exception (dgettext("domframework",
"Object not found"), 404);
}
if ($this->accessright ($id) !== TRUE)
if ($this->accessright ($this->authHTML["email"], $id) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->chained !== null &&
$this->chained->editright ($chain) !== true)
$this->chained->editright ($this->authHTML["email"], $chain) !== true)
$this->readwriteAllowed = false;
if ($this->readwriteAllowed === true)
$this->readwriteAllowed = $this->editright ($id);
$readonly = $this->readonly ($id);
$this->readwriteAllowed = $this->editright ($this->authHTML["email"],
$id);
$readonly = $this->readonly ($this->authHTML["email"], $id);
$this->connect();
$content = $this->showflash ();
@@ -1057,9 +1122,10 @@ class routeSQL
// Save the details of one existing object
if ($this->chained !== null)
{
if ($this->chained->editright ($chain) !== TRUE)
if ($this->chained->editright ($this->authHTML["email"], $chain) !==
TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework",
"Anonymous not allowed"), 401);
throw new Exception (dgettext("domframework","Access forbidden"),
@@ -1072,21 +1138,21 @@ class routeSQL
throw new exception (dgettext("domframework",
"Object not found"), 404);
}
if ($this->accessright ($id) !== TRUE)
if ($this->accessright ($this->authHTML["email"], $id) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->editright ($id) !== TRUE)
if ($this->editright ($this->authHTML["email"], $id) !== TRUE)
{
if ($this->auth["email"] === "anonymous")
if ($this->authHTML["email"] === "anonymous")
throw new Exception (dgettext("domframework","Anonymous not allowed"),
401);
throw new Exception (dgettext("domframework","Access forbidden"), 403);
}
if ($this->readonly ($id) === TRUE)
if ($this->readonly ($this->authHTML["email"], $id) === TRUE)
throw new Exception (dgettext("domframework","Access forbidden"), 403);
$this->connect();
@@ -1144,14 +1210,13 @@ class routeSQL
/** Authorization : Return TRUE if the user right allow to see the datas
Return FALSE else */
public function accessright ($id=null)
public function accessright ($auth, $id=null)
{
// echo "accessright=".var_export ($id, TRUE)." for ".
// var_export($this->model_class, TRUE)."\n";
if ($this->authorization !== null)
{
$result = $this->authorization->allow ($this->module,
$this->auth["email"], "/$id");
$result = $this->authorization->allow ($this->module, $auth, "/$id");
// echo "RESULT=$result\n";
if ($result === "RO") return TRUE;
if ($result === "RW") return TRUE;
@@ -1162,14 +1227,13 @@ class routeSQL
/** Authorization : Return TRUE if the user right allow to edit the datas
Return FALSE else */
public function editright ($id=null)
public function editright ($auth, $id=null)
{
// echo "editright=".var_export ($id, TRUE)." for ".
// var_export($this->model_class, TRUE)."\n";
if ($this->authorization !== null)
{
$result = $this->authorization->allow ($this->module,
$this->auth["email"], "/$id");
$result = $this->authorization->allow ($this->module, $auth, "/$id");
// echo "RESULT=$result\n";
if ($result === "RW") return TRUE;
return FALSE;
@@ -1179,14 +1243,13 @@ class routeSQL
/** Authorization : Return TRUE if the $id is in READONLY for the user or
FALSE if the user have the RW rights */
public function readonly ($id=null)
public function readonly ($auth, $id=null)
{
// echo "readonly=".var_export ($id, TRUE)." for ".
// var_export($this->model_class, TRUE)."\n";
if ($this->authorization !== null)
{
$result = $this->authorization->allow ($this->module,
$this->auth["email"], "/$id");
$result = $this->authorization->allow ($this->module, $auth, "/$id");
// echo "RESULT=$result\n";
if ($result === "RO") return TRUE;
return FALSE;