Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

authzgroups : add the functions to check the accessRight, accessWrite, accessReadOnly

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2256 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2015-08-17 12:10:21 +00:00
parent 5d4eae4473
commit bf4d1e036e
1 changed files with 81 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
authzgroups.php
View File

@@ -120,6 +120,87 @@ class authzgroups
return $ressource[$object]; return $ressource[$object];
} }
/** Return TRUE if the user right allow to see the object
Return a 403 Exception if the user don't have the right
Return a 401 Exception if the user is not connected */
public function accessRight ($module, $user, $object)
{
if ($this->dbObject === null)
throw new Exception ("Can't use authzgroups\\accessRight without ".
"connected database", 500);
if ($module === null || ! is_string ($module) || trim ($module) === "")
throw new Exception ("Module not provided to authzgroups\\accessRight",
500);
if ($user === null || ! is_string ($user) || trim ($user) === "")
throw new Exception ("User not provided to authzgroups\\accessright",
500);
if ($object === null || ! is_string ($object))
throw new Exception ("Object not provided to authzgroups\\accessRight",
500);
$rc = $this->allow ($module, $user, "/$object");
trigger_error ("authzgroups : accessRight ('$module','$user','/$object')".
"=$rc", E_USER_NOTICE);
if ($rc !== "NO")
return TRUE;
if ($user === "anonymous")
throw new Exception (_("Anonymous not allowed"), 401);
throw new Exception (_("Access forbidden"), 403);
}
/** Return TRUE if the user right allow to edit the object
Return a 403 Exception if the user don't have the right
Return a 401 Exception if the user is not connected */
public function accessWrite ($module, $user, $object)
{
if ($this->dbObject === null)
throw new Exception ("Can't use authzgroups\\accessWrite without ".
"connected database", 500);
if ($module === null || ! is_string ($module) || trim ($module) === "")
throw new Exception ("Module not provided to authzgroups\\accessWrite",
500);
if ($user === null || ! is_string ($user) || trim ($user) === "")
throw new Exception ("User not provided to authzgroups\\accessWrite",
500);
if ($object === null || ! is_string ($object))
throw new Exception ("Object not provided to authzgroups\\accessWrite",
500);
$rc = $this->allow ($module, $user, "/$object");
trigger_error ("authzgroups : accessWrite ('$module','$user','/$object')".
"=$rc", E_USER_NOTICE);
if ($rc === "RW")
return TRUE;
if ($user === "anonymous")
throw new Exception (_("Anonymous not allowed"), 401);
throw new Exception (_("Modification forbidden"), 403);
}
/** Return TRUE if the user right allow to see but without modification
the object
Return a 403 Exception if the user don't have the right
Return a 401 Exception if the user is not connected */
public function accessReadOnly ($module, $user, $object)
{
if ($this->dbObject === null)
throw new Exception ("Can't use authzgroups\\accessReadOnly without ".
"connected database", 500);
if ($module === null || ! is_string ($module) || trim ($module) === "")
throw new Exception ("Module not provided to authzgroups\\accessReadOnly",
500);
if ($user === null || ! is_string ($user) || trim ($user) === "")
throw new Exception ("User not provided to authzgroups\\accessReadOnly",
500);
if ($object === null || ! is_string ($object))
throw new Exception ("Object not provided to authzgroups\\accessReadOnly",
500);
$rc = $this->allow ($module, $user, "/$object");
trigger_error ("authzgroups : accessReadOnly ('$module','$user','/$object')"
."=$rc", E_USER_NOTICE);
if ($rc === "RO")
return TRUE;
if ($user === "anonymous")
throw new Exception (_("Anonymous not allowed"), 401);
throw new Exception (_("Access forbidden"), 403);
}
///////////////////////// /////////////////////////
// DATABASE STORAGE // // DATABASE STORAGE //
///////////////////////// /////////////////////////