Commit 2d46b065 authored by lphuberdeau's avatar lphuberdeau

[MOD] Making the admin-gets-all-rights check dynamic and valid everywhere...

[MOD] Making the admin-gets-all-rights check dynamic and valid everywhere rather than bind it at initialization for the current execution. Checking an other group's permissions will behave correctly even when logged as an admin.
parent 553bf781
......@@ -1391,6 +1391,7 @@ lib/core/lib/Perms.php -text
lib/core/lib/Perms/Accessor.php -text
lib/core/lib/Perms/Applier.php -text
lib/core/lib/Perms/Check.php -text
lib/core/lib/Perms/Check/Alternate.php -text
lib/core/lib/Perms/Check/Creator.php -text
lib/core/lib/Perms/Check/Direct.php -text
lib/core/lib/Perms/Check/Indirect.php -text
......@@ -2486,6 +2487,7 @@ lib/test/core/Multilingual/MachineTranslation/GoogleTranslateWrapperTest.php -te
lib/test/core/Perms/AccessorTest.php -text
lib/test/core/Perms/ApplierTest.php -text
lib/test/core/Perms/BaseTest.php -text
lib/test/core/Perms/Check/AlternateTest.php -text
lib/test/core/Perms/Check/CreatorTest.php -text
lib/test/core/Perms/Check/DirectTest.php -text
lib/test/core/Perms/Check/IndirectTest.php -text
......
<?php
require_once 'lib/core/lib/Perms/Check.php';
class Perms_Check_Alternate implements Perms_Check
{
private $permission;
private $resolver;
function __construct( $permission ) {
$this->permission = $permission;
}
function check( Perms_Resolver $resolver, array $context, $name, array $groups ) {
if( $this->resolver ) {
return $this->resolver->check( $this->permission, $groups );
} else {
return false;
}
}
function setResolver( $resolver ) {
$this->resolver = $resolver;
}
}
?>
......@@ -53,11 +53,13 @@ $groupList = $tikilib->get_user_groups( $user );
require_once 'lib/core/lib/Perms.php';
require_once 'lib/core/lib/Perms/Check/Direct.php';
require_once 'lib/core/lib/Perms/Check/Indirect.php';
require_once 'lib/core/lib/Perms/Check/Alternate.php';
require_once 'lib/core/lib/Perms/ResolverFactory/GlobalFactory.php';
require_once 'lib/core/lib/Perms/ResolverFactory/CategoryFactory.php';
require_once 'lib/core/lib/Perms/ResolverFactory/ObjectFactory.php';
$sequence = array(
$globalAdminCheck = new Perms_Check_Alternate( 'admin' ),
new Perms_Check_Direct,
new Perms_Check_Indirect( $map ),
);
......@@ -81,21 +83,8 @@ $perms->setCheckSequence( $sequence );
$perms->setResolverFactories( $factories );
Perms::set( $perms );
global $globalPermRules;
$globalPermRules = $perms;
$globalperms = Perms::get();
if ($user && (($user == 'admin' && isset($_SESSION["groups_are_emulated"]) && $_SESSION["groups_are_emulated"] != "y") || $globalperms->admin ) ) {
// Admins have all rights and thus, bypass permission checks
require_once 'lib/core/lib/Perms/ResolverFactory/StaticFactory.php';
require_once 'lib/core/lib/Perms/Resolver/Default.php';
$perms->setResolverFactories( array(
new Perms_ResolverFactory_StaticFactory( 'admin', new Perms_Resolver_Default( true ) ),
) );
$globalperms = Perms::get();
}
$globalAdminCheck->setResolver( $globalperms->getResolver() );
function remove_tiki_p_prefix( $name ) {
return substr( $name, 7 );
......
<?php
class Perms_Check_AlternateTest extends PHPUnit_Framework_TestCase
{
function testUnconfigured() {
$resolver = new Perms_Resolver_Default( true );
$check = new Perms_Check_Alternate( 'admin' );
$this->assertFalse( $check->check( $resolver, array(), 'view', array( 'Registered' ) ) );
}
function testWithReplacementResolver() {
$resolver = new Perms_Resolver_Default( false );
$replacement = new Perms_Resolver_Static( array(
'Registered' => array( 'admin' ),
) );
$check = new Perms_Check_Alternate( 'admin' );
$check->setResolver( $replacement );
$this->assertTrue( $check->check( $resolver, array(), 'view', array( 'Registered' ) ) );
}
function testWithReplacementNotAllowing() {
$resolver = new Perms_Resolver_Default( false );
$replacement = new Perms_Resolver_Static( array(
'Registered' => array( 'view', 'edit' ),
) );
$check = new Perms_Check_Alternate( 'admin' );
$check->setResolver( $replacement );
$this->assertFalse( $check->check( $resolver, array(), 'view', array( 'Registered' ) ) );
}
}
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment