ACL Login update with pages in acl array and file in allowed access list lookup
This commit is contained in:
Clemens Schwaighofer
@@ -924,7 +924,9 @@ class Login
|
|||||||
$mandatory_session_vars = [
|
$mandatory_session_vars = [
|
||||||
'LOGIN_USER_NAME', 'LOGIN_GROUP_NAME', 'LOGIN_EUCUID', 'LOGIN_EUCUUID',
|
'LOGIN_USER_NAME', 'LOGIN_GROUP_NAME', 'LOGIN_EUCUID', 'LOGIN_EUCUUID',
|
||||||
'LOGIN_USER_ADDITIONAL_ACL', 'LOGIN_GROUP_ADDITIONAL_ACL',
|
'LOGIN_USER_ADDITIONAL_ACL', 'LOGIN_GROUP_ADDITIONAL_ACL',
|
||||||
'LOGIN_ADMIN', 'LOGIN_GROUP_ACL_LEVEL', 'LOGIN_PAGES_ACL_LEVEL', 'LOGIN_USER_ACL_LEVEL',
|
'LOGIN_ADMIN', 'LOGIN_GROUP_ACL_LEVEL',
|
||||||
|
'LOGIN_PAGES', 'LOGIN_PAGES_LOOKUP', 'LOGIN_PAGES_ACL_LEVEL',
|
||||||
|
'LOGIN_USER_ACL_LEVEL',
|
||||||
'LOGIN_UNIT', 'LOGIN_UNIT_DEFAULT_EACUID'
|
'LOGIN_UNIT', 'LOGIN_UNIT_DEFAULT_EACUID'
|
||||||
];
|
];
|
||||||
$force_reauth = false;
|
$force_reauth = false;
|
||||||
@@ -1264,6 +1266,7 @@ class Login
|
|||||||
}
|
}
|
||||||
$edit_page_ids = [];
|
$edit_page_ids = [];
|
||||||
$pages = [];
|
$pages = [];
|
||||||
|
$pages_lookup = [];
|
||||||
$pages_acl = [];
|
$pages_acl = [];
|
||||||
// set pages access
|
// set pages access
|
||||||
$q = <<<SQL
|
$q = <<<SQL
|
||||||
@@ -1307,6 +1310,7 @@ class Login
|
|||||||
'query' => [],
|
'query' => [],
|
||||||
'visible' => []
|
'visible' => []
|
||||||
];
|
];
|
||||||
|
$pages_lookup[$res['filename']] = $res['cuid'];
|
||||||
// make reference filename -> level
|
// make reference filename -> level
|
||||||
$pages_acl[$res['filename']] = $res['level'];
|
$pages_acl[$res['filename']] = $res['level'];
|
||||||
} // for each page
|
} // for each page
|
||||||
@@ -1367,6 +1371,7 @@ class Login
|
|||||||
// write back the pages data to the output array
|
// write back the pages data to the output array
|
||||||
$this->session->setMany([
|
$this->session->setMany([
|
||||||
'LOGIN_PAGES' => $pages,
|
'LOGIN_PAGES' => $pages,
|
||||||
|
'LOGIN_PAGES_LOOKUP' => $pages_lookup,
|
||||||
'LOGIN_PAGES_ACL_LEVEL' => $pages_acl,
|
'LOGIN_PAGES_ACL_LEVEL' => $pages_acl,
|
||||||
]);
|
]);
|
||||||
// load the edit_access user rights
|
// load the edit_access user rights
|
||||||
@@ -1526,6 +1531,8 @@ class Login
|
|||||||
) {
|
) {
|
||||||
$this->acl['page'] = $_SESSION['LOGIN_PAGES_ACL_LEVEL'][$this->page_name];
|
$this->acl['page'] = $_SESSION['LOGIN_PAGES_ACL_LEVEL'][$this->page_name];
|
||||||
}
|
}
|
||||||
|
$this->acl['pages_detail'] = $_SESSION['LOGIN_PAGES'];
|
||||||
|
$this->acl['pages_lookup_cuid'] = $_SESSION['LOGIN_PAGES_LOOKUP'];
|
||||||
|
|
||||||
$this->acl['unit_cuid'] = null;
|
$this->acl['unit_cuid'] = null;
|
||||||
$this->acl['unit_name'] = null;
|
$this->acl['unit_name'] = null;
|
||||||
@@ -2728,6 +2735,31 @@ HTML;
|
|||||||
return $this->session->get('LOGIN_PAGES');
|
return $this->session->get('LOGIN_PAGES');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the current loaded list of pages the user can access
|
||||||
|
*
|
||||||
|
* @return array<mixed>
|
||||||
|
*/
|
||||||
|
public function loginGetPageLookupList(): array
|
||||||
|
{
|
||||||
|
return $this->session->get('LOGIN_PAGES_LOOKUP');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check access to a file in the pages list
|
||||||
|
*
|
||||||
|
* @param string $filename File name to check
|
||||||
|
* @return bool True if page in list and anything other than None access, False if failed
|
||||||
|
*/
|
||||||
|
public function loginPageAccessAllowed(string $filename): bool
|
||||||
|
{
|
||||||
|
return (
|
||||||
|
$this->session->get('LOGIN_PAGES')[
|
||||||
|
$this->session->get('LOGIN_PAGES_LOOKUP')[$filename] ?? ''
|
||||||
|
] ?? 0
|
||||||
|
) != 0 ? true : false;
|
||||||
|
}
|
||||||
|
|
||||||
// MARK: logged in uid(pk)/eucuid/eucuuid
|
// MARK: logged in uid(pk)/eucuid/eucuuid
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -50,7 +50,8 @@ class EditUsers implements Interface\TableArraysInterface
|
|||||||
'HIDDEN_value' => $_POST['HIDDEN_password'] ?? '',
|
'HIDDEN_value' => $_POST['HIDDEN_password'] ?? '',
|
||||||
'CONFIRM_value' => $_POST['CONFIRM_password'] ?? '',
|
'CONFIRM_value' => $_POST['CONFIRM_password'] ?? '',
|
||||||
'output_name' => 'Password',
|
'output_name' => 'Password',
|
||||||
'mandatory' => 1,
|
// make it not mandatory to create dummy accounts that can only login via login url id
|
||||||
|
'mandatory' => 0,
|
||||||
'type' => 'password', // later has to be password for encryption in database
|
'type' => 'password', // later has to be password for encryption in database
|
||||||
'update' => [ // connected field updates, and update data
|
'update' => [ // connected field updates, and update data
|
||||||
'password_change_date' => [ // db row to update
|
'password_change_date' => [ // db row to update
|
||||||
|
|||||||
@@ -12,6 +12,8 @@ Not yet covered tests:
|
|||||||
- loginGetLocale
|
- loginGetLocale
|
||||||
- loginGetHeaderColor
|
- loginGetHeaderColor
|
||||||
- loginGetPages
|
- loginGetPages
|
||||||
|
- loginGetPageLookupList
|
||||||
|
- loginPageAccessAllowed
|
||||||
- loginGetEuid
|
- loginGetEuid
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user