Skip to content

Commit

Permalink
replace haveRightOr in front by a new function chechRightOr; see #447
Browse files Browse the repository at this point in the history
  • Loading branch information
@orthagh
orthagh committed Feb 15, 2016
1 parent b71f413 commit 6ac5e75
Show file tree
Hide file tree
Showing 12 changed files with 29 additions and 24 deletions.
2 changes: 1 addition & 1 deletion front/change.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

include ('../inc/includes.php');

Session::haveRightsOr('change', array(Change::READALL, Change::READMY));
Session::checkRightsOr('change', array(Change::READALL, Change::READMY));

Html::header(Change::getTypeName(Session::getPluralNumber()), '', "helpdesk", "change");

Expand Down
2 changes: 1 addition & 1 deletion front/device.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@

include ('../inc/includes.php');

Session::haveRightsOr('device', array(CREATE, UPDATE, PURGE));
Session::checkRightsOr('device', array(CREATE, UPDATE, PURGE));

Html::header(_n('Component', 'Components', 2), $_SERVER['PHP_SELF'], "config", "commondevice");
echo "<div class='center'>";
Expand Down
4 changes: 2 additions & 2 deletions front/displaypreference.form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@

Html::popHeader(__('Setup'), $_SERVER['PHP_SELF']);

Session::haveRightsOr('serach_config', array(DisplayPreference::PERSONAL,
DisplayPreference::GENERAL));
Session::checkRightsOr('search_config', array(DisplayPreference::PERSONAL,
DisplayPreference::GENERAL));

$setupdisplay = new DisplayPreference();

Expand Down
5 changes: 1 addition & 4 deletions front/knowbaseitem.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,7 @@

include ('../inc/includes.php');

if (!Session::haveRightsOr('knowbase', array(READ, KnowbaseItem::READFAQ))) {
Session::redirectIfNotLoggedIn();
Html::displayRightError();
}
Session::checkRightsOr('knowbase', array(READ, KnowbaseItem::READFAQ));

if (isset($_GET["id"])) {
Html::redirect($CFG_GLPI["root_doc"]."/front/knowbaseitem.form.php?id=".$_GET["id"]);
Expand Down
5 changes: 1 addition & 4 deletions front/ldap.group.import.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,7 @@


$group = new Group();
if (!Session::haveRightsOr('group', array(CREATE, UPDATE))) {
Session::redirectIfNotLoggedIn();
Html::displayRightError();
}
Session::checkRightsOr('group', array(CREATE, UPDATE));
Session::checkRight('user', User::UPDATEAUTHENT);

Html::header(__('LDAP directory link'), $_SERVER['PHP_SELF'], "admin", "group", "ldap");
Expand Down
2 changes: 1 addition & 1 deletion front/planning.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@
} else {
Html::header(__('Planning'), $_SERVER['PHP_SELF'], "helpdesk", "planning");

Session::haveRightsOr('planning', array(Planning::READALL, Planning::READMY));
Session::checkRightsOr('planning', array(Planning::READALL, Planning::READMY));

if (!isset($_GET["date"]) || empty($_GET["date"])) {
$_GET["date"] = strftime("%Y-%m-%d");
Expand Down
2 changes: 1 addition & 1 deletion front/problem.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@

include ('../inc/includes.php');

Session::haveRightsOr('problem', array(Problem::READALL, Problem::READMY));
Session::checkRightsOr('problem', array(Problem::READALL, Problem::READMY));

Html::header(Problem::getTypeName(Session::getPluralNumber()), '', "helpdesk", "problem");

Expand Down
2 changes: 1 addition & 1 deletion front/project.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

include ('../inc/includes.php');

Session::haveRightsOr('project', array(Project::READALL, Project::READMY));
Session::checkRightsOr('project', array(Project::READALL, Project::READMY));

Html::header(Project::getTypeName(Session::getPluralNumber()), $_SERVER['PHP_SELF'], "tools", "project");

Expand Down
2 changes: 1 addition & 1 deletion front/projecttask.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

include ('../inc/includes.php');

Session::haveRightsOr('project', array(Project::READALL, Project::READMY, ProjectTask::READMY));
Session::checkRightsOr('project', array(Project::READALL, Project::READMY, ProjectTask::READMY));

Html::header(ProjectTask::getTypeName(Session::getPluralNumber()), $_SERVER['PHP_SELF'], "tools", "project", 'task');

Expand Down
5 changes: 1 addition & 4 deletions front/reservationitem.form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,7 @@
include ('../inc/includes.php');

Session::checkCentralAccess();
if (!Session::haveRightsOr('reservation', array(CREATE, UPDATE, DELETE, PURGE))) {
Session::redirectIfNotLoggedIn();
Html::displayRightError();
}
Session::checkRightsOr('reservation', array(CREATE, UPDATE, DELETE, PURGE));

if (!isset($_GET["id"])) {
$_GET["id"] = '';
Expand Down
5 changes: 1 addition & 4 deletions front/reservationitem.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,7 @@

include ('../inc/includes.php');

if (!Session::haveRightsOr('reservation', array(READ, ReservationItem::RESERVEANITEM))) {
Session::redirectIfNotLoggedIn();
Html::displayRightError();
}
Session::checkRightsOr('reservation', array(READ, ReservationItem::RESERVEANITEM));

if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk") {
Html::helpHeader(__('Simplified interface'), $_SERVER['PHP_SELF'], $_SESSION["glpiname"]);
Expand Down
17 changes: 17 additions & 0 deletions inc/session.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ static function init(Auth $auth) {
$_SESSION["glpiauthtype"] = $auth->user->fields['authtype'];
$_SESSION["glpiroot"] = $CFG_GLPI["root_doc"];
$_SESSION["glpi_use_mode"] = $auth->user->fields['use_mode'];
$_SESSION["glpi_plannings"] = importArrayFromDB($auth->user->fields['plannings']);
$_SESSION["glpicrontimer"] = time();
// Default tab
// $_SESSION['glpi_tab']=1;
Expand Down Expand Up @@ -778,6 +779,22 @@ static function checkRight($module, $right) {
}
}

/**
* Check if I one right of array $rights to module $module (conpare to session variable)
*
* @param $module Module to check
* @param $rights array Rights to check
*
* @return Nothing : display error if not permit
**/
static function checkRightsOr($module, $rights=array()) {
self::checkValidSessionId();
if (!self::haveRightsOr($module, $rights)) {
self::redirectIfNotLoggedIn();
Html::displayRightError();
}
}


/**
* Check if I have one of the right specified
Expand Down

4 comments on commit 6ac5e75

@yllen
Copy link
Collaborator

@yllen yllen commented on 6ac5e75 Mar 14, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a know-base item can be read without being log in.
You can import ldap group with a cron

@orthagh
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yllen, i just factorized existing code in this commit.

Theses checks already exists. See in 0.85
Now, you can change the check if you want.

@yllen
Copy link
Collaborator

@yllen yllen commented on 6ac5e75 Apr 1, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, your factorization add in the new function "self::checkValidSessionId();"
so if you are not connected in GLPI, like to see FAQ, you have a problem

@orthagh
Copy link
Contributor Author

@orthagh orthagh commented on 6ac5e75 Apr 4, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh! you're right !
Thx for the fix

Please sign in to comment.