Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_modules / articles [ view in CVS ]
Date | Directory [filter] | File(s) [view] | Author [filter] |
01 Aug 2002 00:33:47 | postnuke_modules/articles | pnuserapi.php,1.28,1.29 pnversion.php,1.6,1.7 | Mike |
start extending the security schema (under construction) |
Update of /home/cvsroot/postnuke_modules/articles In directory ns7.hostnuke.net:/tmp/cvs-serv6104 Modified Files: pnuserapi.php pnversion.php Log Message: start extending the security schema (under construction) Index: pnuserapi.php =================================================================== RCS file: /home/cvsroot/postnuke_modules/articles/pnuserapi.php,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** pnuserapi.php 31 Jul 2002 02:14:21 -0000 1.28 --- pnuserapi.php 1 Aug 2002 00:33:45 -0000 1.29 *************** *** 228,232 **** $result->Close(); ! if ($required['cids']) { // Get all the categories at once $aids = array(); --- 228,232 ---- $result->Close(); ! if ($required['cids'] && count($articles) > 0) { // Get all the categories at once $aids = array(); *************** *** 687,690 **** --- 687,820 ---- return $leftjoin; + } + + /** + * check security for a particular article + * + * @param $args['access'] the requested security access level + * + * @param $args['article'] the article array (if already retrieved) + * @param $args['aid'] the article ID (if known, and article array not + already retrieved) + * @param $args['authorid'] the user ID of the author (if not already included) + * @param $args['ptid'] the publication type ID (if not already included) + * @param $args['cids'] array of additional required category checks + * + * @returns bool + * @return true if OK, false if not OK + */ + function articles_user_checksecurity($args) + { + // Get arguments from argument array + extract($args); + + if (!isset($access)) { + return false; + } + + // Get article information + if (!isset($article) && !empty($aid)) { + $article = pnModAPIFunc('articles', + 'user', + 'get', + array('aid' => $aid)); + if ($article == false) { + return false; + } + } + if (empty($aid) && isset($article['aid'])) { + $aid = $article['aid']; + } + if (!isset($aid)) { + $aid = ''; + } + + // Get author ID + if (isset($article['authorid']) && empty($authorid)) { + $authorid = $article['authorid']; + } + if (!isset($authorid)) { + $authorid = ''; + } + + // Get title + if (isset($article['title']) && empty($title)) { + $title = $article['title']; + } + if (!isset($title)) { + $title = ''; + } + + // Get publication type ID + if (isset($article['pubtypeid'])) { + if (!isset($ptid)) { + $ptid = $article['pubtypeid']; + } elseif ($ptid != $article['pubtypeid']) { + // Note : but what about re-classifying articles ? + return false; + } + } + if (!isset($ptid)) { + $ptid = ''; + } + + // Get root categories for this publication type + if (!empty($ptid)) { + $string = pnModGetVar('articles', 'cids.'.$ptid); + } + if (!isset($string)) { + $string = pnModGetVar('articles', 'cids'); + } + if (!empty($string)) { + $rootcids = split(';',$string); + } else { + // hmmm, strange + $rootcids = array(); + } + + // Get category information for this article + if (!isset($article['cids']) && !empty($aid)) { + $articlecids = pnModAPIFunc('categories', + 'user', + 'getlinks', + array('iids' => Array($aid), + 'modid' => + pnModGetIDFromName('articles'), + 'reverse' => 0 + ) + ); + if (is_array($articlecids) && count($articlecids) > 0) { + $article['cids'] = array_keys($articlecids); + } else { + $article['cids'] = array(); + } + } + + if (!isset($cids)) { + $cids = array(); + } + + $jointcids = array(); + foreach ($rootcids as $cid) { + $jointcids[$cid] = 1; + } + foreach ($article['cids'] as $cid) { + $jointcids[$cid] = 1; + } + foreach ($cids as $cid) { + $jointcids[$cid] = 1; + } + $cidstring = join(';',array_keys($jointcids)); + + // Security check : the user should at least be able to access items for + // this class of articles *and* access this particular item + if (pnSecAuthAction(0, 'articles::classification', + $ptid.':'.$cidstring.':'.$authorid, $access) && + pnSecAuthAction(0, 'articles::item', $title.'::'.$aid, $access) + ) { + return true; + } else { + return false; + } } Index: pnversion.php =================================================================== RCS file: /home/cvsroot/postnuke_modules/articles/pnversion.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** pnversion.php 10 Jul 2002 00:13:10 -0000 1.6 --- pnversion.php 1 Aug 2002 00:33:45 -0000 1.7 *************** *** 14,20 **** $modversion['class'] = 'Module'; $modversion['category'] = 'Content'; ! // TODO: add security schema by publication type ? ! $modversion['securityschema'] = array('Articles::Category' => 'Category name::Category ID', ! 'Articles::Item' => 'Item title::Item ID'); $modversion['id'] = '151'; --- 14,21 ---- $modversion['class'] = 'Module'; $modversion['category'] = 'Content'; ! // TODO: improve how to specify & match against multiple categories !! ! // TODO: create permissions wizard in admin ? ! $modversion['securityschema'] = array('articles::classification' => 'Publication Type ID:^(|.*;)Category ID(;.*|)$:Author ID', ! 'articles::item' => 'Item Title:to be filled in:Item ID'); $modversion['id'] = '151';
View Statistics - Next Notice - Previous Notice
Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |