Xaraya / Postnuke CVS Notices - Message

Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites

View Statistics - Next Notice - Previous Notice

Directory filter : [ all ] / postnuke_modules / articles [ view in CVS ]

Date Directory [filter] File(s) [view] Author [filter]
01 Aug 2002 00:33:47postnuke_modules/articlespnuserapi.php,1.28,1.29 pnversion.php,1.6,1.7Mike
 start extending the security schema (under construction)

Update of /home/cvsroot/postnuke_modules/articles
In directory ns7.hostnuke.net:/tmp/cvs-serv6104

Modified Files:
	pnuserapi.php pnversion.php 
Log Message:
start extending the security schema (under construction)


Index: pnuserapi.php
===================================================================
RCS file: /home/cvsroot/postnuke_modules/articles/pnuserapi.php,v
retrieving revision 1.28
retrieving revision 1.29
diff -C2 -d -r1.28 -r1.29
*** pnuserapi.php	31 Jul 2002 02:14:21 -0000	1.28
--- pnuserapi.php	1 Aug 2002 00:33:45 -0000	1.29
***************
*** 228,232 ****
      $result->Close();
  
!     if ($required['cids']) {
          // Get all the categories at once
          $aids = array();
--- 228,232 ----
      $result->Close();
  
!     if ($required['cids'] && count($articles) > 0) {
          // Get all the categories at once
          $aids = array();
***************
*** 687,690 ****
--- 687,820 ----
  
      return $leftjoin;
+ }
+ 
+ /**
+  * check security for a particular article
+  *
+  * @param $args['access'] the requested security access level
+  *
+  * @param $args['article'] the article array (if already retrieved)
+  * @param $args['aid'] the article ID (if known, and article array not
+                        already retrieved)
+  * @param $args['authorid'] the user ID of the author (if not already included)
+  * @param $args['ptid'] the publication type ID (if not already included)
+  * @param $args['cids'] array of additional required category checks
+  *
+  * @returns bool
+  * @return true if OK, false if not OK
+  */
+ function articles_user_checksecurity($args)
+ {
+     // Get arguments from argument array
+     extract($args);
+ 
+     if (!isset($access)) {
+         return false;
+     }
+ 
+     // Get article information
+     if (!isset($article) && !empty($aid)) {
+         $article = pnModAPIFunc('articles',
+                                 'user',
+                                 'get',
+                                 array('aid' => $aid));
+         if ($article == false) {
+             return false;
+         }
+     }
+     if (empty($aid) && isset($article['aid'])) {
+         $aid = $article['aid'];
+     }
+     if (!isset($aid)) {
+         $aid = '';
+     }
+ 
+     // Get author ID
+     if (isset($article['authorid']) && empty($authorid)) {
+         $authorid = $article['authorid'];
+     }
+     if (!isset($authorid)) {
+         $authorid = '';
+     }
+ 
+     // Get title
+     if (isset($article['title']) && empty($title)) {
+         $title = $article['title'];
+     }
+     if (!isset($title)) {
+         $title = '';
+     }
+ 
+     // Get publication type ID
+     if (isset($article['pubtypeid'])) {
+         if (!isset($ptid)) {
+             $ptid = $article['pubtypeid'];
+         } elseif ($ptid != $article['pubtypeid']) {
+             // Note : but what about re-classifying articles ?
+             return false;
+         }
+     }
+     if (!isset($ptid)) {
+         $ptid = '';
+     }
+ 
+     // Get root categories for this publication type
+     if (!empty($ptid)) {
+         $string = pnModGetVar('articles', 'cids.'.$ptid);
+     }
+     if (!isset($string)) {
+         $string = pnModGetVar('articles', 'cids');
+     }
+     if (!empty($string)) {
+         $rootcids = split(';',$string);
+     } else {
+         // hmmm, strange
+         $rootcids = array();
+     }
+ 
+     // Get category information for this article
+     if (!isset($article['cids']) && !empty($aid)) {
+         $articlecids = pnModAPIFunc('categories',
+                                     'user',
+                                     'getlinks',
+                                     array('iids' => Array($aid),
+                                           'modid' =>
+                                                pnModGetIDFromName('articles'),
+                                           'reverse' => 0
+                                          )
+                                    );
+         if (is_array($articlecids) && count($articlecids) > 0) {
+             $article['cids'] = array_keys($articlecids);
+         } else {
+             $article['cids'] = array();
+         }
+     } 
+ 
+     if (!isset($cids)) {
+         $cids = array();
+     }
+ 
+     $jointcids = array();
+     foreach ($rootcids as $cid) {
+         $jointcids[$cid] = 1;
+     }
+     foreach ($article['cids'] as $cid) {
+         $jointcids[$cid] = 1;
+     }
+     foreach ($cids as $cid) {
+         $jointcids[$cid] = 1;
+     }
+     $cidstring = join(';',array_keys($jointcids));
+ 
+     // Security check : the user should at least be able to access items for
+     //                  this class of articles *and* access this particular item
+     if (pnSecAuthAction(0, 'articles::classification',
+             $ptid.':'.$cidstring.':'.$authorid, $access) &&
+         pnSecAuthAction(0, 'articles::item', $title.'::'.$aid, $access)
+        ) {
+         return true;
+     } else {
+         return false;
+     }
  }
  

Index: pnversion.php
===================================================================
RCS file: /home/cvsroot/postnuke_modules/articles/pnversion.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** pnversion.php	10 Jul 2002 00:13:10 -0000	1.6
--- pnversion.php	1 Aug 2002 00:33:45 -0000	1.7
***************
*** 14,20 ****
  $modversion['class'] = 'Module';
  $modversion['category'] = 'Content';
! // TODO: add security schema by publication type ?
! $modversion['securityschema'] = array('Articles::Category' => 'Category name::Category ID',
!                                  	  'Articles::Item' => 'Item title::Item ID');
  $modversion['id'] = '151';
  
--- 14,21 ----
  $modversion['class'] = 'Module';
  $modversion['category'] = 'Content';
! // TODO: improve how to specify & match against multiple categories !!
! // TODO: create permissions wizard in admin ?
! $modversion['securityschema'] = array('articles::classification' => 'Publication Type ID:^(|.*;)Category ID(;.*|)$:Author ID',
!                                   'articles::item' => 'Item Title:to be filled in:Item ID');
  $modversion['id'] = '151';
  


Directory filter : [ all ] / postnuke_modules / articles [ view in CVS ]

View Statistics - Next Notice - Previous Notice


Visit Developer Site - Browse CVS Repository Syndicate via backend.rss
(max. once per hour please)
Powered by CVSNotice 0.1.3