[Jaws-commits] r12461 - trunk/jaws/html/include/Jaws

afz at jaws-project.com afz at jaws-project.com
Sat Jan 21 15:27:32 UTC 2012


Author: afz
Date: 2012-01-21 15:27:32 +0000 (Sat, 21 Jan 2012)
New Revision: 12461

Modified:
   trunk/jaws/html/include/Jaws/ACL.php
   trunk/jaws/html/include/Jaws/Session.php
Log:
Added forbidden ACLs feature, usable in multi instance mode

Modified: trunk/jaws/html/include/Jaws/ACL.php
===================================================================
--- trunk/jaws/html/include/Jaws/ACL.php	2012-01-21 15:26:53 UTC (rev 12460)
+++ trunk/jaws/html/include/Jaws/ACL.php	2012-01-21 15:27:32 UTC (rev 12461)
@@ -360,10 +360,27 @@
      * @param   int      $groups array of group's ID or empty string
      * @param   string   $gadget Gadget to use
      * @param   string   $task   Task to use
+     * @param   bool     $is_super_admin
      * @return  boolean  Permission value: Granted (true) or Denied (false)
      */
-    function GetFullPermission($user, $groups, $gadget, $task)
+    function GetFullPermission($user, $groups, $gadget, $task, $is_super_admin = false)
     {
+        // is in forbidden acls?
+        if (defined('JAWS_FORBIDDEN_ACLS')) {
+            static $forbidden_acls;
+            if (!isset($forbidden_acls)) {
+                $forbidden_acls = array_filter(array_map('trim', explode(',', strtolower(JAWS_FORBIDDEN_ACLS))));
+            }
+
+            if (in_array(strtolower("$gadget:$task"), $forbidden_acls)) {
+                return false;
+            }
+        }
+
+        if ($is_super_admin === true) {
+            return true;
+        }
+
         $this->LoadFile($gadget);
         $this->LoadKeysOf($user, 'users');
 
@@ -395,6 +412,7 @@
                 return $perm[$p];
             }
         }
+
         // If not were a valid perm
         return false;
     }

Modified: trunk/jaws/html/include/Jaws/Session.php
===================================================================
--- trunk/jaws/html/include/Jaws/Session.php	2012-01-21 15:26:53 UTC (rev 12460)
+++ trunk/jaws/html/include/Jaws/Session.php	2012-01-21 15:27:32 UTC (rev 12461)
@@ -468,13 +468,9 @@
      */
     function GetPermission($gadget, $task)
     {
-        if ($this->IsSuperAdmin() === true) {
-            return true;
-        }
-
-        $groups = $this->GetAttribute('groups');
         $user = $this->GetAttribute('username');
-        return $GLOBALS['app']->ACL->GetFullPermission($user, $groups, $gadget, $task);
+        $groups = $this->GetAttribute('groups');
+        return $GLOBALS['app']->ACL->GetFullPermission($user, $groups, $gadget, $task, $this->IsSuperAdmin());
     }
 
     /**



More information about the Jaws-commits mailing list