commit 6609ad096ce233556452fbafdc81439b8c7e9aea
parent 073452115e6d11b8abd08f053fdc89fa5c7fc17e
Author: Jan Dankert <develop@jandankert.de>
Date: Thu, 29 Aug 2019 23:58:41 +0200
Refactoring: Auth-Module in der Konfiguration als Liste.
Diffstat:
6 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/modules/cms-core/Dispatcher.class.php b/modules/cms-core/Dispatcher.class.php
@@ -150,7 +150,7 @@ class Dispatcher
break;
case Action::SECURITY_ADMIN:
if (!is_object($do->currentUser) || !$do->currentUser->isAdmin)
- throw new SecurityException('This action requires administration privileges, but user ' . $do->currentUser->name . ' is not an admin');
+ throw new SecurityException('This action requires administration privileges, but user ' . @$do->currentUser->name . ' is not an admin');
break;
default:
}
diff --git a/modules/cms-core/action/LoginAction.class.php b/modules/cms-core/action/LoginAction.class.php
@@ -365,7 +365,7 @@ class LoginAction extends Action
$this->setTemplateVar('send_password',$conf['login' ]['send_password']);
// Versuchen, einen Benutzernamen zu ermitteln, der im Eingabeformular vorausgewählt wird.
- $modules = explode(',',$conf['security']['modules']['preselect']);
+ $modules = $conf['security']['preselect']['modules'];
$username = '';
foreach( $modules as $module)
@@ -718,8 +718,8 @@ class LoginAction extends Action
$this->setCookie('or_username',$loginName );
$this->setCookie('or_dbid' ,$this->getRequestVar('dbid'));
- // Authentifzierungs-Module.
- $modules = explode(',',$conf['security']['modules']['authenticate']);
+ // Authentifizierungs-Module.
+ $modules = $conf['security']['authenticate']['modules'];
$loginOk = false;
$mustChangePassword = false;
diff --git a/modules/cms-core/model/BaseObject.class.php b/modules/cms-core/model/BaseObject.class.php
@@ -264,7 +264,13 @@ class BaseObject
{
$user = \Session::getUser();
- if ( $user->isAdmin )
+
+ if ( ! is_object($user)) {
+ // TODO: read "all" permissions here. maybe.
+ return false;
+ }
+
+ elseif ( $user->isAdmin )
{
// Administratoren erhalten eine Maske mit allen Rechten
$this->aclMask = Acl::ACL_READ +
diff --git a/modules/cms-ui/action/IndexAction.class.php b/modules/cms-ui/action/IndexAction.class.php
@@ -814,7 +814,7 @@ class IndexAction extends Action
private function tryAutoLogin()
{
- $modules = explode(',',config('security','modules','autologin'));
+ $modules = config('security','autologin','modules');
$username = null;
foreach( $modules as $module)
diff --git a/modules/util/Tree.class.php b/modules/util/Tree.class.php
@@ -32,7 +32,7 @@ class Tree
{
// Feststellen, ob der angemeldete Benutzer ein Administrator ist
$user = Session::getUser();
- $this->userIsAdmin = isset($user) && $user->isAdmin;
+ $this->userIsAdmin = is_object($user) && $user->isAdmin;
}
public function root()
diff --git a/modules/util/config-default.php b/modules/util/config-default.php
@@ -748,10 +748,12 @@ function createDefaultConfig()
$conf['security']['authorize']['type']='database';
$conf['security']['authorize']['type']='ldap';
- $conf['security']['modules'] = array();
- $conf['security']['modules']['autologin']='Remember,Guest,SingleSignon';
- $conf['security']['modules']['preselect']='Ident,SSL,Cookie';
- $conf['security']['modules']['authenticate']='LdapUserDN,Database,Internal';
+ $conf['security']['autologin'] = array();
+ $conf['security']['autologin']['modules']=array('Remember','Guest','SingleSignon');
+ $conf['security']['preselect'] = array();
+ $conf['security']['preselect']['modules']=array('Ident','SSL','Cookie');
+ $conf['security']['authenticate'] = array();
+ $conf['security']['authenticate']['modules']=array('LdapUserDN','Database','Internal');
$conf['security']['newuser'] = array();
$conf['security']['newuser']['autoadd'] = true;