commit ad55778676cb1fc269fddb6467560f87d6709045
parent 79bfb87d82b1bc899f956fb9de18e622fc8512d9
Author: Jan Dankert <devnull@localhost>
Date: Thu, 30 Aug 2018 00:34:00 +0200
Fix: Anzeige der Berechtigungen vereinheitlicht, weil alle Objekttypen die gleichen Berechtigungseinstellungen haben; Fix: Die 2. Action nach einem POST wird als GET ausgeführt.
Diffstat:
13 files changed, 76 insertions(+), 273 deletions(-)
diff --git a/modules/cms-core/Dispatcher.class.php b/modules/cms-core/Dispatcher.class.php
@@ -286,8 +286,6 @@ class Dispatcher
else
define('OR_ID', '');
- $do->init();
-
$this->checkAccess($do);
// POST-Request => ...Post() wird aufgerufen.
@@ -300,7 +298,7 @@ class Dispatcher
if ( ! $this->request->isAction && $this->request->action != 'index' )
Session::close();
- Logger::debug("Executing {$this->request->action}/{$this->request->method}/" . @$REQ[REQ_PARAM_ID].' embed='.$this->request->isEmbedded);
+ Logger::debug("Dispatcher executing {$this->request->action}/{$this->request->method}/" . @$REQ[REQ_PARAM_ID].' -> '.$actionClassName.'#'.$subactionMethodName.'() embed='.$this->request->isEmbedded);
if (!method_exists($do, $subactionMethodName))
throw new BadMethodCallException("Method '$subactionMethodName' does not exist");
diff --git a/modules/cms-core/action/Action.class.php b/modules/cms-core/action/Action.class.php
@@ -81,17 +81,6 @@ namespace cms\action {
}
/**
- * Wird durch das Controller-Skript (do.php) nach der Kontruierung des Objektes aufgerufen.
- * So koennen Unterklassen ihren eigenen Kontruktor besitzen, ohne den Superkontruktor
- * (=diese Funktion) aufrufen zu m�ssen.
- */
- public function init()
- {
-
- }
-
-
- /**
* Liest eine Session-Variable
*
* @param String $varName Schl�ssel
@@ -298,18 +287,7 @@ namespace cms\action {
*/
protected function userIsAdmin()
{
- $user = Session::getUser();
- return is_object($user) && $user->isAdmin;
- }
-
-
- /**
- * Ermitteln, ob Benutzer Administratorrechte besitzt
- * @return Boolean TRUE, falls der Benutzer ein Administrator ist.
- */
- public function userIsLoggedIn()
- {
- $user = Session::getUser();
+ $user = $this->getUserFromSession();
return is_object($user) && $user->isAdmin;
}
@@ -427,47 +405,4 @@ namespace cms\action {
}
}
-
-// TODO - nicht benutzt
- interface ActionResult
- {
- public function getErrorField();
-
- public function isSuccess();
- }
-
- class ActionResultSuccess implements ActionResult
- {
- public function isSuccess()
- {
- return true;
- }
-
- public function getErrorField()
- {
- return null;
- }
- }
-
- class ActionResultError implements ActionResult
- {
- private $fieldName;
-
- public function __construct($name)
- {
- $this->fieldName = $name;
- }
-
- public function isSuccess()
- {
- return false;
- }
-
- public function getErrorField()
- {
- return $this->fieldName;
- }
- }
-
-
}
\ No newline at end of file
diff --git a/modules/cms-core/action/ObjectAction.class.php b/modules/cms-core/action/ObjectAction.class.php
@@ -12,6 +12,7 @@ use cms\model\BaseObject;
use cms\model\Language;
use cms\model\File;
use cms\model\Link;
+use Session;
// OpenRat Content Management System
// Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de
@@ -330,15 +331,6 @@ class ObjectAction extends Action
$acllist = array();
- /*
- foreach( $o->getAllInheritedAclIds() as $aclid )
- {
- $acl = new Acl( $aclid );
- $acl->load();
- $key = 'au'.$acl->username.'g'.$acl->groupname.'a'.$aclid;
- $acllist[$key] = $acl->getProperties();
- }
- */
foreach( $o->getAllAclIds() as $aclid )
{
@@ -353,7 +345,9 @@ class ObjectAction extends Action
$this->setTemplateVar('acls',$acllist );
$this->setTemplateVars( $o->getAssocRelatedAclTypes() );
- }
+
+ $this->request->action = 'object';
+ }
@@ -368,7 +362,9 @@ class ObjectAction extends Action
$acllist = array();
$this->setTemplateVar('acls',$acllist );
- }
+
+ $this->request->action = 'object';
+ }
@@ -459,6 +455,8 @@ class ObjectAction extends Action
$this->setTemplateVar('languages',$languages );
$this->setTemplateVar('objectid' ,$o->objectid );
$this->setTemplateVar('action' ,$this->request->action);
+
+ $this->request->action = 'object';
}
diff --git a/modules/cms-core/action/ProjectlistAction.class.php b/modules/cms-core/action/ProjectlistAction.class.php
@@ -38,19 +38,12 @@ class ProjectlistAction extends Action
}
- public function editView()
- {
- $this->nextSubAction('show');
- }
-
/**
* Liste aller Projekte anzeigen.
*
*/
- public function showView()
+ public function editView()
{
- global $conf_php;
-
// Projekte ermitteln
$list = array();
@@ -94,10 +87,10 @@ class ProjectlistAction extends Action
$this->callSubAction('add');
return;
}
- $this->project = new Project();
- $this->project->name = $this->getRequestVar('name');
- $this->project->add();
- $this->addNotice('project',$this->project->name,'ADDED');
+ $project = new Project();
+ $project->name = $this->getRequestVar('name');
+ $project->add();
+ $this->addNotice('project',$project->name,'ADDED');
break;
case 'copy':
$db = db_connection();
diff --git a/modules/cms-core/model/BaseObject.class.php b/modules/cms-core/model/BaseObject.class.php
@@ -772,7 +772,7 @@ SQL
*
* @access private
*/
- function ObjectSaveName()
+ public function ObjectSaveName()
{
$db = db_connection();
@@ -820,7 +820,7 @@ SQL
* Diese Methode wird daher normalerweise nur vom Unterobjekt augerufen
* @access protected
*/
- function objectDelete()
+ public function objectDelete()
{
$db = db_connection();
@@ -859,11 +859,12 @@ SQL
/**
- * Objekt hinzufuegen
+ * Objekt hinzufuegen.
+ *
+ * Standardrechte und vom Elternobjekt vererbbare Berechtigungen werden gesetzt.
*/
function objectAdd()
{
- global $SESS;
$db = db_connection();
// Neue Objekt-Id bestimmen
@@ -898,8 +899,8 @@ SQL
$this->objectSaveName();
// Standard-Rechte fuer dieses neue Objekt setzen.
- // Der angemeldete Benutzer erhaelt Lese- und Schreibrechte auf
- // das neue Objekt.
+ // Der angemeldete Benutzer erhaelt alle Rechte auf
+ // das neue Objekt. Legitim, denn er hat es ja angelegt.
$acl = new Acl();
$acl->userid = $user->userid;
$acl->objectid = $this->objectid;
@@ -908,19 +909,18 @@ SQL
$acl->write = true;
$acl->prop = true;
$acl->delete = true;
- $acl->grant = true;
- if ( $this->isFolder )
- {
- $acl->create_file = true;
- $acl->create_page = true;
- $acl->create_folder = true;
- $acl->create_link = true;
- }
+ $acl->grant = true;
+
+ $acl->create_file = true;
+ $acl->create_page = true;
+ $acl->create_folder = true;
+ $acl->create_link = true;
+
$acl->add();
// Aus dem Eltern-Ordner vererbbare Berechtigungen uebernehmen.
- $folder = new Folder( $this->parentid );
- foreach( $folder->getAclIds() as $aclid )
+ $parent = new BaseObject( $this->parentid );
+ foreach( $parent->getAllAclIds() as $aclid )
{
$acl = new Acl( $aclid );
$acl->load();
@@ -992,22 +992,6 @@ SQL
}
- function getAclIds()
- {
- $db = db_connection();
-
- $sql = $db->sql( 'SELECT id FROM {{acl}} '.
- ' WHERE objectid={objectid}'.
- ' AND ( languageid IS NULL OR '.
- ' languageid = {languageid} )'.
- ' ORDER BY userid,groupid ASC' );
- $sql->setInt('languageid',$this->languageid);
- $sql->setInt('objectid' ,$this->objectid);
-
- return $sql->getCol();
- }
-
-
function getAllAclIds()
{
$db = db_connection();
@@ -1021,96 +1005,21 @@ SQL
}
- function getInheritedAclIds()
- {
- $acls = array();
-
- if ( $this->getType() == 'unknown' )
- $this->load();
-
- // Root-Ordner erhaelt keine Vererbungen
- if ( $this->isRoot )
- return $acls;
-
- $db = db_connection();
- $folder = new Folder( $this->parentid );
-
- foreach( $folder->parentObjectFileNames(true,true) as $oid=>$filename )
- {
- $sql = $db->sql( 'SELECT id FROM {{acl}} '.
- ' WHERE objectid={objectid}'.
- ' AND is_transmit = 1'.
- ' AND ( languageid IS NULL OR '.
- ' languageid = {languageid} )'.
- ' ORDER BY userid,groupid ASC' );
- $sql->setInt('objectid' ,$oid);
- $sql->setInt('languageid',$this->languageid);
- $acls = array_merge( $acls,$sql->getCol() );
- }
-
- return $acls;
- }
-
-
- function getAllInheritedAclIds()
- {
- $acls = array();
-
- if ( $this->getType() == 'unknown' )
- $this->load();
-
- // Root-Ordner erhaelt keine Vererbungen
- if ( $this->isRoot )
- return $acls;
-
- $db = db_connection();
- $folder = new Folder( $this->parentid );
-
- foreach( $folder->parentObjectFileNames(true,true) as $oid=>$filename )
- {
- $sql = $db->sql( 'SELECT id FROM {{acl}} '.
- ' WHERE objectid={objectid}'.
- ' AND is_transmit = 1'.
- ' ORDER BY userid,groupid ASC' );
- $sql->setInt('objectid' ,$oid);
- $acls = array_merge( $acls,$sql->getCol() );
- }
-
- return $acls;
- }
-
-
/**
- * Ermitteln aller Berechtigungsstufen, die fuer diesen Objekttyp wichtig sind
+ * Ermitteln aller Berechtigungsstufen.
*/
function getRelatedAclTypes()
{
- if ( $this->isFolder )
- return( array('read','write','delete','prop','release','publish','create_folder','create_file','create_page','create_link','grant','transmit') );
- if ( $this->isFile )
- return( array('read','write','delete','prop','release','publish','grant') );
- if ( $this->isText )
- return( array('read','write','delete','prop','release','publish','grant') );
- if ( $this->isImage )
- return( array('read','write','delete','prop','release','publish','grant') );
- if ( $this->isPage )
- return( array('read','write','delete','prop','release','publish','grant') );
- if ( $this->isLink )
- return( array('read','write','delete','prop','grant') );
- if ( $this->isUrl )
- return( array('read','write','delete','prop','grant') );
+ return( array('read','write','delete','prop','release','publish','create_folder','create_file','create_page','create_link','grant','transmit') );
}
/**
- * Ermitteln aller Berechtigungsstufen, die fuer diesen Objekttyp wichtig sind
+ * Ermitteln aller Berechtigungsstufen.
*/
function getAssocRelatedAclTypes()
{
- $rights = array('read','write','delete','prop','release','publish','create_folder','create_file','create_page','create_link','grant','transmit');
$types = array();
- foreach( $rights as $r )
- $types[$r] = false;
foreach( $this->getRelatedAclTypes() as $t )
$types[$t] = true;
@@ -1122,7 +1031,7 @@ SQL
* Entfernen aller ACLs zu diesem Objekt
* @access private
*/
- function deleteAllACLs()
+ private function deleteAllACLs()
{
foreach( $this->getAllAclIds() as $aclid )
{
@@ -1135,50 +1044,6 @@ SQL
/**
- * Liefert einen temporären Dateinamen.
- * @param $attr Attribute fuer den Dateinamen, um diesen eindeutig zu gestalten.
- * @return unknown_type
- */
- public function getTempFileName( $attr = array() )
- {
- global $conf;
-
-// if ( $conf['cache']['enable_cache'] )
-// {
- $filename = \FileUtils::getTempDir().'/openrat';
- foreach( $attr as $a=>$w )
- $filename .= '_'.$a.$w;
-
- $filename .= '.tmp';
- return $filename;
-// }
-// else
-// {
-// $tmpdir = @$conf['cache']['tmp_dir'];
-// $tmpfile = tempnam( $tmpdir,'openrat_tmp' );
-//
-// return $tmpfile;
-// }
- }
-
-
-
- /**
- * Gibt ein fertiges Dateihandle fuer eine temporaere Datei zurück.
- * @return Resource
- */
- protected function getTempFile()
- {
- return tmpfile();
- }
-
-
- public function getTempDir()
- {
- \FileUtils::getTempDir();
- }
-
- /**
* Reihenfolge-Sequenznr. dieses Objektes neu speichern
* die Nr. wird sofort in der Datenbank gespeichert.
*
diff --git a/modules/cms-core/model/File.class.php b/modules/cms-core/model/File.class.php
@@ -462,7 +462,7 @@ EOF
if ( $this->tmpfile == '' )
{
$db = db_connection();
- $this->tmpfile = $this->getTempFileName( array('db'=>$db->id,'o'.$this->objectid) );
+ $this->tmpfile = \FileUtils::getTempFileName( array('db'=>$db->id,'o'.$this->objectid) );
}
return $this->tmpfile;
}
diff --git a/modules/cms-core/model/Page.class.php b/modules/cms-core/model/Page.class.php
@@ -790,7 +790,7 @@ class Page extends BaseObject
function tmpfile()
{
$db = db_connection();
- $filename = $this->getTempFileName( array('db'=>$db->id,
+ $filename = \FileUtils::getTempFileName( array('db'=>$db->id,
'o' =>$this->objectid,
'l' =>$this->languageid,
'm' =>$this->modelid,
diff --git a/modules/cms-core/model/Value.class.php b/modules/cms-core/model/Value.class.php
@@ -1649,7 +1649,7 @@ SQL
function tmpfile()
{
$db = db_connection();
- $filename = BaseObject::getTempFileName( array('db'=>$db->id,
+ $filename = \FileUtils::getTempFileName( array('db'=>$db->id,
'va'=>$this->valueid,
'el'=>$this->element->elementid,
'la'=>$this->languageid,
diff --git a/modules/cms-ui/action/IndexAction.class.php b/modules/cms-ui/action/IndexAction.class.php
@@ -28,8 +28,6 @@ class IndexAction extends Action
public $security = SECURITY_GUEST;
- private $perspective;
-
/**
* Konstruktor
*/
@@ -37,11 +35,7 @@ class IndexAction extends Action
{
parent::__construct();
- $this->perspective = Session::get('perspective');
- Logger::info('Index: Perspective is '.$this->perspective);
-
- if ( !empty($this->perspective))
- $this->lastModified( config('config','last_modification_time') );
+ // $this->lastModified( config('config','last_modification_time') );
}
@@ -149,7 +143,15 @@ class IndexAction extends Action
$this->setTemplateVar('jsFiles' , $this->getJSFiles() );
$this->setTemplateVar('cssFiles',$this->getCSSFiles() );
- $styleConfig = config('style-default') + config('style', $style);
+ $styleConfig = config('style-default'); // default style config
+ $userStyleConfig = config('style', $style); // user style config
+
+ if (is_array($userStyleConfig))
+ $styleConfig += $userStyleConfig; // Merging user style into default style
+ else
+ ; // Unknown style name, we are ignoring this.
+
+ // Theme base color for smartphones colorizing their status bar.
$this->setTemplateVar('themeColor', $this->getColorHexCode($styleConfig['title_background_color']));
$this->setTemplateVar('notices', array());
@@ -755,7 +757,10 @@ class IndexAction extends Action
}
$user = Session::getUser();
- $userIsLoggedIn = $user != null;
+
+ if ( !is_object($user) )
+ return 'login';
+
// Das zuletzt geänderte benutzen.
if ( config('login','start','start_lastchanged_object') )
@@ -785,9 +790,6 @@ class IndexAction extends Action
}
- if( !$userIsLoggedIn )
- return 'login';
-
return 'start';
}
diff --git a/modules/cms-ui/themes/default/html/views/login/login.php b/modules/cms-ui/themes/default/html/views/login/login.php
@@ -4,8 +4,8 @@
<form name="" target="_self" data-target="top" action="./" data-method="login" data-action="login" data-id="<?php echo OR_ID ?>" method="POST" enctype="application/x-www-form-urlencoded" class="login" data-async="" data-autosave=""><input type="submit" class="invisible" /><input type="hidden" name="<?php echo REQ_PARAM_TOKEN ?>" value="<?php echo token() ?>" /><input type="hidden" name="<?php echo REQ_PARAM_ACTION ?>" value="login" /><input type="hidden" name="<?php echo REQ_PARAM_SUBACTION ?>" value="login" /><input type="hidden" name="<?php echo REQ_PARAM_ID ?>" value="<?php echo OR_ID ?>" />
<?php $if3=(config('login','logo','enabled')); if($if3){?>
- <?php $if4=(!empty(config('login','logo','url'))); if($if4){?>
- <a target="_self" data-url="<?php echo config('login','logo','url') ?>" data-action="" data-method="<?php echo OR_METHOD ?>" data-id="<?php echo OR_ID ?>" data-extra="[]" href="<?php echo Html::url('','','',array()) ?>">
+ <?php $if4=!(empty(config('login','logo','url'))); if($if4){?>
+ <a target="_self" data-url="<?php echo config('login','logo','url') ?>" data-action="" data-method="login" data-id="<?php echo OR_ID ?>" data-extra="[]" href="<?php echo Html::url('','','',array()) ?>">
<img class="" title="" src="<?php echo config('login','logo','image') ?>" />
</a>
@@ -16,7 +16,7 @@
<?php } ?>
<?php } ?>
- <?php $if3=(!empty(config('login','motd'))); if($if3){?>
+ <?php $if3=!(empty(config('login','motd'))); if($if3){?>
<div class="message info">
<span class="text"><?php echo nl2br(encodeHtml(htmlentities(config('login','motd')))); ?></span>
@@ -43,7 +43,7 @@
</label>
</div>
<div class="input">
- <?php $if6=!(!empty($$force_username)); if($if6){?>
+ <?php $if6=!(isset($$force_username)); if($if6){?>
<div class="inputholder"><input<?php if ('') echo ' disabled="true"' ?> placeholder="<?php echo lang('USER_USERNAME') ?>" id="<?php echo REQUEST_ID ?>_login_name" name="login_name<?php if ('') echo '_disabled' ?>" type="text" maxlength="256" class="name" value="<?php echo Text::encodeHtml(@$login_name) ?>" /><?php if ('') { ?><input type="hidden" name="login_name" value="<?php $login_name ?>"/><?php } ?></div>
<?php } ?>
diff --git a/modules/cms-ui/themes/default/html/views/login/login.tpl.src.xml b/modules/cms-ui/themes/default/html/views/login/login.tpl.src.xml
@@ -3,7 +3,7 @@
<header views="password,register,license"></header>
<form cancel="false" label="message:menu_login" visible="true" action="login" subaction="login" target="top">
<if true="config:login/logo/enabled">
- <if present="config:login/logo/url">
+ <if not="not" empty="config:login/logo/url">
<link url="config:login/logo/url" target="_top">
<image url="config:login/logo/image"></image>
</link>
@@ -12,7 +12,7 @@
<image url="config:login/logo/image"></image>
</else>
</if>
- <if present="config:login/motd">
+ <if not="not" empty="config:login/motd">
<part class="message info">
<text value="config:login/motd"></text>
</part>
diff --git a/modules/util/ArchiveUnzip.class.php b/modules/util/ArchiveUnzip.class.php
@@ -53,7 +53,7 @@ class ArchiveUnzip{
var $dirSignatureE= "\x50\x4b\x05\x06"; // end of central dir signature
// Public
- Function ArchiveUnzip()
+ Function __construct()
{
$this->compressedList =
$this->centralDirList =
diff --git a/modules/util/FileUtils.class.php b/modules/util/FileUtils.class.php
@@ -59,10 +59,22 @@ class FileUtils
return FileUtils::slashify( $tmpdir );
}
-
-
-
- /**
+
+
+
+ public static function getTempFileName( $attr = array() )
+ {
+ $filename = FileUtils::getTempDir() . '/openrat';
+ foreach ($attr as $a => $w)
+ $filename .= '_' . $a . $w;
+
+ $filename .= '.tmp';
+ return $filename;
+ }
+
+
+
+ /**
* Liest die Dateien aus dem angegebenen Ordner in ein Array.
*
* @param $dir string Verzeichnis, welches gelesen werden soll