File modules/cms/action/object/ObjectRightsAction.class.php

Last commit: Fri Dec 3 23:27:44 2021 +0100	dankert	New: Only allowed methods are shown in the dropdown menu; Some security enhancements.


     1 <?php
     2 namespace cms\action\object;
     3 use cms\action\Method;
     4 use cms\action\ObjectAction;
     5 use cms\base\Language;
     6 use cms\model\Permission;
     7 use cms\model\BaseObject;
     8 use language\Messages;
     9 
    10 
    11 class ObjectRightsAction extends ObjectAction implements Method {
    12 
    13 
    14 	public function view() {
    15 		$o = new BaseObject( $this->request->getId() );
    16 		$o->objectLoadRaw();
    17 		$this->setTemplateVar( 'show',$o->getRelatedAclTypes() );
    18 		$this->setTemplateVar( 'type',$o->getType() );
    19 		
    20 		$acllist = array();
    21 
    22 
    23 		foreach( $o->getAllAclIds() as $aclid )
    24 		{
    25 			$permission = new Permission( $aclid );
    26 			$permission->load();
    27 			$key = 'bu'.$permission->username.'g'.$permission->groupname.'a'.$aclid;
    28 			$acllist[$key] = $permission->getProperties();
    29 			$acllist[$key]['aclid'] = $aclid;
    30 
    31 			switch( $permission->type ) {
    32 				case Permission::TYPE_USER:
    33 					$type = 'user';
    34 					$name = $permission->username;
    35 					break;
    36 				case Permission::TYPE_GROUP:
    37 					$type = 'group';
    38 					$name = $permission->groupname;
    39 					break;
    40 				case Permission::TYPE_AUTH:
    41 					$type = 'auth';
    42 					$name = Language::lang( Messages::USERS_AUTHENTICATED );
    43 					break;
    44 				case Permission::TYPE_GUEST:
    45 				default:
    46 					$type = 'guest';
    47 					$name = Language::lang( Messages::USERS_GUESTS );
    48 					break;
    49 			}
    50 
    51 			$acllist[$key]['type'] = $type;
    52 			$acllist[$key]['name'] = $name;
    53 		}
    54 		ksort( $acllist );
    55 
    56 		$this->setTemplateVar('acls',$acllist );
    57 
    58 		$this->setTemplateVars( $o->getAssocRelatedAclTypes() );
    59     }
    60     public function post() {
    61     }
    62 
    63 
    64 	/**
    65 	 * @return int Permission-flag.
    66 	 */
    67 	public function getRequiredPermission() {
    68 		return Permission::ACL_GRANT;
    69 	}
    70 
    71 
    72 }



Download modules/cms/action/object/ObjectRightsAction.class.php


History
Fri, 3 Dec 2021 23:27:44 +0100	dankert	New: Only allowed methods are shown in the dropdown menu; Some security enhancements.
Sat, 27 Nov 2021 22:28:51 +0100	Jan Dankert	UI-Cleanup for the permission list. Now this is much better for small displays.
Sat, 6 Mar 2021 03:42:38 +0100	Jan Dankert	New: Better permission checks.
Fri, 26 Feb 2021 01:06:01 +0100	Jan Dankert	Refactoring accessing the request parameter values.
Mon, 4 Jan 2021 19:03:18 +0100	Jan Dankert	Refactoring: ACL class is renamed to Permission, because most RBAC/DMAC concepts are calling it a permission.
Tue, 17 Nov 2020 23:51:00 +0100	Jan Dankert	Refactoring: Every Actionmethod has now its own class.