Method security checking
This commit is contained in:
parent
c0ba6d4e98
commit
e81eb7a446
@ -185,26 +185,19 @@ class Auth_OSB extends Auth_ORM {
|
||||
$uo = $this->get_user();
|
||||
|
||||
// If we are not a valid user object, then we are not logged in
|
||||
if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) {
|
||||
if (Config::sitemode() == Kohana::DEVELOPMENT)
|
||||
SystemMessage::add(array('title'=>'Debug','type'=>'debug','body'=>Debug::vars(array('user'=>$uo->username,'r'=>$role))));
|
||||
|
||||
if (! empty($role) AND Request::current()->mmo()) {
|
||||
// If the role has the authorisation to run the method
|
||||
$gmo = ORM::factory('Group_Method')
|
||||
->where('method_id','=',Request::current()->mmo()->id);
|
||||
|
||||
foreach ($gmo->find_all() as $gm)
|
||||
// $gm->group->id == 0 means all users.
|
||||
if ($gm->group->id == 0 OR $uo->has_any('group',$gm->group->list_childgrps(TRUE))) {
|
||||
$status = TRUE;
|
||||
break;
|
||||
}
|
||||
if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded())
|
||||
if (! empty($role)) {
|
||||
if (($x = Request::current()->mmo()) instanceof Model)
|
||||
// If the role has the authorisation to run the method
|
||||
foreach ($x->group->find_all() as $go)
|
||||
if ($go->id == 0 OR $uo->has_any('group',$go->list_childgrps(TRUE))) {
|
||||
$status = TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
// There is no role, so the method should be allowed to run as anonymous
|
||||
} else
|
||||
$status = TRUE;
|
||||
}
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
@ -45,7 +45,7 @@ class Request extends Kohana_Request {
|
||||
$method = strtolower($this->_directory ? sprintf('%s_%s',$this->_directory,$this->_action) : $this->_action);
|
||||
|
||||
// Get the method number
|
||||
$mmo = ORM::factory('Module_Method',array('module_id'=>$mo->id,'name'=>$method));
|
||||
$mmo = $mo->module_method->where('name','=',$method)->find();
|
||||
|
||||
if ($mmo->loaded())
|
||||
$result = $mmo;
|
||||
|
Reference in New Issue
Block a user