From fc5cea470a5c7ad5e8c15edc5f8eea8115329ece Mon Sep 17 00:00:00 2001 From: Deon George Date: Wed, 8 Oct 2014 23:20:27 +1100 Subject: [PATCH] Some minor internal fixes --- classes/lnApp/Auth/ORM.php | 5 +++-- classes/lnApp/Controller/TemplateDefault.php | 12 ++++++++++-- classes/lnApp/Form.php | 11 +++++++---- classes/lnApp/Menu.php | 7 ++++--- views/errors/400.php | 6 ++++++ 5 files changed, 30 insertions(+), 11 deletions(-) create mode 100644 views/errors/400.php diff --git a/classes/lnApp/Auth/ORM.php b/classes/lnApp/Auth/ORM.php index 2e98a19..085e121 100644 --- a/classes/lnApp/Auth/ORM.php +++ b/classes/lnApp/Auth/ORM.php @@ -98,7 +98,7 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM { * @return boolean TRUE if authorised, FALSE if not. */ public function authorised(Model_Account $ao) { - return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM)))); + return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR ($uo->admin > $ao->admin))); } public function get_groups() { @@ -158,7 +158,8 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM { // If we are not a valid user object, then we are not logged in if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) - $status = TRUE; + if (empty($role) OR ($role <= $uo->admin)) + $status = TRUE; return $status; } diff --git a/classes/lnApp/Controller/TemplateDefault.php b/classes/lnApp/Controller/TemplateDefault.php index 5973cfb..b4986da 100644 --- a/classes/lnApp/Controller/TemplateDefault.php +++ b/classes/lnApp/Controller/TemplateDefault.php @@ -68,7 +68,15 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa * @uses meta */ public function before() { - $this->ao = Auth::instance()->get_user(); + if ($this->auth_required) { + if (! count($this->secure_actions) OR (! isset($this->secure_actions[Request::current()->action()]))) + throw HTTP_Exception::factory(403,'Class has no security defined :class, or no security configured for :method',array(':class'=>get_class($this),':method'=>Request::current()->action())); + + $this->ao = Auth::instance()->get_user(); + + if (! is_null($this->ao) AND (is_string($this->ao))) + throw HTTP_Exception::factory(501,'Account doesnt exist :account ?',array(':account'=>(is_string($this->ao) OR is_null($this->ao)) ? $this->ao : Auth::instance()->get_user()->id)); + } // Actions that start with ajax, should only be ajax if (! Kohana::$config->load('debug')->ajax AND preg_match('/^ajax/',Request::current()->action()) AND ! Request::current()->is_ajax()) @@ -82,7 +90,7 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa return; } - if ($this->ao AND $this->ao->loaded() AND ! $this->ao->activated() AND ($this->request->controller() != 'Account' OR $this->request->action() != 'activate')) + if ($this->ao AND is_object($this->ao) AND $this->ao->loaded() AND ! $this->ao->activated() AND ($this->request->controller() != 'Account' OR $this->request->action() != 'activate')) HTTP::redirect('login/activate'); // Check user auth and role diff --git a/classes/lnApp/Form.php b/classes/lnApp/Form.php index c1750ab..791e961 100644 --- a/classes/lnApp/Form.php +++ b/classes/lnApp/Form.php @@ -22,6 +22,9 @@ abstract class lnApp_Form extends Kohana_Form { return '%s'; } + if (! isset($attributes['class'])) + $attributes['class'] = 'form-control'; + $output = ''; $output .= '
'; @@ -43,9 +46,9 @@ abstract class lnApp_Form extends Kohana_Form { } $classdiv = FALSE; - if (isset($attributes['class'])) { - $output .= sprintf('
',$attributes['class']); - unset($attributes['class']); + if (isset($attributes['divclass'])) { + $output .= sprintf('
',$attributes['divclass']); + unset($attributes['divclass']); $classdiv = TRUE; } @@ -84,7 +87,7 @@ abstract class lnApp_Form extends Kohana_Form { * @usedby Form::image */ public static function input($name,$value=NULL,array $attributes=NULL) { - return (isset($attributes['type']) AND $attributes['type'] == 'hidden') ? parent::input($name,$value,$attributes) : sprintf(self::_controlgroup($name,$attributes),parent::input($name,$value,Arr::merge($attributes,array('class'=>'form-control')))); + return (isset($attributes['type']) AND $attributes['type'] == 'hidden') ? parent::input($name,$value,$attributes) : sprintf(self::_controlgroup($name,$attributes),parent::input($name,$value,$attributes)); } public static function select($name,array $options=NULL,$selected=NULL,array $attributes=NULL) { diff --git a/classes/lnApp/Menu.php b/classes/lnApp/Menu.php index 3b70275..0bee092 100644 --- a/classes/lnApp/Menu.php +++ b/classes/lnApp/Menu.php @@ -10,20 +10,21 @@ * @license http://dev.leenooks.net/license.html */ class lnApp_Menu { - public static function items($type) { + public static function items($type,array $list=array()) { $result = array(); if (empty(URL::$method_directory[$type])) return NULL; - $list = Kohana::list_files('classes/Controller/'.ucfirst($type)); + if (! $list) + $list = Kohana::list_files('classes/Controller/'.ucfirst($type)); // This will be used a lot! $ext_length = strlen(EXT); foreach ($list as $name => $path) if (is_array($path)) { - $result += self::items($path); + $result += self::items($type,$path); } elseif (substr($name, -$ext_length) === EXT) { // Remove "classes/" and the extension diff --git a/views/errors/400.php b/views/errors/400.php new file mode 100644 index 0000000..23121de --- /dev/null +++ b/views/errors/400.php @@ -0,0 +1,6 @@ +

Oops!

+

400 Bad Request?

+ +
+ Sorry, the request couldnt be actioned. +