From 9cb9daab9994462e5b512b31bb3493132f07c81f Mon Sep 17 00:00:00 2001
From: llaffont <llaffont@git-test.afi-sa.fr>
Date: Tue, 28 Aug 2012 09:24:16 +0000
Subject: [PATCH] =?UTF-8?q?La=20lecture=20des=20droits=20utilisateurs=20pa?=
=?UTF-8?q?sse=20par=20l'objet=20Users=20pour=20fixer=20un=20proble=CC=80m?=
=?UTF-8?q?e=20de=20se=CC=81curite=CC=81=20si=20le=20role=20n'est=20pas=20?=
=?UTF-8?q?fixe=CC=81=20en=20base.=20(trou=20de=20se=CC=81curite=CC=81=20d?=
=?UTF-8?q?e=CC=81tecte=CC=81)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../modules/admin/controllers/BibController.php | 3 +--
library/Class/Systeme/ModulesAppli.php | 3 ++-
library/Class/Users.php | 9 +--------
library/ZendAfi/Acl/AdminControllerRoles.php | 4 ++--
library/ZendAfi/Controller/Plugin/AdminAuth.php | 15 +--------------
.../modules/AbstractControllerTestCase.php | 3 +--
.../admin/controllers/ZoneControllerTest.php | 1 -
.../opac/controllers/CmsControllerTest.php | 6 ++++++
8 files changed, 14 insertions(+), 30 deletions(-)
diff --git a/application/modules/admin/controllers/BibController.php b/application/modules/admin/controllers/BibController.php
index 7744038076a..59400d0c62f 100644
--- a/application/modules/admin/controllers/BibController.php
+++ b/application/modules/admin/controllers/BibController.php
@@ -29,8 +29,7 @@ class Admin_BibController extends Zend_Controller_Action
//------------------------------------------------------------------------------------------------------
// Initialisation du controller
//------------------------------------------------------------------------------------------------------
- function init()
- {
+ function init() {
// Zone et bib du filtre (initialisé dans le plugin DefineUrls)
$this->id_zone=$_SESSION["admin"]["filtre_localisation"]["id_zone"];
$this->id_bib=$_SESSION["admin"]["filtre_localisation"]["id_bib"];
diff --git a/library/Class/Systeme/ModulesAppli.php b/library/Class/Systeme/ModulesAppli.php
index a47b08ac4f0..64bd09a18ad 100644
--- a/library/Class/Systeme/ModulesAppli.php
+++ b/library/Class/Systeme/ModulesAppli.php
@@ -114,8 +114,9 @@ class Class_Systeme_ModulesAppli extends Class_Systeme_ModulesAbstract {
$action = '*';
}
+ if (!isset($this->modules[$type_module][$action]))
+ return [];
return $this->modules[$type_module][$action];
-
}
return $this->modules;
diff --git a/library/Class/Users.php b/library/Class/Users.php
index 536ccc66d1a..d0c1044aff1 100644
--- a/library/Class/Users.php
+++ b/library/Class/Users.php
@@ -184,6 +184,7 @@ class Class_Users extends Storm_Model_Abstract {
'zone' => array('through' => 'bib'));
protected $_default_attribute_values = array('id_site' => 0,
+ 'role' => 'invite',
'role_level' => 0,
'idabon' => '',
'date_fin' => '',
@@ -409,14 +410,6 @@ class Class_Users extends Storm_Model_Abstract {
}
- public function fixRole() {
- if ($this->getRole() === $this->_get('role'))
- return $this;
- $this->setRole($this->getRole())->save();
- return $this;
- }
-
-
/**
* @return array
*/
diff --git a/library/ZendAfi/Acl/AdminControllerRoles.php b/library/ZendAfi/Acl/AdminControllerRoles.php
index 5d5ea511b01..5de13f66f83 100644
--- a/library/ZendAfi/Acl/AdminControllerRoles.php
+++ b/library/ZendAfi/Acl/AdminControllerRoles.php
@@ -75,6 +75,7 @@ class ZendAfi_Acl_AdminControllerRoles extends Zend_Acl {
$this->add(new Zend_Acl_Resource('formation'));
$this->add(new Zend_Acl_Resource('profil'));
$this->add(new Zend_Acl_Resource('stat'));
+ $this->add(new Zend_Acl_Resource('lieu'));
//Roles
$this->addRole(new Zend_Acl_Role('invite'));
@@ -98,15 +99,14 @@ class ZendAfi_Acl_AdminControllerRoles extends Zend_Acl {
$this->allow('modo_bib','index');
$this->allow('modo_bib','stat');
$this->allow('modo_bib','accueil');
+ $this->allow('modo_bib','bib');
$this->allow('admin_bib','users');
$this->allow('admin_bib','profil');
- $this->allow('admin_bib','bib');
$this->allow('admin_bib','modo');
$this->allow('admin_bib','menus');
$this->allow('admin_bib','catalogue');
-
$this->allow('modo_portail');
$this->allow('admin_portail');
$this->allow('super_admin');
diff --git a/library/ZendAfi/Controller/Plugin/AdminAuth.php b/library/ZendAfi/Controller/Plugin/AdminAuth.php
index 8e09484991e..c2661509bcd 100644
--- a/library/ZendAfi/Controller/Plugin/AdminAuth.php
+++ b/library/ZendAfi/Controller/Plugin/AdminAuth.php
@@ -46,8 +46,7 @@ class ZendAfi_Controller_Plugin_AdminAuth extends Zend_Controller_Plugin_Abstrac
// Entree dans fonctions admin
- if ($module == 'admin' and $controller != 'error')
- {
+ if ($module == 'admin' and $controller != 'error') {
Zend_Controller_Front::getInstance()
->getPlugin('Zend_Controller_Plugin_ErrorHandler')
->setErrorHandlerModule('admin');
@@ -55,8 +54,6 @@ class ZendAfi_Controller_Plugin_AdminAuth extends Zend_Controller_Plugin_Abstrac
$acl = new ZendAfi_Acl_AdminControllerRoles();
// Un user est connecté
if ($user = Class_Users::getIdentity()) {
- $this->fixRoleInSessionIdentity($user, $role);
-
$resource = $controller;
$role = $user->getRole();
@@ -99,16 +96,6 @@ class ZendAfi_Controller_Plugin_AdminAuth extends Zend_Controller_Plugin_Abstrac
$request->setControllerName($controller);
$request->setActionName($action);
}
-
-
- public function fixRoleInSessionIdentity($user, $role) {
- // Fixe problème de sécurité vu à la connexion d'un compte avec "role" vide
- $auth = Zend_Auth::getInstance();
- $identity = $auth->getIdentity();
- $identity->ROLE = $role;
- $auth->getStorage()->write($identity);
- $user->fixRole();
- }
}
?>
\ No newline at end of file
diff --git a/tests/application/modules/AbstractControllerTestCase.php b/tests/application/modules/AbstractControllerTestCase.php
index bf543f7bd72..36b0a3d427f 100644
--- a/tests/application/modules/AbstractControllerTestCase.php
+++ b/tests/application/modules/AbstractControllerTestCase.php
@@ -72,7 +72,7 @@ abstract class AbstractControllerTestCase extends Zend_Test_PHPUnit_ControllerTe
$account->username = 'AutoTest' . time();
$account->password = md5( 'password' );
$account->ID_USER = 666;
- $account->ROLE_LEVEL = ZendAfi_Acl_AdminControllerRoles::ADMIN_BIB;
+ $account->ROLE_LEVEL = ZendAfi_Acl_AdminControllerRoles::ADMIN_PORTAIL;
$account->ROLE = "admin_portail";
$account->ID_SITE = 1;
$account->confirmed = true;
@@ -88,7 +88,6 @@ abstract class AbstractControllerTestCase extends Zend_Test_PHPUnit_ControllerTe
->newInstanceWithId(666)
->setLogin($account->username)
->setRoleLevel($account->ROLE_LEVEL)
- ->setRole($account->ROLE)
->setIdSite($account->ID_SITE);
ZendAfi_Auth::getInstance()->getStorage()->write($account);
diff --git a/tests/application/modules/admin/controllers/ZoneControllerTest.php b/tests/application/modules/admin/controllers/ZoneControllerTest.php
index 3cfe05bb02b..3d00938ae83 100644
--- a/tests/application/modules/admin/controllers/ZoneControllerTest.php
+++ b/tests/application/modules/admin/controllers/ZoneControllerTest.php
@@ -242,7 +242,6 @@ class ZoneControllerAddActionTest extends ZoneControllerTestCase {
$new_zone = $this->loader_wrapper->getFirstAttributeForLastCallOn('save');
$this->assertEquals('Cran', $new_zone->getLibelle());
}
-
}
?>
\ No newline at end of file
diff --git a/tests/application/modules/opac/controllers/CmsControllerTest.php b/tests/application/modules/opac/controllers/CmsControllerTest.php
index 13c7f0eb838..47fd27689d1 100644
--- a/tests/application/modules/opac/controllers/CmsControllerTest.php
+++ b/tests/application/modules/opac/controllers/CmsControllerTest.php
@@ -396,6 +396,12 @@ abstract class CmsControllerWithFeteDeLaFriteTestCase extends AbstractController
class CmsControllerArticleViewTest extends CmsControllerWithFeteDeLaFriteTestCase {
+ protected function _loginHook($account) {
+ $account->ROLE_LEVEL = ZendAfi_Acl_AdminControllerRoles::ABONNE_SIGB;
+ $account->PSEUDO = "admin";
+ }
+
+
public function setUp() {
parent::setUp();
$this->dispatch('/cms/articleview/id/224', true);
--
GitLab