mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-23 18:03:17 +00:00
Fix phras-47 Force authentication to see push content
This commit is contained in:
Nicolas Le Goff
@@ -213,15 +213,20 @@ class Push implements ControllerProviderInterface
|
||||
|
||||
$app['EM']->flush();
|
||||
|
||||
$url = $app->url('lightbox_compare', array(
|
||||
$arguments = array(
|
||||
'ssel_id' => $Basket->getId(),
|
||||
'LOG' => $app['tokens']->getUrlToken(
|
||||
);
|
||||
|
||||
if (!$app['phraseanet.registry']->get('GV_force_push_authentication') || !$request->get('force_authentication')) {
|
||||
$arguments['LOG'] = $app['tokens']->getUrlToken(
|
||||
\random::TYPE_VIEW,
|
||||
$user_receiver->get_id(),
|
||||
null,
|
||||
$Basket->getId()
|
||||
)
|
||||
));
|
||||
);
|
||||
}
|
||||
|
||||
$url = $app->url('lightbox_compare', $arguments);
|
||||
|
||||
$receipt = $request->get('recept') ? $app['authentication']->getUser()->get_email() : '';
|
||||
|
||||
@@ -359,7 +364,7 @@ class Push implements ControllerProviderInterface
|
||||
try {
|
||||
$participant_user = \User_Adapter::getInstance($participant['usr_id'], $app);
|
||||
} catch (\Exception $e) {
|
||||
throw new ControllerException(sprintf(_('Unknown user %d'), $receiver['usr_id']));
|
||||
throw new ControllerException(sprintf(_('Unknown user %d'), $participant['usr_id']));
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
@@ -102,10 +102,14 @@ class Firewall
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function requireAuthentication()
|
||||
public function requireAuthentication(Request $request = null)
|
||||
{
|
||||
$params = array();
|
||||
if (null !== $request) {
|
||||
$params['redirect'] = '..' . $request->getPathInfo();
|
||||
}
|
||||
if (!$this->app['authentication']->isAuthenticated()) {
|
||||
return new RedirectResponse($this->app->path('homepage'));
|
||||
return new RedirectResponse($this->app->path('homepage', $params));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -118,7 +122,7 @@ class Firewall
|
||||
$app = $this->app;
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
if (null !== $response = $app['firewall']->requireAuthentication($request)) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
|
||||
@@ -265,6 +265,13 @@ return call_user_func_array(function(Application $app) {
|
||||
), array(
|
||||
'section' => _('Main configuration'),
|
||||
'vars' => array(
|
||||
array(
|
||||
'type' => \registry::TYPE_BOOLEAN,
|
||||
'name' => 'GV_force_push_authentication',
|
||||
'comment' => _('Enable Forcing authentication to see push content'),
|
||||
'help' => _('Adds an option to the push form submission to restrict push recipient(s) to Phraseanet users only.'),
|
||||
'default' => false
|
||||
),
|
||||
array(
|
||||
'type' => \registry::TYPE_STRING,
|
||||
'name' => 'GV_adminMail',
|
||||
|
||||
@@ -214,6 +214,7 @@
|
||||
<textarea name="message" style="display:none;"></textarea>
|
||||
<input type="hidden" name="duration" value=""/>
|
||||
<input type="checkbox" value="1" name="recept" style="display:none;"/>
|
||||
<input type="checkbox" value="1" name="force_authentication" style="display:none;"/>
|
||||
<div class="PNB badges"></div>
|
||||
</form>
|
||||
<div class="PNB10 footer">
|
||||
|
||||
@@ -128,7 +128,7 @@
|
||||
|
||||
<script type="text/template" id="feedback_sendform_tpl">
|
||||
<form>
|
||||
<div class="Feedback" style="display:none;">
|
||||
<div class="Feedback control-group" style="display:none;">
|
||||
<label for="PushSendFormDuration">{% trans %}Time for feedback (days){% endtrans %}</label>
|
||||
<select id="PushSendFormDuration" name="duration" class="input-block-level">
|
||||
<option {% if 20 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="20">20</option>
|
||||
@@ -140,20 +140,39 @@
|
||||
<option {% if 1 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="1">1</option>
|
||||
</select>
|
||||
</div>
|
||||
<div>
|
||||
<label for="PushSendFormRecept">{% trans %}Name{% endtrans %}</label>
|
||||
<div class="control-group">
|
||||
<label for="PushSendFormName">{% trans %}Name{% endtrans %}</label>
|
||||
<input id="PushSendFormName" type="text" name="name" class="input-block-level"/>
|
||||
</div>
|
||||
<div>
|
||||
<div class="control-group">
|
||||
<label for="PushSendFormMessage">{% trans %}Message{% endtrans %}</label>
|
||||
<textarea id="PushSendFormMessage" name="message" class="input-block-level"></textarea>
|
||||
<textarea id="PushSendFormMessage" name="message" class="input-block-level" rows="6"></textarea>
|
||||
</div>
|
||||
<div>
|
||||
<div class="control-group">
|
||||
<label for="PushSendFormRecept" class="checkbox">
|
||||
<input id="PushSendFormRecept" type="checkbox" name="recept" value="1"/>
|
||||
{% trans %}Accuse de reception{% endtrans %}
|
||||
</label>
|
||||
</div>
|
||||
{% if app['phraseanet.registry'].get('GV_force_push_authentication') %}
|
||||
<div class="control-group">
|
||||
<label for="PushForceAuthentication" class="checkbox">
|
||||
<input id="PushForceAuthentication" type="checkbox" checked="checked" name="force_authentication" value="1"/>
|
||||
{% trans %}Force authentication{% endtrans %}
|
||||
</label>
|
||||
</div>
|
||||
<div class="control-group info">
|
||||
<span class="help-inline" style="font-style: italic">
|
||||
<i class="icon-info-sign"></i>
|
||||
{% trans %}
|
||||
The parameter "force authentication" forces the recipient(s) of the push to possess a Phraseanet account
|
||||
to see its contents.
|
||||
This avoids anonymous users to access to the content of the push if they were able to get the display
|
||||
url through a forwarded mail for example.
|
||||
{% endtrans %}
|
||||
</span>
|
||||
</div>
|
||||
{% endif %}
|
||||
</form>
|
||||
</script>
|
||||
|
||||
|
||||
@@ -8,12 +8,12 @@ class FirewallTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
|
||||
|
||||
public function testRequiredAuth()
|
||||
{
|
||||
$this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
|
||||
$this->assertNull(self::$DI['app']['firewall']->requireAuthentication());
|
||||
}
|
||||
|
||||
public function testRequiredAuthNotAuthenticated()
|
||||
{
|
||||
$this->logout(self::$DI['app']);
|
||||
$this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
|
||||
$this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -166,12 +166,13 @@
|
||||
$('input[name="duration"]', $FeedBackForm).val($('select[name="duration"]', $dialog.getDomElement()).val());
|
||||
$('textarea[name="message"]', $FeedBackForm).val($('textarea[name="message"]', $dialog.getDomElement()).val());
|
||||
$('input[name="recept"]', $FeedBackForm).attr('checked', $('input[name="recept"]', $dialog.getDomElement()).attr('checked'));
|
||||
$('input[name="force_authentication"]', $FeedBackForm).attr('checked', $('input[name="force_authentication"]', $dialog.getDomElement()).attr('checked'));
|
||||
|
||||
$FeedBackForm.trigger('submit');
|
||||
};
|
||||
|
||||
var options = {
|
||||
size: 'Small',
|
||||
size: 'Medium',
|
||||
buttons: buttons,
|
||||
loading: true,
|
||||
title: language.send,
|
||||
|
||||
Reference in New Issue
Block a user