Add more firewall checks

2025-10-17 23:13:15 +00:00 · 2012-10-04 17:23:47 +02:00
parent 123090991b
commit 5c87e7bc3b
6 changed files with 10 additions and 10 deletions
--- a/lib/Alchemy/Phrasea/Controller/Admin/Fields.php
+++ b/lib/Alchemy/Phrasea/Controller/Admin/Fields.php
@@ -29,7 +29,8 @@ class Fields implements ControllerProviderInterface
        $controllers = $app['controllers_factory'];

        $controllers->before(function(Request $request) use ($app) {
-            $app['firewall']->requireAccessToModule('admin');
+            $app['firewall']->requireAccessToModule('admin')
+                ->requireRight('bas_modify_struct');
        });

        $controllers->get('/checkmulti/', function(PhraseaApplication $app, Request $request) {
--- a/lib/Alchemy/Phrasea/Controller/Admin/Publications.php
+++ b/lib/Alchemy/Phrasea/Controller/Admin/Publications.php
@@ -32,7 +32,8 @@ class Publications implements ControllerProviderInterface
         * TODO NEUTRON verifier correlation avec tree
         */
        $controllers->before(function(Request $request) use ($app) {
-            $app['firewall']->requireAccessToModule('admin');
+            $app['firewall']->requireAccessToModule('admin')
+                ->requireRight('bas_chupub');
        });

        $controllers->get('/list/', function(PhraseaApplication $app) {
--- a/lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php
+++ b/lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php
@@ -25,7 +25,7 @@ class TaskManager implements ControllerProviderInterface
        $controllers = $app['controllers_factory'];

        $controllers->before(function(Request $request) use ($app) {
-            $app['firewall']->requireAdmin();
+            $app['firewall']->requireRight('taskmanager');
        });

        $controllers->get('/', function(Application $app, Request $request) {
--- a/lib/Alchemy/Phrasea/Controller/Root/Login.php
+++ b/lib/Alchemy/Phrasea/Controller/Root/Login.php
@@ -890,12 +890,8 @@ class Login implements ControllerProviderInterface

                $user = $auth->signOn();

-
                /**
-                 * TODO NEUTRON save user locale
-                 */
-                /**
-                 * TODO NEUTRON move this to phrasea
+                 * TODO NEUTRON move this to phrasea engine
                 */
                $user->ACL()->inject_rights();

@@ -916,6 +912,8 @@ class Login implements ControllerProviderInterface

                $app->openAccount($auth);

+                $auth->get_user()->set_locale($app['locale']);
+
                /**
                 * IMPORTANT
                 */
--- a/lib/Alchemy/Phrasea/Controller/Utils/ConnectionTest.php
+++ b/lib/Alchemy/Phrasea/Controller/Utils/ConnectionTest.php
@@ -28,7 +28,7 @@ class ConnectionTest implements ControllerProviderInterface
        $controllers = $app['controllers_factory'];

        /**
-         * TODO NEUTRON check firewall
+         * @todo : check this as it would lead to a security issue
         */
        $controllers->get('/mysql/', function(Application $app) {
            require_once __DIR__ . '/../../../../classes/connection/pdo.class.php';
--- a/lib/Alchemy/Phrasea/Controller/Utils/PathFileTest.php
+++ b/lib/Alchemy/Phrasea/Controller/Utils/PathFileTest.php
@@ -28,7 +28,7 @@ class PathFileTest implements ControllerProviderInterface
        $controllers = $app['controllers_factory'];

        /**
-         * TODO NEUTRON check firewall
+         * @todo : check this as it would lead to a security issue
         */
        $controllers->get('/path/', function(Application $app, Request $request) {
            return $app->json(array(