mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-15 22:13:13 +00:00
Add firewalls
This commit is contained in:
Romain Neutron
@@ -26,7 +26,8 @@ class Collection implements ControllerProviderInterface
|
|||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
$controllers->before(function(Request $request) use ($app) {
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
$app['firewall']->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin');
|
$app['firewall']->requireAccessToModule('admin')
|
||||||
|
->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin');
|
||||||
});
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
$controllers->before(function(Request $request) use ($app) {
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
$app['firewall']->requireAdmin();
|
$app['firewall']->requireAccessToModule('admin');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
@@ -65,7 +65,10 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
* return : Redirect Response
|
* return : Redirect Response
|
||||||
*/
|
*/
|
||||||
$controllers->post('/', $this->call('createDatabase'))
|
$controllers->post('/', $this->call('createDatabase'))
|
||||||
->bind('admin_database_new');
|
->bind('admin_database_new')
|
||||||
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAdmin();
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Mount a database
|
* Mount a database
|
||||||
@@ -81,7 +84,10 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
* return : Redirect Response
|
* return : Redirect Response
|
||||||
*/
|
*/
|
||||||
$controllers->post('/mount/', $this->call('databaseMount'))
|
$controllers->post('/mount/', $this->call('databaseMount'))
|
||||||
->bind('admin_database_mount');
|
->bind('admin_database_mount')
|
||||||
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAdmin();
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Upgrade all databases
|
* Upgrade all databases
|
||||||
@@ -97,7 +103,10 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
* return : Redirect Response
|
* return : Redirect Response
|
||||||
*/
|
*/
|
||||||
$controllers->post('/upgrade/', $this->call('databasesUpgrade'))
|
$controllers->post('/upgrade/', $this->call('databasesUpgrade'))
|
||||||
->bind('admin_databases_upgrade');
|
->bind('admin_databases_upgrade')
|
||||||
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAdmin();
|
||||||
|
});
|
||||||
|
|
||||||
return $controllers;
|
return $controllers;
|
||||||
}
|
}
|
||||||
@@ -111,11 +120,7 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
*/
|
*/
|
||||||
public function getDatabases(Application $app, Request $request)
|
public function getDatabases(Application $app, Request $request)
|
||||||
{
|
{
|
||||||
$createBase = $mountBase = $upgradeAvailable = false;
|
$createBase = $mountBase = false;
|
||||||
|
|
||||||
if ($app['phraseanet.appbox']->upgradeavailable()) {
|
|
||||||
$upgradeAvailable = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
$sbasIds = array_merge(
|
$sbasIds = array_merge(
|
||||||
array_keys($app['phraseanet.user']->ACL()->get_granted_sbas(array('bas_manage')))
|
array_keys($app['phraseanet.user']->ACL()->get_granted_sbas(array('bas_manage')))
|
||||||
@@ -133,9 +138,6 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
$databox = $app['phraseanet.appbox']->get_databox($sbasId);
|
$databox = $app['phraseanet.appbox']->get_databox($sbasId);
|
||||||
if ($databox->upgradeavailable()) {
|
|
||||||
$upgradeAvailable = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
$sbas[$sbasId] = array(
|
$sbas[$sbasId] = array(
|
||||||
'version' => $databox->get_version(),
|
'version' => $databox->get_version(),
|
||||||
@@ -183,7 +185,6 @@ class Databoxes implements ControllerProviderInterface
|
|||||||
return $app['twig']->render('admin/databases.html.twig', array(
|
return $app['twig']->render('admin/databases.html.twig', array(
|
||||||
'files' => new \DirectoryIterator($app['phraseanet.registry']->get('GV_RootPath') . 'lib/conf.d/data_templates'),
|
'files' => new \DirectoryIterator($app['phraseanet.registry']->get('GV_RootPath') . 'lib/conf.d/data_templates'),
|
||||||
'sbas' => $sbas,
|
'sbas' => $sbas,
|
||||||
'upgrade_available' => $upgradeAvailable,
|
|
||||||
'error_msg' => $errorMsg,
|
'error_msg' => $errorMsg,
|
||||||
'recommendations' => $upgrader->getRecommendations(),
|
'recommendations' => $upgrader->getRecommendations(),
|
||||||
'advices' => $request->query->get('advices', array()),
|
'advices' => $request->query->get('advices', array()),
|
||||||
|
|||||||
@@ -30,23 +30,18 @@ class Description implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAccessToModule('admin')
|
||||||
|
->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/metadatas/search/', $this->call('metadataTypeAhead'));
|
$controllers->get('/metadatas/search/', $this->call('metadataTypeAhead'));
|
||||||
|
|
||||||
$controllers->post('/{sbas_id}/', $this->call('updateDataboxStructure'))
|
$controllers->post('/{sbas_id}/', $this->call('updateDataboxStructure'))
|
||||||
->before(function(Request $request) use ($app) {
|
->assert('sbas_id', '\d+');
|
||||||
if (false === $app['phraseanet.user']->ACL()
|
|
||||||
->has_right_on_sbas($request->attributes->get('sbas_id'), 'bas_modify_struct')) {
|
|
||||||
throw new AccessDeniedHttpException('You are not allowed to access this zone');
|
|
||||||
}
|
|
||||||
})->assert('sbas_id', '\d+');
|
|
||||||
|
|
||||||
$controllers->get('/{sbas_id}/', $this->call('getDataboxStructure'))
|
$controllers->get('/{sbas_id}/', $this->call('getDataboxStructure'))
|
||||||
->before(function(Request $request) use ($app) {
|
->assert('sbas_id', '\d+');
|
||||||
if (false === $app['phraseanet.user']->ACL()
|
|
||||||
->has_right_on_sbas($request->attributes->get('sbas_id'), 'bas_modify_struct')) {
|
|
||||||
throw new AccessDeniedHttpException('You are not allowed to access this zone');
|
|
||||||
}
|
|
||||||
})->assert('sbas_id', '\d+');
|
|
||||||
|
|
||||||
return $controllers;
|
return $controllers;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -28,6 +28,10 @@ class Fields implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAccessToModule('admin');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/checkmulti/', function(PhraseaApplication $app, Request $request) {
|
$controllers->get('/checkmulti/', function(PhraseaApplication $app, Request $request) {
|
||||||
$multi = ($request->query->get('multi') === 'true');
|
$multi = ($request->query->get('multi') === 'true');
|
||||||
|
|
||||||
|
|||||||
@@ -28,6 +28,13 @@ class Publications implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TODO NEUTRON verifier correlation avec tree
|
||||||
|
*/
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAccessToModule('admin');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/list/', function(PhraseaApplication $app) {
|
$controllers->get('/list/', function(PhraseaApplication $app) {
|
||||||
|
|
||||||
$feeds = \Feed_Collection::load_all(
|
$feeds = \Feed_Collection::load_all(
|
||||||
|
|||||||
@@ -28,6 +28,11 @@ class Subdefs implements ControllerProviderInterface
|
|||||||
|
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAccessToModule('admin')
|
||||||
|
->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/{sbas_id}/', function(Application $app, $sbas_id) {
|
$controllers->get('/{sbas_id}/', function(Application $app, $sbas_id) {
|
||||||
$databox = $app['phraseanet.appbox']->get_databox((int) $sbas_id);
|
$databox = $app['phraseanet.appbox']->get_databox((int) $sbas_id);
|
||||||
|
|
||||||
|
|||||||
@@ -24,6 +24,10 @@ class TaskManager implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAdmin();
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/', function(Application $app, Request $request) {
|
$controllers->get('/', function(Application $app, Request $request) {
|
||||||
return $app->redirect('/admin/task-manager/tasks/');
|
return $app->redirect('/admin/task-manager/tasks/');
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -29,6 +29,11 @@ class Users implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAccessToModule('admin')
|
||||||
|
->requireRight('manageusers');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->post('/rights/', function(Application $app) {
|
$controllers->post('/rights/', function(Application $app) {
|
||||||
$rights = new UserHelper\Edit($app, $app['request']);
|
$rights = new UserHelper\Edit($app, $app['request']);
|
||||||
|
|
||||||
|
|||||||
@@ -29,6 +29,10 @@ class Feed implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication();
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* I got a selection of docs, which publications are available forthese docs ?
|
* I got a selection of docs, which publications are available forthese docs ?
|
||||||
*/
|
*/
|
||||||
@@ -65,6 +69,8 @@ class Feed implements ControllerProviderInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
return $app->json($datas);
|
return $app->json($datas);
|
||||||
|
})->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireRight('bas_chupub');
|
||||||
});
|
});
|
||||||
|
|
||||||
$controllers->get('/entry/{id}/edit/', function(Application $app, Request $request, $id) {
|
$controllers->get('/entry/{id}/edit/', function(Application $app, Request $request, $id) {
|
||||||
@@ -79,7 +85,10 @@ class Feed implements ControllerProviderInterface
|
|||||||
$datas = $app['twig']->render('prod/actions/publish/publish_edit.html.twig', array('entry' => $entry, 'feeds' => $feeds));
|
$datas = $app['twig']->render('prod/actions/publish/publish_edit.html.twig', array('entry' => $entry, 'feeds' => $feeds));
|
||||||
|
|
||||||
return new Response($datas);
|
return new Response($datas);
|
||||||
})->assert('id', '\d+');
|
})->assert('id', '\d+')
|
||||||
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireRight('bas_chupub');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->post('/entry/{id}/update/', function(Application $app, Request $request, $id) {
|
$controllers->post('/entry/{id}/update/', function(Application $app, Request $request, $id) {
|
||||||
$datas = array('error' => true, 'message' => '', 'datas' => '');
|
$datas = array('error' => true, 'message' => '', 'datas' => '');
|
||||||
@@ -150,7 +159,9 @@ class Feed implements ControllerProviderInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
return $app->json($datas);
|
return $app->json($datas);
|
||||||
})->assert('id', '\d+');
|
})->assert('id', '\d+')->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireRight('bas_chupub');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->post('/entry/{id}/delete/', function(Application $app, Request $request, $id) {
|
$controllers->post('/entry/{id}/delete/', function(Application $app, Request $request, $id) {
|
||||||
$datas = array('error' => true, 'message' => '');
|
$datas = array('error' => true, 'message' => '');
|
||||||
@@ -177,7 +188,9 @@ class Feed implements ControllerProviderInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
return $app->json($datas);
|
return $app->json($datas);
|
||||||
})->assert('id', '\d+');
|
})->assert('id', '\d+')->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireRight('bas_chupub');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/', function(Application $app, Request $request) {
|
$controllers->get('/', function(Application $app, Request $request) {
|
||||||
$request = $app['request'];
|
$request = $app['request'];
|
||||||
|
|||||||
@@ -41,6 +41,11 @@ class Lazaret implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication()
|
||||||
|
->requireRight('addrecord');
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Lazaret Elements route
|
* Lazaret Elements route
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -28,6 +28,12 @@ class MoveCollection implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication()
|
||||||
|
->requireRight('addrecord')
|
||||||
|
->requireRight('deleterecord');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->post('/', $this->call('displayForm'));
|
$controllers->post('/', $this->call('displayForm'));
|
||||||
$controllers->post('/apply/', $this->call('apply'));
|
$controllers->post('/apply/', $this->call('apply'));
|
||||||
|
|
||||||
|
|||||||
@@ -35,6 +35,11 @@ class Order implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication()
|
||||||
|
->requireRight('order');
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* List all orders
|
* List all orders
|
||||||
*
|
*
|
||||||
@@ -50,7 +55,7 @@ class Order implements ControllerProviderInterface
|
|||||||
*/
|
*/
|
||||||
$controllers->get('/', $this->call('displayOrders'))
|
$controllers->get('/', $this->call('displayOrders'))
|
||||||
->before(function(Request $request) use ($app) {
|
->before(function(Request $request) use ($app) {
|
||||||
$app['firewall']->requireOrdersAdmin($app);
|
$app['firewall']->requireOrdersAdmin();
|
||||||
})
|
})
|
||||||
->bind('prod_orders');
|
->bind('prod_orders');
|
||||||
|
|
||||||
@@ -85,7 +90,7 @@ class Order implements ControllerProviderInterface
|
|||||||
*/
|
*/
|
||||||
$controllers->get('/{order_id}/', $this->call('displayOneOrder'))
|
$controllers->get('/{order_id}/', $this->call('displayOneOrder'))
|
||||||
->before(function(Request $request) use ($app) {
|
->before(function(Request $request) use ($app) {
|
||||||
$app['firewall']->requireOrdersAdmin($app);
|
$app['firewall']->requireOrdersAdmin();
|
||||||
})
|
})
|
||||||
->bind('prod_order')
|
->bind('prod_order')
|
||||||
->assert('order_id', '\d+');
|
->assert('order_id', '\d+');
|
||||||
@@ -105,7 +110,7 @@ class Order implements ControllerProviderInterface
|
|||||||
*/
|
*/
|
||||||
$controllers->post('/{order_id}/send/', $this->call('sendOrder'))
|
$controllers->post('/{order_id}/send/', $this->call('sendOrder'))
|
||||||
->before(function(Request $request) use ($app) {
|
->before(function(Request $request) use ($app) {
|
||||||
$app['firewall']->requireOrdersAdmin($app);
|
$app['firewall']->requireOrdersAdmin();
|
||||||
})
|
})
|
||||||
->bind('prod_order_send')
|
->bind('prod_order_send')
|
||||||
->assert('order_id', '\d+');
|
->assert('order_id', '\d+');
|
||||||
@@ -125,7 +130,7 @@ class Order implements ControllerProviderInterface
|
|||||||
*/
|
*/
|
||||||
$controllers->post('/{order_id}/deny/', $this->call('denyOrder'))
|
$controllers->post('/{order_id}/deny/', $this->call('denyOrder'))
|
||||||
->before(function(Request $request) use ($app) {
|
->before(function(Request $request) use ($app) {
|
||||||
$app['firewall']->requireOrdersAdmin($app);
|
$app['firewall']->requireOrdersAdmin();
|
||||||
})
|
})
|
||||||
->bind('prod_order_deny')
|
->bind('prod_order_deny')
|
||||||
->assert('order_id', '\d+');
|
->assert('order_id', '\d+');
|
||||||
|
|||||||
@@ -95,6 +95,11 @@ class Push implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication()
|
||||||
|
->requireRight('push');
|
||||||
|
});
|
||||||
|
|
||||||
$userFormatter = $this->getUserFormatter();
|
$userFormatter = $this->getUserFormatter();
|
||||||
|
|
||||||
$listFormatter = $this->getListFormatter();
|
$listFormatter = $this->getListFormatter();
|
||||||
|
|||||||
@@ -14,7 +14,6 @@ namespace Alchemy\Phrasea\Controller\Prod;
|
|||||||
use Silex\Application;
|
use Silex\Application;
|
||||||
use Silex\ControllerProviderInterface;
|
use Silex\ControllerProviderInterface;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
|
||||||
use Symfony\Component\Finder\Finder;
|
use Symfony\Component\Finder\Finder;
|
||||||
use Alchemy\Phrasea\Helper;
|
use Alchemy\Phrasea\Helper;
|
||||||
|
|
||||||
@@ -31,6 +30,14 @@ class Root implements ControllerProviderInterface
|
|||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
$controllers->before(function(Request $request) use ($app) {
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
|
||||||
|
if (!$app->isAuthenticated() && null !== $request->query->get('nolog') && \phrasea::guest_allowed($app)) {
|
||||||
|
$auth = new Session_Authentication_Guest($app);
|
||||||
|
$app->openAccount($auth);
|
||||||
|
|
||||||
|
return $app->redirect('/prod/');
|
||||||
|
}
|
||||||
|
|
||||||
$app['firewall']->requireAuthentication();
|
$app['firewall']->requireAuthentication();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@@ -29,6 +29,10 @@ class Story implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication();
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/create/', function(Application $app) {
|
$controllers->get('/create/', function(Application $app) {
|
||||||
return $app['twig']->render('prod/Story/Create.html.twig', array());
|
return $app['twig']->render('prod/Story/Create.html.twig', array());
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -27,6 +27,10 @@ class TOU implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication();
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->post('/deny/{sbas_id}/', function(Application $app, Request $request, $sbas_id) {
|
$controllers->post('/deny/{sbas_id}/', function(Application $app, Request $request, $sbas_id) {
|
||||||
$ret = array('success' => false, 'message' => '');
|
$ret = array('success' => false, 'message' => '');
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,6 @@ use DataURI;
|
|||||||
use Silex\Application;
|
use Silex\Application;
|
||||||
use Silex\ControllerProviderInterface;
|
use Silex\ControllerProviderInterface;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
@@ -30,6 +29,11 @@ class Tools implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication()
|
||||||
|
->requireRight('doctools');
|
||||||
|
});
|
||||||
|
|
||||||
$controllers->get('/', function(Application $app, Request $request) {
|
$controllers->get('/', function(Application $app, Request $request) {
|
||||||
|
|
||||||
$records = RecordsRequest::fromRequest($app, $request, false);
|
$records = RecordsRequest::fromRequest($app, $request, false);
|
||||||
|
|||||||
@@ -41,6 +41,11 @@ class Upload implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication()
|
||||||
|
->requireRight('addrecord');
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Upload form route
|
* Upload form route
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -32,6 +32,10 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
|
$controllers->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication();
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all lists
|
* Get all lists
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ class Developers implements ControllerProviderInterface
|
|||||||
$controllers = $app['controllers_factory'];
|
$controllers = $app['controllers_factory'];
|
||||||
|
|
||||||
$controllers->before(function() use ($app) {
|
$controllers->before(function() use ($app) {
|
||||||
$app['firewall']->requireAuthentication($app);
|
$app['firewall']->requireAuthentication();
|
||||||
});
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -53,9 +53,7 @@ class Login implements ControllerProviderInterface
|
|||||||
*/
|
*/
|
||||||
$controllers->get('/', $this->call('login'))
|
$controllers->get('/', $this->call('login'))
|
||||||
->before(function(Request $request) use ($app) {
|
->before(function(Request $request) use ($app) {
|
||||||
if ($app->isAuthenticated()) {
|
$app['firewall']->requireNotAuthenticated();
|
||||||
return $app->redirect('/' . $request->query->get('redirect', 'prod') . '/');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null !== $request->query->get('postlog')) {
|
if (null !== $request->query->get('postlog')) {
|
||||||
|
|
||||||
@@ -85,7 +83,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->post('/authenticate/', $this->call('authenticate'))
|
$controllers->post('/authenticate/', $this->call('authenticate'))
|
||||||
->bind('login_authenticate');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('login_authenticate');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Logout
|
* Logout
|
||||||
@@ -101,7 +101,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->get('/logout/', $this->call('logout'))
|
$controllers->get('/logout/', $this->call('logout'))
|
||||||
->bind('logout');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireAuthentication();
|
||||||
|
})->bind('logout');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Register a new user
|
* Register a new user
|
||||||
@@ -117,7 +119,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->get('/register/', $this->call('displayRegisterForm'))
|
$controllers->get('/register/', $this->call('displayRegisterForm'))
|
||||||
->bind('login_register');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('login_register');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Register a new user
|
* Register a new user
|
||||||
@@ -133,7 +137,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->post('/register/', $this->call('register'))
|
$controllers->post('/register/', $this->call('register'))
|
||||||
->bind('submit_login_register');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('submit_login_register');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Register confirm
|
* Register confirm
|
||||||
@@ -149,7 +155,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->get('/register-confirm/', $this->call('registerConfirm'))
|
$controllers->get('/register-confirm/', $this->call('registerConfirm'))
|
||||||
->bind('login_register_confirm');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('login_register_confirm');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Send confirmation mail
|
* Send confirmation mail
|
||||||
@@ -165,7 +173,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->get('/send-mail-confirm/', $this->call('sendConfirmMail'))
|
$controllers->get('/send-mail-confirm/', $this->call('sendConfirmMail'))
|
||||||
->bind('login_send_mail');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('login_send_mail');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Forgot password
|
* Forgot password
|
||||||
@@ -181,7 +191,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->get('/forgot-password/', $this->call('displayForgotPasswordForm'))
|
$controllers->get('/forgot-password/', $this->call('displayForgotPasswordForm'))
|
||||||
->bind('login_forgot_password');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('login_forgot_password');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Renew password
|
* Renew password
|
||||||
@@ -197,7 +209,9 @@ class Login implements ControllerProviderInterface
|
|||||||
* return : HTML Response
|
* return : HTML Response
|
||||||
*/
|
*/
|
||||||
$controllers->post('/forgot-password/', $this->call('renewPassword'))
|
$controllers->post('/forgot-password/', $this->call('renewPassword'))
|
||||||
->bind('submit_login_forgot_password');
|
->before(function(Request $request) use ($app) {
|
||||||
|
$app['firewall']->requireNotAuthenticated();
|
||||||
|
})->bind('submit_login_forgot_password');
|
||||||
|
|
||||||
return $controllers;
|
return $controllers;
|
||||||
}
|
}
|
||||||
@@ -826,8 +840,7 @@ class Login implements ControllerProviderInterface
|
|||||||
|
|
||||||
|
|
||||||
$sql = "SELECT session_id FROM cache
|
$sql = "SELECT session_id FROM cache
|
||||||
WHERE (lastaccess < DATE_SUB(NOW(), INTERVAL 1 MONTH) AND token IS NOT NULL)
|
WHERE lastaccess < DATE_SUB(NOW(), INTERVAL 1 MONTH)";
|
||||||
OR (lastaccess < DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND token IS NULL)";
|
|
||||||
|
|
||||||
$stmt = $conn->prepare($sql);
|
$stmt = $conn->prepare($sql);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ class Firewall
|
|||||||
public function requireSetUp()
|
public function requireSetUp()
|
||||||
{
|
{
|
||||||
if (!$this->app['phraseanet.configuration-tester']->isInstalled()) {
|
if (!$this->app['phraseanet.configuration-tester']->isInstalled()) {
|
||||||
$this->app->abort(403, 'Phraseanet is not installed', array('X-Phraseanet-Redirect' => '/setup/'));
|
$this->app->abort(302, 'Phraseanet is not installed', array('X-Phraseanet-Redirect' => '/setup/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
@@ -113,7 +113,16 @@ class Firewall
|
|||||||
public function requireAuthentication()
|
public function requireAuthentication()
|
||||||
{
|
{
|
||||||
if (!$this->app->isAuthenticated()) {
|
if (!$this->app->isAuthenticated()) {
|
||||||
$this->app->abort(403, 'You are not authenticated', array('X-Phraseanet-Redirect' => '/login/'));
|
$this->app->abort(302, 'You are not authenticated', array('X-Phraseanet-Redirect' => '/login/'));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function requireNotAuthenticated()
|
||||||
|
{
|
||||||
|
if ($this->app->isAuthenticated()) {
|
||||||
|
$this->app->abort(302, 'You are authenticated', array('X-Phraseanet-Redirect' => '/prod/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this;
|
return $this;
|
||||||
|
|||||||
Reference in New Issue
Block a user