hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-23 18:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3.8'

Browse Source 
Conflicts:
	lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php
	lib/Alchemy/Phrasea/Controller/Admin/Users.php
	lib/Alchemy/Phrasea/Controller/Lightbox.php
	lib/Alchemy/Phrasea/Controller/Prod/Basket.php
	lib/Alchemy/Phrasea/Controller/Prod/TOU.php
	lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php
	lib/Alchemy/Phrasea/Controller/Root/Session.php
	lib/Alchemy/Phrasea/Security/Firewall.php
	lib/classes/task/abstract.php
	tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
This commit is contained in:
Nicolas Le Goff
2014-02-05 19:42:22 +01:00
parent 280e8b6178 863975d7ca
commit c4eadb7e0e
52 changed files with 133 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
composer.lock generated
View File

@@ -120,16 +120,16 @@
}, },
{ {
"name": "alchemy/geonames-api-consumer", "name": "alchemy/geonames-api-consumer",
"version": "0.1.1", "version": "0.1.2",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/alchemy-fr/GeonamesServer-PHP-Plugin.git", "url": "https://github.com/alchemy-fr/GeonamesServer-PHP-Plugin.git",
"reference": "c01f5d2d132e215524860c336693ed043a94118f" "reference": "111a38233da7a5503f86e96877e044381698f647"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/alchemy-fr/GeonamesServer-PHP-Plugin/zipball/c01f5d2d132e215524860c336693ed043a94118f", "url": "https://api.github.com/repos/alchemy-fr/GeonamesServer-PHP-Plugin/zipball/111a38233da7a5503f86e96877e044381698f647",
"reference": "c01f5d2d132e215524860c336693ed043a94118f", "reference": "111a38233da7a5503f86e96877e044381698f647",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@@ -154,7 +154,7 @@
"keywords": [ "keywords": [
"geonames" "geonames"
], ],
"time": "2013-07-02 11:28:34" "time": "2014-02-05 15:29:39"
}, },
{ {
"name": "alchemy/ghostscript", "name": "alchemy/ghostscript",

2
lib/Alchemy/Phrasea/Controller/Admin/Collection.php
View File

@@ -26,6 +26,8 @@ class Collection implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin') $app['firewall']->requireAccessToModule('admin')
->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin'); ->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin');

6
lib/Alchemy/Phrasea/Controller/Admin/ConnectedUsers.php
View File

@@ -25,6 +25,8 @@ class ConnectedUsers implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('Admin'); $app['firewall']->requireAccessToModule('Admin');
}); });
@@ -72,9 +74,7 @@ class ConnectedUsers implements ControllerProviderInterface
$info = ''; $info = '';
} }
} catch (GeonamesExceptionInterface $e) { } catch (GeonamesExceptionInterface $e) {
$app['monolog']->error(sprintf( $app['monolog']->error(sprintf("Unable to get IP information for %s", $session->getIpAddress()), array('exception' => $e));
"Unable to get IP information for %s : %s", $session->getIpAddress(), $e->getMessage()
));
} }
$result[] = [ $result[] = [

2
lib/Alchemy/Phrasea/Controller/Admin/Databox.php
View File

@@ -26,6 +26,8 @@ class Databox implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin') $app['firewall']->requireAccessToModule('admin')
->requireAccessToSbas($request->attributes->get('databox_id')); ->requireAccessToSbas($request->attributes->get('databox_id'));

2
lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php
View File

@@ -25,6 +25,8 @@ class Databoxes implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin'); $app['firewall']->requireAccessToModule('admin');
}); });

2
lib/Alchemy/Phrasea/Controller/Admin/Fields.php
View File

@@ -28,6 +28,8 @@ class Fields implements ControllerProviderInterface
$app['admin.fields.controller'] = $this; $app['admin.fields.controller'] = $this;
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall'] $app['firewall']
->requireAccessToModule('admin') ->requireAccessToModule('admin')

2
lib/Alchemy/Phrasea/Controller/Admin/Publications.php
View File

@@ -26,6 +26,8 @@ class Publications implements ControllerProviderInterface
$app['controller.admin.publications'] = $this; $app['controller.admin.publications'] = $this;
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin') $app['firewall']->requireAccessToModule('admin')
->requireRight('bas_chupub'); ->requireRight('bas_chupub');

2
lib/Alchemy/Phrasea/Controller/Admin/Root.php
View File

@@ -25,6 +25,8 @@ class Root implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin'); $app['firewall']->requireAccessToModule('admin');
}); });

2
lib/Alchemy/Phrasea/Controller/Admin/Subdefs.php
View File

@@ -23,6 +23,8 @@ class Subdefs implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin') $app['firewall']->requireAccessToModule('admin')
->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct'); ->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');

14
lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php
View File

@@ -26,13 +26,13 @@ class TaskManager implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers $app['firewall']->addMandatoryAuthentication($controllers);
->before(function (Request $request) use ($app) {
$app['firewall']->requireRight('taskmanager'); $controllers->before(function (Request $request) use ($app) {
}) $app['firewall']->requireRight('taskmanager');
->convert('task', function ($id) use ($app) { })->convert('task', function ($id) use ($app) {
return $app['converter.task']->convert($id); return $app['converter.task']->convert($id);
}); });
$controllers $controllers
->get('/', 'controller.admin.task:getRoot') ->get('/', 'controller.admin.task:getRoot')

4
lib/Alchemy/Phrasea/Controller/Admin/Users.php
View File

@@ -28,7 +28,9 @@ class Users implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request, Application $app) { $app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin') $app['firewall']->requireAccessToModule('admin')
->requireRight('manageusers'); ->requireRight('manageusers');
}); });

4
lib/Alchemy/Phrasea/Controller/Client/Baskets.php
View File

@@ -27,9 +27,7 @@ class Baskets implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function () use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->match('/', 'controller.client.baskets:getBaskets') $controllers->match('/', 'controller.client.baskets:getBaskets')
->method('POST|GET') ->method('POST|GET')

4
lib/Alchemy/Phrasea/Controller/Client/Root.php
View File

@@ -34,7 +34,9 @@ class Root implements ControllerProviderInterface
if (!$app['authentication']->isAuthenticated() && null !== $request->query->get('nolog')) { if (!$app['authentication']->isAuthenticated() && null !== $request->query->get('nolog')) {
return $app->redirectPath('login_authenticate_as_guest', ['redirect' => 'client']); return $app->redirectPath('login_authenticate_as_guest', ['redirect' => 'client']);
} }
$app['firewall']->requireAuthentication(); if (null !== $response = $app['firewall']->requireAuthentication()) {
return $response;
}
}); });
$controllers->get('/', 'controller.client:getClient') $controllers->get('/', 'controller.client:getClient')

6
lib/Alchemy/Phrasea/Controller/Lightbox.php
View File

@@ -62,9 +62,9 @@ class Lightbox implements ControllerProviderInterface
} }
}); });
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
}) $controllers
// Silex\Route::convert is not used as this should be done prior the before middleware // Silex\Route::convert is not used as this should be done prior the before middleware
->before($app['middleware.basket.converter']) ->before($app['middleware.basket.converter'])
->before($app['middleware.basket.user-access']); ->before($app['middleware.basket.user-access']);

5
lib/Alchemy/Phrasea/Controller/Prod/BasketController.php
View File

@@ -29,10 +29,9 @@ class BasketController implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers $controllers
->before(function (Request $request, Application $app) {
$app['firewall']->requireAuthentication();
})
// Silex\Route::convert is not used as this should be done prior the before middleware // Silex\Route::convert is not used as this should be done prior the before middleware
->before($app['middleware.basket.converter']) ->before($app['middleware.basket.converter'])
->before($app['middleware.basket.user-access']); ->before($app['middleware.basket.user-access']);

2
lib/Alchemy/Phrasea/Controller/Prod/Bridge.php
View File

@@ -25,6 +25,8 @@ class Bridge implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireRight('bas_chupub'); $app['firewall']->requireRight('bas_chupub');
}); });

4
lib/Alchemy/Phrasea/Controller/Prod/Download.php
View File

@@ -27,9 +27,7 @@ class Download implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->post('/', 'controller.prod.download:checkDownload') $controllers->post('/', 'controller.prod.download:checkDownload')
->bind('check_download'); ->bind('check_download');

2
lib/Alchemy/Phrasea/Controller/Prod/Edit.php
View File

@@ -26,6 +26,8 @@ class Edit implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall'] $app['firewall']
->requireNotGuest() ->requireNotGuest()

2
lib/Alchemy/Phrasea/Controller/Prod/Export.php
View File

@@ -32,6 +32,8 @@ class Export implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireNotGuest(); $app['firewall']->requireNotGuest();
}); });

4
lib/Alchemy/Phrasea/Controller/Prod/Feed.php
View File

@@ -31,9 +31,7 @@ class Feed implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->post('/requestavailable/', function (Application $app, Request $request) { $controllers->post('/requestavailable/', function (Application $app, Request $request) {
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser( $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser(

5
lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php
View File

@@ -35,9 +35,10 @@ class Lazaret implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAuthentication() $app['firewall']->requireRight('addrecord');
->requireRight('addrecord');
}); });
$controllers->get('/', 'controller.prod.lazaret:listElement') $controllers->get('/', 'controller.prod.lazaret:listElement')

5
lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php
View File

@@ -24,9 +24,10 @@ class MoveCollection implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAuthentication() $app['firewall']->requireRight('addrecord')
->requireRight('addrecord')
->requireRight('deleterecord'); ->requireRight('deleterecord');
}); });

5
lib/Alchemy/Phrasea/Controller/Prod/Order.php
View File

@@ -36,9 +36,10 @@ class Order implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAuthentication() $app['firewall']->requireRight('order');
->requireRight('order');
}); });
$controllers->get('/', 'controller.prod.order:displayOrders') $controllers->get('/', 'controller.prod.order:displayOrders')

2
lib/Alchemy/Phrasea/Controller/Prod/Property.php
View File

@@ -29,6 +29,8 @@ class Property implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireNotGuest(); $app['firewall']->requireNotGuest();
}); });

5
lib/Alchemy/Phrasea/Controller/Prod/Push.php
View File

@@ -102,9 +102,10 @@ class Push implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAuthentication() $app['firewall']->requireRight('push');
->requireRight('push');
}); });
$userFormatter = $this->getUserFormatter(); $userFormatter = $this->getUserFormatter();

4
lib/Alchemy/Phrasea/Controller/Prod/Query.php
View File

@@ -27,9 +27,7 @@ class Query implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->post('/', 'controller.prod.query:query') $controllers->post('/', 'controller.prod.query:query')
->bind('prod_query'); ->bind('prod_query');

2
lib/Alchemy/Phrasea/Controller/Prod/Records.php
View File

@@ -29,6 +29,8 @@ class Records implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireNotGuest(); $app['firewall']->requireNotGuest();
}); });

4
lib/Alchemy/Phrasea/Controller/Prod/Root.php
View File

@@ -33,7 +33,9 @@ class Root implements ControllerProviderInterface
return $app->redirectPath('login_authenticate_as_guest'); return $app->redirectPath('login_authenticate_as_guest');
} }
$app['firewall']->requireAuthentication(); if (null !== $response = $app['firewall']->requireAuthentication()) {
return $response;
}
}); });
$controllers->get('/', function (Application $app) { $controllers->get('/', function (Application $app) {

2
lib/Alchemy/Phrasea/Controller/Prod/Share.php
View File

@@ -27,6 +27,8 @@ class Share implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireNotGuest(); $app['firewall']->requireNotGuest();
}); });

4
lib/Alchemy/Phrasea/Controller/Prod/Story.php
View File

@@ -28,9 +28,7 @@ class Story implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->get('/create/', function (Application $app) { $controllers->get('/create/', function (Application $app) {
return $app['twig']->render('prod/Story/Create.html.twig', []); return $app['twig']->render('prod/Story/Create.html.twig', []);

10
lib/Alchemy/Phrasea/Controller/Prod/TOU.php
View File

@@ -24,12 +24,10 @@ class TOU implements ControllerProviderInterface
$app['controller.prod.tou'] = $this; $app['controller.prod.tou'] = $this;
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->post('/deny/{sbas_id}/', 'controller.prod.tou:denyTermsOfUse') $controller = $controllers->post('/deny/{sbas_id}/', 'controller.prod.tou:denyTermsOfUse')
->bind('deny_tou') ->bind('deny_tou');
->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controller);
$app['firewall']->requireAuthentication();
});
$controllers->get('/', 'controller.prod.tou:displayTermsOfUse') $controllers->get('/', 'controller.prod.tou:displayTermsOfUse')
->bind('get_tou'); ->bind('get_tou');

5
lib/Alchemy/Phrasea/Controller/Prod/Tools.php
View File

@@ -27,9 +27,10 @@ class Tools implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAuthentication() $app['firewall']->requireRight('doctools');
->requireRight('doctools');
}); });
$controllers->get('/', function (Application $app, Request $request) { $controllers->get('/', function (Application $app, Request $request) {

4
lib/Alchemy/Phrasea/Controller/Prod/Tooltip.php
View File

@@ -25,9 +25,7 @@ class Tooltip implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->post('/basket/{basket}/', 'controller.prod.tooltip:displayBasket') $controllers->post('/basket/{basket}/', 'controller.prod.tooltip:displayBasket')
->assert('basket', '\d+') ->assert('basket', '\d+')

5
lib/Alchemy/Phrasea/Controller/Prod/Upload.php
View File

@@ -38,9 +38,10 @@ class Upload implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireAuthentication() $app['firewall']->requireRight('addrecord');
->requireRight('addrecord');
}); });
$controllers->get('/', 'controller.prod.upload:getUploadForm') $controllers->get('/', 'controller.prod.upload:getUploadForm')

4
lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php
View File

@@ -29,9 +29,7 @@ class UsrLists implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->get('/all/', 'controller.prod.usr-lists:getAll') $controllers->get('/all/', 'controller.prod.usr-lists:getAll')
->bind('prod_lists_all'); ->bind('prod_lists_all');

6
lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php
View File

@@ -29,9 +29,9 @@ class WorkZone implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
}) $controllers
// Silex\Route::convert is not used as this should be done prior the before middleware // Silex\Route::convert is not used as this should be done prior the before middleware
->before($app['middleware.basket.converter']) ->before($app['middleware.basket.converter'])
->before($app['middleware.basket.user-access']);; ->before($app['middleware.basket.user-access']);;

3
lib/Alchemy/Phrasea/Controller/Report/Activity.php
View File

@@ -25,8 +25,9 @@ class Activity implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function () use ($app) { $controllers->before(function () use ($app) {
$app['firewall']->requireAuthentication();
$app['firewall']->requireAccessToModule('report'); $app['firewall']->requireAccessToModule('report');
}); });

3
lib/Alchemy/Phrasea/Controller/Report/Export.php
View File

@@ -25,8 +25,9 @@ class Export implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function () use ($app) { $controllers->before(function () use ($app) {
$app['firewall']->requireAuthentication();
$app['firewall']->requireAccessToModule('report'); $app['firewall']->requireAccessToModule('report');
}); });

3
lib/Alchemy/Phrasea/Controller/Report/Informations.php
View File

@@ -24,8 +24,9 @@ class Informations implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function () use ($app) { $controllers->before(function () use ($app) {
$app['firewall']->requireAuthentication();
$app['firewall']->requireAccessToModule('report'); $app['firewall']->requireAccessToModule('report');
}); });

3
lib/Alchemy/Phrasea/Controller/Report/Root.php
View File

@@ -25,8 +25,9 @@ class Root implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function () use ($app) { $controllers->before(function () use ($app) {
$app['firewall']->requireAuthentication();
$app['firewall']->requireAccessToModule('report'); $app['firewall']->requireAccessToModule('report');
}); });

4
lib/Alchemy/Phrasea/Controller/Root/Account.php
View File

@@ -33,9 +33,7 @@ class Account implements ControllerProviderInterface
$app['account.controller'] = $this; $app['account.controller'] = $this;
$controllers->before(function () use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
// Displays current logged in user account // Displays current logged in user account
$controllers->get('/', 'account.controller:displayAccount') $controllers->get('/', 'account.controller:displayAccount')

4
lib/Alchemy/Phrasea/Controller/Root/Developers.php
View File

@@ -26,9 +26,7 @@ class Developers implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function () use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->get('/applications/', 'controller.account.developers:listApps') $controllers->get('/applications/', 'controller.account.developers:listApps')
->bind('developers_applications'); ->bind('developers_applications');

8
lib/Alchemy/Phrasea/Controller/Root/Login.php
View File

@@ -163,10 +163,10 @@ class Login implements ControllerProviderInterface
})->bind('login_authentication_provider_callback'); })->bind('login_authentication_provider_callback');
// Logout end point // Logout end point
$controllers->get('/logout/', 'login.controller:logout') $logoutController = $controllers->get('/logout/', 'login.controller:logout')
->before(function (Request $request) use ($app) { ->bind('logout');
$app['firewall']->requireAuthentication();
})->bind('logout'); $app['firewall']->addMandatoryAuthentication($logoutController);
// Registration end point ; redirects to classic registration or AuthProvider registration // Registration end point ; redirects to classic registration or AuthProvider registration
$controllers->get('/register/', 'login.controller:displayRegisterForm') $controllers->get('/register/', 'login.controller:displayRegisterForm')

7
lib/Alchemy/Phrasea/Controller/Root/Session.php
View File

@@ -28,11 +28,10 @@ class Session implements ControllerProviderInterface
$controllers->post('/update/', 'controller.session:updateSession') $controllers->post('/update/', 'controller.session:updateSession')
->bind('update_session'); ->bind('update_session');
$controllers->post('/delete/{id}', 'controller.session:deleteSession') $controller = $controllers->post('/delete/{id}', 'controller.session:deleteSession')
->before(function () use ($app) {
$app['firewall']->requireAuthentication();
})
->bind('delete_session'); ->bind('delete_session');
$app['firewall']->addMandatoryAuthentication($controller);
return $controllers; return $controllers;
} }

3
lib/Alchemy/Phrasea/Controller/Thesaurus/Thesaurus.php
View File

@@ -24,8 +24,9 @@ class Thesaurus implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function () use ($app) { $controllers->before(function () use ($app) {
$app['firewall']->requireAuthentication();
$app['firewall']->requireAccessToModule('thesaurus'); $app['firewall']->requireAccessToModule('thesaurus');
}); });

4
lib/Alchemy/Phrasea/Controller/Thesaurus/Xmlhttp.php
View File

@@ -26,9 +26,7 @@ class Xmlhttp implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function () use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->match('acceptcandidates.j.php', 'controller.thesaurus.xmlhttp:AcceptCandidatesJson') $controllers->match('acceptcandidates.j.php', 'controller.thesaurus.xmlhttp:AcceptCandidatesJson')
->before(function () use ($app) { ->before(function () use ($app) {

2
lib/Alchemy/Phrasea/Controller/User/Notifications.php
View File

@@ -28,6 +28,8 @@ class Notifications implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$app['firewall']->addMandatoryAuthentication($controllers);
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
$app['firewall']->requireNotGuest(); $app['firewall']->requireNotGuest();
}); });

4
lib/Alchemy/Phrasea/Controller/User/Preferences.php
View File

@@ -28,9 +28,7 @@ class Preferences implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $app['firewall']->addMandatoryAuthentication($controllers);
$app['firewall']->requireAuthentication();
});
$controllers->post('/', 'controller.user.preferences:saveUserPref') $controllers->post('/', 'controller.user.preferences:saveUserPref')
->bind('save_pref'); ->bind('save_pref');

36
lib/Alchemy/Phrasea/Security/Firewall.php
View File

@@ -12,7 +12,10 @@
namespace Alchemy\Phrasea\Security; namespace Alchemy\Phrasea\Security;
use Silex\Application; use Silex\Application;
use Silex\Controller;
use Silex\ControllerCollection;
use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
class Firewall class Firewall
{ {
@@ -47,8 +50,6 @@ class Firewall
public function requireAccessToModule($module) public function requireAccessToModule($module)
{ {
$this->requireAuthentication();
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_module($module)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_module($module)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -58,8 +59,6 @@ class Firewall
public function requireAccessToSbas($sbas_id) public function requireAccessToSbas($sbas_id)
{ {
$this->requireAuthentication();
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_sbas($sbas_id)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_sbas($sbas_id)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -69,8 +68,6 @@ class Firewall
public function requireAccessToBase($base_id) public function requireAccessToBase($base_id)
{ {
$this->requireAuthentication();
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -80,8 +77,6 @@ class Firewall
public function requireRight($right) public function requireRight($right)
{ {
$this->requireAuthentication();
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right($right)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right($right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -91,8 +86,6 @@ class Firewall
public function requireRightOnBase($base_id, $right) public function requireRightOnBase($base_id, $right)
{ {
$this->requireAuthentication();
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -102,8 +95,6 @@ class Firewall
public function requireRightOnSbas($sbas_id, $right) public function requireRightOnSbas($sbas_id, $right)
{ {
$this->requireAuthentication();
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -113,8 +104,6 @@ class Firewall
public function requireNotGuest() public function requireNotGuest()
{ {
$this->requireAuthentication();
if ($this->app['authentication']->getUser()->is_guest()) { if ($this->app['authentication']->getUser()->is_guest()) {
$this->app->abort(403, 'Guests do not have admin role'); $this->app->abort(403, 'Guests do not have admin role');
} }
@@ -125,12 +114,23 @@ class Firewall
public function requireAuthentication() public function requireAuthentication()
{ {
if (!$this->app['authentication']->isAuthenticated()) { if (!$this->app['authentication']->isAuthenticated()) {
$this->app->abort(302, 'You are not authenticated', [ return new RedirectResponse($this->app->path('homepage'));
'X-Phraseanet-Redirect' => $this->app->path('homepage') }
]); }
public function addMandatoryAuthentication($controllers)
{
if (!$controllers instanceof ControllerCollection && !$controllers instanceof Controller) {
throw new \InvalidArgumentException('Controllers must be either a Controller or a ControllerCollection.');
} }
return $this; $app = $this->app;
$controllers->before(function (Request $request) use ($app) {
if (null !== $response = $app['firewall']->requireAuthentication()) {
return $response;
}
});
} }
public function requireNotAuthenticated() public function requireNotAuthenticated()

10
tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
View File

@@ -2,24 +2,18 @@
namespace Alchemy\Tests\Phrasea\Security; namespace Alchemy\Tests\Phrasea\Security;
use Alchemy\Phrasea\Security\Firewall;
class FirewallTest extends \PhraseanetAuthenticatedWebTestCase class FirewallTest extends \PhraseanetAuthenticatedWebTestCase
{ {
protected $client; protected $client;
public function testRequiredAuth() public function testRequiredAuth()
{ {
$res = self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']); $this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
$this->assertInstanceOf('\\Alchemy\\Phrasea\\Security\\Firewall', $res);
} }
/**
* @expectedException \Symfony\Component\HttpKernel\Exception\HttpException
*/
public function testRequiredAuthNotAuthenticated() public function testRequiredAuthNotAuthenticated()
{ {
$this->logout(self::$DI['app']); $this->logout(self::$DI['app']);
self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']); $this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
} }
} }

4
www/skins/report/jquery-ui-theme/report-base/jquery-ui-1.10.3.custom.css vendored
View File

@@ -801,7 +801,7 @@ body .ui-tooltip {
} }
.ui-widget-content { .ui-widget-content {
border: 1px solid #202020; border: 1px solid #202020;
background: #555555 url(images/ui-bg_flat_75_555555_40x100.png) 50% 50% repeat-x; background: #555555 url(images/ui-bg_flat_75_d2d1cf_40x100.png) 50% 50% repeat-x;
color: #ff9000; color: #ff9000;
} }
.ui-widget-content a { .ui-widget-content a {
@@ -809,7 +809,7 @@ body .ui-tooltip {
} }
.ui-widget-header { .ui-widget-header {
border: 1px solid #202020; border: 1px solid #202020;
background: #202020 url(images/ui-bg_flat_75_202020_40x100.png) 50% 50% repeat-x; background: #202020 url(images/ui-bg_flat_75_d2d1cf_40x100.png) 50% 50% repeat-x;
color: #222222; color: #222222;
font-weight: bold; font-weight: bold;
} }

2
www/skins/report/jquery-ui-theme/report-base/jquery-ui-1.10.3.custom.min.css vendored
View File

File diff suppressed because one or more lines are too long