mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-23 18:03:17 +00:00
Merge branch '3.8'
Conflicts: lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php lib/Alchemy/Phrasea/Controller/Admin/Users.php lib/Alchemy/Phrasea/Controller/Lightbox.php lib/Alchemy/Phrasea/Controller/Prod/Basket.php lib/Alchemy/Phrasea/Controller/Prod/TOU.php lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php lib/Alchemy/Phrasea/Controller/Root/Session.php lib/Alchemy/Phrasea/Security/Firewall.php lib/classes/task/abstract.php tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
This commit is contained in:
10
composer.lock
generated
10
composer.lock
generated
@@ -120,16 +120,16 @@
|
||||
},
|
||||
{
|
||||
"name": "alchemy/geonames-api-consumer",
|
||||
"version": "0.1.1",
|
||||
"version": "0.1.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/alchemy-fr/GeonamesServer-PHP-Plugin.git",
|
||||
"reference": "c01f5d2d132e215524860c336693ed043a94118f"
|
||||
"reference": "111a38233da7a5503f86e96877e044381698f647"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/alchemy-fr/GeonamesServer-PHP-Plugin/zipball/c01f5d2d132e215524860c336693ed043a94118f",
|
||||
"reference": "c01f5d2d132e215524860c336693ed043a94118f",
|
||||
"url": "https://api.github.com/repos/alchemy-fr/GeonamesServer-PHP-Plugin/zipball/111a38233da7a5503f86e96877e044381698f647",
|
||||
"reference": "111a38233da7a5503f86e96877e044381698f647",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -154,7 +154,7 @@
|
||||
"keywords": [
|
||||
"geonames"
|
||||
],
|
||||
"time": "2013-07-02 11:28:34"
|
||||
"time": "2014-02-05 15:29:39"
|
||||
},
|
||||
{
|
||||
"name": "alchemy/ghostscript",
|
||||
|
@@ -26,6 +26,8 @@ class Collection implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin');
|
||||
|
@@ -25,6 +25,8 @@ class ConnectedUsers implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('Admin');
|
||||
});
|
||||
@@ -72,9 +74,7 @@ class ConnectedUsers implements ControllerProviderInterface
|
||||
$info = '';
|
||||
}
|
||||
} catch (GeonamesExceptionInterface $e) {
|
||||
$app['monolog']->error(sprintf(
|
||||
"Unable to get IP information for %s : %s", $session->getIpAddress(), $e->getMessage()
|
||||
));
|
||||
$app['monolog']->error(sprintf("Unable to get IP information for %s", $session->getIpAddress()), array('exception' => $e));
|
||||
}
|
||||
|
||||
$result[] = [
|
||||
|
@@ -26,6 +26,8 @@ class Databox implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireAccessToSbas($request->attributes->get('databox_id'));
|
||||
|
@@ -25,6 +25,8 @@ class Databoxes implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin');
|
||||
});
|
||||
|
@@ -28,6 +28,8 @@ class Fields implements ControllerProviderInterface
|
||||
|
||||
$app['admin.fields.controller'] = $this;
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']
|
||||
->requireAccessToModule('admin')
|
||||
|
@@ -26,6 +26,8 @@ class Publications implements ControllerProviderInterface
|
||||
$app['controller.admin.publications'] = $this;
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRight('bas_chupub');
|
||||
|
@@ -25,6 +25,8 @@ class Root implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin');
|
||||
});
|
||||
|
@@ -23,6 +23,8 @@ class Subdefs implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');
|
||||
|
@@ -26,13 +26,13 @@ class TaskManager implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers
|
||||
->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireRight('taskmanager');
|
||||
})
|
||||
->convert('task', function ($id) use ($app) {
|
||||
return $app['converter.task']->convert($id);
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireRight('taskmanager');
|
||||
})->convert('task', function ($id) use ($app) {
|
||||
return $app['converter.task']->convert($id);
|
||||
});
|
||||
|
||||
$controllers
|
||||
->get('/', 'controller.admin.task:getRoot')
|
||||
|
@@ -28,7 +28,9 @@ class Users implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request, Application $app) {
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRight('manageusers');
|
||||
});
|
||||
|
@@ -27,9 +27,7 @@ class Baskets implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->match('/', 'controller.client.baskets:getBaskets')
|
||||
->method('POST|GET')
|
||||
|
@@ -34,7 +34,9 @@ class Root implements ControllerProviderInterface
|
||||
if (!$app['authentication']->isAuthenticated() && null !== $request->query->get('nolog')) {
|
||||
return $app->redirectPath('login_authenticate_as_guest', ['redirect' => 'client']);
|
||||
}
|
||||
$app['firewall']->requireAuthentication();
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
|
||||
$controllers->get('/', 'controller.client:getClient')
|
||||
|
@@ -62,9 +62,9 @@ class Lightbox implements ControllerProviderInterface
|
||||
}
|
||||
});
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers
|
||||
// Silex\Route::convert is not used as this should be done prior the before middleware
|
||||
->before($app['middleware.basket.converter'])
|
||||
->before($app['middleware.basket.user-access']);
|
||||
|
@@ -29,10 +29,9 @@ class BasketController implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers
|
||||
->before(function (Request $request, Application $app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})
|
||||
// Silex\Route::convert is not used as this should be done prior the before middleware
|
||||
->before($app['middleware.basket.converter'])
|
||||
->before($app['middleware.basket.user-access']);
|
||||
|
@@ -25,6 +25,8 @@ class Bridge implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireRight('bas_chupub');
|
||||
});
|
||||
|
@@ -27,9 +27,7 @@ class Download implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->post('/', 'controller.prod.download:checkDownload')
|
||||
->bind('check_download');
|
||||
|
@@ -26,6 +26,8 @@ class Edit implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']
|
||||
->requireNotGuest()
|
||||
|
@@ -32,6 +32,8 @@ class Export implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
@@ -31,9 +31,7 @@ class Feed implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->post('/requestavailable/', function (Application $app, Request $request) {
|
||||
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser(
|
||||
|
@@ -35,9 +35,10 @@ class Lazaret implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('addrecord');
|
||||
$app['firewall']->requireRight('addrecord');
|
||||
});
|
||||
|
||||
$controllers->get('/', 'controller.prod.lazaret:listElement')
|
||||
|
@@ -24,9 +24,10 @@ class MoveCollection implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('addrecord')
|
||||
$app['firewall']->requireRight('addrecord')
|
||||
->requireRight('deleterecord');
|
||||
});
|
||||
|
||||
|
@@ -36,9 +36,10 @@ class Order implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('order');
|
||||
$app['firewall']->requireRight('order');
|
||||
});
|
||||
|
||||
$controllers->get('/', 'controller.prod.order:displayOrders')
|
||||
|
@@ -29,6 +29,8 @@ class Property implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
@@ -102,9 +102,10 @@ class Push implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('push');
|
||||
$app['firewall']->requireRight('push');
|
||||
});
|
||||
|
||||
$userFormatter = $this->getUserFormatter();
|
||||
|
@@ -27,9 +27,7 @@ class Query implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->post('/', 'controller.prod.query:query')
|
||||
->bind('prod_query');
|
||||
|
@@ -29,6 +29,8 @@ class Records implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
@@ -33,7 +33,9 @@ class Root implements ControllerProviderInterface
|
||||
return $app->redirectPath('login_authenticate_as_guest');
|
||||
}
|
||||
|
||||
$app['firewall']->requireAuthentication();
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
|
||||
$controllers->get('/', function (Application $app) {
|
||||
|
@@ -27,6 +27,8 @@ class Share implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
@@ -28,9 +28,7 @@ class Story implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->get('/create/', function (Application $app) {
|
||||
return $app['twig']->render('prod/Story/Create.html.twig', []);
|
||||
|
@@ -25,11 +25,9 @@ class TOU implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->post('/deny/{sbas_id}/', 'controller.prod.tou:denyTermsOfUse')
|
||||
->bind('deny_tou')
|
||||
->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$controller = $controllers->post('/deny/{sbas_id}/', 'controller.prod.tou:denyTermsOfUse')
|
||||
->bind('deny_tou');
|
||||
$app['firewall']->addMandatoryAuthentication($controller);
|
||||
|
||||
$controllers->get('/', 'controller.prod.tou:displayTermsOfUse')
|
||||
->bind('get_tou');
|
||||
|
@@ -27,9 +27,10 @@ class Tools implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('doctools');
|
||||
$app['firewall']->requireRight('doctools');
|
||||
});
|
||||
|
||||
$controllers->get('/', function (Application $app, Request $request) {
|
||||
|
@@ -25,9 +25,7 @@ class Tooltip implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->post('/basket/{basket}/', 'controller.prod.tooltip:displayBasket')
|
||||
->assert('basket', '\d+')
|
||||
|
@@ -38,9 +38,10 @@ class Upload implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('addrecord');
|
||||
$app['firewall']->requireRight('addrecord');
|
||||
});
|
||||
|
||||
$controllers->get('/', 'controller.prod.upload:getUploadForm')
|
||||
|
@@ -29,9 +29,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->get('/all/', 'controller.prod.usr-lists:getAll')
|
||||
->bind('prod_lists_all');
|
||||
|
@@ -29,9 +29,9 @@ class WorkZone implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers
|
||||
// Silex\Route::convert is not used as this should be done prior the before middleware
|
||||
->before($app['middleware.basket.converter'])
|
||||
->before($app['middleware.basket.user-access']);;
|
||||
|
@@ -25,8 +25,9 @@ class Activity implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
@@ -25,8 +25,9 @@ class Export implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
@@ -24,8 +24,9 @@ class Informations implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
@@ -25,8 +25,9 @@ class Root implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
@@ -33,9 +33,7 @@ class Account implements ControllerProviderInterface
|
||||
|
||||
$app['account.controller'] = $this;
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
// Displays current logged in user account
|
||||
$controllers->get('/', 'account.controller:displayAccount')
|
||||
|
@@ -26,9 +26,7 @@ class Developers implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->get('/applications/', 'controller.account.developers:listApps')
|
||||
->bind('developers_applications');
|
||||
|
@@ -163,10 +163,10 @@ class Login implements ControllerProviderInterface
|
||||
})->bind('login_authentication_provider_callback');
|
||||
|
||||
// Logout end point
|
||||
$controllers->get('/logout/', 'login.controller:logout')
|
||||
->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})->bind('logout');
|
||||
$logoutController = $controllers->get('/logout/', 'login.controller:logout')
|
||||
->bind('logout');
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($logoutController);
|
||||
|
||||
// Registration end point ; redirects to classic registration or AuthProvider registration
|
||||
$controllers->get('/register/', 'login.controller:displayRegisterForm')
|
||||
|
@@ -28,12 +28,11 @@ class Session implements ControllerProviderInterface
|
||||
$controllers->post('/update/', 'controller.session:updateSession')
|
||||
->bind('update_session');
|
||||
|
||||
$controllers->post('/delete/{id}', 'controller.session:deleteSession')
|
||||
->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})
|
||||
$controller = $controllers->post('/delete/{id}', 'controller.session:deleteSession')
|
||||
->bind('delete_session');
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controller);
|
||||
|
||||
return $controllers;
|
||||
}
|
||||
|
||||
|
@@ -24,8 +24,9 @@ class Thesaurus implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('thesaurus');
|
||||
});
|
||||
|
||||
|
@@ -26,9 +26,7 @@ class Xmlhttp implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->match('acceptcandidates.j.php', 'controller.thesaurus.xmlhttp:AcceptCandidatesJson')
|
||||
->before(function () use ($app) {
|
||||
|
@@ -28,6 +28,8 @@ class Notifications implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
@@ -28,9 +28,7 @@ class Preferences implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->post('/', 'controller.user.preferences:saveUserPref')
|
||||
->bind('save_pref');
|
||||
|
@@ -12,7 +12,10 @@
|
||||
namespace Alchemy\Phrasea\Security;
|
||||
|
||||
use Silex\Application;
|
||||
use Silex\Controller;
|
||||
use Silex\ControllerCollection;
|
||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
class Firewall
|
||||
{
|
||||
@@ -47,8 +50,6 @@ class Firewall
|
||||
|
||||
public function requireAccessToModule($module)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_module($module)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -58,8 +59,6 @@ class Firewall
|
||||
|
||||
public function requireAccessToSbas($sbas_id)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_sbas($sbas_id)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -69,8 +68,6 @@ class Firewall
|
||||
|
||||
public function requireAccessToBase($base_id)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -80,8 +77,6 @@ class Firewall
|
||||
|
||||
public function requireRight($right)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right($right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -91,8 +86,6 @@ class Firewall
|
||||
|
||||
public function requireRightOnBase($base_id, $right)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -102,8 +95,6 @@ class Firewall
|
||||
|
||||
public function requireRightOnSbas($sbas_id, $right)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -113,8 +104,6 @@ class Firewall
|
||||
|
||||
public function requireNotGuest()
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if ($this->app['authentication']->getUser()->is_guest()) {
|
||||
$this->app->abort(403, 'Guests do not have admin role');
|
||||
}
|
||||
@@ -125,12 +114,23 @@ class Firewall
|
||||
public function requireAuthentication()
|
||||
{
|
||||
if (!$this->app['authentication']->isAuthenticated()) {
|
||||
$this->app->abort(302, 'You are not authenticated', [
|
||||
'X-Phraseanet-Redirect' => $this->app->path('homepage')
|
||||
]);
|
||||
return new RedirectResponse($this->app->path('homepage'));
|
||||
}
|
||||
}
|
||||
|
||||
public function addMandatoryAuthentication($controllers)
|
||||
{
|
||||
if (!$controllers instanceof ControllerCollection && !$controllers instanceof Controller) {
|
||||
throw new \InvalidArgumentException('Controllers must be either a Controller or a ControllerCollection.');
|
||||
}
|
||||
|
||||
return $this;
|
||||
$app = $this->app;
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public function requireNotAuthenticated()
|
||||
|
@@ -2,24 +2,18 @@
|
||||
|
||||
namespace Alchemy\Tests\Phrasea\Security;
|
||||
|
||||
use Alchemy\Phrasea\Security\Firewall;
|
||||
|
||||
class FirewallTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
{
|
||||
protected $client;
|
||||
|
||||
public function testRequiredAuth()
|
||||
{
|
||||
$res = self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']);
|
||||
$this->assertInstanceOf('\\Alchemy\\Phrasea\\Security\\Firewall', $res);
|
||||
$this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\HttpKernel\Exception\HttpException
|
||||
*/
|
||||
public function testRequiredAuthNotAuthenticated()
|
||||
{
|
||||
$this->logout(self::$DI['app']);
|
||||
self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']);
|
||||
$this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
|
||||
}
|
||||
}
|
||||
|
@@ -801,7 +801,7 @@ body .ui-tooltip {
|
||||
}
|
||||
.ui-widget-content {
|
||||
border: 1px solid #202020;
|
||||
background: #555555 url(images/ui-bg_flat_75_555555_40x100.png) 50% 50% repeat-x;
|
||||
background: #555555 url(images/ui-bg_flat_75_d2d1cf_40x100.png) 50% 50% repeat-x;
|
||||
color: #ff9000;
|
||||
}
|
||||
.ui-widget-content a {
|
||||
@@ -809,7 +809,7 @@ body .ui-tooltip {
|
||||
}
|
||||
.ui-widget-header {
|
||||
border: 1px solid #202020;
|
||||
background: #202020 url(images/ui-bg_flat_75_202020_40x100.png) 50% 50% repeat-x;
|
||||
background: #202020 url(images/ui-bg_flat_75_d2d1cf_40x100.png) 50% 50% repeat-x;
|
||||
color: #222222;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user