From 18f08574a32edc2e931d31d73b59f34fd420c499 Mon Sep 17 00:00:00 2001 From: tomas Date: Fri, 22 Apr 2005 13:37:16 +0000 Subject: [PATCH] #511 fixed --- .../modules/htmlUI/var/ui_handler.class.php | 10 +++-- .../modules/storageServer/var/GreenBox.php | 45 ++++++++++++++++++- .../modules/storageServer/var/html/gbHttp.php | 19 +++----- 3 files changed, 56 insertions(+), 18 deletions(-) diff --git a/livesupport/modules/htmlUI/var/ui_handler.class.php b/livesupport/modules/htmlUI/var/ui_handler.class.php index 12539ae85..933c1f0d9 100644 --- a/livesupport/modules/htmlUI/var/ui_handler.class.php +++ b/livesupport/modules/htmlUI/var/ui_handler.class.php @@ -530,8 +530,11 @@ class uiHandler extends uiBase { */ function addPerm($subj, $permAction, $id, $allowDeny) { - #if($this->gb->checkPerm($this->userid, 'editPerms', $id)){ - if (PEAR::isError($this->gb->addPerm($subj, $permAction, $id, $allowDeny))) { + if (PEAR::isError( + $this->gb->addPerm( + $this->sessid, $subj, $permAction, $id, $allowDeny + ) + )) { $this->_retMsg('Access denied.'); return FALSE; } @@ -549,8 +552,7 @@ class uiHandler extends uiBase { */ function removePerm($permid, $oid) { - #if($this->gb->checkPerm($this->userid, 'editPerms', $oid)) - if (PEAR::isError($this->gb->removePerm($permid))) { + if (PEAR::isError($this->gb->removePerm($this->sessid, $permid))) { $this->_retMsg('Access denied.'); return FALSE; } diff --git a/livesupport/modules/storageServer/var/GreenBox.php b/livesupport/modules/storageServer/var/GreenBox.php index f3b09a2fe..8f24d261c 100644 --- a/livesupport/modules/storageServer/var/GreenBox.php +++ b/livesupport/modules/storageServer/var/GreenBox.php @@ -23,7 +23,7 @@ Author : $Author: tomas $ - Version : $Revision: 1.56 $ + Version : $Revision: 1.57 $ Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/modules/storageServer/var/GreenBox.php,v $ ------------------------------------------------------------------------------*/ @@ -35,7 +35,7 @@ require_once "BasicStor.php"; * LiveSupport file storage module * * @author $Author: tomas $ - * @version $Revision: 1.56 $ + * @version $Revision: 1.57 $ * @see BasicStor */ class GreenBox extends BasicStor{ @@ -867,5 +867,46 @@ class GreenBox extends BasicStor{ return $pa; } + /** + * Insert permission record + * + * @param sessid string, session id + * @param sid int - local user/group id + * @param action string + * @param oid int - local object id + * @param type char - 'A'|'D' (allow/deny) + * @return int - local permission id + */ + function addPerm($sessid, $sid, $action, $oid, $type='A') + { + $parid = $this->getParent($oid); + if(($res = $this->_authorize('editPerms', $parid, $sessid)) !== TRUE){ + return $res; + } + return parent::addPerm($sid, $action, $oid, $type); + } + + /** + * Remove permission record + * + * @param sessid string, session id + * @param permid int OPT - local permission id + * @param subj int OPT - local user/group id + * @param obj int OPT - local object id + * @return boolean/error + */ + function removePerm($sessid, $permid=NULL, $subj=NULL, $obj=NULL) + { + $oid = $this->_getPermOid($permid); + if(PEAR::isError($oid)) return $oid; + if(!is_null($oid)){ + $parid = $this->getParent($oid); + if(($res = $this->_authorize('editPerms', $parid, $sessid)) !== TRUE) + return $res; + } + $res = parent::removePerm($permid, $subj, $obj); + return $res; + } + } ?> diff --git a/livesupport/modules/storageServer/var/html/gbHttp.php b/livesupport/modules/storageServer/var/html/gbHttp.php index 62ef225f0..ba3bc938a 100644 --- a/livesupport/modules/storageServer/var/html/gbHttp.php +++ b/livesupport/modules/storageServer/var/html/gbHttp.php @@ -23,7 +23,7 @@ Author : $Author: tomas $ - Version : $Revision: 1.16 $ + Version : $Revision: 1.17 $ Location : $ $ ------------------------------------------------------------------------------*/ @@ -33,7 +33,7 @@ require_once"gbHtml_h.php"; * storageServer WWW-form interface * * @author $Author: tomas $ - * @version $Revision: 1.16 $ + * @version $Revision: 1.17 $ * @see Alib * @see GreenBox */ @@ -363,13 +363,8 @@ switch($_REQUEST['act']){ * @param allowDeny char, A or D */ case"addPerm"; - $parid = $gb->getParent($_REQUEST['oid']); $redirUrl="gbHtmlPerms.php?id=$id"; - if(!$gb->checkPerm($userid, 'editPerms', $parid)){ - $_SESSION['alertMsg']='Access denied.'; - break; - } - $res = $gb->addPerm($_REQUEST['subj'], $_REQUEST['permAction'], + $res = $gb->addPerm($sessid, $_REQUEST['subj'], $_REQUEST['permAction'], $_REQUEST['id'], $_REQUEST['allowDeny']); if($dbc->isError($res)){ $_SESSION['alertMsg'] = $res->getMessage()." (".$res->getCode().")"; @@ -383,10 +378,10 @@ switch($_REQUEST['act']){ * @param permid int, local id of permission record */ case"removePerm"; - $parid = $gb->getParent($_REQUEST['oid']); - if($gb->checkPerm($userid, 'editPerms', $parid)) - $gb->removePerm($_REQUEST['permid']); - else $_SESSION['alertMsg']='Access denied.'; + $res = $gb->removePerm($sessid, $_REQUEST['permid']); + if($dbc->isError($res)){ + $_SESSION['alertMsg'] = $res->getMessage()." (".$res->getCode().")"; + } $redirUrl="gbHtmlPerms.php?id=$id"; break;