[vhffs-dev] [956] Mew Vhffs::ACL function: get_perm which handle all cases correctly, modified a bit the ACL page to disable ACLs on groups which are useless

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]


Revision: 956
Author:   gradator
Date:     2007-10-02 22:26:38 +0000 (Tue, 02 Oct 2007)

Log Message:
-----------
Mew Vhffs::ACL function: get_perm which handle all cases correctly, modified a bit the ACL page to disable ACLs on groups which are useless

Modified Paths:
--------------
    trunk/vhffs-api/src/Vhffs/Acl.pm
    trunk/vhffs-api/src/Vhffs/Constants.pm
    trunk/vhffs-panel/acl/view.pl
    trunk/vhffs-panel/templates/acl/view.tmpl


Modified: trunk/vhffs-api/src/Vhffs/Acl.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Acl.pm	2007-10-01 19:36:47 UTC (rev 955)
+++ trunk/vhffs-api/src/Vhffs/Acl.pm	2007-10-02 22:26:38 UTC (rev 956)
@@ -49,37 +49,42 @@
 
 =cut
 
+sub get_perm
+{
+	my $vhffs = shift;
+	my $object = shift;
+	my $user = shift;
+
+	return -1 unless( defined $vhffs && defined $object && defined $user );
+	return Vhffs::Constants::ACL_DELETE if $user->is_admin;
+
+	my $perm = Vhffs::Constants::ACL_DENIED;
+	my $request = $vhffs->{'db'}->prepare( 'SELECT MAX(perm) FROM vhffs_acl WHERE ( granted_oid=? OR granted_oid=? ) AND target_oid=?' );
+	my $rows = $request->execute($user->get_oid, $object->get_group->get_oid, $object->get_oid);
+	$perm = $request->fetchrow() if( $rows > 0 );
+
+	return Vhffs::Constants::ACL_VIEW if( $perm < Vhffs::Constants::ACL_VIEW && $user->is_moderator );
+	return $perm;	
+}
+
+
 sub what_perm_for_user
 {
-	my $user;
-	my $object;
-	my $main;
-	my $perm;
-	my $result;
-	my $query;
-	my $request;
-	my $rows;
+	my $user = shift;
+	my $object = shift;
+	my $main = shift;
 
-	$user 	= 	shift;
-	$object 	= 	shift;
-	$main		=	shift;
+	return -1 unless( defined $user && defined $object && defined $main );
 
-	return -1 unless( defined $user && defined $object );
-
-	$perm = Vhffs::Constants::ACL_DENIED;
+	my $perm = Vhffs::Constants::ACL_DENIED;
 	
-    $query = 'SELECT perm FROM vhffs_acl WHERE granted_oid=? AND target_oid=?';
-	$request = $main->{'db'}->prepare( $query );
-	$rows = $request->execute($user->get_oid, $object->get_oid);
+	my $request = $main->{'db'}->prepare( 'SELECT perm FROM vhffs_acl WHERE granted_oid=? AND target_oid=?' );
+	my $rows = $request->execute($user->get_oid, $object->get_oid);
 
-    if( $rows != 0 ) {
-        ($perm) = $request->fetchrow();
-    } else {
-        $query = 'SELECT acl.perm FROM vhffs_acl acl 
-            INNER JOIN vhffs_groups g ON g.object_id = acl.granted_oid 
-            INNER JOIN vhffs_user_group ug ON ug.gid = g.gid
-            WHERE acl.target_oid = ? AND ug.uid = ?';
-		$request = $main->{'db'}->prepare( $query );
+	if( $rows != 0 ) {
+		($perm) = $request->fetchrow();
+	} else {
+		$request = $main->{'db'}->prepare( 'SELECT acl.perm FROM vhffs_acl acl INNER JOIN vhffs_groups g ON g.object_id = acl.granted_oid INNER JOIN vhffs_user_group ug ON ug.gid = g.gid WHERE acl.target_oid = ? AND ug.uid = ?' );
 		$rows = $request->execute( $object->{'object_id'}, $user->get_uid );
 
 		if( $rows != 0 )

Modified: trunk/vhffs-api/src/Vhffs/Constants.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Constants.pm	2007-10-01 19:36:47 UTC (rev 955)
+++ trunk/vhffs-api/src/Vhffs/Constants.pm	2007-10-02 22:26:38 UTC (rev 956)
@@ -24,7 +24,6 @@
     ACL_DENIED => 0,
     ACL_VIEW => 2,
     ACL_MODIFY => 4,
-    ACL_CREATEACL => 6,
     ACL_MANAGEACL => 8,
     ACL_DELETE => 10,
     

Modified: trunk/vhffs-panel/acl/view.pl
===================================================================
--- trunk/vhffs-panel/acl/view.pl	2007-10-01 19:36:47 UTC (rev 955)
+++ trunk/vhffs-panel/acl/view.pl	2007-10-02 22:26:38 UTC (rev 956)
@@ -64,7 +64,7 @@
 
 
 my $object = Vhffs::Object::get_by_oid($vhffs, $oid);
-my $access_level = Vhffs::Acl::what_perm_for_user( $user , $object , $vhffs );
+my $access_level = Vhffs::Acl::get_perm( $vhffs , $object , $user );
 
 # Object does not exists
 if( ! defined $object ) {
@@ -92,21 +92,6 @@
             } else {
                 $panel->add_info( gettext('ACL sucessfuly added') );
             }
-        } elsif(defined $cgi->param('add_acl_group_submit')) {
-            my $perm = $cgi->param('perm');
-            my $groupname = $cgi->param('groupname');
-            my $acl_group;
-            if(! (defined $perm && defined $groupname) ) {
-                $panel->add_error( gettext('CGI Error') );
-            } elsif( ! defined($acl_group = Vhffs::Group::get_by_groupname( $vhffs, $groupname ) ) ) {
-                $panel->add_error( gettext('Group not found') );
-            } elsif( ( $access_level < Vhffs::Constants::ACL_MANAGEACL ) && ( $user->is_admin != 1 ) ) {
-                $panel->add_error( gettext('You\'re not allowed to manage this object\'s ACL') );
-            } elsif( Vhffs::Acl::add_acl ($acl_group, $object, $perm, $vhffs ) < 0 ) {
-                $panel->add_error( gettext('Sorry, can\'t add ACL') );
-            } else {
-                $panel->add_info( gettext('ACL sucessfuly added') );
-            }
         } elsif(defined $cgi->param('update_acl_submit')) {
             my $granted_oid = $cgi->param('granted_oid');
             my $perm = $cgi->param('perm'.$granted_oid);
@@ -130,29 +115,33 @@
         # Disable ACL managment facilities if user doesn't have enough rights
         $template->param( MANAGE_ACL => ($access_level >= Vhffs::Constants::ACL_MANAGEACL));
 
-		$template->param( TEXT_USERNAME => gettext('Username:' ) );
-		$template->param( TEXT_GROUPNAME => gettext('Groupname:' ) );
+	$template->param( TEXT_ACL_USER => gettext('ACL for Users') );
+	$template->param( TEXT_ACL_USER_ADD => gettext('Add an ACL for a User') );
+	$template->param( TEXT_ACL_DEFAULT => gettext('Default right') );
 
+	$template->param( TEXT_USERNAME => gettext('Username:' ) );
+
         $template->param( TEXT_ACL_DENIED => gettext('Can\'t access') );
         $template->param( TEXT_ACL_VIEW => gettext('Can view this service') );
         $template->param( TEXT_ACL_MODIFY => gettext('Can modify this service') );
         $template->param( TEXT_ACL_MANAGEACL => gettext('Can manage ACL for this service') );
         $template->param( TEXT_ACL_DELETE => gettext('Can destroy this service') );
 
-		$template->param( VALUE_ACL_DENIED => Vhffs::Constants::ACL_DENIED );
-		$template->param( VALUE_ACL_VIEW => Vhffs::Constants::ACL_VIEW );
-		$template->param( VALUE_ACL_MODIFY => Vhffs::Constants::ACL_MODIFY );
-		$template->param( VALUE_ACL_MANAGEACL => Vhffs::Constants::ACL_MANAGEACL );
-		$template->param( VALUE_ACL_DELETE => Vhffs::Constants::ACL_DELETE );
+	$template->param( VALUE_ACL_DENIED => Vhffs::Constants::ACL_DENIED );
+	$template->param( VALUE_ACL_VIEW => Vhffs::Constants::ACL_VIEW );
+	$template->param( VALUE_ACL_MODIFY => Vhffs::Constants::ACL_MODIFY );
+	$template->param( VALUE_ACL_MANAGEACL => Vhffs::Constants::ACL_MANAGEACL );
+	$template->param( VALUE_ACL_DELETE => Vhffs::Constants::ACL_DELETE );
 
-		$template->param( TEXT_ACL_LEVEL => gettext('ACL level') );
+	$template->param( TEXT_ACL_LEVEL => gettext('ACL level') );
         
-		$template->param( OID => $object->get_oid );
-		$template->param( SEND => gettext('Send it') );
-		my $user_rights = Vhffs::Acl::getall_acl_for_user_per_object( $object , $vhffs );
-		my $group_rights = Vhffs::Acl::getall_acl_for_group_per_object( $object , $vhffs );
+	$template->param( OID => $object->get_oid );
+	$template->param( SEND => gettext('Send it') );
 
-		my $subtemplate = new HTML::Template::Expr( filename => $templatedir.'/panel/acl/view_each.tmpl', global_vars => 1 );
+	my $user_rights = Vhffs::Acl::getall_acl_for_user_per_object( $object , $vhffs );
+	my $group_rights = Vhffs::Acl::getall_acl_for_group_per_object( $object , $vhffs );
+
+	my $subtemplate = new HTML::Template::Expr( filename => $templatedir.'/panel/acl/view_each.tmpl', global_vars => 1 );
         $subtemplate->param( VALUE_ACL_DENIED => Vhffs::Constants::ACL_DENIED );
         $subtemplate->param( VALUE_ACL_VIEW => Vhffs::Constants::ACL_VIEW );
         $subtemplate->param( VALUE_ACL_MODIFY => Vhffs::Constants::ACL_MODIFY );
@@ -166,18 +155,19 @@
         $subtemplate->param( TEXT_ACL_DELETE => gettext('Can destroy this service') );
         $subtemplate->param( TEXT_MODIFY => gettext('Modify') );
 
-		$subtemplate->param( TARGET_OID => $object->get_oid );
+	$subtemplate->param( TARGET_OID => $object->get_oid );
     
-        # fill in users' ACL
-        $subtemplate->param( TEXT_TYPE => gettext('Username') );
-        $subtemplate->param( rights => $user_rights );
-		$template->param( USERS_TABLE => $subtemplate->output );
+	# fill in users' ACL
+	$subtemplate->param( TEXT_TYPE => gettext('Username') );
+	$subtemplate->param( rights => $user_rights );
+	$template->param( USERS_TABLE => $subtemplate->output );
 
         # fill in groups' ACL
         $subtemplate->param( TEXT_TYPE => gettext('Groupname') );
         $subtemplate->param( rights => $group_rights );
-		$template->param( GROUPS_TABLE => $subtemplate->output );	
-	}
+	$template->param( GROUPS_TABLE => $subtemplate->output );	
+
+    }
 }
 
 $panel->build( $template );

Modified: trunk/vhffs-panel/templates/acl/view.tmpl
===================================================================
--- trunk/vhffs-panel/templates/acl/view.tmpl	2007-10-01 19:36:47 UTC (rev 955)
+++ trunk/vhffs-panel/templates/acl/view.tmpl	2007-10-02 22:26:38 UTC (rev 956)
@@ -1,9 +1,9 @@
-<h2>ACL for Users</h2>
+<h2><TMPL_VAR NAME="TEXT_ACL_USER"></h2>
 
 <TMPL_VAR NAME="USERS_TABLE">
 
 <tmpl_if name="MANAGE_ACL">
-<h3>Add an ACL for a User</h3>
+<h3><TMPL_VAR NAME="TEXT_ACL_USER_ADD"></h3>
 
 <form method="post" action="/acl/view.pl">
 
@@ -32,37 +32,6 @@
 </form>
 </tmpl_if>
 
-<h2>ACL for Groups</h2>
+<h2><TMPL_VAR NAME="TEXT_ACL_DEFAULT"></h2>
 
 <TMPL_VAR NAME="GROUPS_TABLE">
-
-<tmpl_if name="MANAGE_ACL">
-<h3>Add an ACL for a Group</h3>
-
-
-<form method="post" action="/acl/view.pl">
-
-	<p>
-		<label for="acl_groupname">
-			<TMPL_VAR NAME="TEXT_GROUPNAME">
-		</label>
-		<input type="text" name="groupname"  id="acl_groupname"/>
-	</p>
-	<p>
-		<label for="acl_group_perm">
-			<TMPL_VAR NAME="TEXT_ACL_LEVEL">
-		</label>
-		<select name="perm" id="acl_group_perm">
-			<option value="<TMPL_VAR NAME="VALUE_ACL_DENIED">" <TMPL_VAR NAME="DENIED_SELECTED">><TMPL_VAR NAME="TEXT_ACL_DENIED"></option>
-			<option value="<TMPL_VAR NAME="VALUE_ACL_VIEW">" <TMPL_VAR NAME="VIEW_SELECTED">><TMPL_VAR NAME="TEXT_ACL_VIEW"></option>
-			<option value="<TMPL_VAR NAME="VALUE_ACL_MODIFY">" <TMPL_VAR NAME="MODIFY_SELECTED">><TMPL_VAR NAME="TEXT_ACL_MODIFY"></option>
-			<option value="<TMPL_VAR NAME="VALUE_ACL_MANAGEACL">" <TMPL_VAR NAME="MANAGEACL_SELECTED">><TMPL_VAR NAME="TEXT_ACL_MANAGEACL"></option>
-			<option value="<TMPL_VAR NAME="VALUE_ACL_DELETE">" <TMPL_VAR NAME="DELETE_SELECTED">><TMPL_VAR NAME="TEXT_ACL_DELETE"></option>
-		</select>
-	</p>
-	<p class="button">
-		<input type="hidden" name="target_oid" value="<TMPL_VAR NAME="OID">" />
-		<input type="submit" value="<TMPL_VAR NAME="SEND">" name="add_acl_group_submit" />
-	</p>
-</form>
-</tmpl_if>


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/