equal
deleted
inserted
replaced
2933 |
2933 |
2934 return $object; |
2934 return $object; |
2935 } |
2935 } |
2936 |
2936 |
2937 /** |
2937 /** |
|
2938 * Checks if the given ACL rule type applies to a namespace. |
|
2939 * @param string ACL rule type |
|
2940 * @param string Namespace |
|
2941 * @return bool |
|
2942 */ |
|
2943 |
|
2944 function check_acl_scope($acl_rule, $namespace) |
|
2945 { |
|
2946 if ( !isset($this->acl_scope[$acl_rule]) ) |
|
2947 return false; |
|
2948 if ( $this->acl_scope[$acl_rule] === array('All') ) |
|
2949 return true; |
|
2950 return ( in_array($namespace, $this->acl_scope[$acl_rule]) ) ? true : false; |
|
2951 } |
|
2952 |
|
2953 /** |
2938 * Read all of our permissions from the database and process/apply them. This should be called after the page is determined. |
2954 * Read all of our permissions from the database and process/apply them. This should be called after the page is determined. |
2939 * @access private |
2955 * @access private |
2940 */ |
2956 */ |
2941 |
2957 |
2942 function init_permissions() |
2958 function init_permissions() |
3036 { |
3052 { |
3037 unset($nslist[$i]); |
3053 unset($nslist[$i]); |
3038 } |
3054 } |
3039 else |
3055 else |
3040 { |
3056 { |
3041 $this->acl_scope[$perm_type][] = $ns; |
3057 if ( $this->acl_scope[$perm_type] !== array('All') ) |
|
3058 $this->acl_scope[$perm_type][] = $ns; |
3042 if ( isset($this->acl_types[$perm_type]) && !isset($this->perms[$perm_type]) ) |
3059 if ( isset($this->acl_types[$perm_type]) && !isset($this->perms[$perm_type]) ) |
3043 { |
3060 { |
3044 $this->perms[$perm_type] = $this->acl_types[$perm_type]; |
3061 $this->perms[$perm_type] = $this->acl_types[$perm_type]; |
3045 } |
3062 } |
3046 } |
3063 } |
3893 if ( isset($base['__resolve_table']) ) |
3910 if ( isset($base['__resolve_table']) ) |
3894 { |
3911 { |
3895 unset($base['__resolve_table']); |
3912 unset($base['__resolve_table']); |
3896 } |
3913 } |
3897 |
3914 |
|
3915 foreach ( $acl_types as $perm_type => $_ ) |
|
3916 { |
|
3917 if ( !$session->check_acl_scope($perm_type, $namespace) ) |
|
3918 { |
|
3919 unset($acl_types[$perm_type]); |
|
3920 unset($acl_deps[$perm_type]); |
|
3921 unset($acl_descs[$perm_type]); |
|
3922 unset($base[$perm_type]); |
|
3923 } |
|
3924 } |
|
3925 |
3898 $this->acl_deps = $acl_deps; |
3926 $this->acl_deps = $acl_deps; |
3899 $this->acl_types = $acl_types; |
3927 $this->acl_types = $acl_types; |
3900 $this->acl_descs = $acl_descs; |
3928 $this->acl_descs = $acl_descs; |
3901 |
3929 |
3902 $this->perms = $acl_types; |
3930 $this->perms = $acl_types; |
3987 $group_name = $row['group_name']; |
4015 $group_name = $row['group_name']; |
3988 } |
4016 } |
3989 foreach ( $rules as $perm_type => $perm_value ) |
4017 foreach ( $rules as $perm_type => $perm_value ) |
3990 { |
4018 { |
3991 if ( $this->perms[$perm_type] == AUTH_DENY ) |
4019 if ( $this->perms[$perm_type] == AUTH_DENY ) |
|
4020 continue; |
|
4021 |
|
4022 if ( !$session->check_acl_scope($perm_type, $this->namespace) ) |
3992 continue; |
4023 continue; |
3993 |
4024 |
3994 $this->perm_resolve_table[$perm_type] = array( |
4025 $this->perm_resolve_table[$perm_type] = array( |
3995 'src' => $src, |
4026 'src' => $src, |
3996 'rule_id' => $row['rule_id'] |
4027 'rule_id' => $row['rule_id'] |
4091 $ret = false; |
4122 $ret = false; |
4092 } |
4123 } |
4093 else |
4124 else |
4094 { |
4125 { |
4095 // ACL type is undefined |
4126 // ACL type is undefined |
4096 trigger_error('Unknown access type "' . $type . '"', E_USER_WARNING); |
4127 $caller = 'unknown'; |
|
4128 if ( function_exists('debug_backtrace') ) |
|
4129 { |
|
4130 if ( $bt = @debug_backtrace() ) |
|
4131 { |
|
4132 foreach ( $bt as $trace ) |
|
4133 { |
|
4134 $file = basename($trace['file']); |
|
4135 if ( $file != 'sessions.php' ) |
|
4136 { |
|
4137 $caller = $file . ':' . $trace['line']; |
|
4138 break; |
|
4139 } |
|
4140 } |
|
4141 } |
|
4142 } |
|
4143 trigger_error('Unknown access type "' . $type . '", called from ' . $caller . '', E_USER_WARNING); |
4097 return false; // Be on the safe side and deny access |
4144 return false; // Be on the safe side and deny access |
4098 } |
4145 } |
4099 if ( !$no_deps ) |
4146 if ( !$no_deps ) |
4100 { |
4147 { |
4101 if ( !$this->acl_check_deps($type) ) |
4148 if ( !$this->acl_check_deps($type) ) |