tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

mlanthaler: Refactored Permission::checkMember(). Should be faster now because the non-strict checking is now only executed if the user doesn't has the permission.

Browse Source 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42073 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2007-09-16 14:40:43 +00:00
parent b888de3ced
commit 035a6d437d
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
security/Permission.php
View File

@ -58,7 +58,7 @@ class Permission extends DataObject {
* @param bool $strict Use "strict" checking (which means a permission * @param bool $strict Use "strict" checking (which means a permission
* will be granted if the key does not exist at all)? * will be granted if the key does not exist at all)?
* @return int|bool The ID of the permission record if the permission * @return int|bool The ID of the permission record if the permission
* exists; null otherwise. If "strict" checking is * exists; FALSE otherwise. If "strict" checking is
* disabled, TRUE will be returned if the permission does * disabled, TRUE will be returned if the permission does
* not exist at all. * not exist at all.
*/ */
@ -85,7 +85,7 @@ class Permission extends DataObject {
* @param bool $strict Use "strict" checking (which means a permission * @param bool $strict Use "strict" checking (which means a permission
* will be granted if the key does not exist at all)? * will be granted if the key does not exist at all)?
* @return int|bool The ID of the permission record if the permission * @return int|bool The ID of the permission record if the permission
* exists; null otherwise. If "strict" checking is * exists; FALSE otherwise. If "strict" checking is
* disabled, TRUE will be returned if the permission does * disabled, TRUE will be returned if the permission does
* not exist at all. * not exist at all.
*/ */
@ -128,24 +128,28 @@ class Permission extends DataObject {
? ",'ADMIN'" ? ",'ADMIN'"
: ''; : '';
if(!self::$strict_checking || !$strict) {
$hasPermission = DB::query("
SELECT COUNT(*)
FROM Permission
WHERE Code IN ('$SQL_codeList')
")->value();
if(!$hasPermission) return true;
}
// Raw SQL for efficiency // Raw SQL for efficiency
return DB::query(" $permission = DB::query("
SELECT ID SELECT ID
FROM Permission FROM Permission
WHERE (Code IN ($SQL_codeList $adminFilter) WHERE (Code IN ($SQL_codeList $adminFilter)
AND GroupID IN ($groupCSV) AND GroupID IN ($groupCSV)
$argClause $argClause
")->value(); ")->value();
return DB::query("SELECT ID FROM Permission WHERE Code IN ($SQL_codeList, 'ADMIN') AND GroupID IN ($groupCSV) $argClause")->value();
if($permission)
return $permission;
// Strict checking disabled?
if(!self::$strict_checking || !$strict) {
if(!DB::query("SELECT COUNT(*) FROM Permission " .
"WHERE (Code IN '$code')'")->value()) {
return true;
}
}
return false;
} }
} }