tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merged revisions 52647 via svnmerge from

Browse Source 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52647 | sminnee | 2008-04-13 21:48:51 +1200 (Sun, 13 Apr 2008) | 1 line
  
  Added Group.IPRestrictions field, for limiting security group access by IP range
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53486 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2008-04-26 06:35:03 +00:00
parent 90b2401276
commit 7409776a26
3 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
security/Group.php
View File

@ -22,6 +22,7 @@ class Group extends DataObject {
"CanCMSAdmin" => "Boolean",
"Locked" => "Boolean",
"Sort" => "Int",
"IPRestrictions" => "Text",
);
static $has_one = array(
"Parent" => "SiteTree",
@ -273,6 +274,26 @@ class Group extends DataObject {
return $filteredChildren;
}
/**
* Returns true if the given IP address is granted access to this group.
* For unrestricted groups, this always returns true.
*/
function allowedIPAddress($ip) {
if(!$this->IPRestrictions) return true;
$ipPatterns = explode("\n", $this->IPRestrictions);
foreach($ipPatterns as $ipPattern) {
$ipPattern = trim($ipPattern);
if(preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/', $ipPattern, $matches)) {
if($ip == $ipPattern) return true;
} else if(preg_match('/^([0-9]+\.[0-9]+\.[0-9]+)\/24$/', $ipPattern, $matches)
|| preg_match('/^([0-9]+\.[0-9]+)\/16$/', $ipPattern, $matches)
|| preg_match('/^([0-9]+)\/8$/', $ipPattern, $matches)) {
if(substr($ip, 0, strlen($matches[1])) == $matches[1]) return true;
}
}
return false;
}
}
/**

8
security/Member.php
View File

@ -720,7 +720,13 @@ class Member extends DataObject {
if(count($collatedGroups) > 0) {
$collatedGroups = implode(", ", array_unique($collatedGroups));
$result = singleton('Group')->instance_get("`ID` IN ($collatedGroups)", "ID", "", "", "Member_GroupSet");
$unfilteredGroups = singleton('Group')->instance_get("`ID` IN ($collatedGroups)", "ID", "", "", "Member_GroupSet");
$result = new ComponentSet();
// Only include groups where allowedIPAddress() returns true
foreach($unfilteredGroups as $group) {
if($group->allowedIPAddress($_SERVER['REMOTE_ADDR'])) $result->push($group);
}
} else {
$result = new Member_GroupSet();
}