tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT Allowing usage of global settings via asterisk (*) in RequestHandler->$allowed_actions

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@74009 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-04-02 16:34:27 +00:00
parent e482ada014
commit e0ec30dcc8
2 changed files with 48 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
core/control/RequestHandler.php
View File

@ -166,24 +166,31 @@ class RequestHandler extends ViewableData {
if($action == 'index') return true;
if($allowedActions) {
// convert all keys and values to lowercase for easier comparison (only if not set as boolean)
foreach($allowedActions as $key => $value) {
$newAllowedActions[strtolower($key)] = strtolower($value);
$newAllowedActions[strtolower($key)] = (is_bool($value)) ? $value : strtolower($value);
}
$allowedActions = $newAllowedActions;
if(isset($allowedActions[$action])) {
$test = $allowedActions[$action];
if($test === true) {
return true;
} elseif(substr($test, 0, 2) == '->') {
return $this->{substr($test, 2)}();
} elseif(Permission::check($test)) {
// check for specific action rules first, and fall back to global rules defined by asterisk
foreach(array($action,'*') as $actionOrAll) {
// check if specific action is set
if(isset($allowedActions[$actionOrAll])) {
$test = $allowedActions[$actionOrAll];
if($test === true) {
// Case 1: TRUE should always allow access
return true;
} elseif(substr($test, 0, 2) == '->') {
// Case 2: Determined by custom method with "->" prefix
return $this->{substr($test, 2)}();
} elseif(Permission::check($test)) {
// Case 3: Value is a permission code to check the current member against
return true;
}
} elseif((($key = array_search($actionOrAll, $allowedActions)) !== false) && is_numeric($key)) {
// Case 4: Allow numeric array notation (search for array value as action instead of key)
return true;
}
} elseif((($key = array_search($action, $allowedActions)) !== false) && is_numeric($key)) {
return true;
}
}

31
tests/ControllerTest.php
View File

@ -36,9 +36,20 @@ class ControllerTest extends SapphireTest {
$response = Director::test("ControllerTest_SecuredController/adminonly");
$this->assertEquals(403, $response->getStatusCode());
// test that a controller without a specified allowed_actions allows actions through
$response = Director::test('ControllerTest_UnsecuredController/stringaction');
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals(200, $response->getStatusCode(),
"test that a controller without a specified allowed_actions allows actions through"
);
$response = Director::test("ControllerTest_FullSecuredController/adminonly");
$this->assertEquals(403, $response->getStatusCode(),
"Actions can be globally disallowed by using asterisk (*) instead of a method name"
);
$response = Director::test("ControllerTest_FullSecuredController/unsecuredaction");
$this->assertEquals(200, $response->getStatusCode(),
"Actions can be overridden to be allowed if globally disallowed by using asterisk (*)"
);
}
/**
@ -111,4 +122,20 @@ class ControllerTest_SecuredController extends Controller {
}
}
class ControllerTest_FullSecuredController extends Controller {
static $allowed_actions = array(
"*" => "ADMIN",
'unsecuredaction' => true,
);
function adminonly() {
return "You must be an admin!";
}
function unsecuredaction() {
return "Allowed for everybody";
}
}
class ControllerTest_UnsecuredController extends ControllerTest_SecuredController {}