diff --git a/core/lib/Thelia/Controller/Admin/AbstractCrudController.php b/core/lib/Thelia/Controller/Admin/AbstractCrudController.php index 689ac9b1b..11ed4fc50 100644 --- a/core/lib/Thelia/Controller/Admin/AbstractCrudController.php +++ b/core/lib/Thelia/Controller/Admin/AbstractCrudController.php @@ -267,7 +267,7 @@ abstract class AbstractCrudController extends BaseAdminController */ public function defaultAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::VIEW)) return $response; return $this->renderList(); } @@ -279,7 +279,7 @@ abstract class AbstractCrudController extends BaseAdminController public function createAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::CREATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::CREATE)) return $response; $error_msg = false; @@ -340,7 +340,7 @@ abstract class AbstractCrudController extends BaseAdminController public function updateAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; // Load the object $object = $this->getExistingObject(); @@ -366,7 +366,7 @@ abstract class AbstractCrudController extends BaseAdminController public function processUpdateAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $error_msg = false; @@ -431,7 +431,7 @@ abstract class AbstractCrudController extends BaseAdminController public function updatePositionAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; try { $mode = $this->getRequest()->get('mode', null); @@ -465,7 +465,7 @@ abstract class AbstractCrudController extends BaseAdminController protected function genericUpdatePositionAction($object, $eventName, $doFinalRedirect = true) { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; if ($object != null) { @@ -499,7 +499,7 @@ abstract class AbstractCrudController extends BaseAdminController public function setToggleVisibilityAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $changeEvent = $this->createToggleVisibilityEvent($this->getRequest()); @@ -521,7 +521,7 @@ abstract class AbstractCrudController extends BaseAdminController public function deleteAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::DELETE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::DELETE)) return $response; // Get the currency id, and dispatch the delet request $deleteEvent = $this->getDeleteEvent(); diff --git a/core/lib/Thelia/Controller/Admin/AddressController.php b/core/lib/Thelia/Controller/Admin/AddressController.php index 26f97c9b3..b4583018b 100644 --- a/core/lib/Thelia/Controller/Admin/AddressController.php +++ b/core/lib/Thelia/Controller/Admin/AddressController.php @@ -59,7 +59,7 @@ class AddressController extends AbstractCrudController public function useAddressAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $address_id = $this->getRequest()->request->get('address_id'); diff --git a/core/lib/Thelia/Controller/Admin/AdminLogsController.php b/core/lib/Thelia/Controller/Admin/AdminLogsController.php index 1c7b6542f..5f3fadb0f 100644 --- a/core/lib/Thelia/Controller/Admin/AdminLogsController.php +++ b/core/lib/Thelia/Controller/Admin/AdminLogsController.php @@ -32,7 +32,7 @@ class AdminLogsController extends BaseAdminController public function defaultAction() { - if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::VIEW)) return $response; // Render the edition template. return $this->render('admin-logs'); diff --git a/core/lib/Thelia/Controller/Admin/AreaController.php b/core/lib/Thelia/Controller/Admin/AreaController.php index 79c549201..2464ad0cb 100644 --- a/core/lib/Thelia/Controller/Admin/AreaController.php +++ b/core/lib/Thelia/Controller/Admin/AreaController.php @@ -231,7 +231,7 @@ class AreaController extends AbstractCrudController public function addCountry() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $areaCountryForm = new AreaCountryForm($this->getRequest()); $error_msg = null; @@ -273,7 +273,7 @@ class AreaController extends AbstractCrudController public function removeCountry() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $request = $this->getRequest(); $removeCountryEvent = new AreaRemoveCountryEvent($request->request->get('areai_id', 0), $request->request->get('country_id', 0)); @@ -284,7 +284,7 @@ class AreaController extends AbstractCrudController public function updatePostageAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $areaUpdateForm = new AreaPostageForm($this->getRequest()); $error_msg = null; diff --git a/core/lib/Thelia/Controller/Admin/AttributeController.php b/core/lib/Thelia/Controller/Admin/AttributeController.php index 9644d6651..ce1ca3072 100644 --- a/core/lib/Thelia/Controller/Admin/AttributeController.php +++ b/core/lib/Thelia/Controller/Admin/AttributeController.php @@ -235,7 +235,7 @@ class AttributeController extends AbstractCrudController protected function addRemoveFromAllTemplates($eventType) { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; try { if (null !== $object = $this->getExistingObject()) { diff --git a/core/lib/Thelia/Controller/Admin/BaseAdminController.php b/core/lib/Thelia/Controller/Admin/BaseAdminController.php index a36318232..5d10c65b6 100755 --- a/core/lib/Thelia/Controller/Admin/BaseAdminController.php +++ b/core/lib/Thelia/Controller/Admin/BaseAdminController.php @@ -118,17 +118,18 @@ class BaseAdminController extends BaseController * Check current admin user authorisations. An ADMIN role is assumed. * * @param mixed $resources a single resource or an array of resources. + * @param mixed $modules a single module or an array of modules. * @param mixed $accesses a single access or an array of accesses. * * @return mixed null if authorization is granted, or a Response object which contains the error page otherwise - * */ - protected function checkAuth($resources, $accesses) + protected function checkAuth($resources, $modules, $accesses) { $resources = is_array($resources) ? $resources : array($resources); + $modules = is_array($modules) ? $modules : array($modules); $accesses = is_array($accesses) ? $accesses : array($accesses); - if ($this->getSecurityContext()->isGranted(array("ADMIN"), $resources, $accesses)) { + if ($this->getSecurityContext()->isGranted(array("ADMIN"), $resources, $modules, $accesses)) { // Okay ! return null; } diff --git a/core/lib/Thelia/Controller/Admin/CategoryController.php b/core/lib/Thelia/Controller/Admin/CategoryController.php index 018aa3586..3a8428766 100755 --- a/core/lib/Thelia/Controller/Admin/CategoryController.php +++ b/core/lib/Thelia/Controller/Admin/CategoryController.php @@ -215,7 +215,7 @@ class CategoryController extends AbstractCrudController public function setToggleVisibilityAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $event = new CategoryToggleVisibilityEvent($this->getExistingObject()); @@ -295,7 +295,7 @@ class CategoryController extends AbstractCrudController public function addRelatedContentAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $content_id = intval($this->getRequest()->get('content_id')); @@ -325,7 +325,7 @@ class CategoryController extends AbstractCrudController public function addRelatedPictureAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) { + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) { return $response; } @@ -353,7 +353,7 @@ class CategoryController extends AbstractCrudController public function deleteRelatedContentAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $content_id = intval($this->getRequest()->get('content_id')); diff --git a/core/lib/Thelia/Controller/Admin/ConfigController.php b/core/lib/Thelia/Controller/Admin/ConfigController.php index 67aec848a..fe18720b6 100644 --- a/core/lib/Thelia/Controller/Admin/ConfigController.php +++ b/core/lib/Thelia/Controller/Admin/ConfigController.php @@ -186,7 +186,7 @@ class ConfigController extends AbstractCrudController public function changeValuesAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $variables = $this->getRequest()->get('variable', array()); diff --git a/core/lib/Thelia/Controller/Admin/ContentController.php b/core/lib/Thelia/Controller/Admin/ContentController.php index 0b850734c..82d9ec8bd 100644 --- a/core/lib/Thelia/Controller/Admin/ContentController.php +++ b/core/lib/Thelia/Controller/Admin/ContentController.php @@ -69,7 +69,7 @@ class ContentController extends AbstractCrudController public function addAdditionalFolderAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $folder_id = intval($this->getRequest()->request->get('additional_folder_id')); @@ -97,7 +97,7 @@ class ContentController extends AbstractCrudController public function removeAdditionalFolderAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $folder_id = intval($this->getRequest()->request->get('additional_folder_id')); diff --git a/core/lib/Thelia/Controller/Admin/CountryController.php b/core/lib/Thelia/Controller/Admin/CountryController.php index 0ef2f1006..d950cc487 100644 --- a/core/lib/Thelia/Controller/Admin/CountryController.php +++ b/core/lib/Thelia/Controller/Admin/CountryController.php @@ -235,7 +235,7 @@ class CountryController extends AbstractCrudController public function toggleDefaultAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $content = null; if (null !== $country_id = $this->getRequest()->get('country_id')) { $toogleDefaultEvent = new CountryToggleDefaultEvent($country_id); diff --git a/core/lib/Thelia/Controller/Admin/CouponController.php b/core/lib/Thelia/Controller/Admin/CouponController.php index 0169a16b9..167a13d55 100755 --- a/core/lib/Thelia/Controller/Admin/CouponController.php +++ b/core/lib/Thelia/Controller/Admin/CouponController.php @@ -62,7 +62,7 @@ class CouponController extends BaseAdminController */ public function browseAction() { - $this->checkAuth(AdminResources::COUPON, AccessManager::VIEW); + $this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW); $args['urlReadCoupon'] = $this->getRoute( 'admin.coupon.read', @@ -94,7 +94,7 @@ class CouponController extends BaseAdminController */ public function readAction($couponId) { - $this->checkAuth(AdminResources::COUPON, AccessManager::VIEW); + $this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW); // Database request repeated in the loop but cached $search = CouponQuery::create(); @@ -122,7 +122,7 @@ class CouponController extends BaseAdminController public function createAction() { // Check current user authorization - $response = $this->checkAuth(AdminResources::COUPON, AccessManager::CREATE); + $response = $this->checkAuth(AdminResources::COUPON, array(), AccessManager::CREATE); if ($response !== null) { return $response; } @@ -170,7 +170,7 @@ class CouponController extends BaseAdminController public function updateAction($couponId) { // Check current user authorization - $response = $this->checkAuth(AdminResources::COUPON, AccessManager::UPDATE); + $response = $this->checkAuth(AdminResources::COUPON, array(), AccessManager::UPDATE); if ($response !== null) { return $response; } @@ -274,7 +274,7 @@ class CouponController extends BaseAdminController */ public function getConditionInputAction($conditionId) { - $this->checkAuth(AdminResources::COUPON, AccessManager::VIEW); + $this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW); $this->checkXmlHttpRequest(); @@ -304,7 +304,7 @@ class CouponController extends BaseAdminController */ public function updateConditionsAction($couponId) { - $this->checkAuth(AdminResources::COUPON, AccessManager::VIEW); + $this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW); $this->checkXmlHttpRequest(); diff --git a/core/lib/Thelia/Controller/Admin/CurrencyController.php b/core/lib/Thelia/Controller/Admin/CurrencyController.php index 504877157..be780a13b 100644 --- a/core/lib/Thelia/Controller/Admin/CurrencyController.php +++ b/core/lib/Thelia/Controller/Admin/CurrencyController.php @@ -185,7 +185,7 @@ class CurrencyController extends AbstractCrudController public function updateRatesAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; try { $this->dispatch(TheliaEvents::CURRENCY_UPDATE_RATES); @@ -203,7 +203,7 @@ class CurrencyController extends AbstractCrudController public function setDefaultAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $changeEvent = new CurrencyUpdateEvent($this->getRequest()->get('currency_id', 0)); diff --git a/core/lib/Thelia/Controller/Admin/CustomerController.php b/core/lib/Thelia/Controller/Admin/CustomerController.php index 9719748fc..b4f434e3c 100644 --- a/core/lib/Thelia/Controller/Admin/CustomerController.php +++ b/core/lib/Thelia/Controller/Admin/CustomerController.php @@ -45,13 +45,13 @@ class CustomerController extends BaseAdminController { public function indexAction() { - if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, array(), AccessManager::VIEW)) return $response; return $this->render("customers", array("display_customer" => 20)); } public function viewAction($customer_id) { - if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, array(), AccessManager::VIEW)) return $response; return $this->render("customer-edit", array( "customer_id" => $customer_id )); @@ -65,7 +65,7 @@ class CustomerController extends BaseAdminController */ public function updateAction($customer_id) { - if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, array(), AccessManager::UPDATE)) return $response; $message = false; @@ -121,7 +121,7 @@ class CustomerController extends BaseAdminController public function createAction() { - if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::CREATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, array(), AccessManager::CREATE)) return $response; $message = null; @@ -171,7 +171,7 @@ class CustomerController extends BaseAdminController public function deleteAction() { - if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::DELETE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, array(), AccessManager::DELETE)) return $response; $message = null; diff --git a/core/lib/Thelia/Controller/Admin/FeatureController.php b/core/lib/Thelia/Controller/Admin/FeatureController.php index 1be5dfeec..8ff3a972e 100644 --- a/core/lib/Thelia/Controller/Admin/FeatureController.php +++ b/core/lib/Thelia/Controller/Admin/FeatureController.php @@ -235,7 +235,7 @@ class FeatureController extends AbstractCrudController protected function addRemoveFromAllTemplates($eventType) { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; try { if (null !== $object = $this->getExistingObject()) { diff --git a/core/lib/Thelia/Controller/Admin/FileController.php b/core/lib/Thelia/Controller/Admin/FileController.php index 5c712898a..f4d2c3f73 100755 --- a/core/lib/Thelia/Controller/Admin/FileController.php +++ b/core/lib/Thelia/Controller/Admin/FileController.php @@ -71,7 +71,7 @@ class FileController extends BaseAdminController */ public function saveImageAjaxAction($parentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); if ($this->isParentTypeValid($parentType)) { @@ -161,7 +161,7 @@ class FileController extends BaseAdminController */ public function saveDocumentAjaxAction($parentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); if ($this->isParentTypeValid($parentType)) { @@ -239,7 +239,7 @@ class FileController extends BaseAdminController */ public function getImageListAjaxAction($parentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); $args = array('imageType' => $parentType, 'parentId' => $parentId); @@ -256,7 +256,7 @@ class FileController extends BaseAdminController */ public function getDocumentListAjaxAction($parentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); $args = array('documentType' => $parentType, 'parentId' => $parentId); @@ -273,7 +273,7 @@ class FileController extends BaseAdminController */ public function getImageFormAjaxAction($parentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); $args = array('imageType' => $parentType, 'parentId' => $parentId); @@ -290,7 +290,7 @@ class FileController extends BaseAdminController */ public function getDocumentFormAjaxAction($parentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); $args = array('documentType' => $parentType, 'parentId' => $parentId); @@ -307,7 +307,7 @@ class FileController extends BaseAdminController */ public function viewImageAction($imageId, $parentType) { - if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) { + if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) { return $response; } try { @@ -336,7 +336,7 @@ class FileController extends BaseAdminController */ public function viewDocumentAction($documentId, $parentType) { - if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) { + if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) { return $response; } try { @@ -365,7 +365,7 @@ class FileController extends BaseAdminController */ public function updateImageAction($imageId, $parentType) { - if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) { + if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) { return $response; } @@ -442,7 +442,7 @@ class FileController extends BaseAdminController */ public function updateDocumentAction($documentId, $parentType) { - if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) { + if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) { return $response; } @@ -519,7 +519,7 @@ class FileController extends BaseAdminController */ public function deleteImageAction($imageId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); $fileManager = new FileManager($this->container); @@ -591,7 +591,7 @@ class FileController extends BaseAdminController */ public function deleteDocumentAction($documentId, $parentType) { - $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE); + $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE); $this->checkXmlHttpRequest(); $fileManager = new FileManager($this->container); diff --git a/core/lib/Thelia/Controller/Admin/HomeController.php b/core/lib/Thelia/Controller/Admin/HomeController.php index 8679b28e6..e8711f97d 100644 --- a/core/lib/Thelia/Controller/Admin/HomeController.php +++ b/core/lib/Thelia/Controller/Admin/HomeController.php @@ -33,7 +33,7 @@ class HomeController extends BaseAdminController public function defaultAction() { - if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::VIEW)) return $response; // Render the edition template. return $this->render('home'); diff --git a/core/lib/Thelia/Controller/Admin/LangController.php b/core/lib/Thelia/Controller/Admin/LangController.php index ccf980c81..e7862badc 100644 --- a/core/lib/Thelia/Controller/Admin/LangController.php +++ b/core/lib/Thelia/Controller/Admin/LangController.php @@ -51,7 +51,7 @@ class LangController extends BaseAdminController public function defaultAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::VIEW)) return $response; return $this->renderDefault(); } @@ -72,7 +72,7 @@ class LangController extends BaseAdminController public function updateAction($lang_id) { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $this->checkXmlHttpRequest(); @@ -96,7 +96,7 @@ class LangController extends BaseAdminController public function processUpdateAction($lang_id) { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $error_msg = false; @@ -138,7 +138,7 @@ class LangController extends BaseAdminController public function toggleDefaultAction($lang_id) { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $this->checkXmlHttpRequest(); $error = false; @@ -169,7 +169,7 @@ class LangController extends BaseAdminController public function addAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::CREATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::CREATE)) return $response; $createForm = new LangCreateForm($this->getRequest()); @@ -211,7 +211,7 @@ class LangController extends BaseAdminController public function deleteAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::DELETE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::DELETE)) return $response; $error_msg = false; @@ -235,7 +235,7 @@ class LangController extends BaseAdminController public function defaultBehaviorAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $error_msg = false; @@ -267,7 +267,7 @@ class LangController extends BaseAdminController public function domainAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $error_msg = false; $langUrlForm = new LangUrlForm($this->getRequest()); @@ -314,7 +314,7 @@ class LangController extends BaseAdminController private function domainActivation($activate) { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $error_msg = false; diff --git a/core/lib/Thelia/Controller/Admin/LanguageController.php b/core/lib/Thelia/Controller/Admin/LanguageController.php index 7559cb5cc..b91124277 100644 --- a/core/lib/Thelia/Controller/Admin/LanguageController.php +++ b/core/lib/Thelia/Controller/Admin/LanguageController.php @@ -35,7 +35,7 @@ class LanguageController extends BaseAdminController { public function defaultAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::VIEW)) return $response; return $this->render("languages"); } diff --git a/core/lib/Thelia/Controller/Admin/MailingSystemController.php b/core/lib/Thelia/Controller/Admin/MailingSystemController.php index cfe6f06dd..1fe79c353 100644 --- a/core/lib/Thelia/Controller/Admin/MailingSystemController.php +++ b/core/lib/Thelia/Controller/Admin/MailingSystemController.php @@ -36,7 +36,7 @@ class MailingSystemController extends BaseAdminController public function defaultAction() { - if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::VIEW)) return $response; // Hydrate the form abd pass it to the parser $data = array( @@ -64,7 +64,7 @@ class MailingSystemController extends BaseAdminController public function updateAction() { // Check current user authorization - if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::UPDATE)) return $response; $error_msg = false; diff --git a/core/lib/Thelia/Controller/Admin/ModuleController.php b/core/lib/Thelia/Controller/Admin/ModuleController.php index 24f297cbf..c9cd97359 100644 --- a/core/lib/Thelia/Controller/Admin/ModuleController.php +++ b/core/lib/Thelia/Controller/Admin/ModuleController.php @@ -180,7 +180,7 @@ class ModuleController extends AbstractCrudController public function indexAction() { - if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::MODULE, array(), AccessManager::VIEW)) return $response; $moduleManagement = new ModuleManagement(); $moduleManagement->updateModules(); @@ -190,7 +190,7 @@ class ModuleController extends AbstractCrudController public function toggleActivationAction($module_id) { - if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::MODULE, array(), AccessManager::UPDATE)) return $response; $message = null; try { $event = new ModuleToggleActivationEvent($module_id); @@ -222,7 +222,7 @@ class ModuleController extends AbstractCrudController public function deleteAction() { - if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::DELETE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::MODULE, array(), AccessManager::DELETE)) return $response; $message = null; try { diff --git a/core/lib/Thelia/Controller/Admin/OrderController.php b/core/lib/Thelia/Controller/Admin/OrderController.php index 54dcc3059..0a293278e 100644 --- a/core/lib/Thelia/Controller/Admin/OrderController.php +++ b/core/lib/Thelia/Controller/Admin/OrderController.php @@ -47,7 +47,7 @@ class OrderController extends BaseAdminController { public function indexAction() { - if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::VIEW)) return $response; return $this->render("orders", array("display_order" => 20)); } @@ -60,7 +60,7 @@ class OrderController extends BaseAdminController public function updateStatus($order_id = null) { - if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response; $message = null; @@ -111,7 +111,7 @@ class OrderController extends BaseAdminController public function updateDeliveryRef($order_id) { - if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response; $message = null; @@ -146,7 +146,7 @@ class OrderController extends BaseAdminController public function updateAddress($order_id) { - if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response; $message = null; @@ -212,7 +212,7 @@ class OrderController extends BaseAdminController protected function generatePdf($order_id, $fileName) { - if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response; $html = $this->renderRaw( $fileName, diff --git a/core/lib/Thelia/Controller/Admin/ProductController.php b/core/lib/Thelia/Controller/Admin/ProductController.php index a711ada52..9aa2d279e 100644 --- a/core/lib/Thelia/Controller/Admin/ProductController.php +++ b/core/lib/Thelia/Controller/Admin/ProductController.php @@ -407,7 +407,7 @@ class ProductController extends AbstractCrudController public function setToggleVisibilityAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $event = new ProductToggleVisibilityEvent($this->getExistingObject()); @@ -483,7 +483,7 @@ class ProductController extends AbstractCrudController { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $content_id = intval($this->getRequest()->get('content_id')); @@ -509,7 +509,7 @@ class ProductController extends AbstractCrudController { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $content_id = intval($this->getRequest()->get('content_id')); @@ -561,7 +561,7 @@ class ProductController extends AbstractCrudController public function addAccessoryAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $accessory_id = intval($this->getRequest()->get('accessory_id')); @@ -586,7 +586,7 @@ class ProductController extends AbstractCrudController public function deleteAccessoryAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $accessory_id = intval($this->getRequest()->get('accessory_id')); @@ -642,7 +642,7 @@ class ProductController extends AbstractCrudController public function setProductTemplateAction($productId) { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $product = ProductQuery::create()->findPk($productId); @@ -739,7 +739,7 @@ class ProductController extends AbstractCrudController public function addAdditionalCategoryAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $category_id = intval($this->getRequest()->request->get('additional_category_id')); @@ -764,7 +764,7 @@ class ProductController extends AbstractCrudController public function deleteAdditionalCategoryAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $category_id = intval($this->getRequest()->get('additional_category_id')); @@ -861,7 +861,7 @@ class ProductController extends AbstractCrudController public function addProductSaleElementAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $event = new ProductSaleElementCreateEvent( $this->getExistingObject(), @@ -885,7 +885,7 @@ class ProductController extends AbstractCrudController public function deleteProductSaleElementAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $event = new ProductSaleElementDeleteEvent( $this->getRequest()->get('product_sale_element_id',0), @@ -944,7 +944,7 @@ class ProductController extends AbstractCrudController protected function processProductSaleElementUpdate($changeForm) { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $error_msg = false; @@ -1053,7 +1053,7 @@ class ProductController extends AbstractCrudController public function buildCombinationsAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $error_msg = false; diff --git a/core/lib/Thelia/Controller/Admin/ProfileController.php b/core/lib/Thelia/Controller/Admin/ProfileController.php index 909d055b8..9b83c30b7 100644 --- a/core/lib/Thelia/Controller/Admin/ProfileController.php +++ b/core/lib/Thelia/Controller/Admin/ProfileController.php @@ -221,7 +221,7 @@ class ProfileController extends AbstractCrudController public function updateAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $object = $this->getExistingObject(); @@ -306,7 +306,7 @@ class ProfileController extends AbstractCrudController public function processUpdateResourceAccess() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $error_msg = false; @@ -355,7 +355,7 @@ class ProfileController extends AbstractCrudController public function processUpdateModuleAccess() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $error_msg = false; diff --git a/core/lib/Thelia/Controller/Admin/ShippingZoneController.php b/core/lib/Thelia/Controller/Admin/ShippingZoneController.php index 8e8f38eec..82b630398 100644 --- a/core/lib/Thelia/Controller/Admin/ShippingZoneController.php +++ b/core/lib/Thelia/Controller/Admin/ShippingZoneController.php @@ -42,13 +42,13 @@ class ShippingZoneController extends BaseAdminController public function indexAction() { - if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::VIEW)) return $response; return $this->render("shipping-zones", array("display_shipping_zone" => 20)); } public function updateAction($shipping_zones_id) { - if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::VIEW)) return $response; return $this->render("shipping-zones-edit", array( "shipping_zones_id" => $shipping_zones_id )); @@ -59,7 +59,7 @@ class ShippingZoneController extends BaseAdminController */ public function addArea() { - if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::UPDATE)) return $response; $shippingAreaForm = new ShippingZoneAddArea($this->getRequest()); $error_msg = null; @@ -94,7 +94,7 @@ class ShippingZoneController extends BaseAdminController public function removeArea() { - if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::UPDATE)) return $response; $shippingAreaForm = new ShippingZoneRemoveArea($this->getRequest()); $error_msg = null; diff --git a/core/lib/Thelia/Controller/Admin/SystemLogController.php b/core/lib/Thelia/Controller/Admin/SystemLogController.php index 96621717c..118f06efb 100644 --- a/core/lib/Thelia/Controller/Admin/SystemLogController.php +++ b/core/lib/Thelia/Controller/Admin/SystemLogController.php @@ -86,7 +86,7 @@ class SystemLogController extends BaseAdminController public function defaultAction() { - if (null !== $response = $this->checkAuth(AdminResources::SYSTEM_LOG, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::SYSTEM_LOG, array(), AccessManager::VIEW)) return $response; /* const VAR_LEVEL = "tlog_level"; @@ -121,7 +121,7 @@ class SystemLogController extends BaseAdminController public function saveAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; $error_msg = false; diff --git a/core/lib/Thelia/Controller/Admin/TaxRuleController.php b/core/lib/Thelia/Controller/Admin/TaxRuleController.php index 2e6cb2b70..b85123505 100644 --- a/core/lib/Thelia/Controller/Admin/TaxRuleController.php +++ b/core/lib/Thelia/Controller/Admin/TaxRuleController.php @@ -219,7 +219,7 @@ class TaxRuleController extends AbstractCrudController public function updateAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $object = $this->getExistingObject(); @@ -237,7 +237,7 @@ class TaxRuleController extends AbstractCrudController public function setDefaultAction() { - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $setDefaultEvent = new TaxRuleEvent(); @@ -255,7 +255,7 @@ class TaxRuleController extends AbstractCrudController public function processUpdateTaxesAction() { // Check current user authorization - if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response; $error_msg = false; diff --git a/core/lib/Thelia/Controller/Admin/TemplateController.php b/core/lib/Thelia/Controller/Admin/TemplateController.php index fd7df6bb2..5e551679d 100644 --- a/core/lib/Thelia/Controller/Admin/TemplateController.php +++ b/core/lib/Thelia/Controller/Admin/TemplateController.php @@ -211,7 +211,7 @@ class TemplateController extends AbstractCrudController public function addAttributeAction() { // Check current user authorization - if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response; $attribute_id = intval($this->getRequest()->get('attribute_id')); @@ -235,7 +235,7 @@ class TemplateController extends AbstractCrudController public function deleteAttributeAction() { // Check current user authorization - if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response; $event = new TemplateDeleteAttributeEvent( $this->getExistingObject(), @@ -270,7 +270,7 @@ class TemplateController extends AbstractCrudController public function addFeatureAction() { // Check current user authorization - if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response; $feature_id = intval($this->getRequest()->get('feature_id')); @@ -294,7 +294,7 @@ class TemplateController extends AbstractCrudController public function deleteFeatureAction() { // Check current user authorization - if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response; $event = new TemplateDeleteFeatureEvent( $this->getExistingObject(), diff --git a/core/lib/Thelia/Controller/Admin/TranslationsController.php b/core/lib/Thelia/Controller/Admin/TranslationsController.php index 30ebbcdb2..654a3ffdf 100644 --- a/core/lib/Thelia/Controller/Admin/TranslationsController.php +++ b/core/lib/Thelia/Controller/Admin/TranslationsController.php @@ -161,14 +161,14 @@ class TranslationsController extends BaseAdminController public function defaultAction() { - if (null !== $response = $this->checkAuth(AdminResources::TRANSLATIONS, AccessManager::VIEW)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::TRANSLATIONS, array(), AccessManager::VIEW)) return $response; return $this->renderTemplate(); } public function updateAction() { - if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response; + if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response; return $this->renderTemplate(); } diff --git a/core/lib/Thelia/Core/Security/SecurityContext.php b/core/lib/Thelia/Core/Security/SecurityContext.php index 128feb516..c5051af67 100755 --- a/core/lib/Thelia/Core/Security/SecurityContext.php +++ b/core/lib/Thelia/Core/Security/SecurityContext.php @@ -123,7 +123,7 @@ class SecurityContext * * @return Boolean */ - final public function isGranted(array $roles, array $resources, array $accesses) + final public function isGranted(array $roles, array $resources, array $modules, array $accesses) { // Find a user which matches the required roles. $user = $this->getCustomerUser(); @@ -140,7 +140,7 @@ class SecurityContext return false; } - if (empty($resources) || empty($accesses)) { + if ((empty($resources) && empty($modules)) || empty($accesses)) { return true; } @@ -172,6 +172,24 @@ class SecurityContext } } + foreach ($modules as $module) { + if ($module === '') { + continue; + } + + $module = strtolower($module); + + if (!array_key_exists($module, $userPermissions)) { + return false; + } + + foreach ($accesses as $access) { + if (!$userPermissions[$module]->can($access)) { + return false; + } + } + } + return true; } diff --git a/core/lib/Thelia/Core/Template/Loop/Auth.php b/core/lib/Thelia/Core/Template/Loop/Auth.php index ef466d3e9..072193f34 100755 --- a/core/lib/Thelia/Core/Template/Loop/Auth.php +++ b/core/lib/Thelia/Core/Template/Loop/Auth.php @@ -60,6 +60,12 @@ class Auth extends BaseLoop implements ArraySearchLoopInterface new AlphaNumStringListType() ) ), + new Argument( + 'module', + new TypeCollection( + new AlphaNumStringListType() + ) + ), new Argument( 'access', new TypeCollection( @@ -79,10 +85,20 @@ class Auth extends BaseLoop implements ArraySearchLoopInterface { $roles = $this->getRole(); $resource = $this->getResource(); + $module = $this->getModule(); $access = $this->getAccess(); + if(null !== $module) { + $in = true; + } + try { - if (true === $this->securityContext->isGranted($roles, $resource === null ? array() : $resource, $access === null ? array() : $access)) { + if (true === $this->securityContext->isGranted( + $roles, + $resource === null ? array() : $resource, + $module === null ? array() : $module, + $access === null ? array() : $access) + ) { // Create an empty row: loop is no longer empty :) $loopResult->addRow(new LoopResultRow()); diff --git a/core/lib/Thelia/Core/Template/Smarty/Plugins/AdminUtilities.php b/core/lib/Thelia/Core/Template/Smarty/Plugins/AdminUtilities.php index 0be66997a..78e1c8f5b 100644 --- a/core/lib/Thelia/Core/Template/Smarty/Plugins/AdminUtilities.php +++ b/core/lib/Thelia/Core/Template/Smarty/Plugins/AdminUtilities.php @@ -69,6 +69,7 @@ class AdminUtilities extends AbstractSmartyPlugin { // The required permissions $resource = $this->getParam($params, 'resource'); + $module = $this->getParam($params, 'module'); $access = $this->getParam($params, 'access'); // The base position change path @@ -92,7 +93,12 @@ class AdminUtilities extends AbstractSmartyPlugin */ - if ($permissions == null || $this->securityContext->isGranted("ADMIN", array($resource), array($access))) { + if ($permissions == null || $this->securityContext->isGranted( + "ADMIN", + $resource === null ? array() : array($resource), + $module === null ? array() : array($module), + array($access)) + ) { return $this->fetch_snippet($smarty, 'includes/admin-utilities-position-block', array( 'admin_utilities_go_up_url' => URL::getInstance()->absoluteUrl($path, array('mode' => 'up', $url_parameter => $id)), diff --git a/core/lib/Thelia/Core/Template/Smarty/Plugins/Security.php b/core/lib/Thelia/Core/Template/Smarty/Plugins/Security.php index 4f8b0ccc2..46a45c0c4 100755 --- a/core/lib/Thelia/Core/Template/Smarty/Plugins/Security.php +++ b/core/lib/Thelia/Core/Template/Smarty/Plugins/Security.php @@ -55,9 +55,10 @@ class Security extends AbstractSmartyPlugin { $roles = $this->_explode($this->getParam($params, 'role')); $resources = $this->_explode($this->getParam($params, 'resource')); + $modules = $this->_explode($this->getParam($params, 'module')); $accesses = $this->_explode($this->getParam($params, 'access')); - if (! $this->securityContext->isGranted($roles, $resources, $accesses)) { + if (! $this->securityContext->isGranted($roles, $resources, $modules, $accesses)) { $ex = new AuthenticationException( sprintf("User not granted for roles '%s', to access resources '%s' with %s in context '%s'.", diff --git a/templates/admin/default/includes/module-block.html b/templates/admin/default/includes/module-block.html index f11be5331..d9ea61993 100644 --- a/templates/admin/default/includes/module-block.html +++ b/templates/admin/default/includes/module-block.html @@ -39,9 +39,16 @@
-{* {loop type="auth" name="can_change" role="ADMIN" resource="admin.modules" access="VIEW"} + + + + {loop type="auth" name="can_change" role="ADMIN" module=$CODE access="VIEW"} + {intl l="Configure"} + {/loop} + + {*loop type="auth" name="can_change" role="ADMIN" resource="admin.modules" access="VIEW"} - {/loop}*} + {/loop*} {loop type="auth" name="can_change" role="ADMIN" resource="admin.modules" access="UPDATE"}