TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/thelia/thelia into coupon

Browse Source 
* 'master' of https://github.com/thelia/thelia: (33 commits)
  permissions
  finish contact process
  create contact form
  create example for mail usage
  permission cleanup
  change place where absolute url is create when rewritten url is enabled
  fix issue #43
  fix typo in product breadcrumb
  update countries list
  fix issue #35
  fix cartItem updateQuantity method
  add some verification on country default trigger
  not allowed to delete default country
  WIP : admin profiles
  fiw test suite
  clear cache when a module is removed
  end module removal
  create event object for module delete action
  update insert script
  new model
  ...

Conflicts:
	core/lib/Thelia/Controller/Admin/CouponController.php
This commit is contained in:
gmorel
2013-10-22 23:01:04 +02:00
parent 9c7c4e851e 2d987473b4
commit b45fbef2ad
128 changed files with 4095 additions and 1209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
core/lib/Thelia/Core/Event/Newsletter/NewsletterEvent.php Normal file
View File

@@ -0,0 +1,145 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Event\Newsletter;
use Thelia\Core\Event\ActionEvent;
/**
* Class NewsletterEvent
* @package Thelia\Core\Event\Newsletter
* @author Manuel Raynaud <mraynaud@openstudio.fr>
*/
class NewsletterEvent extends ActionEvent
{
/**
* @var string email to save
*/
protected $email;
/**
* @var string first name subscriber
*/
protected $firstname;
/**
* @var string last name subscriber
*/
protected $lastname;
/**
* @var string current locale
*/
protected $locale;
function __construct($email, $locale)
{
$this->email = $email;
$this->locale = $locale;
}
/**
* @param string $email
*
* @return $this
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* @param string $firstname
*
* @return $this
*/
public function setFirstname($firstname)
{
$this->firstname = $firstname;
return $this;
}
/**
* @return string
*/
public function getFirstname()
{
return $this->firstname;
}
/**
* @param string $lastname
*
* @return $this
*/
public function setLastname($lastname)
{
$this->lastname = $lastname;
return $this;
}
/**
* @return string
*/
public function getLastname()
{
return $this->lastname;
}
/**
* @param string $locale
*
* @return $this
*/
public function setLocale($locale)
{
$this->locale = $locale;
return $this;
}
/**
* @return string
*/
public function getLocale()
{
return $this->locale;
}
}

5
core/lib/Thelia/Core/Event/TheliaEvents.php
View File

@@ -681,4 +681,9 @@ final class TheliaEvents
* sent for clearing cache
*/
const CACHE_CLEAR = 'thelia.cache.clear';
/**
* sent for subscribing to the newsletter
*/
const NEWSLETTER_SUBSCRIBE = 'thelia.newsletter.subscribe';
}

85
core/lib/Thelia/Core/Security/AccessManager.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\HttpFoundation\Request;
use Thelia\Model\ProfileQuery;
use Thelia\Model\ProfileResourceQuery;
/**
* A simple security manager, in charge of checking user
*
* @author Etienne Roudeix <eroudeix@openstudio.fr>
*/
class AccessManager
{
const VIEW = 'VIEW';
const CREATE = 'CREATE';
const UPDATE = 'UPDATE';
const DELETE = 'DELETE';
protected $accessGranted = array(
self::VIEW => false,
self::CREATE => false,
self::UPDATE => false,
self::DELETE => false,
);
protected $accessPows = array(
self::VIEW => 3,
self::CREATE => 2,
self::UPDATE => 1,
self::DELETE => 0,
);
protected $accessValue;
public function __construct($accessValue)
{
$this->accessValue = $accessValue;
foreach($this->accessPows as $type => $value) {
$pow = pow(2, $value);
if($accessValue >= $pow) {
$accessValue -= $pow;
$this->accessGranted[$type] = true;
} else {
$this->accessGranted[$type] = false;
}
}
}
public function can($type)
{
if(!array_key_exists($type, $this->accessGranted)) {
return false;
}
return $this->accessGranted[$type];
}
}

121
core/lib/Thelia/Core/Security/Resource/AdminResources.php
View File

@@ -21,7 +21,7 @@
/* */
/*************************************************************************************/
namespace Thelia\Core\Event;
namespace Thelia\Core\Security\Resource;
use Thelia\Core\Security\Exception\ResourceException;
@@ -35,9 +35,9 @@ final class AdminResources
{
static private $selfReflection = null;
static public function retrieve($name, $action)
static public function retrieve($name)
{
$contantName = strtoupper($name . '_' . $action);
$contantName = strtoupper($name);
if(null === self::$selfReflection) {
self::$selfReflection = new \ReflectionClass(__CLASS__);
@@ -52,118 +52,49 @@ final class AdminResources
const SUPERADMINISTRATOR = "SUPERADMINISTRATOR";
const ADDRESS_VIEW = "admin.address.view";
const ADDRESS_CREATE = "admin.address.create";
const ADDRESS_UPDATE = "admin.address.update";
const ADDRESS_DELETE = "admin.address.delete";
const ADDRESS = "admin.address";
const ADMIN_VIEW = "admin.configuration.admin.view";
const ADMIN_CREATE = "admin.configuration.admin.create";
const ADMIN_UPDATE = "admin.configuration.admin.update";
const ADMIN_DELETE = "admin.configuration.admin.delete";
const ADMIN = "admin.configuration.admin";
const AREA_VIEW = "admin.configuration.area.view";
const AREA_CREATE = "admin.configuration.area.create";
const AREA_UPDATE = "admin.configuration.area.update";
const AREA_DELETE = "admin.configuration.area.delete";
const AREA = "admin.configuration.area";
const ATTRIBUTE_VIEW = "admin.configuration.attribute.view";
const ATTRIBUTE_CREATE = "admin.configuration.attribute.create";
const ATTRIBUTE_UPDATE = "admin.configuration.attribute.update";
const ATTRIBUTE_DELETE = "admin.configuration.attribute.delete";
const ATTRIBUTE = "admin.configuration.attribute";
const CATEGORY_VIEW = "admin.category.view";
const CATEGORY_CREATE = "admin.category.create";
const CATEGORY_UPDATE = "admin.category.update";
const CATEGORY_DELETE = "admin.category.delete";
const CATEGORY = "admin.category";
const CONFIG_VIEW = "admin.configuration.view";
const CONFIG_CREATE = "admin.configuration.create";
const CONFIG_UPDATE = "admin.configuration.update";
const CONFIG_DELETE = "admin.configuration.delete";
const CONFIG = "admin.configuration";
const CONTENT_VIEW = "admin.content.view";
const CONTENT_CREATE = "admin.content.create";
const CONTENT_UPDATE = "admin.content.update";
const CONTENT_DELETE = "admin.content.delete";
const CONTENT = "admin.content";
const COUNTRY_VIEW = "admin.configuration.country.view";
const COUNTRY_CREATE = "admin.configuration.country.create";
const COUNTRY_UPDATE = "admin.configuration.country.update";
const COUNTRY_DELETE = "admin.configuration.country.delete";
const COUNTRY = "admin.configuration.country";
const COUPON_VIEW = "admin.coupon.view";
const COUPON_CREATE = "admin.coupon.create";
const COUPON_UPDATE = "admin.coupon.update";
const COUPON_DELETE = "admin.coupon.delete";
const COUPON = "admin.coupon";
const CURRENCY_VIEW = "admin.configuration.currency.view";
const CURRENCY_CREATE = "admin.configuration.currency.create";
const CURRENCY_UPDATE = "admin.configuration.currency.update";
const CURRENCY_DELETE = "admin.configuration.currency.delete";
const CURRENCY = "admin.configuration.currency";
const CUSTOMER_VIEW = "admin.customer.view";
const CUSTOMER_CREATE = "admin.customer.create";
const CUSTOMER_UPDATE = "admin.customer.update";
const CUSTOMER_DELETE = "admin.customer.delete";
const CUSTOMER = "admin.customer";
const FEATURE_VIEW = "admin.configuration.feature.view";
const FEATURE_CREATE = "admin.configuration.feature.create";
const FEATURE_UPDATE = "admin.configuration.feature.update";
const FEATURE_DELETE = "admin.configuration.feature.delete";
const FEATURE = "admin.configuration.feature";
const FOLDER_VIEW = "admin.folder.view";
const FOLDER_CREATE = "admin.folder.create";
const FOLDER_UPDATE = "admin.folder.update";
const FOLDER_DELETE = "admin.folder.delete";
const FOLDER = "admin.folder";
const LANGUAGE_VIEW = "admin.configuration.language.view";
const LANGUAGE_CREATE = "admin.configuration.language.create";
const LANGUAGE_UPDATE = "admin.configuration.language.update";
const LANGUAGE_DELETE = "admin.configuration.language.delete";
const LANGUAGE = "admin.configuration.language";
const MAILING_SYSTEM_VIEW = "admin.configuration.mailing-system.view";
const MAILING_SYSTEM_CREATE = "admin.configuration.mailing-system.create";
const MAILING_SYSTEM_UPDATE = "admin.configuration.mailing-system.update";
const MAILING_SYSTEM_DELETE = "admin.configuration.mailing-system.delete";
const MAILING_SYSTEM = "admin.configuration.mailing-system";
const MESSAGE_VIEW = "admin.configuration.message.view";
const MESSAGE_CREATE = "admin.configuration.message.create";
const MESSAGE_UPDATE = "admin.configuration.message.update";
const MESSAGE_DELETE = "admin.configuration.message.delete";
const MESSAGE = "admin.configuration.message";
const MODULE_VIEW = "admin.configuration.module.view";
const MODULE_CREATE = "admin.configuration.module.create";
const MODULE_UPDATE = "admin.configuration.module.update";
const MODULE_DELETE = "admin.configuration.module.delete";
const MODULE = "admin.configuration.module";
const ORDER_VIEW = "admin.order.view";
const ORDER_CREATE = "admin.order.create";
const ORDER_UPDATE = "admin.order.update";
const ORDER_DELETE = "admin.order.delete";
const ORDER = "admin.order";
const PRODUCT_VIEW = "admin.product.view";
const PRODUCT_CREATE = "admin.product.create";
const PRODUCT_UPDATE = "admin.product.update";
const PRODUCT_DELETE = "admin.product.delete";
const PRODUCT = "admin.product";
const PROFILE_VIEW = "admin.configuration.profile.view";
const PROFILE_CREATE = "admin.configuration.profile.create";
const PROFILE_UPDATE = "admin.configuration.profile.update";
const PROFILE_DELETE = "admin.configuration.profile.delete";
const PROFILE = "admin.configuration.profile";
const SHIPPING_ZONE_VIEW = "admin.configuration.shipping-zone.view";
const SHIPPING_ZONE_CREATE = "admin.configuration.shipping-zone.create";
const SHIPPING_ZONE_UPDATE = "admin.configuration.shipping-zone.update";
const SHIPPING_ZONE_DELETE = "admin.configuration.shipping-zone.delete";
const SHIPPING_ZONE = "admin.configuration.shipping-zone";
const TAX_VIEW = "admin.configuration.tax.view";
const TAX_CREATE = "admin.configuration.tax.create";
const TAX_UPDATE = "admin.configuration.tax.update";
const TAX_DELETE = "admin.configuration.tax.delete";
const TAX = "admin.configuration.tax";
const TEMPLATE_VIEW = "admin.configuration.template.view";
const TEMPLATE_CREATE = "admin.configuration.template.create";
const TEMPLATE_UPDATE = "admin.configuration.template.update";
const TEMPLATE_DELETE = "admin.configuration.template.delete";
const TEMPLATE = "admin.configuration.template";
}

28
core/lib/Thelia/Core/Security/SecurityContext.php
View File

@@ -24,7 +24,7 @@
namespace Thelia\Core\Security;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\HttpFoundation\Request;
use Thelia\Model\ProfileQuery;
@@ -126,12 +126,8 @@ class SecurityContext
*
* @return Boolean
*/
final public function isGranted(array $roles, array $permissions)
final public function isGranted(array $roles, array $resources, array $accesses)
{
if (empty($permissions)) {
return true;
}
// Find a user which matches the required roles.
$user = $this->getCustomerUser();
@@ -147,7 +143,11 @@ class SecurityContext
return false;
}
if( !method_exists($user, 'getProfileId') ) {
if (empty($resources) || empty($accesses)) {
return true;
}
if( !method_exists($user, 'getPermissions') ) {
return false;
}
@@ -157,14 +157,22 @@ class SecurityContext
return true;
}
foreach($permissions as $permission) {
if($permission === '') {
foreach($resources as $resource) {
if($resource === '') {
continue;
}
if(! in_array($permission, $userPermissions)) {
$resource = strtolower($resource);
if(!array_key_exists($resource, $userPermissions)) {
return false;
}
foreach($accesses as $access) {
if(!$userPermissions[$resource]->can($access)) {
return false;
}
}
}
return true;

21
core/lib/Thelia/Core/Template/Loop/Admin.php
View File

@@ -25,6 +25,7 @@ namespace Thelia\Core\Template\Loop;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Template\Element\BaseI18nLoop;
use Thelia\Core\Template\Element\BaseLoop;
use Thelia\Core\Template\Element\LoopResult;
use Thelia\Core\Template\Element\LoopResultRow;
@@ -44,7 +45,7 @@ use Thelia\Type\BooleanOrBothType;
* @package Thelia\Core\Template\Loop
* @author Etienne Roudeix <eroudeix@openstudio.fr>
*/
class Admin extends BaseI18nLoop
class Admin extends BaseLoop
{
public $timestampable = true;
@@ -83,17 +84,17 @@ class Admin extends BaseI18nLoop
$search->orderByFirstname(Criteria::ASC);
/* perform search */
$features = $this->search($search, $pagination);
$admins = $this->search($search, $pagination);
$loopResult = new LoopResult($features);
$loopResult = new LoopResult($admins);
foreach ($features as $feature) {
$loopResultRow = new LoopResultRow($loopResult, $feature, $this->versionable, $this->timestampable, $this->countable);
$loopResultRow->set("ID", $feature->getId())
->set("PROFILE",$feature->getProfileId())
->set("FIRSTNAME",$feature->getFirstname())
->set("LASTNAME",$feature->getLastname())
->set("LOGIN",$feature->getLogin())
foreach ($admins as $admin) {
$loopResultRow = new LoopResultRow($loopResult, $admin, $this->versionable, $this->timestampable, $this->countable);
$loopResultRow->set("ID", $admin->getId())
->set("PROFILE",$admin->getProfileId())
->set("FIRSTNAME",$admin->getFirstname())
->set("LASTNAME",$admin->getLastname())
->set("LOGIN",$admin->getLogin())
;
$loopResult->addRow($loopResultRow);

51
core/lib/Thelia/Core/Template/Loop/Auth.php
View File

@@ -23,12 +23,16 @@
namespace Thelia\Core\Template\Loop;
use Thelia\Core\Security\AccessManager;
use Thelia\Core\Template\Element\BaseLoop;
use Thelia\Core\Template\Element\LoopResult;
use Thelia\Core\Template\Element\LoopResultRow;
use Thelia\Core\Template\Loop\Argument\ArgumentCollection;
use Thelia\Core\Template\Loop\Argument\Argument;
use Thelia\Type\AlphaNumStringListType;
use Thelia\Type\EnumListType;
use Thelia\Type\TypeCollection;
/**
*
@@ -41,40 +45,45 @@ class Auth extends BaseLoop
public function getArgDefinitions()
{
return new ArgumentCollection(
Argument::createAnyTypeArgument('roles', null, true),
Argument::createAnyTypeArgument('permissions'),
new Argument(
'role',
new TypeCollection(
new AlphaNumStringListType()
),
null,
true
),
new Argument(
'resource',
new TypeCollection(
new AlphaNumStringListType()
)
),
new Argument(
'access',
new TypeCollection(
new EnumListType(array(AccessManager::VIEW, AccessManager::CREATE, AccessManager::UPDATE, AccessManager::DELETE))
)
),
Argument::createAnyTypeArgument('context', 'front', false)
);
}
private function _explode($commaSeparatedValues)
{
$array = explode(',', $commaSeparatedValues);
if (array_walk($array, function(&$item) {
$item = strtoupper(trim($item));
})) {
return $array;
}
return array();
}
/**
* @param $pagination
*
*
* @return \Thelia\Core\Template\Element\LoopResult
* @return LoopResult
*/
public function exec(&$pagination)
{
$roles = $this->_explode($this->getRoles());
$permissions = $this->_explode($this->getPermissions());
$roles = $this->getRole();
$resource = $this->getResource();
$access = $this->getAccess();
$loopResult = new LoopResult();
try {
if (true === $this->securityContext->isGranted($roles, $permissions == null ? array() : $permissions)) {
if (true === $this->securityContext->isGranted($roles, $resource === null ? array() : $resource, $access === null ? array() : $access)) {
// Create an empty row: loop is no longer empty :)
$loopResult->addRow(new LoopResultRow());

22
core/lib/Thelia/Core/Template/Loop/Profile.php
View File

@@ -79,20 +79,20 @@ class Profile extends BaseI18nLoop
$search->orderById(Criteria::ASC);
/* perform search */
$features = $this->search($search, $pagination);
$profiles = $this->search($search, $pagination);
$loopResult = new LoopResult($features);
$loopResult = new LoopResult($profiles);
foreach ($features as $feature) {
$loopResultRow = new LoopResultRow($loopResult, $feature, $this->versionable, $this->timestampable, $this->countable);
$loopResultRow->set("ID", $feature->getId())
->set("IS_TRANSLATED",$feature->getVirtualColumn('IS_TRANSLATED'))
foreach ($profiles as $profile) {
$loopResultRow = new LoopResultRow($loopResult, $profile, $this->versionable, $this->timestampable, $this->countable);
$loopResultRow->set("ID", $profile->getId())
->set("IS_TRANSLATED",$profile->getVirtualColumn('IS_TRANSLATED'))
->set("LOCALE",$locale)
->set("CODE",$feature->getCode())
->set("TITLE",$feature->getVirtualColumn('i18n_TITLE'))
->set("CHAPO", $feature->getVirtualColumn('i18n_CHAPO'))
->set("DESCRIPTION", $feature->getVirtualColumn('i18n_DESCRIPTION'))
->set("POSTSCRIPTUM", $feature->getVirtualColumn('i18n_POSTSCRIPTUM'))
->set("CODE",$profile->getCode())
->set("TITLE",$profile->getVirtualColumn('i18n_TITLE'))
->set("CHAPO", $profile->getVirtualColumn('i18n_CHAPO'))
->set("DESCRIPTION", $profile->getVirtualColumn('i18n_DESCRIPTION'))
->set("POSTSCRIPTUM", $profile->getVirtualColumn('i18n_POSTSCRIPTUM'))
;
$loopResult->addRow($loopResultRow);

115
core/lib/Thelia/Core/Template/Loop/Resource.php Executable file
View File

@@ -0,0 +1,115 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Template\Loop;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Security\AccessManager;
use Thelia\Core\Template\Element\BaseI18nLoop;
use Thelia\Core\Template\Element\LoopResult;
use Thelia\Core\Template\Element\LoopResultRow;
use Thelia\Core\Template\Loop\Argument\ArgumentCollection;
use Thelia\Core\Template\Loop\Argument\Argument;
use Thelia\Model\ResourceQuery;
use Thelia\Type;
use Thelia\Type\BooleanOrBothType;
/**
*
* Resource loop
*
*
* Class Resource
* @package Thelia\Core\Template\Loop
* @author Etienne Roudeix <eroudeix@openstudio.fr>
*/
class Resource extends BaseI18nLoop
{
public $timestampable = true;
/**
* @return ArgumentCollection
*/
protected function getArgDefinitions()
{
return new ArgumentCollection(
Argument::createIntTypeArgument('profile')
);
}
/**
* @param $pagination
*
* @return \Thelia\Core\Template\Element\LoopResult
*/
public function exec(&$pagination)
{
$search = ResourceQuery::create();
/* manage translations */
$locale = $this->configureI18nProcessing($search);
$profile = $this->getProfile();
if (null !== $profile) {
$search->leftJoinProfileResource('profile_resource')
->withColumn('profile_resource.access', 'access');
//$search->filterById($id, Criteria::IN);
}
$search->orderById(Criteria::ASC);
/* perform search */
$resources = $this->search($search, $pagination);
$loopResult = new LoopResult($resources);
foreach ($resources as $resource) {
$loopResultRow = new LoopResultRow($loopResult, $resource, $this->versionable, $this->timestampable, $this->countable);
$loopResultRow->set("ID", $resource->getId())
->set("IS_TRANSLATED",$resource->getVirtualColumn('IS_TRANSLATED'))
->set("LOCALE",$locale)
->set("CODE",$resource->getCode())
->set("TITLE",$resource->getVirtualColumn('i18n_TITLE'))
->set("CHAPO", $resource->getVirtualColumn('i18n_CHAPO'))
->set("DESCRIPTION", $resource->getVirtualColumn('i18n_DESCRIPTION'))
->set("POSTSCRIPTUM", $resource->getVirtualColumn('i18n_POSTSCRIPTUM'))
;
if (null !== $profile) {
$accessValue = $resource->getVirtualColumn('access');
$manager = new AccessManager($accessValue);
$loopResultRow->set("VIEWABLE", $manager->can(AccessManager::VIEW))
->set("CREATABLE", $manager->can(AccessManager::CREATE))
->set("UPDATABLE", $manager->can(AccessManager::UPDATE))
->set("DELETABLE", $manager->can(AccessManager::DELETE));
}
$loopResult->addRow($loopResultRow);
}
return $loopResult;
}
}

4
core/lib/Thelia/Core/Template/Smarty/AbstractSmartyPlugin.php
View File

@@ -40,6 +40,10 @@ abstract class AbstractSmartyPlugin
*/
protected function _explode($commaSeparatedValues)
{
if(null === $commaSeparatedValues) {
return array();
}
$array = explode(',', $commaSeparatedValues);
if (array_walk($array, function(&$item) {

5
core/lib/Thelia/Core/Template/Smarty/Plugins/AdminUtilities.php
View File

@@ -45,7 +45,8 @@ class AdminUtilities extends AbstractSmartyPlugin
public function generatePositionChangeBlock($params, &$smarty)
{
// The required permissions
$permission = $this->getParam($params, 'permission');
$resource = $this->getParam($params, 'resource');
$access = $this->getParam($params, 'access');
// The base position change path
$path = $this->getParam($params, 'path');
@@ -68,7 +69,7 @@ class AdminUtilities extends AbstractSmartyPlugin
<a href="{url path='/admin/configuration/currencies/positionDown' currency_id=$ID}"><i class="icon-arrow-down"></i></a>
*/
if ($permissions == null || $this->securityContext->isGranted("ADMIN", array($permission))) {
if ($permissions == null || $this->securityContext->isGranted("ADMIN", array($resource), array($access))) {
return sprintf(
'<a href="%s"><i class="glyphicon glyphicon-arrow-up"></i></a><span class="%s" data-id="%s">%s</span><a href="%s"><i class="glyphicon glyphicon-arrow-down"></i></a>',
URL::getInstance()->absoluteUrl($path, array('mode' => 'up', $url_parameter => $id)),

11
core/lib/Thelia/Core/Template/Smarty/Plugins/Security.php
View File

@@ -53,14 +53,15 @@ class Security extends AbstractSmartyPlugin
*/
public function checkAuthFunction($params, &$smarty)
{
$roles = $this->_explode($this->getParam($params, 'roles'));
$permissions = $this->_explode($this->getParam($params, 'permissions'));
$roles = $this->_explode($this->getParam($params, 'role'));
$resources = $this->_explode($this->getParam($params, 'resource'));
$accesses = $this->_explode($this->getParam($params, 'access'));
if (! $this->securityContext->isGranted($roles, $permissions)) {
if (! $this->securityContext->isGranted($roles, $resources, $accesses)) {
$ex = new AuthenticationException(
sprintf("User not granted for roles '%s', permissions '%s' in context '%s'.",
implode(',', $roles), implode(',', $permissions), $context
sprintf("User not granted for roles '%s', to access resources '%s' with %s in context '%s'.",
implode(',', $roles), implode(',', $resources), implode(',', $accesses), $context
)
);