TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix stuff + module management

Browse Source
This commit is contained in:
Etienne Roudeix
2013-11-08 15:11:45 +01:00
parent e71fc7659e
commit be9aba9fb8
4 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/lib/Thelia/Core/Security/SecurityContext.php
View File

@@ -177,14 +177,18 @@ class SecurityContext
continue; continue;
} }
if(!array_key_exists('module', $userPermissions)) {
return false;
}
$module = strtolower($module); $module = strtolower($module);
if (!array_key_exists($module, $userPermissions)) { if (!array_key_exists($module, $userPermissions['module'])) {
return false; return false;
} }
foreach ($accesses as $access) { foreach ($accesses as $access) {
if (!$userPermissions[$module]->can($access)) { if (!$userPermissions['module'][$module]->can($access)) {
return false; return false;
} }
} }

15
core/lib/Thelia/Model/Admin.php
View File

@@ -35,15 +35,24 @@ class Admin extends BaseAdmin implements UserInterface
return AdminResources::SUPERADMINISTRATOR; return AdminResources::SUPERADMINISTRATOR;
} }
$userPermissionsQuery = ProfileResourceQuery::create() $userResourcePermissionsQuery = ProfileResourceQuery::create()
->joinResource("resource", Criteria::LEFT_JOIN) ->joinResource("resource", Criteria::LEFT_JOIN)
->withColumn('resource.code', 'code') ->withColumn('resource.code', 'code')
->filterByProfileId($profileId) ->filterByProfileId($profileId)
->find(); ->find();
$userModulePermissionsQuery = ProfileModuleQuery::create()
->joinModule("module", Criteria::LEFT_JOIN)
->withColumn('module.code', 'code')
->filterByProfileId($profileId)
->find();
$userPermissions = array(); $userPermissions = array();
foreach($userPermissionsQuery as $userPermission) { foreach($userResourcePermissionsQuery as $userResourcePermission) {
$userPermissions[$userPermission->getVirtualColumn('code')] = new AccessManager($userPermission->getAccess()); $userPermissions[$userResourcePermission->getVirtualColumn('code')] = new AccessManager($userResourcePermission->getAccess());
}
foreach($userModulePermissionsQuery as $userModulePermission) {
$userPermissions['module'][strtolower($userModulePermission->getVirtualColumn('code'))] = new AccessManager($userModulePermission->getAccess());
} }
return $userPermissions; return $userPermissions;

5
install/insert.sql
View File

@@ -47,8 +47,7 @@ INSERT INTO `config` (`name`, `value`, `secured`, `hidden`, `created_at`, `updat
INSERT INTO `module` (`id`, `code`, `type`, `activate`, `position`, `full_namespace`, `created_at`, `updated_at`) VALUES INSERT INTO `module` (`id`, `code`, `type`, `activate`, `position`, `full_namespace`, `created_at`, `updated_at`) VALUES
(1, 'TheliaDebugBar', 1, 1, 1, 'TheliaDebugBar\\TheliaDebugBar', NOW(), NOW()), (1, 'TheliaDebugBar', 1, 1, 1, 'TheliaDebugBar\\TheliaDebugBar', NOW(), NOW()),
(2, 'Colissimo', 2, 0, 1, 'Colissimo\\Colissimo', NOW(), NOW()), (2, 'Colissimo', 2, 0, 1, 'Colissimo\\Colissimo', NOW(), NOW()),
(3, 'Cheque', 3, 0, 1, 'Cheque\\Cheque', NOW(), NOW()), (3, 'Cheque', 3, 0, 1, 'Cheque\\Cheque', NOW(), NOW());
(4, 'FakeCB', 3, 0, 2, 'FakeCB\\FakeCB', NOW(), NOW());
INSERT INTO `module_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES INSERT INTO `module_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES
('1', 'en_US', 'Debug bar', NULL, NULL, NULL), ('1', 'en_US', 'Debug bar', NULL, NULL, NULL),
@@ -1225,7 +1224,7 @@ INSERT INTO resource (`id`, `code`, `created_at`, `updated_at`) VALUES
(14, 'admin.configuration.language', NOW(), NOW()), (14, 'admin.configuration.language', NOW(), NOW()),
(15, 'admin.configuration.mailing-system', NOW(), NOW()), (15, 'admin.configuration.mailing-system', NOW(), NOW()),
(16, 'admin.configuration.message', NOW(), NOW()), (16, 'admin.configuration.message', NOW(), NOW()),
(17, 'admin.configuration.module', NOW(), NOW()), (17, 'admin.module', NOW(), NOW()),
(18, 'admin.order', NOW(), NOW()), (18, 'admin.order', NOW(), NOW()),
(19, 'admin.product', NOW(), NOW()), (19, 'admin.product', NOW(), NOW()),
(20, 'admin.configuration.profile', NOW(), NOW()), (20, 'admin.configuration.profile', NOW(), NOW()),

4
templates/admin/default/includes/module-block.html
View File

@@ -50,11 +50,11 @@
<a class="btn btn-default btn-xs" title="{intl l='Read the documentation of this module'}" href="{url path="/admin/module/documentation/$ID"}"><span class="glyphicon glyphicon-book"></span></a> <a class="btn btn-default btn-xs" title="{intl l='Read the documentation of this module'}" href="{url path="/admin/module/documentation/$ID"}"><span class="glyphicon glyphicon-book"></span></a>
{/loop*} {/loop*}
{loop type="auth" name="can_change" role="ADMIN" resource="admin.modules" access="UPDATE"} {loop type="auth" name="can_change" role="ADMIN" resource="admin.module" access="UPDATE"}
<a class="btn btn-default btn-xs" title="{intl l='Edit this module'}" href="{url path="/admin/module/update/$ID"}"><span class="glyphicon glyphicon-edit"></span></a> <a class="btn btn-default btn-xs" title="{intl l='Edit this module'}" href="{url path="/admin/module/update/$ID"}"><span class="glyphicon glyphicon-edit"></span></a>
{/loop} {/loop}
{loop type="auth" name="can_delete" role="ADMIN" resource="admin.modules" access="DELETE"} {loop type="auth" name="can_delete" role="ADMIN" resource="admin.module" access="DELETE"}
<a class="btn btn-default btn-xs module-delete-action" title="{intl l='Delete this module'}" href="#delete_module_dialog" data-id="{$ID}" data-toggle="modal"><span class="glyphicon glyphicon-trash"></span></a> <a class="btn btn-default btn-xs module-delete-action" title="{intl l='Delete this module'}" href="#delete_module_dialog" data-id="{$ID}" data-toggle="modal"><span class="glyphicon glyphicon-trash"></span></a>
{/loop} {/loop}
</div> </div>