Changeset 3413

Timestamp:

06/07/07 07:31:51 (18 months ago)

Author:

coolengineer

Message:

* Draft of ACL Components

#408
추후에 기존 소스를 계속 바꿔나가야함.
Teamblog의 path 기반 접근제한도 이것을 사용할 수 있을 듯.

Location:

trunk

Files:

• components/Textcube.Core.php (modified) (1 diff)
• lib/auth.php (modified) (3 diffs)

trunk/components/Textcube.Core.php

@@ -10 +10 @@
     else
         return str_replace(array('%', ' ', '"', '#', '&', '\'', '<', '>', '?'), array('%25', '%20', '%22', '%23', '%26', '%27', '%3C', '%3E', '%3F'), $url);
+}
+
+/* Access Request Object: i.e. user */
+class Aro {
+    var $_aro = array( 
+        /* role => array( <available actions>, [<reference group>...] ) */
+        'group.administrators' => array( 'blog-read', 'blog-write', 'blog-manage', 'comment-manage' ),
+        'group.blogwriters' => array( 'blog-read', 'blog-write' ),
+        'group.members' => array( 'comment-read', 'comment-writer' ),
+        'group.guests' => array( 'comment-read', 'comment-write' )
+        );
+
+    function Aro() {
+    }
+
+    function getCanonicalName( $userid ) {
+        return "textcube:$userid";
+    }
+
+}
+
+/* Access Control Object: i.e. uri, component, function */
+class Aco {
+    function Aco() {
+    }
+}
+
+class Acl {
+    function check($aco = null, $aco_action = '*') {
+        global $owner;
+
+        if( $aco == null ) {
+            if (empty($_SESSION['userid']) || ($_SESSION['userid'] != $owner))
+                return false;
+            return true;
+        }
+
+        if( !Acl::isAvailable() )  {
+            return false;
+        }
+
+        if( !is_array( $aco ) ) {
+            $aco = array( $aco );
+        }
+
+        foreach( $aco as $obj ) {
+            /*owner = blogid*/
+            if( in_array( $obj, $_SESSION['acl'][$owner] ) ) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    function setCurrentAro( $blogid, $group, $user, $add = false ) {
+        if( !isset( $_SESSION['acl'] ) ) {
+            $_SESSION['acl'] = array();
+        }
+        if( $add ) {
+            $_SESSION['acl'][$blogid] = array_merge( $_SESSION['acl'][$blogid], array( $group, $user ) );
+        } else {
+            $_SESSION['acl'][$blogid] = array( $group, $user );
+        }
+    }
+
+    function isAvailable() {
+        global $owner; /*blogid*/
+
+        if( !isset( $_SESSION['acl'] ) || 
+            !is_array( $_SESSION['acl'] ) || 
+            !isset( $_SESSION['acl'][$owner] ) ) {
+            return false;
+        }
+
+        return true;
+    }
 }
 

trunk/lib/auth.php

@@ -25 +25 @@
             // 팀블로그 :: 로그인 인증 (팀원이 맞을 경우 admin 변수에 사용자의 userid 를 넣는다.
             $check = DBQuery::queryCell("SELECT teams FROM {$database['prefix']}Teamblog WHERE userid='{$session['userid']}' and teams='$owner'");
+            if($owner == $session['userid']) {
+                Acl::setCurrentAro($owner, 'group.administrators', Aro::getCanonicalName($admin) );
+            } else {
+                Acl::setCurrentAro($owner, 'group.members', Aro::getCanonicalName($admin) );
+            }
             if(!empty($check)) authorizeSession($owner, $session['userid']);
             else return 2;
@@ -63 +68 @@
 
 function doesHaveMembership() {
-    return empty($_SESSION['userid']) ? false : true;
+    return Acl::check( "group.members" );
 }
 
@@ -79 +84 @@
 
 function doesHaveOwnership() {
-    global $owner;
-    if (empty($_SESSION['userid']) || ($_SESSION['userid'] != $owner))
-        return false;
-    return true;
+    return Acl::check( "group.administrators" );
 }