commit c0a3d3ec91dbc61b0b3035d384fd263989d38c00
parent e79fd5bc911b27b76b4d033403466c99ac2a5326
Author: Timo A. Hummel <timo@netraver.de>
Date: Sun, 12 Jun 2011 10:55:50 +0200
* Refactored session handling
* Added admin user flag
* Added admin service
Diffstat:
9 files changed, 69 insertions(+), 14 deletions(-)
diff --git a/frontend/js/Components/MenuBar.js b/frontend/js/Components/MenuBar.js
@@ -18,6 +18,7 @@ Ext.define('PartDB2.MenuBar', {
handler: this.editDistributors
},{
text: i18n('Edit Users'),
+ id: 'edit-users',
handler: this.editUsers,
icon: "resources/silkicons/user.png"
},{
diff --git a/frontend/js/Dialogs/Auth/LoginDialog.js b/frontend/js/Dialogs/Auth/LoginDialog.js
@@ -71,6 +71,11 @@ Ext.define('PartDB2.LoginDialog', {
onLogin: function (obj) {
PartDB2.getApplication().setSession(obj.sessionid);
PartDB2.getApplication().setUsername(obj.username);
+
+ if (!obj.admin) {
+ Ext.getCmp("edit-users").hide();
+ }
+
PartDB2.getApplication().createGlobalStores();
PartDB2.getApplication().reloadStores();
diff --git a/src/de/RaumZeitLabor/PartDB2/Auth/AuthService.php b/src/de/RaumZeitLabor/PartDB2/Auth/AuthService.php
@@ -23,7 +23,7 @@ class AuthService extends AnonService {
/* Start Session */
$session = SessionManager::getInstance()->startSession($authenticatedUser);
- return array("sessionid" => $session->getSessionID(), "username" => $this->getParameter("username"));
+ return array("sessionid" => $session->getSessionID(), "username" => $this->getParameter("username"), "admin" => $session->getUser()->isAdmin());
} else {
throw new InvalidLoginDataException();
}
diff --git a/src/de/RaumZeitLabor/PartDB2/Auth/User.php b/src/de/RaumZeitLabor/PartDB2/Auth/User.php
@@ -18,6 +18,10 @@ class User {
/** @Column(length=32) */
private $password;
+ /** @Column(type="boolean") */
+ private $admin;
+
+
/**
* Creates a new user object.
*
@@ -32,6 +36,8 @@ class User {
if ($password !== null) {
$this->setPassword($password);
}
+
+ $this->setAdmin(false);
}
/**
* Sets the username.
@@ -80,6 +86,22 @@ class User {
}
/**
+ * Sets the admin flag
+ * @param boolean $bAdmin True if the user is an admin, false otherwise
+ */
+ public function setAdmin ($bAdmin) {
+ $this->admin = (boolean)$bAdmin;
+ }
+
+ /**
+ * Returns the admin flag
+ * @return boolean True if the user is an admin
+ */
+ public function isAdmin () {
+ return $this->admin;
+ }
+
+ /**
* Sets the user's password. Automatically
* applies md5 hashing.
*
diff --git a/src/de/RaumZeitLabor/PartDB2/Service/AdminService.php b/src/de/RaumZeitLabor/PartDB2/Service/AdminService.php
@@ -0,0 +1,17 @@
+<?php
+namespace de\RaumZeitLabor\PartDB2\Service;
+use de\RaumZeitLabor\PartDB2\Session\SessionManager;
+
+declare(encoding = 'UTF-8');
+
+class AdminService extends Service {
+ public function mayCall ($call) {
+ if (SessionManager::getCurrentSession()->getUser()->isAdmin()) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+}
+
+?>+
\ No newline at end of file
diff --git a/src/de/RaumZeitLabor/PartDB2/Service/Service.php b/src/de/RaumZeitLabor/PartDB2/Service/Service.php
@@ -1,5 +1,7 @@
<?php
namespace de\RaumZeitLabor\PartDB2\Service;
+use de\RaumZeitLabor\PartDB2\Session\Session;
+
declare(encoding = 'UTF-8');
use de\RaumZeitLabor\PartDB2\Session\SessionManager,
@@ -11,13 +13,16 @@ class Service {
public function __construct (Array $params) {
$this->params = $params;
}
- public function setSession ($session) {
- SessionManager::getInstance()->resumeSession($session);
- }
public function mayCall ($call) {
- /* @todo: Implement permission checking */
- return true;
+ if (SessionManager::getCurrentSession()->getUser() === null) {
+ return false;
+ } else {
+ /* @todo: Implement permission checking */
+ return true;
+ }
+
+
}
protected function requireParameter ($name) {
diff --git a/src/de/RaumZeitLabor/PartDB2/Service/ServiceManager.php b/src/de/RaumZeitLabor/PartDB2/Service/ServiceManager.php
@@ -1,5 +1,7 @@
<?php
namespace de\RaumZeitLabor\PartDB2\Service;
+use de\RaumZeitLabor\PartDB2\Session\SessionManager;
+
declare(encoding = 'UTF-8');
use de\RaumZeitLabor\PartDB2\Service\Exceptions\ServiceException,
@@ -47,18 +49,19 @@ class ServiceManager {
$session = null;
if ($service->hasHeader("session")) {
- $session = $service->getHeader("session");
+ $sessionid = $service->getHeader("session");
}
if (array_key_exists("session", $_REQUEST) && $session === null) {
- $session = $_REQUEST["session"];
+ $sessionid = $_REQUEST["session"];
}
- if ($session === null)
+ if ($sessionid === null)
{
+ $session = SessionManager::getInstance()->startSession();
throw new ServiceException("You called a non-anonymous service, but did not pass the 'session' parameter.");
- }
-
- $service->setSession($session);
+ } else {
+ $session = SessionManager::getInstance()->resumeSession($sessionid);
+ }
if (!$service->mayCall($call)) {
$allowCall = false;
diff --git a/src/de/RaumZeitLabor/PartDB2/Session/SessionManager.php b/src/de/RaumZeitLabor/PartDB2/Session/SessionManager.php
@@ -47,6 +47,7 @@ class SessionManager extends Singleton {
$query->execute();
try {
self::$currentSession = $query->getSingleResult();
+ return self::$currentSession;
} catch (\Doctrine\ORM\NonUniqueResultException $e) {
throw new \Exception("Fatal error: Multiple sessions with id $session found.");
} catch (\Doctrine\ORM\NoResultException $e) {
diff --git a/src/de/RaumZeitLabor/PartDB2/User/UserService.php b/src/de/RaumZeitLabor/PartDB2/User/UserService.php
@@ -4,12 +4,12 @@ use de\RaumZeitLabor\PartDB2\Service\RestfulService;
declare(encoding = 'UTF-8');
-use de\RaumZeitLabor\PartDB2\Service\Service;
+use de\RaumZeitLabor\PartDB2\Service\AdminService;
use de\RaumZeitLabor\PartDB2\PartDB2,
de\RaumZeitLabor\PartDB2\Auth\User,
de\RaumZeitLabor\PartDB2\Session\SessionManager;
-class UserService extends Service implements RestfulService {
+class UserService extends AdminService implements RestfulService {
public function get () {
if ($this->hasParameter("id")) {
return UserManager::getInstance()->getUser($this->getParameter("id"))->serialize();
