composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 07:12:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Customer portal : SecurityHelper now outputs to IssueLog on negative result when debug mode is enabled. Warning : This ca be extremely verbose ! Use debug mode smartly.

Browse Source 
SVN:trunk[4172]
This commit is contained in:
Guillaume Lajarige
2016-06-02 08:51:27 +00:00
parent e0909766fd
commit ae61a1e5eb
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
datamodels/2.x/itop-portal-base/portal/src/helpers/securityhelper.class.inc.php
View File

@@ -24,6 +24,7 @@ use \Silex\Application;
use \utils; use \utils;
use \UserRights; use \UserRights;
use \Dict; use \Dict;
use \IssueLog;
use \MetaModel; use \MetaModel;
use \DBObjectSet; use \DBObjectSet;
use \FieldExpression; use \FieldExpression;
@@ -52,9 +53,15 @@ class SecurityHelper
*/ */
public static function IsActionAllowed(Application $oApp, $sAction, $sObjectClass, $sObjectId = null) public static function IsActionAllowed(Application $oApp, $sAction, $sObjectClass, $sObjectId = null)
{ {
$sDebugTracePrefix = __CLASS__ . ' / ' . __METHOD__ . ' : Returned false for action ' . $sAction . ' on ' . $sObjectClass . '::' . $sObjectId;
// Checking action type // Checking action type
if (!in_array($sAction, array(UR_ACTION_READ, UR_ACTION_MODIFY, UR_ACTION_CREATE))) if (!in_array($sAction, array(UR_ACTION_READ, UR_ACTION_MODIFY, UR_ACTION_CREATE)))
{ {
if ($oApp['debug'])
{
IssueLog::Info($sDebugTracePrefix . ' as the action value could not be understood (' . UR_ACTION_READ . '/' . UR_ACTION_MODIFY . '/' . UR_ACTION_CREATE . ' expected');
}
return false; return false;
} }
@@ -65,6 +72,10 @@ class SecurityHelper
$oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sObjectClass, $sScopeAction); $oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sObjectClass, $sScopeAction);
if ($oScopeQuery === null) if ($oScopeQuery === null)
{ {
if ($oApp['debug'])
{
IssueLog::Info($sDebugTracePrefix . ' as there was no scope defined for action ' . $sScopeAction . ' and profiles ' . implode('/', UserRights::ListProfiles()));
}
return false; return false;
} }
// - If action != create we do some additionnal checks // - If action != create we do some additionnal checks
@@ -89,6 +100,10 @@ class SecurityHelper
$oSet = new DBObjectSet($oScopeQuery); $oSet = new DBObjectSet($oScopeQuery);
if ($oSet->Count() === 0) if ($oSet->Count() === 0)
{ {
if ($oApp['debug'])
{
IssueLog::Info($sDebugTracePrefix . ' as there was no result for the following scope query : ' . $oScopeQuery->ToOQL(true));
}
return false; return false;
} }
@@ -98,6 +113,10 @@ class SecurityHelper
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */); $oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
if ($oObject === null) if ($oObject === null)
{ {
if ($oApp['debug'])
{
IssueLog::Info($sDebugTracePrefix . ' as object doesn\'t exists');
}
return false; return false;
} }
unset($oObject); unset($oObject);
@@ -109,6 +128,10 @@ class SecurityHelper
{ {
// For security reasons, we don't want to give the user too many informations on why he cannot access the object. // For security reasons, we don't want to give the user too many informations on why he cannot access the object.
//throw new SecurityException('User not allowed to view this object', array('class' => $sObjectClass, 'id' => $sObjectId)); //throw new SecurityException('User not allowed to view this object', array('class' => $sObjectClass, 'id' => $sObjectId));
if ($oApp['debug'])
{
IssueLog::Info($sDebugTracePrefix . ' as the user is not allowed to access this object according to the datamodel security (cf. Console settings)');
}
return false; return false;
} }