Add ECUID (edit user cuid) to session and return in acl array
This commit is contained in:
@@ -75,6 +75,8 @@ class Login
|
|||||||
{
|
{
|
||||||
/** @var ?int the user id var*/
|
/** @var ?int the user id var*/
|
||||||
private ?int $euid;
|
private ?int $euid;
|
||||||
|
/** @var ?string the user cuid (note will be super seeded with uuid v4 later) */
|
||||||
|
private ?string $ecuid;
|
||||||
/** @var string _GET/_POST loginUserId parameter for non password login */
|
/** @var string _GET/_POST loginUserId parameter for non password login */
|
||||||
private string $login_user_id = '';
|
private string $login_user_id = '';
|
||||||
/** @var string source, either _GET or _POST or empty */
|
/** @var string source, either _GET or _POST or empty */
|
||||||
@@ -757,7 +759,7 @@ class Login
|
|||||||
}
|
}
|
||||||
// have to get the global stuff here for setting it later
|
// have to get the global stuff here for setting it later
|
||||||
// we have to get the themes in here too
|
// we have to get the themes in here too
|
||||||
$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
|
$q = "SELECT eu.edit_user_id, eu.cuid, eu.username, eu.password, "
|
||||||
. "eu.edit_group_id, "
|
. "eu.edit_group_id, "
|
||||||
. "eg.name AS edit_group_name, eu.admin, "
|
. "eg.name AS edit_group_name, eu.admin, "
|
||||||
// additinal acl lists
|
// additinal acl lists
|
||||||
@@ -889,6 +891,7 @@ class Login
|
|||||||
// normal user processing
|
// normal user processing
|
||||||
// set class var and session var
|
// set class var and session var
|
||||||
$_SESSION['EUID'] = $this->euid = (int)$res['edit_user_id'];
|
$_SESSION['EUID'] = $this->euid = (int)$res['edit_user_id'];
|
||||||
|
$_SESSION['ECUID'] = $this->ecuid = (string)$res['cuid'];
|
||||||
// check if user is okay
|
// check if user is okay
|
||||||
$this->loginCheckPermissions();
|
$this->loginCheckPermissions();
|
||||||
if ($this->login_error == 0) {
|
if ($this->login_error == 0) {
|
||||||
@@ -1132,6 +1135,8 @@ class Login
|
|||||||
// username (login), group name
|
// username (login), group name
|
||||||
$this->acl['user_name'] = $_SESSION['USER_NAME'];
|
$this->acl['user_name'] = $_SESSION['USER_NAME'];
|
||||||
$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
|
$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
|
||||||
|
// edit user cuid
|
||||||
|
$this->acl['ecuid'] = $_SESSION['ECUID'];
|
||||||
// set additional acl
|
// set additional acl
|
||||||
$this->acl['additional_acl'] = [
|
$this->acl['additional_acl'] = [
|
||||||
'user' => $_SESSION['USER_ADDITIONAL_ACL'],
|
'user' => $_SESSION['USER_ADDITIONAL_ACL'],
|
||||||
@@ -1862,6 +1867,8 @@ HTML;
|
|||||||
}
|
}
|
||||||
// if there is none, there is none, saves me POST/GET check
|
// if there is none, there is none, saves me POST/GET check
|
||||||
$this->euid = array_key_exists('EUID', $_SESSION) ? (int)$_SESSION['EUID'] : 0;
|
$this->euid = array_key_exists('EUID', $_SESSION) ? (int)$_SESSION['EUID'] : 0;
|
||||||
|
// TODO: allow load from cuid
|
||||||
|
// $this->ecuid = array_key_exists('ECUID', $_SESSION) ? (string)$_SESSION['ECUID'] : '';
|
||||||
// get login vars, are so, can't be changed
|
// get login vars, are so, can't be changed
|
||||||
// prepare
|
// prepare
|
||||||
// pass on vars to Object vars
|
// pass on vars to Object vars
|
||||||
@@ -2111,6 +2118,7 @@ HTML;
|
|||||||
$this->session->sessionDestroy();
|
$this->session->sessionDestroy();
|
||||||
// unset euid
|
// unset euid
|
||||||
$this->euid = null;
|
$this->euid = null;
|
||||||
|
$this->ecuid = null;
|
||||||
// then prints the login screen again
|
// then prints the login screen again
|
||||||
$this->permission_okay = false;
|
$this->permission_okay = false;
|
||||||
}
|
}
|
||||||
@@ -2128,11 +2136,12 @@ HTML;
|
|||||||
if (empty($this->euid)) {
|
if (empty($this->euid)) {
|
||||||
return $this->permission_okay;
|
return $this->permission_okay;
|
||||||
}
|
}
|
||||||
|
// euid must match ecuid
|
||||||
// bail for previous wrong page match, eg if method is called twice
|
// bail for previous wrong page match, eg if method is called twice
|
||||||
if ($this->login_error == 103) {
|
if ($this->login_error == 103) {
|
||||||
return $this->permission_okay;
|
return $this->permission_okay;
|
||||||
}
|
}
|
||||||
$q = "SELECT ep.filename, "
|
$q = "SELECT ep.filename, eu.cuid, "
|
||||||
// base lock flags
|
// base lock flags
|
||||||
. "eu.deleted, eu.enabled, eu.locked, "
|
. "eu.deleted, eu.enabled, eu.locked, "
|
||||||
// date based lock
|
// date based lock
|
||||||
@@ -2198,6 +2207,8 @@ HTML;
|
|||||||
} else {
|
} else {
|
||||||
$this->login_error = 103;
|
$this->login_error = 103;
|
||||||
}
|
}
|
||||||
|
// set ECUID
|
||||||
|
$_SESSION['ECUID'] = $this->ecuid = (string)$res['cuid'];
|
||||||
// if called from public, so we can check if the permissions are ok
|
// if called from public, so we can check if the permissions are ok
|
||||||
return $this->permission_okay;
|
return $this->permission_okay;
|
||||||
}
|
}
|
||||||
@@ -2503,6 +2514,16 @@ HTML;
|
|||||||
{
|
{
|
||||||
return (string)$this->euid;
|
return (string)$this->euid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the current set ECUID (edit user cuid)
|
||||||
|
*
|
||||||
|
* @return string ECUID as string
|
||||||
|
*/
|
||||||
|
public function loginGetEcid(): string
|
||||||
|
{
|
||||||
|
return (string)$this->ecuid;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// __END__
|
// __END__
|
||||||
|
|||||||
@@ -243,6 +243,7 @@ final class CoreLibsACLLoginTest extends TestCase
|
|||||||
[],
|
[],
|
||||||
[
|
[
|
||||||
'EUID' => 1,
|
'EUID' => 1,
|
||||||
|
'ECUID' => 'abc',
|
||||||
],
|
],
|
||||||
2,
|
2,
|
||||||
[],
|
[],
|
||||||
@@ -260,6 +261,7 @@ final class CoreLibsACLLoginTest extends TestCase
|
|||||||
[],
|
[],
|
||||||
[
|
[
|
||||||
'EUID' => 1,
|
'EUID' => 1,
|
||||||
|
'ECUID' => 'abc',
|
||||||
'USER_NAME' => '',
|
'USER_NAME' => '',
|
||||||
'GROUP_NAME' => '',
|
'GROUP_NAME' => '',
|
||||||
'ADMIN' => 1,
|
'ADMIN' => 1,
|
||||||
|
|||||||
Reference in New Issue
Block a user