COmanage Developers List

Author: benno
Date: 2012-11-04 22:52:21 -0500 (Sun, 04 Nov 2012)
New Revision: 394

Modified:
   registry/trunk/app/Controller/AppController.php
   registry/trunk/app/Controller/CoPetitionsController.php
   registry/trunk/app/Model/CoEnrollmentFlow.php
Log:
Fix unauthenticated petitions (CO-500)

Modified: registry/trunk/app/Controller/AppController.php
===================================================================
--- registry/trunk/app/Controller/AppController.php     2012-11-05 01:47:08 
UTC (rev 393)
+++ registry/trunk/app/Controller/AppController.php     2012-11-05 03:52:21 
UTC (rev 394)
@@ -222,10 +222,10 @@
     );
     
     // Retrieve session info
-    $cos = $this->Session->read('Auth.User.cos');
     
-    if(isset($cos))
-    {
+    if($this->Session->check('Auth.User.cos')) {
+      $cos = $this->Session->read('Auth.User.cos');
+      
       // Platform admin?
       if(isset($cos['COmanage']['groups']['admin']['member']))
         $ret['cmadmin'] = $cos['COmanage']['groups']['admin']['member'];
@@ -310,13 +310,10 @@
       $ret['user'] = true;
     
     // API user or Org Person?
-    if($this->Session->check('Auth.User.api_user_id'))
-    {
+    if($this->Session->check('Auth.User.api_user_id')) {
       $ret['apiuser'] = true;
       $ret['cmadmin'] = true;  // API users are currently platform admins
-    }
-    else
-    {
+    } elseif($this->Session->check('Auth.User.org_identities')) {
       $ret['orgidentities'] = 
$this->Session->read('Auth.User.org_identities');
     }
 

Modified: registry/trunk/app/Controller/CoPetitionsController.php
===================================================================
--- registry/trunk/app/Controller/CoPetitionsController.php     2012-11-05 
01:47:08 UTC (rev 393)
+++ registry/trunk/app/Controller/CoPetitionsController.php     2012-11-05 
03:52:21 UTC (rev 394)
@@ -157,10 +157,21 @@
       // Make sure we were given a valid enrollment flow
       
       $args['conditions']['CoEnrollmentFlow.id'] = $this->enrollmentFlowID();
-      $found = $this->CoPetition->CoEnrollmentFlow->find('count', $args);
+      $args['contain'] = false;
+      $ef = $this->CoPetition->CoEnrollmentFlow->find('first', $args);
       
-      if($found == 0) {
+      if(empty($ef)) {
         $this->Session->setFlash(_txt('er.coef.unk'), '', array(), 'error');
+      } elseif(isset($ef['CoEnrollmentFlow']['authz_level'])
+               && $ef['CoEnrollmentFlow']['authz_level'] == 
EnrollmentAuthzEnum::None) {
+        // If this enrollment flow allows unauthenticated enrollments, drop 
the auth
+        // requirement. Only do this for add for the moment, since we don't 
currently
+        // know what it means for an unauthenticated enrollment to be edited 
without
+        // authentication.
+        
+        if($this->action == 'add' && $this->isAuthorized()) {
+          $this->Auth->allow('add');
+        }
       }
     }
     

Modified: registry/trunk/app/Model/CoEnrollmentFlow.php
===================================================================
--- registry/trunk/app/Model/CoEnrollmentFlow.php       2012-11-05 01:47:08 
UTC (rev 393)
+++ registry/trunk/app/Model/CoEnrollmentFlow.php       2012-11-05 03:52:21 
UTC (rev 394)
@@ -172,6 +172,13 @@
    */
   
   public function authorize($coEF, $coPersonId) {
+    // If no authz is required, return true before we bother with any other 
checks
+    
+    if($coEF['CoEnrollmentFlow']['authz_level'] == 
EnrollmentAuthzEnum::None) {
+      // No authz required
+      return true;
+    }
+    
     $CoRole = ClassRegistry::init('CoRole');
     
     // If CO Person is a CO admin, they are always authorized
@@ -210,8 +217,7 @@
         }
         break;
       case EnrollmentAuthzEnum::None:
-        // No authz required
-        return true;
+        // We covered this already, above
         break;
     }