Skip to Content.
Sympa Menu

comanage-dev - [comanage-dev] r553 - in registry/trunk/app: Controller Controller/Component Model

Subject: COmanage Developers List

List archive

[comanage-dev] r553 - in registry/trunk/app: Controller Controller/Component Model


Chronological Thread 
  • From:
  • To:
  • Subject: [comanage-dev] r553 - in registry/trunk/app: Controller Controller/Component Model
  • Date: Mon, 8 Jul 2013 16:15:41 -0400
  • Authentication-results: sfpop-ironport04.merit.edu; dkim=neutral (message not signed) header.i=none

Author: benno
Date: 2013-07-08 16:15:41 -0400 (Mon, 08 Jul 2013)
New Revision: 553

Modified:
registry/trunk/app/Controller/CoPetitionsController.php
registry/trunk/app/Controller/Component/RoleComponent.php
registry/trunk/app/Model/CoEnrollmentFlow.php
Log:
Fix authn check for self signup/application (CO-629)

Modified: registry/trunk/app/Controller/CoPetitionsController.php
===================================================================
--- registry/trunk/app/Controller/CoPetitionsController.php 2013-07-05
13:29:31 UTC (rev 552)
+++ registry/trunk/app/Controller/CoPetitionsController.php 2013-07-08
20:15:41 UTC (rev 553)
@@ -329,7 +329,7 @@

// If an enrollment flow was specified, check the authorization for that
flow

- if($this->enrollmentFlowID() != -1 && $roles['copersonid']) {
+ if($this->enrollmentFlowID() != -1) {
$flowAuthorized =
$this->CoPetition->CoEnrollmentFlow->authorizeById($this->enrollmentFlowID(),
$roles['copersonid'], $this->Role);
}


Modified: registry/trunk/app/Controller/Component/RoleComponent.php
===================================================================
--- registry/trunk/app/Controller/Component/RoleComponent.php 2013-07-05
13:29:31 UTC (rev 552)
+++ registry/trunk/app/Controller/Component/RoleComponent.php 2013-07-08
20:15:41 UTC (rev 553)
@@ -38,6 +38,10 @@
*/

protected function cachedCoIdLookup($coPersonId) {
+ if(!$coPersonId) {
+ return false;
+ }
+
if(isset($this->cache['coperson'][$coPersonId]['co_id'])) {
return $this->cache['coperson'][$coPersonId]['co_id'];
}
@@ -65,6 +69,10 @@
*/

protected function cachedCoIdLookupByCoGroup($coGroupId) {
+ if(!$coGroupId) {
+ return false;
+ }
+
if(isset($this->cache['cogroup'][$coGroupId]['co_id'])) {
return $this->cache['cogroup'][$coGroupId]['co_id'];
}
@@ -115,6 +123,10 @@
*/

protected function cachedGroupGet($coPersonId, $groupName="",
$searchParam="", $groupId=null, $owner=false) {
+ if(!$coPersonId) {
+ return false;
+ }
+
// First check the cache (note: $condKey is something like "CoGroup.name
LIKE")

$condKey = null;
@@ -169,6 +181,10 @@
*/

protected function cachedPersonRoleCheck($coPersonId, $coId, $couId=null,
$active=true) {
+ if(!$coPersonId || !$coId) {
+ return false;
+ }
+
// First check the cache

if($couId) {
@@ -367,6 +383,10 @@
$couNames = array();
$childCous = array();

+ if(!$coPersonId) {
+ return array();
+ }
+
try {
$coId = $this->cachedCoIdLookup($coPersonId);
}
@@ -414,6 +434,10 @@
protected function identifierIsAdmin($identifier, $adminType) {
global $group_sep;

+ if(!$identifier) {
+ return false;
+ }
+
// First check the cache

if(isset($this->cache['identifier'][$identifier][$adminType])) {
@@ -474,6 +498,10 @@
*/

public function identifierIsCmpAdmin($identifier) {
+ if(!$identifier) {
+ return false;
+ }
+
// First check the cache

if(isset($this->cache['identifier'][$identifier]['cmpadmin'])) {
@@ -686,6 +714,10 @@
*/

public function isCoOrCouAdminForCoPersonRole($coPersonId,
$subjectCoPersonRoleId) {
+ if(!$coPersonId) {
+ return false;
+ }
+
// Look up the CO Person ID for the subject and then hand off the
request.

$CoPersonRole = ClassRegistry::init('CoPersonRole');
@@ -716,6 +748,10 @@
// A person is an admin if org identities are pooled or if the subject
and the CO person
// are in the CO. First check that they're even an admin at all.

+ if(!$coPersonId || !$subjectOrgIdentityId) {
+ return false;
+ }
+
if($this->isCoAdmin($coPersonId)
|| $this->isCouAdmin($coPersonId)) {
$CmpEnrollmentConfiguration =
ClassRegistry::init('CmpEnrollmentConfiguration');
@@ -755,7 +791,8 @@
if($requireRole) {
return $this->cachedPersonRoleCheck($coPersonId, $coId, null, true);
} else {
-
+ // What's supposed to go here?
+ throw new InternalErrorException("Not implemented (isCoPerson)");
}
}

@@ -820,6 +857,10 @@
*/

public function isCouAdminForCoPerson($coPersonId, $subjectCoPersonId) {
+ if(!$coPersonId) {
+ return false;
+ }
+
// Find the person's CO

try {
@@ -874,6 +915,10 @@
*/

public function isGroupManager($coPersonId, $coGroupId) {
+ if(!$coPersonId || !$coGroupId) {
+ return false;
+ }
+
// A person is a group manager if (1) they are an owner of the group or
(2) they
// are a CO admin for the CO of the group. Currently, we do not treat
COU admins as
// superusers for groups.

Modified: registry/trunk/app/Model/CoEnrollmentFlow.php
===================================================================
--- registry/trunk/app/Model/CoEnrollmentFlow.php 2013-07-05 13:29:31
UTC (rev 552)
+++ registry/trunk/app/Model/CoEnrollmentFlow.php 2013-07-08 20:15:41
UTC (rev 553)
@@ -150,7 +150,8 @@

// If CO Person is a CO admin, they are always authorized

- if($Role->isCoAdmin($coPersonId, $coEF['CoEnrollmentFlow']['co_id'])) {
+ if($coPersonId
+ && $Role->isCoAdmin($coPersonId, $coEF['CoEnrollmentFlow']['co_id']))
{
return true;
}

@@ -159,27 +160,32 @@
// We effectively already handled this, above
break;
case EnrollmentAuthzEnum::CoGroupMember:
- if($Role->isCoGroupMember($coPersonId,
$coEF['CoEnrollmentFlow']['authz_co_group_id'])) {
+ if($coPersonId
+ && $Role->isCoGroupMember($coPersonId,
$coEF['CoEnrollmentFlow']['authz_co_group_id'])) {
return true;
}
break;
case EnrollmentAuthzEnum::CoOrCouAdmin:
- if($Role->isCoOrCouAdmin($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'])) {
+ if($coPersonId
+ && $Role->isCoOrCouAdmin($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'])) {
return true;
}
break;
case EnrollmentAuthzEnum::CoPerson:
- if($Role->isCoPerson($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'])) {
+ if($coPersonId
+ && $Role->isCoPerson($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'])) {
return true;
}
break;
case EnrollmentAuthzEnum::CouAdmin:
- if($Role->isCouAdmin($coPersonId,
$coEF['CoEnrollmentFlow']['authz_cou_id'])) {
+ if($coPersonId
+ && $Role->isCouAdmin($coPersonId,
$coEF['CoEnrollmentFlow']['authz_cou_id'])) {
return true;
}
break;
case EnrollmentAuthzEnum::CouPerson:
- if($Role->isCouPerson($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'],
$coEF['CoEnrollmentFlow']['authz_cou_id'])) {
+ if($coPersonId
+ && $Role->isCouPerson($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'],
$coEF['CoEnrollmentFlow']['authz_cou_id'])) {
return true;
}
break;



  • [comanage-dev] r553 - in registry/trunk/app: Controller Controller/Component Model, svnlog, 07/08/2013

Archive powered by MHonArc 2.6.16.

Top of Page