chg: [internal] Use ACLComponent for menu item permission

2020-09-28 17:48:34 +02:00 · 2020-09-28 17:48:34 +02:00 · 3be0ab9169
parent 4cf7e2b26a
commit 3be0ab9169
3 changed files with 16 additions and 3 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -37,6 +37,7 @@ App::uses('RequestRearrangeTool', 'Tools');
 * @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
 *
 * @throws ForbiddenException // TODO Exception
+ * @property ACLComponent $ACL
 */
 class AppController extends Controller
 {
@ -461,6 +462,7 @@ class AppController extends Controller
            $this->set('isAclZmq', isset($role['perm_publish_zmq']) ? $role['perm_publish_zmq'] : false);
            $this->set('isAclKafka', isset($role['perm_publish_kafka']) ? $role['perm_publish_kafka'] : false);
            $this->set('isAclDecaying', isset($role['perm_decaying']) ? $role['perm_decaying'] : false);
+            $this->set('aclComponent', $this->ACL);
            $this->userRole = $role;

            $this->set('loggedInUserName', $this->__convertEmailToName($this->Auth->user('email')));
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@ -748,7 +748,9 @@ class ACLComponent extends Component
        foreach ($aclList as $k => $v) {
            $aclList[$k] = array_change_key_case($v);
        }
-        $this->__checkLoggedActions($user, $controller, $action);
+        if (!$soft) {
+            $this->__checkLoggedActions($user, $controller, $action);
+        }
        if ($user && $user['Role']['perm_site_admin']) {
            return true;
        }
@ -804,7 +806,6 @@ class ACLComponent extends Component
        switch ($code) {
            case 404:
                throw new NotFoundException($message);
-                break;
            case 403:
                throw new MethodNotAllowedException($message);
            default:
--- a/app/View/Elements/global_menu.ctp
+++ b/app/View/Elements/global_menu.ctp
@ -1,5 +1,15 @@
 <?php
    if (!empty($me)) {
+        // New approach how to define menu requirements. It takes ACLs from ACLComponent.
+        // TODO: Use for every menu item
+        $canAccess = function ($controller, $action) use ($me, $aclComponent) {
+            $response = $aclComponent->checkAccess($me, $controller, $action, true);
+            if ($response === 404) {
+                throw new Exception("Invalid controller '$controller' specified for menu requirements.");
+            }
+            return $response === true;
+        };
+
        $menu = array(
            array(
                'type' => 'root',
@ -270,7 +280,7 @@
                    array(
                        'text' => __('List Servers'),
                        'url' => $baseurl . '/servers/index',
-                        'requirement' => $isAclSync || $isAdmin
+                        'requirement' => $canAccess('servers', 'index'),
                    ),
                    array(
                        'text' => __('List Feeds'),