Path

ez projects / ezjscore / forum / general / auth system problem (with h...

Auth system problem (with hopefully correct solution)

You need to be logged in to post messages in the forums. New users may register here.

Matteo Mosangini

Member since:
12 July 2009

Posts: 11

Friday 22 January 2010 7:05:31 pm

I think this could be a possible bug ( or perhaps a misconfiguration of my ez installation). I'm working on a couple of extensions using ezjscore inside each one i defined an ezjscore.ini.append.php:

ezjscore.ini.append.php inside mcalendar extension:




[ezjscServer]


FunctionList[]=mcalendar_removeEvent


FunctionList[]=mcalendar_updateEventAjax


FunctionList[]=mcalendar_updateEventTimeSlot


FunctionList[]=mcalendar_addEventAjax


FunctionList[]=mcalendar_fetchEvents


 

 

[ezjscServer_mcalendar]


Functions[]=mcalendar


PermissionPrFunction=enabled


Class=mcServerFunctions


File=extension/mcalendar/classes/mcserverfunctions.php


ezjscore inside ticketsystem extension:




[ezjscServer]


FunctionList[]=ticketsystem_changeTicketState


FunctionList[]=ticketsystem_acquireTicket


 

[ezjscServer_ticketsystem]


Functions[]=ticketsystem[ezjscServer]


PermissionPrFunction=enabled


Class=ticketsystemServerFunctions


File=extension/ticketsystem/classes/ticketsystemserverfunctions.php


If I do not enforce any policy (regarding ezjscore functions) and allow everyone to use anything, everything works.


If , for example, I create a policy inside Role A to allow only some users to use mcalendar_fetchEvents everything is still working all right.

But, if for any reason, I want to enforce a new policy inside Role B to allow only certain users to use ticketsystem_acquireTicket every ezjscore functions stops working. And even though I log in a user whom I assigned role A I can no more use mcalendar_fetchEvents.


I think this strange behavior is caused by method ezjscServerRouter::hasAccess.

The original version reads:




 // Something with $accessResult


            foreach ( $accessResult['policies'] as $pkey => $limitationArray )


            {


               if ( isset( $limitationArray['FunctionList'] ) )


               {


                   if ( !in_array( $permissionName, $limitationArray['FunctionList'] ) )


                       return false;


               }


            }


       }


       return true;


 


after some modifications:




 // Something with $accessResult


            foreach ( $accessResult['policies'] as $pkey => $limitationArray )


            {


               if ( isset( $limitationArray['FunctionList'] ) )


               {


                   if ( in_array( $permissionName, $limitationArray['FunctionList'] ) )


                       return true;


               }


            }


       }


       return false;


policies are enforced correctly.
Up

André R

Member since:
20 August 2005

Posts: 171

Wednesday 03 February 2010 12:32:45 pm

I'll try to look into this.
The function was created at the same time (slightly before) as ezjscAccessTemplateFunctions::hasAccessToLimitation. So the idea was to return false if any of the policy's did not match. But as ezjscServerRouter uses this a bit differently I need to rethink the approach there.

--
ar
Up

André R

Member since:
20 August 2005

Posts: 171

Wednesday 10 February 2010 11:35:47 pm

The same issue surfaced in the issue tracker recently for hasAccessToLimitation(), so fixed it and also made ezjscServerRouter reuse that function instead of duplicating it.
So seems to work now as of rev 134 in trunk.

ref issue: http://issues.ez.no/IssueView.php?Id=16129&

--
ar
Up

You need to be logged in to post messages in the forums. New users may register here.