Разграничение доступа к обработчикам JS-запросов, vol. 1

b817f8d4 · Andrew Rudenets · d6e4dd8b · b817f8d4 · b817f8d4 · b817f8d4
Commit b817f8d4 authored 10 years ago by Andrew Rudenets
--- a/~dev_rating/application/classes/Controller/Admin/Accounts.php
+++ b/~dev_rating/application/classes/Controller/Admin/Accounts.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Admin/Departaments.php
+++ b/~dev_rating/application/classes/Controller/Admin/Departaments.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Admin/Disciplines.php
+++ b/~dev_rating/application/classes/Controller/Admin/Disciplines.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Admin/Index.php
+++ b/~dev_rating/application/classes/Controller/Admin/Index.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Admin/Students.php
+++ b/~dev_rating/application/classes/Controller/Admin/Students.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Admin/StudyGroups.php
+++ b/~dev_rating/application/classes/Controller/Admin/StudyGroups.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Admin/Teachers.php
+++ b/~dev_rating/application/classes/Controller/Admin/Teachers.php
 <?php defined('SYSPATH') or die('No direct script access.');
-class Controller_Teacher_Admin_Index extends Controller_UserEnvi {
+class Controller_Admin_Index extends Controller_UserEnvi {
    public function action_index()
    {

--- a/~dev_rating/application/classes/Controller/Handler.php
+++ b/~dev_rating/application/classes/Controller/Handler.php
@@ -4,12 +4,9 @@ class Controller_Handler extends Controller {
    protected $user, $post, $model;
    private $access;
-    const ACCESS_ADMIN = 0; 
+    const ACCESS_USER = 0; 
-    const ACCESS_TEACHER = 1; 
+    const ACCESS_GUEST = 1; 
-    const ACCESS_STUDENT = 2; 
+    const ACCESS_ANYBODY = 2; 
-    const ACCESS_USER = 3; 
-    const ACCESS_GUEST = 4; 
-    const ACCESS_ANYBODY = 5; 
    public function before()
    {
@@ -29,11 +26,14 @@ class Controller_Handler extends Controller {
            $this->user = User::instance()->getInfoAsArray();
        }
+        // Получаем имя маршрута 
+        $route = Route::name($this->request->route()).':'.$this->request->controller();
        // Если запрос не прошел на проверку доступа
-        if(!$this->checkAccessLevel())
+        if(!$this->checkAccessLevel() || !$this->checkBitmask($this->user['AccRoleMark'], $route))
        {
            // Перенаправляем на ошибку доступа
-            throw HTTP_Exception::factory (403, $this->user['Type']);
+            throw HTTP_Exception::factory (403, $route);
        }
    }
@@ -46,22 +46,19 @@ class Controller_Handler extends Controller {
            $this->access = (int) $level;
    }
+    protected function checkBitmask($userMark, $route)
+    {
+        $sysModel = new Model_System;
+        $bitmask = $sysModel->getBitmaskForRoute($route);
+        if(!$bitmask)
+            return true;
+        return $bitmask & $userMark != 0;
+    }    
    protected function checkAccessLevel()
    {
        switch($this->access)
        {
-            case self::ACCESS_ADMIN:
-                return User::instance()->isSignedIn() AND $this->user['Type'] == 'admin';
-            break;
-            case self::ACCESS_TEACHER:
-                return User::instance()->isSignedIn() AND $this->user['Type'] == 'teacher';            
-            break;
-            case self::ACCESS_STUDENT:
-                return User::instance()->isSignedIn() AND $this->user['Type'] == 'student';
-            break;
            case self::ACCESS_USER:
                return User::instance()->isSignedIn();            
            break;

--- a/~dev_rating/application/classes/Controller/Handler/Map.php
+++ b/~dev_rating/application/classes/Controller/Handler/Map.php
@@ -4,7 +4,7 @@ class Controller_Handler_Map extends Controller_Handler {
        public function before() {
            $this->model = new Model_Teacher_Map;
-            $this->setAccessLevel(self::ACCESS_TEACHER);
+            $this->setAccessLevel(self::ACCESS_USER);
            parent::before();
        }

--- a/~dev_rating/application/classes/Controller/Handler/Rating.php
+++ b/~dev_rating/application/classes/Controller/Handler/Rating.php
@@ -4,7 +4,7 @@ class Controller_Handler_Rating extends Controller_Handler {
        public function before() {
            $this->model = new Model_Teacher_Rating;
-            $this->setAccessLevel(self::ACCESS_TEACHER);
+            $this->setAccessLevel(self::ACCESS_USER);
            parent::before();
        }

--- a/~dev_rating/application/views/admin/students/add.twig
+++ b/~dev_rating/application/views/admin/students/add.twig
+{# empty Twig template #}
--- a/~dev_rating/application/views/admin/students/index.twig
+++ b/~dev_rating/application/views/admin/students/index.twig
+{# empty Twig template #}
--- a/~dev_rating/application/views/admin/students/upload.twig
+++ b/~dev_rating/application/views/admin/students/upload.twig
+{# empty Twig template #}
--- a/~dev_rating/application/views/admin/teachers/add.twig
+++ b/~dev_rating/application/views/admin/teachers/add.twig
+{# empty Twig template #}
--- a/~dev_rating/application/views/admin/teachers/index.twig
+++ b/~dev_rating/application/views/admin/teachers/index.twig
+{# empty Twig template #}
--- a/~dev_rating/application/views/admin/teachers/upload.twig
+++ b/~dev_rating/application/views/admin/teachers/upload.twig
+{# empty Twig template #}