[MKDoc-commit] [1.6] group access recurses to sub-documents (Sam
Tregar)
bruno at mkdoc.demon.co.uk
bruno at mkdoc.demon.co.uk
Tue Feb 8 10:38:48 GMT 2005
Log Message:
-----------
[1.6] group access recurses to sub-documents (Sam Tregar)
Tags:
----
mkdoc-1-6
Modified Files:
--------------
mkd/MKDoc/Handler:
GroupAuthz.pm
-------------- next part --------------
Index: GroupAuthz.pm
===================================================================
RCS file: /var/spool/cvs/mkd/MKDoc/Handler/Attic/GroupAuthz.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -LMKDoc/Handler/GroupAuthz.pm -LMKDoc/Handler/GroupAuthz.pm -u -r1.1.2.1 -r1.1.2.2
--- MKDoc/Handler/GroupAuthz.pm
+++ MKDoc/Handler/GroupAuthz.pm
@@ -81,15 +81,11 @@
# (could be a CSS link, an image, etc)
return OK unless $document;
- # check if this document is assigned to one or more groups
- my $document_grp_t = flo::Standard::table('Document_Grp');
- my @res = $document_grp_t->select (
- cols => 'Grp_ID',
- where => lib::sql::Condition->new(Document_ID => $document->id)
- )->fetch_all();
+ # get groups for this document, searching up the tree as needed
+ my @doc_group_ids = _find_groups($document);
# no results means this document is available to all
- return OK unless @res;
+ return OK unless @doc_group_ids;
# if the user isn't correctly logged in then they can't see this
# page
@@ -109,12 +105,35 @@
# allow through if the user is in one of the document's groups
my %groups = map { ($_->{Grp_ID}, 1) } @groups;
- return OK if grep { $groups{$_->{Grp_ID}} } @res;
+ return OK if grep { $groups{$_} } @doc_group_ids;
# otherwise, no dice
return FORBIDDEN;
}
+# find all groups relevent to a document, searching up the tree to the
+# root
+sub _find_groups {
+ my $document = shift;
+ my $document_grp_t = flo::Standard::table('Document_Grp');
+
+ # get list of all documents to check
+ my @documents = ($document, $document->ancestors);
+
+ # get results for each document
+ my %groups;
+ foreach my $doc (@documents) {
+ my @res = $document_grp_t->select (
+ cols => 'Grp_ID',
+ where => lib::sql::Condition->new(Document_ID => $doc->id)
+ )->fetch_all();
+ $groups{$_->{Grp_ID}} = 1 for @res;
+ }
+
+ return keys %groups;
+}
+
+
# an authen handler that does nothing. This is needed to allow the
# group authz mechanism to work on www.* which doesn't do
# authentication.
More information about the MKDoc-commit
mailing list