diff options
| author | Thomas Steur <thomas.steur@googlemail.com> | 2014-09-30 09:37:32 +0400 |
|---|---|---|
| committer | Thomas Steur <thomas.steur@googlemail.com> | 2014-09-30 09:37:32 +0400 |
| commit | a00487b0b841c4b15463b591c7f62176c4b84d15 (patch) | |
| tree | 6eb893ce356a4740e044c9cdadaf84ffb2095b9d /core/Access.php | |
| parent | 0edef3332289a7cbe54b58084b967907d1086d29 (diff) | |
coding style fixes, some PHPStorm inspection fixes, improved readability of code, few refactorings, all as part of our code cleanup strategy
Diffstat (limited to 'core/Access.php')
| -rw-r--r-- | core/Access.php | 74 |
1 files changed, 46 insertions, 28 deletions
diff --git a/core/Access.php b/core/Access.php index 00093e6e4f..d18310cb5b 100644 --- a/core/Access.php +++ b/core/Access.php @@ -33,29 +33,6 @@ use Piwik\Db; */ class Access { - private static $instance = null; - - /** - * Gets the singleton instance. Creates it if necessary. - */ - public static function getInstance() - { - if (self::$instance == null) { - self::$instance = new self; - - Piwik::postEvent('Access.createAccessSingleton', array(&self::$instance)); - } - return self::$instance; - } - - /** - * Sets the singleton instance. For testing purposes. - */ - public static function setSingletonInstance($instance) - { - self::$instance = $instance; - } - /** * Array of idsites available to the current user, indexed by permission level * @see getSitesIdWith*() @@ -100,6 +77,29 @@ class Access */ private $auth = null; + private static $instance = null; + + /** + * Gets the singleton instance. Creates it if necessary. + */ + public static function getInstance() + { + if (self::$instance == null) { + self::$instance = new self; + + Piwik::postEvent('Access.createAccessSingleton', array(&self::$instance)); + } + return self::$instance; + } + + /** + * Sets the singleton instance. For testing purposes. + */ + public static function setSingletonInstance($instance) + { + self::$instance = $instance; + } + /** * Returns the list of the existing Access level. * Useful when a given API method requests a given acccess Level. @@ -146,6 +146,7 @@ class Access if ($this->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } + return false; } @@ -155,6 +156,7 @@ class Access if (!$result->wasAuthenticationSuccessful()) { return false; } + $this->login = $result->getIdentity(); $this->token_auth = $result->getTokenAuth(); @@ -162,21 +164,26 @@ class Access if ($result->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } + // in case multiple calls to API using different tokens, we ensure we reset it as not SU $this->setSuperUserAccess(false); // we join with site in case there are rows in access for an idsite that doesn't exist anymore // (backward compatibility ; before we deleted the site without deleting rows in _access table) $accessRaw = $this->getRawSitesWithSomeViewAccess($this->login); + foreach ($accessRaw as $access) { $this->idsitesByAccess[$access['access']][] = $access['idsite']; } + return true; } public function getRawSitesWithSomeViewAccess($login) { - return Db::fetchAll(self::getSqlAccessSite("access, t2.idsite"), $login); + $sql = self::getSqlAccessSite("access, t2.idsite"); + + return Db::fetchAll($sql, $login); } /** @@ -187,10 +194,11 @@ class Access */ public static function getSqlAccessSite($select) { - return "SELECT " . $select . " - FROM " . Common::prefixTable('access') . " as t1 - JOIN " . Common::prefixTable('site') . " as t2 USING (idsite) " . - " WHERE login = ?"; + $access = Common::prefixTable('access'); + $siteTable = Common::prefixTable('site'); + + return "SELECT " . $select . " FROM " . $access . " as t1 + JOIN " . $siteTable . " as t2 USING (idsite) WHERE login = ?"; } /** @@ -323,7 +331,9 @@ class Access if ($this->hasSuperUserAccess()) { return; } + $idSitesAccessible = $this->getSitesIdWithAdminAccess(); + if (count($idSitesAccessible) == 0) { throw new NoAccessException(Piwik::translate('General_ExceptionPrivilegeAtLeastOneWebsite', array('admin'))); } @@ -339,7 +349,9 @@ class Access if ($this->hasSuperUserAccess()) { return; } + $idSitesAccessible = $this->getSitesIdWithAtLeastViewAccess(); + if (count($idSitesAccessible) == 0) { throw new NoAccessException(Piwik::translate('General_ExceptionPrivilegeAtLeastOneWebsite', array('view'))); } @@ -357,8 +369,10 @@ class Access if ($this->hasSuperUserAccess()) { return; } + $idSites = $this->getIdSites($idSites); $idSitesAccessible = $this->getSitesIdWithAdminAccess(); + foreach ($idSites as $idsite) { if (!in_array($idsite, $idSitesAccessible)) { throw new NoAccessException(Piwik::translate('General_ExceptionPrivilegeAccessWebsite', array("'admin'", $idsite))); @@ -378,8 +392,10 @@ class Access if ($this->hasSuperUserAccess()) { return; } + $idSites = $this->getIdSites($idSites); $idSitesAccessible = $this->getSitesIdWithAtLeastViewAccess(); + foreach ($idSites as $idsite) { if (!in_array($idsite, $idSitesAccessible)) { throw new NoAccessException(Piwik::translate('General_ExceptionPrivilegeAccessWebsite', array("'view'", $idsite))); @@ -399,9 +415,11 @@ class Access } $idSites = Site::getIdSitesFromIdSitesString($idSites); + if (empty($idSites)) { throw new NoAccessException("The parameter 'idSite=' is missing from the request."); } + return $idSites; } } |