diff options
Diffstat (limited to 'core/Access.php')
-rw-r--r-- | core/Access.php | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/core/Access.php b/core/Access.php index 2485a7658b..4d08347b44 100644 --- a/core/Access.php +++ b/core/Access.php @@ -146,10 +146,7 @@ class Piwik_Access // we join with site in case there are rows in access for an idsite that doesn't exist anymore // (backward compatibility ; before we deleted the site without deleting rows in _access table) - $accessRaw = Piwik_FetchAll("SELECT access, t2.idsite - FROM ".Piwik::prefixTable('access'). " as t1 - JOIN ".Piwik::prefixTable('site')." as t2 USING (idsite) ". - " WHERE login = ?", $this->login); + $accessRaw = Piwik_FetchAll(self::getSqlAccessSite("access, t2.idsite"), $this->login); foreach($accessRaw as $access) { $this->idsitesByAccess[$access['access']][] = $access['idsite']; @@ -158,6 +155,20 @@ class Piwik_Access } /** + * Returns the SQL query joining sites and access table for a given login + * + * @param $select eg. "MIN(ts_created)" + * @return string SQL query + */ + static public function getSqlAccessSite($select) + { + return "SELECT ". $select ." + FROM ".Piwik_Common::prefixTable('access'). " as t1 + JOIN ".Piwik_Common::prefixTable('site')." as t2 USING (idsite) ". + " WHERE login = ?"; + } + + /** * Reload super user access * * @return bool @@ -165,7 +176,7 @@ class Piwik_Access protected function reloadAccessSuperUser() { $this->isSuperUser = true; - $this->idsitesByAccess['superuser'] = Piwik_SitesManager_API::getAllSitesId(); + $this->idsitesByAccess['superuser'] = Piwik_SitesManager_API::getInstance()->getAllSitesId(); return true; } @@ -173,9 +184,17 @@ class Piwik_Access * We bypass the normal auth method and give the current user Super User rights. * This should be very carefully used. */ - public function setSuperUser() + public function setSuperUser($bool = true) { - $this->reloadAccessSuperUser(); + if($bool) + { + $this->reloadAccessSuperUser(); + } + else + { + $this->isSuperUser = false; + $this->idsitesByAccess['superuser'] = array(); + } } /** @@ -223,8 +242,7 @@ class Piwik_Access $this->idsitesByAccess['superuser']) ); } - - + /** * Returns an array of ID sites for which the user has an ADMIN access. * @@ -261,7 +279,7 @@ class Piwik_Access { if($this->isSuperUser === false) { - throw new Piwik_Access_NoAccessException("You can't access this resource as it requires a 'superuser' access."); + throw new Piwik_Access_NoAccessException(Piwik_TranslateException('General_ExceptionPrivilege', array("'superuser'"))); } } @@ -272,10 +290,14 @@ class Piwik_Access */ public function checkUserHasSomeAdminAccess() { + if($this->isSuperUser()) + { + return; + } $idSitesAccessible = $this->getSitesIdWithAdminAccess(); if(count($idSitesAccessible) == 0) { - throw new Piwik_Access_NoAccessException("You can't access this resource as it requires an 'admin' access for at least one website."); + throw new Piwik_Access_NoAccessException(Piwik_TranslateException('General_ExceptionPrivilegeAtLeastOneWebsite', array('admin'))); } } @@ -289,7 +311,7 @@ class Piwik_Access $idSitesAccessible = $this->getSitesIdWithAtLeastViewAccess(); if(count($idSitesAccessible) == 0) { - throw new Piwik_Access_NoAccessException("You can't access this resource as it requires a 'view' access for at least one website."); + throw new Piwik_Access_NoAccessException(Piwik_TranslateException('General_ExceptionPrivilegeAtLeastOneWebsite', array('view'))); } } @@ -315,7 +337,7 @@ class Piwik_Access { if(!in_array($idsite, $idSitesAccessible)) { - throw new Piwik_Access_NoAccessException("You can't access this resource as it requires an 'admin' access for the website id = $idsite."); + throw new Piwik_Access_NoAccessException(Piwik_TranslateException('General_ExceptionPrivilegeAccessWebsite', array("'admin'", $idsite))); } } } @@ -344,7 +366,7 @@ class Piwik_Access { if(!in_array($idsite, $idSitesAccessible)) { - throw new Piwik_Access_NoAccessException("You can't access this resource as it requires a 'view' access for the website id = $idsite."); + throw new Piwik_Access_NoAccessException(Piwik_TranslateException('General_ExceptionPrivilegeAccessWebsite', array("'view'", $idsite))); } } } |