From 139e0a68fb6c7bcb0c499536db24d0dbe9def8f9 Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Fri, 20 Apr 2012 08:05:17 +0000
Subject: [PATCH] resolved TG-1732
git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@12761 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
.../rbacSoap/TgExtra.class.php | 62 ++++++++++---------
1 file changed, 34 insertions(+), 28 deletions(-)
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 6b536c0..fb9ea74 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -3245,45 +3245,48 @@ class TgExtra {
$i = 0; // Loop
- if( preg_match( "/.+/", $inRequest->username )
- && !preg_match( "/^" . $inRequest->username . "$/i", $this->rbac->sessionUser( $inRequest->auth ) ) ) {
+ try {
+ $eppn = $this->rbac->sessionUser( $inRequest->auth );
+
+ if( preg_match( "/.+/", $inRequest->username )
+ && !preg_match( "/^" . $inRequest->username . "$/i", $eppn) ) {
- // The roles of the user
- $arrRole = $this->rbac->assignedRoles( $inRequest->username );
+ // The roles of the user
+ $arrRole = $this->rbac->assignedRoles( $inRequest->username );
+ // Extract the different projects the user is
+ // assigned by his roles.
+ for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
- // Extract the different projects the user is
- // assigned by his roles.
- for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
+ $arrSplit = preg_split( "/[,]/", $arrRole[$i] );
- $arrSplit = preg_split( "/[,]/", $arrRole[$i] );
+ for( $j = 0; $j < sizeof( $arrSplit ); $j++ ) {
- for( $j = 0; $j < sizeof( $arrSplit ); $j++ ) {
+ if( preg_match( "/TGPR.+/i", $arrSplit[$j] )
+ && !in_array( trim( $arrSplit[$j] ), $arrProject ) ) {
- if( preg_match( "/TGPR.+/i", $arrSplit[$j] )
- && !in_array( trim( $arrSplit[$j] ), $arrProject ) ) {
+ $arrProject[] = trim( $arrSplit[$j] );
+ break;
- $arrProject[] = trim( $arrSplit[$j] );
- break;
+ }
}
}
- }
-
+ // For each project the username is in, check if the
+ // session-ID has the right to display the assigned roles.
+ for( $i = 0; $i < sizeof( $arrProject ); $i++ ) {
- // For each project the username is in, check if the
- // session-ID has the right to display the assigned roles.
- for( $i = 0; $i < sizeof( $arrProject ); $i++ ) {
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $arrProject[$i] ) ) {
- if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $arrProject[$i] ) ) {
+ for( $j = 0; $j < sizeof( $arrRole ); $j++ ) {
- for( $j = 0; $j < sizeof( $arrRole ); $j++ ) {
+ if( preg_match( "/" . $arrProject[$i] . "/i", $arrRole[$j] ) ) {
- if( preg_match( "/" . $arrProject[$i] . "/i", $arrRole[$j] ) ) {
+ $result->role[] = $arrRole[$j];
- $result->role[] = $arrRole[$j];
+ }
}
@@ -3292,17 +3295,20 @@ class TgExtra {
}
}
+ else {
+
+ $result->role = $this->rbac->assignedRoles( $eppn);
+
+ }
+ } catch (RBACException $f) {
+ // return empty roleset if session does not exist
+ $result->role = Array();
}
- else {
-
- $result->role = $this->rbac->assignedRoles( $this->rbac->sessionUser( $inRequest->auth ) );
-
- }
-
return $result;
+
}
--
GitLab