minor mods

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@7123 7c539038-3410-0410-b1ec-0f2a7bf1c452

minor mods
ede3c400 · Martin Haase · bc5eec4b · ede3c400 · ede3c400
Commit ede3c400 authored 14 years ago by Martin Haase
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -290,6 +290,16 @@ class TgExtra {
        $result->operation = $this->rbac->userOperationsOnObject( $this->rbac->sessionUser( $inRequest->auth ), $inRequest->resource );
+        // Make sure that if the operation was "read" and the user
+        // has access but has this right due to an extension the
+        // permissionset contains the read operation.
+        if( $inRequest->operation == "read" && $result->result && !in_array( "read", $result->operation ) ) {
+          $result->operation[] = "read";
+        }
        return $result;
      }
@@ -2228,85 +2238,6 @@ class TgExtra {
-  // -----------------------------------------------------
-  // Function: deleteProject
-  // Input: auth / xsd:string
-  //        log / xsd:string
-  //        project / xsd:string
-  // Output: result / xsd:boolean
-  // Description:
-  //    Removes a project/role from the database if there are
-  //    no resources containing any role that belongs to
-  //    this project/role.
-  // -----------------------------------------------------
-  public function deleteProject( $inRequest ) {
-    $result = new booleanResponse();
-    $objFaultDetail = new stdClass();
-    // Search for any resources within the project. If
-    // there are any the project cannot be deleted.
-    $strFilter .= "(&(objectClass=TextGridResource)(TGProjectId=" . $inRequest->project . "))";
-    $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $strFilter, "sub" );
-    if( sizeof( $arrResource ) != 0 ) {
-      $objFaultDetail->faultNo = 7;
-      $objFaultDetail->faultMessage = "Project could not be deleted";
-      $objFaultDetail->cause = "There are still " . sizeof( $arrResource ) . " resources belonging to this project.";
-      return new SoapFault( "notEmptyFault", 7, get_class( $this ), $objFaultDetail );
-//      return new SoapFault( Array( "http://textgrid.info/namespaces/middleware/tgauth", "notEmptyFault" ), 7, get_class( $this ), "There are still " . sizeof( $arrResource ) . " resources belonging to this project." );
-    }
-    else {
-      $strFilter = "(&(objectClass=rbacRole)(rbacName=" . $inRequest->project . "))";
-      $arrRole = $this->rbac->getConnection( "role" )->search( $this->rbac->getConfiguration()->getValue( "role", "base" ), $strFilter, "sub" );
-      if( sizeof( $arrRole ) == 1 ) {
-        if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
-          $result->result = $this->rbac->getConnection( "role" )->delete( $arrRole[0]['dn'], true );
-        }
-        else {
-          $objFaultDetail->faultNo = $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" );
-          $objFaultDetail->faultMessage = $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" );
-          $objFaultDetail->cause = "You do not have permission to delete project " . $inRequest->project . ".";
-          return new SoapFault( "authenticationFault",
-                                $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
-                                get_class( $this ),
-                                $objFaultDetail );
-        }
-      }
-      else {
-        $result->result = false;
-      }
-    }
-    return $result;
-  }
  // -----------------------------------------------------
@@ -2564,7 +2495,6 @@ class TgExtra {
      $objFaultDetail->faultMessage = $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" );
      $objFaultDetail->cause = "You are not allowed to deactivate the project " . $inRequest->project . ".";
      return new SoapFault( "authenticationFault",
                            $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
                            get_class( $this ),
@@ -2580,6 +2510,85 @@ class TgExtra {
+  // -----------------------------------------------------
+  // Function: deleteProject
+  // Input: auth / xsd:string
+  //        log / xsd:string
+  //        project / xsd:string
+  // Output: result / xsd:boolean
+  // Description:
+  //    Removes a project/role from the database if there are
+  //    no resources containing any role that belongs to
+  //    this project/role.
+  // -----------------------------------------------------
+  public function deleteProject( $inRequest ) {
+    $result = new booleanResponse();
+    $objFaultDetail = new stdClass();
+    // Search for any resources within the project. If
+    // there are any the project cannot be deleted.
+    $strFilter .= "(&(objectClass=TextGridResource)(TGProjectId=" . $inRequest->project . "))";
+    $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $strFilter, "sub" );
+    if( sizeof( $arrResource ) != 0 ) {
+      $objFaultDetail->faultNo = 7;
+      $objFaultDetail->faultMessage = "Project could not be deleted";
+      $objFaultDetail->cause = "There are still " . sizeof( $arrResource ) . " resources belonging to this project.";
+      return new SoapFault( "notEmptyFault", 7, get_class( $this ), $objFaultDetail );
+//      return new SoapFault( Array( "http://textgrid.info/namespaces/middleware/tgauth", "notEmptyFault" ), 7, get_class( $this ), "There are still " . sizeof( $arrResource ) . " resources belonging to this project." );
+    }
+    else {
+      $strFilter = "(&(objectClass=rbacRole)(rbacName=" . $inRequest->project . "))";
+      $arrRole = $this->rbac->getConnection( "role" )->search( $this->rbac->getConfiguration()->getValue( "role", "base" ), $strFilter, "sub" );
+      if( sizeof( $arrRole ) == 1 ) {
+        if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
+          $result->result = $this->rbac->getConnection( "role" )->delete( $arrRole[0]['dn'], true );
+        }
+        else {
+          $objFaultDetail->faultNo = $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" );
+          $objFaultDetail->faultMessage = $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" );
+          $objFaultDetail->cause = "You do not have permission to delete project " . $inRequest->project . ".";
+          return new SoapFault( "authenticationFault",
+                                $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+                                get_class( $this ),
+                                $objFaultDetail );
+        }
+      }
+      else {
+        $result->result = false;
+      }
+    }
+    return $result;
+  }
  // -----------------------------------------------------
  // Function: renameRbacPerformers
  // Input: inBase / string

--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgCrudCheckAccess.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgCrudCheckAccess.php
@@ -51,6 +51,8 @@ if( isset( $_POST['auth'] ) ) {
      echo "YES.<BR>";
+      echo "Allowed operations: " . serialize( $checkResponse->operation ) . "<BR>";
    }
    else {