contributions/usermanagement/controller/base/renderdecorators/accessrenderdecorator.cls.php

Go to the documentation of this file.
00001 <?php
00002 /**
00003  * Allow access only for logged in users (of given role)
00004  *
00005  * If constructed with a user role or an array of roles,
00006  * this render decorator will check, if the current user
00007  * has the role assigned.
00008  *
00009  * If constructed with an empty role, decorator only checks,
00010  * if a user is logged in.
00011  *
00012  * If access is denied, a 403 is returned, unless the constant
00013  * APP_USER_403_BEHAVIOUR is set to 'REDIRECT_LOGIN', in which 
00014  * case the user is redirected to the login page.
00015  * 
00016  * This render decorates disables caching on the given route.
00017  * 
00018  * @author Gerd Riesselmann
00019  * @ingroup Usermanagement
00020  */
00021 class AccessRenderDecorator extends RenderDecoratorBase {
00022         /**
00023          * Stored value of access checking
00024          *
00025          * @var boolean
00026          */
00027         private $access_granted = false;
00028 
00029         /**
00030          * Constructor
00031          *
00032          * @param string $role Role user needs to have to access this page
00033          * @param boolean $require_exact_role If TRUE, accewss checking is done for IsRole() else for hasAcessLevel()
00034          * @return void
00035          */
00036         public function __construct($role = null) {
00037                 $allow_access = false;
00038                 if (Users::is_logged_in()) {
00039                         $allow_access = true;
00040                         if (!empty($role)) {
00041                                 $allow_access = Users::current_has_role($role);                 
00042                         }
00043                 }
00044                 $this->access_granted = $allow_access;
00045         }
00046 
00047         /**
00048          * Initialize this decorator and the data passed
00049          *
00050          * @param PageData $page_data
00051          * @return void
00052          */
00053         public function initialize($page_data) {
00054                 $page_data->set_cache_manager(new NoCacheCacheManager()); // Do not cache
00055                 if ($this->access_granted == false) {
00056                         $page_data->status_code = ControllerBase::ACCESS_DENIED;
00057                         // Kept for compatibility. Remove in 0.7
00058                         if (!Users::is_logged_in()) {
00059                                 if (Config::get_value(ConfigUsermanagement::BEHAVIOUR_403) == 'REDIRECT_LOGIN') {
00060                                         Session::push('login_goto', Url::current()->build(Url::ABSOLUTE));
00061                                         Url::create(ActionMapper::get_url('login'))->redirect();
00062                                         exit;
00063                                 }
00064                         }
00065                 }
00066                 else {
00067                         parent::initialize($page_data);
00068                 }
00069         }
00070         
00071         /**
00072          * Render content
00073          *
00074          * @param PageData $page_data
00075          * @return void
00076          */
00077         public function render_content($page_data) {
00078                 if ($this->access_granted == true) {
00079                         parent::render_content($page_data);
00080                 }
00081         }
00082 }