[Jifty-commit] r4015 - in apps/CASPlus/trunk: lib/CASPlus/Action lib/CASPlus/Model t

jifty-commit at lists.jifty.org jifty-commit at lists.jifty.org
Thu Aug 30 18:14:20 EDT 2007


Author: sterling
Date: Thu Aug 30 18:14:20 2007
New Revision: 4015

Modified:
   apps/CASPlus/trunk/   (props changed)
   apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm
   apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm
   apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm
   apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm
   apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm
   apps/CASPlus/trunk/t/10-model-RoleMember.t
   apps/CASPlus/trunk/t/20-action-Login.t

Log:
 r11082 at riddle:  andrew | 2007-08-30 17:12:57 -0500
 Fixing permission errors that were previously masked by AdminMode: 1


Modified: apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm	(original)
+++ apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm	Thu Aug 30 18:14:20 2007
@@ -129,8 +129,10 @@
                 $expiration = DateTime->now->add( %$duration );
             }
             
-            # Create the TGC
-            my $ticket_granting_cookie = CASPlus::Model::SSOSession->new;
+            # Create the TGC - explicit current_user set is needed!
+            my $ticket_granting_cookie = CASPlus::Model::SSOSession->new(
+                current_user => Jifty->web->current_user,
+            );
             $ticket_granting_cookie->create(
                 authenticated_user    => $user,
                 warn_on_service_login => $warn,
@@ -142,14 +144,18 @@
             # Do we need to create a service ticket too?
             if ($service) {
 
-                # Create the service ticket
-                my $service_ticket = CASPlus::Model::ServiceSession->new;
+                # Create the service ticket - explicit current_user set needed
+                my $service_ticket = CASPlus::Model::ServiceSession->new(
+                    current_user => Jifty->web->current_user,
+                );
                 $service_ticket->create(
                     sso_session    => $ticket_granting_cookie,
                     service_url    => $service,
                     renewal_ticket => 1,
                 );
 
+                # XXX I just assume this create succeeds... it might not.
+
                 $self->result->content(
                     ticket => $service_ticket->service_ticket,
                 );

Modified: apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm	(original)
+++ apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm	Thu Aug 30 18:14:20 2007
@@ -102,6 +102,8 @@
                     renewal_ticket => 0,
                 );
 
+                # XXX FIXME I assume the create works... it might not...
+
                 $self->result->content( 
                     ticket => $service_ticket->service_ticket);
                 $self->result->content(
@@ -120,7 +122,7 @@
                 'Your login has expired or you have logged out.');
 
             $self->log->info('LOGIN EXPIRED for '
-                .$ticket_granting_cookie->authenticated_user->username);
+                .$ticket_granting_cookie->as_superuser->authenticated_user->username);
         }
     }
 

Modified: apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm	(original)
+++ apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm	Thu Aug 30 18:14:20 2007
@@ -279,10 +279,10 @@
     }
 
     # Grant read if the current user has this permission
-    if ($right eq 'read'
-            and any { $_->id == $self->id } 
-                    $self->current_user->profile_permissions(1)) {
-        return 1;
+    if ($right eq 'read') {
+        for my $perm ($self->current_user->profile_permissions(1)) {
+            return 1 if $perm->id == $self->id;
+        }
     }
 
     # Grant anything if the user has may_manage_roles

Modified: apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm	(original)
+++ apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm	Thu Aug 30 18:14:20 2007
@@ -135,11 +135,16 @@
 sub current_user_can {
     my ($self, $right, %args) = @_;
 
+    # This might not be the best thing, but services dropping into ask for
+    # proxy information do not actually login, so we need to grant them access
+    # anyway.
+    if ($right eq 'create') {
+        return 1;
+    }
+
     if ($self->current_user->id) {
 
-        my $auth_user
-            = $right eq 'create' ? $args{service_session}->authenticated_user
-            :                      $self->authenticated_user;
+        my $auth_user = $self->authenticated_user;
 
         if ($self->current_user->id == $auth_user->id) {
             return 1;

Modified: apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm	(original)
+++ apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm	Thu Aug 30 18:14:20 2007
@@ -157,11 +157,14 @@
 sub current_user_can {
     my ($self, $right, %args) = @_;
 
-    if ($self->current_user->id) {
-        my $auth_id
-            = $right eq 'create' ? $args{sso_session}->authenticated_user->id
-            :                      $self->authenticated_user->id;
+    # This may not be good, but since services do not have accounts, this is
+    # necessary.
+    if ($right eq 'create') {
+        return 1;
+    }
 
+    if ($self->current_user->id) {
+        my $auth_id = $self->authenticated_user->id;
         if ($self->current_user->id == $auth_id) {
             return 1;
         }

Modified: apps/CASPlus/trunk/t/10-model-RoleMember.t
==============================================================================
--- apps/CASPlus/trunk/t/10-model-RoleMember.t	(original)
+++ apps/CASPlus/trunk/t/10-model-RoleMember.t	Thu Aug 30 18:14:20 2007
@@ -18,17 +18,17 @@
 ok($system_user, "Found a system user");
 
 # Create a test user
-my $user = CASPlus::Model::User->new;
+my $user = CASPlus::Model::User->new(current_user => $system_user);
 $user->create( username => 'test' );
 ok($user->id, 'created a test user');
 
 # Create a test role
-my $role1 = CASPlus::Model::Role->new;
+my $role1 = CASPlus::Model::Role->new(current_user => $system_user);
 $role1->create( name => 'role1' );
 ok($role1->id, 'created a test role');
 
 # Create a test role
-my $role2 = CASPlus::Model::Role->new;
+my $role2 = CASPlus::Model::Role->new(current_user => $system_user);
 $role2->create( name => 'role2' );
 ok($role2->id, 'created another test role');
 

Modified: apps/CASPlus/trunk/t/20-action-Login.t
==============================================================================
--- apps/CASPlus/trunk/t/20-action-Login.t	(original)
+++ apps/CASPlus/trunk/t/20-action-Login.t	Thu Aug 30 18:14:20 2007
@@ -8,12 +8,15 @@
 
 =cut
 
-use Jifty::Test tests => 5;
+use Jifty::Test tests => 6;
 
 # Make sure we can load the action
 use_ok('CASPlus::Action::Login');
 
-my $user = CASPlus::Model::User->new;
+my $system_user = CASPlus::CurrentUser->superuser;
+ok($system_user, 'got a system user');
+
+my $user = CASPlus::Model::User->new(current_user => $system_user);
 $user->create( username => 'test-Login', password => 'test' );
 ok($user, 'created a test user');
 


More information about the Jifty-commit mailing list