[Jifty-commit] r4015 - in apps/CASPlus/trunk: lib/CASPlus/Action
lib/CASPlus/Model t
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Thu Aug 30 18:14:20 EDT 2007
Author: sterling
Date: Thu Aug 30 18:14:20 2007
New Revision: 4015
Modified:
apps/CASPlus/trunk/ (props changed)
apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm
apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm
apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm
apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm
apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm
apps/CASPlus/trunk/t/10-model-RoleMember.t
apps/CASPlus/trunk/t/20-action-Login.t
Log:
r11082 at riddle: andrew | 2007-08-30 17:12:57 -0500
Fixing permission errors that were previously masked by AdminMode: 1
Modified: apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm (original)
+++ apps/CASPlus/trunk/lib/CASPlus/Action/Login.pm Thu Aug 30 18:14:20 2007
@@ -129,8 +129,10 @@
$expiration = DateTime->now->add( %$duration );
}
- # Create the TGC
- my $ticket_granting_cookie = CASPlus::Model::SSOSession->new;
+ # Create the TGC - explicit current_user set is needed!
+ my $ticket_granting_cookie = CASPlus::Model::SSOSession->new(
+ current_user => Jifty->web->current_user,
+ );
$ticket_granting_cookie->create(
authenticated_user => $user,
warn_on_service_login => $warn,
@@ -142,14 +144,18 @@
# Do we need to create a service ticket too?
if ($service) {
- # Create the service ticket
- my $service_ticket = CASPlus::Model::ServiceSession->new;
+ # Create the service ticket - explicit current_user set needed
+ my $service_ticket = CASPlus::Model::ServiceSession->new(
+ current_user => Jifty->web->current_user,
+ );
$service_ticket->create(
sso_session => $ticket_granting_cookie,
service_url => $service,
renewal_ticket => 1,
);
+ # XXX I just assume this create succeeds... it might not.
+
$self->result->content(
ticket => $service_ticket->service_ticket,
);
Modified: apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm (original)
+++ apps/CASPlus/trunk/lib/CASPlus/Action/LoginCheck.pm Thu Aug 30 18:14:20 2007
@@ -102,6 +102,8 @@
renewal_ticket => 0,
);
+ # XXX FIXME I assume the create works... it might not...
+
$self->result->content(
ticket => $service_ticket->service_ticket);
$self->result->content(
@@ -120,7 +122,7 @@
'Your login has expired or you have logged out.');
$self->log->info('LOGIN EXPIRED for '
- .$ticket_granting_cookie->authenticated_user->username);
+ .$ticket_granting_cookie->as_superuser->authenticated_user->username);
}
}
Modified: apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm (original)
+++ apps/CASPlus/trunk/lib/CASPlus/Model/ProfilePermission.pm Thu Aug 30 18:14:20 2007
@@ -279,10 +279,10 @@
}
# Grant read if the current user has this permission
- if ($right eq 'read'
- and any { $_->id == $self->id }
- $self->current_user->profile_permissions(1)) {
- return 1;
+ if ($right eq 'read') {
+ for my $perm ($self->current_user->profile_permissions(1)) {
+ return 1 if $perm->id == $self->id;
+ }
}
# Grant anything if the user has may_manage_roles
Modified: apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm (original)
+++ apps/CASPlus/trunk/lib/CASPlus/Model/ProxyGrantSession.pm Thu Aug 30 18:14:20 2007
@@ -135,11 +135,16 @@
sub current_user_can {
my ($self, $right, %args) = @_;
+ # This might not be the best thing, but services dropping into ask for
+ # proxy information do not actually login, so we need to grant them access
+ # anyway.
+ if ($right eq 'create') {
+ return 1;
+ }
+
if ($self->current_user->id) {
- my $auth_user
- = $right eq 'create' ? $args{service_session}->authenticated_user
- : $self->authenticated_user;
+ my $auth_user = $self->authenticated_user;
if ($self->current_user->id == $auth_user->id) {
return 1;
Modified: apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm
==============================================================================
--- apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm (original)
+++ apps/CASPlus/trunk/lib/CASPlus/Model/ServiceSession.pm Thu Aug 30 18:14:20 2007
@@ -157,11 +157,14 @@
sub current_user_can {
my ($self, $right, %args) = @_;
- if ($self->current_user->id) {
- my $auth_id
- = $right eq 'create' ? $args{sso_session}->authenticated_user->id
- : $self->authenticated_user->id;
+ # This may not be good, but since services do not have accounts, this is
+ # necessary.
+ if ($right eq 'create') {
+ return 1;
+ }
+ if ($self->current_user->id) {
+ my $auth_id = $self->authenticated_user->id;
if ($self->current_user->id == $auth_id) {
return 1;
}
Modified: apps/CASPlus/trunk/t/10-model-RoleMember.t
==============================================================================
--- apps/CASPlus/trunk/t/10-model-RoleMember.t (original)
+++ apps/CASPlus/trunk/t/10-model-RoleMember.t Thu Aug 30 18:14:20 2007
@@ -18,17 +18,17 @@
ok($system_user, "Found a system user");
# Create a test user
-my $user = CASPlus::Model::User->new;
+my $user = CASPlus::Model::User->new(current_user => $system_user);
$user->create( username => 'test' );
ok($user->id, 'created a test user');
# Create a test role
-my $role1 = CASPlus::Model::Role->new;
+my $role1 = CASPlus::Model::Role->new(current_user => $system_user);
$role1->create( name => 'role1' );
ok($role1->id, 'created a test role');
# Create a test role
-my $role2 = CASPlus::Model::Role->new;
+my $role2 = CASPlus::Model::Role->new(current_user => $system_user);
$role2->create( name => 'role2' );
ok($role2->id, 'created another test role');
Modified: apps/CASPlus/trunk/t/20-action-Login.t
==============================================================================
--- apps/CASPlus/trunk/t/20-action-Login.t (original)
+++ apps/CASPlus/trunk/t/20-action-Login.t Thu Aug 30 18:14:20 2007
@@ -8,12 +8,15 @@
=cut
-use Jifty::Test tests => 5;
+use Jifty::Test tests => 6;
# Make sure we can load the action
use_ok('CASPlus::Action::Login');
-my $user = CASPlus::Model::User->new;
+my $system_user = CASPlus::CurrentUser->superuser;
+ok($system_user, 'got a system user');
+
+my $user = CASPlus::Model::User->new(current_user => $system_user);
$user->create( username => 'test-Login', password => 'test' );
ok($user, 'created a test user');
More information about the Jifty-commit
mailing list