oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add permissions checks for wizards

Browse source
This commit is contained in:
Doug Bell 2010-04-29 11:35:23 -05:00
parent 09092a13b6
commit d073b83c9f
3 changed files with 21 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/WebGUI/Wizard.pm
View file

@ -99,6 +99,10 @@ them again after everything's done.
sub dispatch { sub dispatch {
my ($self) = @_; my ($self) = @_;
if ( !$self->canView ) {
return $self->session->privilege->noAccess;
}
# See if we process a form # See if we process a form
if ( my $step = $self->getCurrentStep ) { if ( my $step = $self->getCurrentStep ) {
$self->session->log->info( "Processing " . $step ); $self->session->log->info( "Processing " . $step );

5
lib/WebGUI/Wizard/HomePage.pm
View file

@ -68,6 +68,11 @@ sub addPage {
return addAsset( $parent, { title => $title, className => "WebGUI::Asset::Wobject::Layout", displayTitle => 0 } ); return addAsset( $parent, { title => $title, className => "WebGUI::Asset::Wobject::Layout", displayTitle => 0 } );
} }
sub canView {
my ( $self ) = @_;
return $self->session->user->isAdmin;
}
sub wrapStyle { sub wrapStyle {
return WebGUI::Wizard::Setup::wrapStyle( @_ ); return WebGUI::Wizard::Setup::wrapStyle( @_ );
} }

11
lib/WebGUI/Wizard/Setup.pm
View file

@ -20,6 +20,15 @@ sub _get_steps {
)]; )];
} }
sub canView {
my ( $self ) = @_;
my $session = $self->session;
# Only specialState="init" or admin user
return $session->setting->get('specialState') eq 'init'
|| $session->user->getId eq '3';
}
sub wrapStyle { sub wrapStyle {
my ( $self, $output ) = @_; my ( $self, $output ) = @_;
my $session = $self->session; my $session = $self->session;
@ -154,6 +163,8 @@ sub www_adminAccountSave {
$u->profileField( "timeZone", $timezone ); $u->profileField( "timeZone", $timezone );
$u->profileField( "language", $language ); $u->profileField( "language", $language );
$u->identifier( Digest::MD5::md5_base64( $form->process( "identifier", "password", "123qwe" ) ) ); $u->identifier( Digest::MD5::md5_base64( $form->process( "identifier", "password", "123qwe" ) ) );
# The user is now Admin
$session->user({ userId => "3" });
$u = WebGUI::User->new( $session, "1" ); $u = WebGUI::User->new( $session, "1" );
$u->profileField( "timeZone", $timezone ); $u->profileField( "timeZone", $timezone );