ACL Changes

Discuss about Group-Office development here

Moderator: Developers

peteinlux
Posts: 71
Joined: Tue Dec 09, 2008 10:03 pm

ACL Changes

Postby peteinlux » Tue Nov 10, 2009 12:17 pm

Merijn,

Could you describe the upcoming changes in the ACL? How are they affecting module development? And when will they come to the debian repository?

Regards,
P
mschering
Site Admin
Site Admin
Posts: 8281
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: ACL Changes

Postby mschering » Wed Nov 11, 2009 9:54 am

If you have a custom module that uses an acl_read and acl_write you have to change something for GO3.3 or the current svn trunk. The ACL system has been improved and you can use one ACL for managing read and write permission. The idea is that you check an acl for a certain permission level.

Add an update script to your module (See the notes module for an example):

custommodule/install/updatescripts/convert_acl.inc.php

Code: Select all

<?php
require_once($GO_CONFIG->root_path.'install/updatescripts/functions.inc.php');

$db->query("SELECT * FROM cm_table WHERE acl_read>0");
while($folder=$db->next_record()){
	apply_write_acl($folder['acl_read'], $folder['acl_write']);
}
$db->query("ALTER TABLE `cm_table` CHANGE `acl_read` `acl_id` INT( 11 ) NOT NULL DEFAULT '0'");
This will merge the acl read and write into one column.

Changes in your code:

Old code:

Code: Select all

if(!$GO_SECURITY->has_permission($GO_SECURITY->user_id, $category['acl_write']))
{
	throw new AccessDeniedException();
}
New code:

Code: Select all

if($GO_SECURITY->has_permission($GO_SECURITY->user_id, $category['acl_id'])<GO_SECURITY::WRITE_PERMISSION)
{
	throw new AccessDeniedException();
}

Also queries that join on the acl table need to be changed:

Old code:

Code: Select all

function get_authorized_categories($auth_type, $user_id, $query, $sort='name', $direction='ASC', $start=0, $offset=0)
	{
		$user_id=$this->escape($user_id);
		
		$sql = "SELECT DISTINCT no_categories.* FROM no_categories ".
 		"INNER JOIN go_acl a ON ";
		
		switch($auth_type)
		{
			case 'read':
				$sql .= "(no_categories.acl_read = a.acl_id OR no_categories.acl_write=a.acl_id) ";
				break;
				
			case 'write':
				$sql .= "no_categories.acl_write = a.acl_id";
				break;
		}
		
New code:

Code: Select all

function get_authorized_categories($auth_type, $user_id, $query, $sort='name', $direction='ASC', $start=0, $offset=0)
	{
		$user_id=$this->escape($user_id);
		
		$sql = "SELECT DISTINCT no_categories.* FROM no_categories ".
 		"INNER JOIN go_acl a ON ";
		
		switch($auth_type)
		{
			case 'read':
				$sql .= "no_categories.acl_id = a.acl_id ";
				break;
				
			case 'write':
				$sql .= "(no_categories.acl_id = a.acl_id AND a.level>1) ";
				break;
		}
		
That's it. GO performs much faster with those queries!
Best regards,

Merijn Schering
Intermesh

Who is online

Users browsing this forum: No registered users and 3 guests

cron