[dev] application access with Perms (was: feature interest)

Brian M Dube brian.dube at gotgoat.com
Sat Jul 19 13:14:30 PDT 2003


Here's what I did for Auth.php, but it still has the quirk of only
working for users, not groups.

Brian

--- Auth.php    14 Jul 2003 05:35:52 -0000      1.1.1.1
+++ Auth.php    19 Jul 2003 20:05:05 -0000
@@ -279,11 +279,28 @@
      */
     function isAuthenticated($realm = null)
     {
+        global $registry;
+
         if (isset($_SESSION['__auth'])) {
             if (!empty($_SESSION['__auth']['authenticated']) &&
                 !empty($_SESSION['__auth']['userID']) &&
                 $_SESSION['__auth']['realm'] == $realm) {
-                return true;
+
+                // Check permissions for this user.
+                $_app = $registry->getApp();
+                require_once HORDE_BASE . '/lib/Perms.php';
+                $_perms = &Perms::singleton();
+
+                if ($_perms->exists($_app)) {
+                    if ($_perms->hasPermission($_app, Auth::getAuth(),
_PERMS_READ)) {
+                        return true;
+                    } else {
+                        return false;
+                    }
+                } else {
+                    // Permission does not exist.
+                    return true;
+                }
             }
         }



More information about the dev mailing list