luticate
/
api-auth
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

login permission fix

tags/0.1.0
Robin Thoni 9 years ago
parent
abed0e138e
commit
e38847e51c
2 changed files with 9 additions and 4 deletions
Unified View Show Diff Stats
  1. 9
    1
      src/Auth/Business/LuticateBusiness.php
  2. 0
    3
      src/Auth/Business/LuticateUsersBusiness.php

+ 9
- 1
src/Auth/Business/LuticateBusiness.php View File

35 
      */
 35 
      */
36 
     public static function authFilter($permissions, $request)
 36 
     public static function authFilter($permissions, $request)
37 
     {
 37 
     {
38 
+        /**
39 
+         * @var $user LuticateUsersDbo
40 
+         */
41 
+        $user = null;
38 
         $token = $request->header(self::TOKEN_HEADER);
 42 
         $token = $request->header(self::TOKEN_HEADER);
39 
         if ($token != null && $token != "") {
 43 
         if ($token != null && $token != "") {
40 
             $data = JwtHelper::decode($token);
 44 
             $data = JwtHelper::decode($token);
51 
             self::$_currentUser = LuticateUsersBusiness::getById(0);
 55 
             self::$_currentUser = LuticateUsersBusiness::getById(0);
52 
         }
 56 
         }
53
57
54 
-        LuController::$parameters["user"] = self::$_currentUser;
58 
+        if (!LuticatePermissionsBusiness::getUserPermission($user->getId(), LuticatePermissions::USER_LOGIN))
59 
+            return false;
60 
+
61 
+        self::$_currentUser = $user;
62 
+        LuController::$parameters["user"] = $user;
55
63
56 
         foreach ($permissions as $permission) {
 64 
         foreach ($permissions as $permission) {
57 
             $value = LuticatePermissionsBusiness::getUserPermission(self::$_currentUser->getId(), $permission);
 65 
             $value = LuticatePermissionsBusiness::getUserPermission(self::$_currentUser->getId(), $permission);

+ 0
- 3
src/Auth/Business/LuticateUsersBusiness.php View File

72 
         if (!self::verifyPassword($password, $user->getPassword()))
 72 
         if (!self::verifyPassword($password, $user->getPassword()))
73 
             self::badPassword();
 73 
             self::badPassword();
74
74
75 
-        if (!LuticatePermissionsBusiness::getUserPermission($user->getId(), LuticatePermissions::USER_LOGIN))
76 
-            self::unauthorized("User not allowed to login");
77 
-
78 
         $user = LuticateUsersLoginDbo::fromUserDbo($user);
 75 
         $user = LuticateUsersLoginDbo::fromUserDbo($user);
79 
         $user->setToken(self::getToken($user));
 76 
         $user->setToken(self::getToken($user));
80 
         return $user;
 77 
         return $user;

Write Preview
Loading…
Cancel
Save