dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

// Changes to BO permissions management

Browse Source 
git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@12366 b9a71923-0436-4b27-9f14-aed3839534dd
This commit is contained in:
tDidierjean
2012-01-11 16:19:19 +00:00
parent f38edb7c61
commit db8670ec24
5 changed files with 47 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
classes/AdminController.php
+2 -5
View File
@@ -28,8 +28,6 @@
class AdminControllerCore extends Controller
{
public $path;
public static $currentIndex;
public $content;
public $warnings = array();
@@ -1860,9 +1858,8 @@ class AdminControllerCore extends Controller
}
else if (isset($_GET['update'.$this->table]) && isset($_GET['id_'.$this->table]))
{
if ($this->tabAccess['edit'] === '1')
$this->display = 'edit';
else
$this->display = 'edit';
if ($this->tabAccess['edit'] !== '1')
$this->errors[] = Tools::displayError('You do not have permission to edit here.');
}
else if (isset($_GET['view'.$this->table]))
classes/Controller.php
+9 -2
View File
@@ -79,6 +79,11 @@ abstract class ControllerCore
*/
abstract public function checkAccess();
/**
* check that the current user/visitor has valid view permissions
*/
abstract public function viewAccess();
/**
* Initialize the page
*/
@@ -141,7 +146,6 @@ abstract class ControllerCore
public function run()
{
$this->init();
if ($this->checkAccess())
{
if (!$this->content_only && ($this->display_header || (isset($this->className) && $this->className)))
@@ -156,7 +160,10 @@ abstract class ControllerCore
if (!$this->content_only && ($this->display_header || (isset($this->className) && $this->className)))
$this->initHeader();
$this->initContent();
if ($this->viewAccess())
$this->initContent();
else
$this->errors[] = Tools::displayError('Access denied.');
if (!$this->content_only && ($this->display_footer || (isset($this->className) && $this->className)))
$this->initFooter();
classes/FrontController.php
+12 -2
View File
@@ -69,15 +69,25 @@ class FrontControllerCore extends Controller
}
/**
* checkAccess
* @see Controller::checkAccess()
*
* @return void
* @return boolean
*/
public function checkAccess()
{
return true;
}
/**
* @see Controller::viewAccess
*
* @return boolean
*/
public function viewAccess()
{
return true;
}
public function init()
{
/*
controllers/admin/AdminLoginController.php
+10
View File
@@ -97,6 +97,16 @@ class AdminLoginControllerCore extends AdminController
{
return true;
}
/**
* All BO users can access the login page
*
* @return bool
*/
public function viewAccess()
{
return true;
}
public function postProcess()
{
controllers/admin/AdminProductsController.php
+14 -42
View File
@@ -366,11 +366,8 @@ class AdminProductsControllerCore extends AdminController
$this->errors[] = Tools::displayError('Invalid file name');
if (Tools::strlen($attachment->file_name) > 128)
$this->errors[] = Tools::displayError('File name too long');
if (!count($this->errors))
{
if (empty($this->errors))
$attachment->add();
$this->confirmations[] = $this->l('Attachment successfully added');
}
else
$this->errors[] = Tools::displayError('Invalid file');
}
@@ -690,8 +687,6 @@ class AdminProductsControllerCore extends AdminController
}
}
}
if (!count($this->errors))
$this->redirect_after = self::$currentIndex.'&id_product='.(int)$product->id.'&id_category='.(!empty($_REQUEST['id_category'])?$_REQUEST['id_category']:'1').'&add'.$this->table.'&action=Features&conf=4&token='.($token ? $token : $this->token);
}
else
$this->errors[] = Tools::displayError('Product must be created before adding features.');
@@ -784,8 +779,6 @@ class AdminProductsControllerCore extends AdminController
$specificPrice = new SpecificPrice((int)($id_specific_price));
if (!$specificPrice->delete())
$this->errors[] = Tools::displayError('An error occurred while deleting the specific price');
else
$this->confirmations[] = $this->l('Specific price successfully deleted');
}
}
@@ -986,27 +979,10 @@ class AdminProductsControllerCore extends AdminController
if ($this->action)
{
if (in_array($this->action, array_keys($this->available_tabs)))
$this->tab_display = $this->action;
$this->tab_display = $this->action;
elseif ($this->action == 'new' || $this->action == 'save')
$this->tab_display = 'Informations';
$this->tab_display = 'Informations';
}
// Set type of display (edit-add-list)
if (Tools::getValue('id_product')
|| ((Tools::isSubmit('submitAddproduct')
|| Tools::isSubmit('submitAddproductAndPreview')
|| Tools::isSubmit('submitAddproductAndStay')
|| Tools::isSubmit('submitSpecificPricePriorities')
|| Tools::isSubmit('submitPriceAddition')
|| Tools::isSubmit('submitPricesModification'))
&& count($this->errors))
|| Tools::isSubmit('updateproduct')
|| Tools::isSubmit('addproduct'))
$this->display = 'edit';
elseif ($this->action == 'new')
$this->display = 'add';
else
$this->display = 'list';
}
/**
@@ -1169,7 +1145,11 @@ class AdminProductsControllerCore extends AdminController
public function ajaxPreProcess()
{
$this->action = Tools::getValue('action');
if (isset($_GET['update'.$this->table]) && isset($_GET['id_'.$this->table]))
{
$this->display = 'edit';
$this->action = Tools::getValue('action');
}
}
public function ajaxProcessUpdateProductImageShopAsso()
@@ -1462,12 +1442,10 @@ class AdminProductsControllerCore extends AdminController
public function processUpdate($token)
{
$this->checkProduct();
if (!empty($this->errors))
return false;
$id = (int)Tools::getValue('id_'.$this->table);
$tagError = true;
/* Update an existing product */
if (isset($id) && !empty($id))
{
@@ -1527,10 +1505,10 @@ class AdminProductsControllerCore extends AdminController
{
// Save and stay on same form
if (Tools::isSubmit('submitAdd'.$this->table.'AndStay'))
$this->redirect_after = self::$currentIndex.'&id_product='.$object->id.'&id_category='.(!empty($_REQUEST['id_category'])?$_REQUEST['id_category']:'1').'&addproduct&conf=4&action='.Tools::getValue('key_tab').'&token='.($token ? $token : $this->token);
$this->confirmations[] = $this->l('Update successful');
else
// Default behavior (save and back)
$this->redirect_after = self::$currentIndex.'&id_category='.(!empty($_REQUEST['id_category'])?$_REQUEST['id_category']:'1').'&conf=4&token='.($token ? $token : $this->token);
// Default behavior (save and back)
$this->redirect_after = self::$currentIndex.'&id_category='.(!empty($_REQUEST['id_category'])?$_REQUEST['id_category']:'1').'&conf=4&token='.($token ? $token : $this->token);
}
}
}
@@ -2211,11 +2189,9 @@ class AdminProductsControllerCore extends AdminController
'id_shop' => $id_shop,
'num' => $num);
// Save to the database the account
if (count($tab) && Accounting::saveProductAccountingInformations($tab))
$this->confirmations[] = $this->l('Account numbers have been updated');
else
$this->errors[] = $this->l('Account Numbers could not be updated or added in the database');
// Save to the database the account
if (empty($tab) || !Accounting::saveProductAccountingInformations($tab))
$this->errors[] = $this->l('Account Numbers could not be updated or added in the database');
}
}
}
@@ -2280,7 +2256,6 @@ class AdminProductsControllerCore extends AdminController
}
}
$this->confirmations[] = $this->l('Suppliers of the product have been updated');
// Manage references and prices
foreach ($attributes as $attribute)
foreach ($associated_suppliers as $supplier)
@@ -2370,8 +2345,6 @@ class AdminProductsControllerCore extends AdminController
$product->id_supplier = $new_default_supplier;
$product->update();
}
$this->confirmations[] = $this->l('Supplier Reference(s) of the product have been updated');
}
}
@@ -2451,7 +2424,6 @@ class AdminProductsControllerCore extends AdminController
}
}
}
$this->confirmations[] = $this->l('Warehouses and location(s) of the product have been updated');
}
}