Moved entitlement handling into the application.
Any user who can log in via SSO but doesn't have one of the required entitlements will only ever see a listing of their own loans.
This commit is contained in:
Erik Thuning
parent
22608f1aa7
commit
45f80a0855
@ -6,7 +6,15 @@ $db_user = 'dbname';
|
|||||||
$db_pass = 'dbpassword';
|
$db_pass = 'dbpassword';
|
||||||
$db_name = 'dbuser';
|
$db_name = 'dbuser';
|
||||||
|
|
||||||
# Application language
|
# Authentication
|
||||||
|
# Users must have one of these entitlements in order to be able to
|
||||||
|
# access the site. Users without any of the required entitlements
|
||||||
|
# get redirected to their own loan listing page.
|
||||||
|
$required_entitlements = array(
|
||||||
|
'urn:mace:swami.se:gmai:some-entitlement',
|
||||||
|
);
|
||||||
|
|
||||||
|
# Site language
|
||||||
$language = 'en';
|
$language = 'en';
|
||||||
|
|
||||||
# Site name
|
# Site name
|
||||||
|
|||||||
@ -14,6 +14,9 @@ class PublicPage extends Page {
|
|||||||
|
|
||||||
// The public page should not display a menu
|
// The public page should not display a menu
|
||||||
$this->menuitems = array();
|
$this->menuitems = array();
|
||||||
|
|
||||||
|
// This page should not require any special entitlements
|
||||||
|
$this->authorized = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function render_body() {
|
protected function render_body() {
|
||||||
|
|||||||
@ -4,11 +4,29 @@ abstract class Responder {
|
|||||||
protected $ldap = null;
|
protected $ldap = null;
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
global $language;
|
global $language, $required_entitlements;
|
||||||
|
|
||||||
|
$this->authorized = false;
|
||||||
|
$entitlements = explode(';', $_SERVER['entitlement']);
|
||||||
|
foreach($entitlements as $entitlement) {
|
||||||
|
if(in_array($entitlement, $required_entitlements)) {
|
||||||
|
$this->authorized = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$this->fragments = get_fragments("./html/$language/fragments.html");
|
$this->fragments = get_fragments("./html/$language/fragments.html");
|
||||||
$this->ldap = new Ldap();
|
$this->ldap = new Ldap();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function respond() {
|
||||||
|
if(!$this->authorized) {
|
||||||
|
die("Unauthorized.");
|
||||||
|
}
|
||||||
|
return $this->render();
|
||||||
|
}
|
||||||
|
|
||||||
|
abstract public function render();
|
||||||
|
|
||||||
final protected function escape_tags($tags) {
|
final protected function escape_tags($tags) {
|
||||||
foreach($tags as $key => $tag) {
|
foreach($tags as $key => $tag) {
|
||||||
$tags[$key] = $this->escape_string(strtolower($tag));
|
$tags[$key] = $this->escape_string(strtolower($tag));
|
||||||
|
|||||||
@ -84,6 +84,7 @@ function replace($assoc_arr, $subject) {
|
|||||||
function make_page($page) {
|
function make_page($page) {
|
||||||
switch($page) {
|
switch($page) {
|
||||||
default:
|
default:
|
||||||
|
die("Invalid page.");
|
||||||
case 'checkout':
|
case 'checkout':
|
||||||
return new CheckoutPage();
|
return new CheckoutPage();
|
||||||
case 'return':
|
case 'return':
|
||||||
|
|||||||
@ -12,11 +12,15 @@ require('./include/functions.php');
|
|||||||
|
|
||||||
header('Content-Type: text/html; charset=UTF-8');
|
header('Content-Type: text/html; charset=UTF-8');
|
||||||
|
|
||||||
$page = null;
|
$page = 'checkout';
|
||||||
if(isset($_GET['page'])) {
|
if(isset($_GET['page'])) {
|
||||||
$page = $_GET['page'];
|
$page = $_GET['page'];
|
||||||
}
|
}
|
||||||
|
|
||||||
make_page($page)->render();
|
$page = make_page($page);
|
||||||
|
if(!$page->authorized) {
|
||||||
|
$page = make_page('public');
|
||||||
|
}
|
||||||
|
$page->respond();
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user