if user=&pass= are in request, use them for auth
This commit is contained in:
parent
2385575c56
commit
f26c9168c4
|
@ -59,62 +59,66 @@ class AppController extends Controller {
|
||||||
public function beforeFilter() {
|
public function beforeFilter() {
|
||||||
$this->loadModel('Config');
|
$this->loadModel('Config');
|
||||||
|
|
||||||
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_API'));
|
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_API'));
|
||||||
$config = $this->Config->find('first', $options);
|
$config = $this->Config->find('first', $options);
|
||||||
$zmOptApi = $config['Config']['Value'];
|
$zmOptApi = $config['Config']['Value'];
|
||||||
|
|
||||||
if ($zmOptApi !='1')
|
if ($zmOptApi !='1') {
|
||||||
{
|
throw new UnauthorizedException(__('API Disabled'));
|
||||||
throw new UnauthorizedException(__('API Disabled'));
|
return;
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
|
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
|
||||||
$config = $this->Config->find('first', $options);
|
$config = $this->Config->find('first', $options);
|
||||||
$zmOptAuth = $config['Config']['Value'];
|
$zmOptAuth = $config['Config']['Value'];
|
||||||
if (!$this->Session->Read('user.Username') && ($zmOptAuth=='1'))
|
|
||||||
{
|
|
||||||
throw new UnauthorizedException(__('Not Authenticated'));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$this->loadModel('User');
|
|
||||||
$loggedinUser = $this->Session->Read('user.Username');
|
|
||||||
$isEnabled = $this->Session->Read('user.Enabled');
|
|
||||||
// this will likely never happen as if its
|
|
||||||
// not enabled, login will fail and Not Auth will be returned
|
|
||||||
// however, keeping this here for now
|
|
||||||
if ($isEnabled != "1" && $zmOptAuth=="1")
|
|
||||||
{
|
|
||||||
throw new UnauthorizedException(__('User is not enabled'));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($zmOptAuth=='1')
|
if ( $zmOptAuth=='1' ) {
|
||||||
{
|
if ( $_REQUEST['user'] and $_REQUEST['pass'] ) {
|
||||||
$options = array ('conditions' => array ('User.Username' => $loggedinUser));
|
$this->loadModel('User');
|
||||||
$userMonitors = $this->User->find('first', $options);
|
$this->log("have user " . $_REQUEST['user'] ." and pass " . $_REQUEST['pass'] ."!", 'error');
|
||||||
$this->Session->Write('allowedMonitors',$userMonitors['User']['MonitorIds']);
|
$user = $this->User->find('first', array ('conditions' => array (
|
||||||
$this->Session->Write('streamPermission',$userMonitors['User']['Stream']);
|
'User.Username' => $_REQUEST['user'],
|
||||||
$this->Session->Write('eventPermission',$userMonitors['User']['Events']);
|
'User.Password' => $_REQUEST['pass'],
|
||||||
$this->Session->Write('controlPermission',$userMonitors['User']['Control']);
|
)) );
|
||||||
$this->Session->Write('systemPermission',$userMonitors['User']['System']);
|
if ( ! $user ) {
|
||||||
$this->Session->Write('monitorPermission',$userMonitors['User']['Monitors']);
|
throw new UnauthorizedException(__('User not found'));
|
||||||
}
|
return;
|
||||||
else // if auth is not on, you can do everything
|
} else {
|
||||||
{
|
$this->log("Found user " . $_REQUEST['user'] ." and pass " . $_REQUEST['pass'] ."!", 'error');
|
||||||
//$userMonitors = $this->User->find('first', $options);
|
$this->Session->Write( 'user.Username', $user['User']['Username'] );
|
||||||
$this->Session->Write('allowedMonitors','');
|
$this->Session->Write( 'user.Enabled', $user['User']['Enabled'] );
|
||||||
$this->Session->Write('streamPermission','View');
|
}
|
||||||
$this->Session->Write('eventPermission','Edit');
|
}
|
||||||
$this->Session->Write('controlPermission','Edit');
|
|
||||||
$this->Session->Write('systemPermission','Edit');
|
if( ! $this->Session->Read('user.Username') ) {
|
||||||
$this->Session->Write('monitorPermission','Edit');
|
throw new UnauthorizedException(__('Not Authenticated'));
|
||||||
}
|
return;
|
||||||
}
|
} else if ( ! $this->Session->Read('user.Username') ) {
|
||||||
|
throw new UnauthorizedException(__('User is not enabled'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$options = array ('conditions' => array ('User.Username' => $loggedinUser));
|
||||||
|
$userMonitors = $this->User->find('first', $options);
|
||||||
|
$this->Session->Write('allowedMonitors',$userMonitors['User']['MonitorIds']);
|
||||||
|
$this->Session->Write('streamPermission',$userMonitors['User']['Stream']);
|
||||||
|
$this->Session->Write('eventPermission',$userMonitors['User']['Events']);
|
||||||
|
$this->Session->Write('controlPermission',$userMonitors['User']['Control']);
|
||||||
|
$this->Session->Write('systemPermission',$userMonitors['User']['System']);
|
||||||
|
$this->Session->Write('monitorPermission',$userMonitors['User']['Monitors']);
|
||||||
}
|
}
|
||||||
|
else // if auth is not on, you can do everything
|
||||||
|
{
|
||||||
|
//$userMonitors = $this->User->find('first', $options);
|
||||||
|
$this->Session->Write('allowedMonitors','');
|
||||||
|
$this->Session->Write('streamPermission','View');
|
||||||
|
$this->Session->Write('eventPermission','Edit');
|
||||||
|
$this->Session->Write('controlPermission','Edit');
|
||||||
|
$this->Session->Write('systemPermission','Edit');
|
||||||
|
$this->Session->Write('monitorPermission','Edit');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
} # end function beforeFilter()
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue