More work just using auth.php instead of cake code. Don't reload the User object

This commit is contained in:
Isaac Connor 2018-07-11 11:45:49 -04:00
parent b8691e4654
commit fe5ebe094d
1 changed files with 26 additions and 23 deletions

View File

@ -78,34 +78,42 @@ class AppController extends Controller {
if ( $zmOptAuth == '1' ) {
require_once "../../../includes/auth.php";
$this->loadModel('User');
global $user;
$user = $this->Session->read('user');
if ( isset($_REQUEST['user']) and isset($_REQUEST['pass']) ) {
$user = userLogin($_REQUEST['user'],$_REQUEST['pass']);
if ( !$user ) {
throw new UnauthorizedException(__('User not found'));
return;
} else {
if ( ! $this->Session->Write('user.Username', $user['Username']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('user.Enabled', $user['Enabled']) )
$this->log("Error writing session var user.Enabled");
}
}
if ( isset($_REQUEST['auth']) ) {
$user = getAuthUser($_REQUEST['auth']);
if ( ! $user ) {
throw new UnauthorizedException(__('User not found'));
return;
} else {
if ( ! $this->Session->Write('user.Username', $user['Username']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('user.Enabled', $user['Enabled']) )
$this->log("Error writing session var user.Enabled");
}
} # end if REQUEST['auth']
if ( 0 and $user ) {
# We have to redo the session variables because cakephp's Session code will overwrite the normal php session
# Actually I'm not sure that is true. Getting indeterminate behaviour
Logger::Debug("user.Username: " . $this->Session->read('user.Username'));
if ( ! $this->Session->Write('user', $user) )
$this->log("Error writing session var user");
Logger::Debug("user.Username: " . $this->Session->read('user.Username'));
if ( ! $this->Session->Write('user.Username', $user['Username']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('password', $user['Password']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('user.Enabled', $user['Enabled']) )
$this->log("Error writing session var user.Enabled");
if ( ! $this->Session->Write('remoteAddr', $_SERVER['REMOTE_ADDR']) )
$this->log("Error writing session var remoteAddr");
}
if ( ! $this->Session->read('user.Username') ) {
throw new UnauthorizedException(__('Not Authenticated'));
return;
@ -114,14 +122,12 @@ class AppController extends Controller {
return;
}
$options = array ('conditions' => array ('User.Username' => $this->Session->Read('user.Username')));
$userMonitors = $this->User->find('first', $options);
$this->Session->Write('allowedMonitors',$userMonitors['User']['MonitorIds']);
$this->Session->Write('streamPermission',$userMonitors['User']['Stream']);
$this->Session->Write('eventPermission',$userMonitors['User']['Events']);
$this->Session->Write('controlPermission',$userMonitors['User']['Control']);
$this->Session->Write('systemPermission',$userMonitors['User']['System']);
$this->Session->Write('monitorPermission',$userMonitors['User']['Monitors']);
$this->Session->Write('allowedMonitors',$user['MonitorIds']);
$this->Session->Write('streamPermission',$user['Stream']);
$this->Session->Write('eventPermission',$user['Events']);
$this->Session->Write('controlPermission',$user['Control']);
$this->Session->Write('systemPermission',$user['System']);
$this->Session->Write('monitorPermission',$user['Monitors']);
} else {
// if auth is not on, you can do everything
//$userMonitors = $this->User->find('first', $options);
@ -132,8 +138,5 @@ class AppController extends Controller {
$this->Session->Write('systemPermission','Edit');
$this->Session->Write('monitorPermission','Edit');
}
} # end function beforeFilter()
}