fix access for analysis page

3812e7b5 · Penom Nom · d20dab19 · 3812e7b5 · 3812e7b5 · 3812e7b5
Commit 3812e7b5 authored Sep 11, 2015 by Penom Nom
--- a/ui/nG6/lib/class.tx_nG6_db.php
+++ b/ui/nG6/lib/class.tx_nG6_db.php
@@ -1510,7 +1510,8 @@ class tx_nG6_db {
 		$queryParts = array( 
 			'SELECT' => 'tx_nG6_project.uid AS project_id,'. 
 						'tx_nG6_project.name AS project_name,'. 
-						'tx_nG6_analyze.uid AS analyze_id,'. 
+						'tx_nG6_analyze.uid AS analyze_id,'.
+						'tx_nG6_analyze.hidden AS analyze_hidden,'.
 						'tx_nG6_analyze.directory AS analyze_directory,'. 
 						'tx_nG6_analyze.name AS analyze_name, '.
 						'tx_nG6_analyze.params AS analyze_params, '.
@@ -1542,7 +1543,8 @@ class tx_nG6_db {
 					'project_id'	=> $row['project_id'],
 					'run_name'		=> 'None', 
 					'run_id'		=> 'None',					 
-					'directory'		=> $row['analyze_directory'], 
+					'directory'		=> $row['analyze_directory'],
+					'hidden'		=> $row['analyze_hidden'],
 					'name' 			=> $row['analyze_name'],
 					'class'			=> $row['analyze_class'],
 					'params'		=> $row['analyze_params'],
@@ -1562,6 +1564,7 @@ class tx_nG6_db {
 							'tx_nG6_project.uid AS project_id,'.
 							'tx_nG6_run.uid AS run_id,'. 
 							'tx_nG6_run.name AS run_name,'.
+							'tx_nG6_analyze.hidden AS analyze_hidden,'.
 							'tx_nG6_analyze.uid AS analyze_id,'. 
 							'tx_nG6_analyze.directory AS analyze_directory,'. 
 							'tx_nG6_analyze.name AS analyze_name, '.
@@ -1593,6 +1596,7 @@ class tx_nG6_db {
 					'run_name'		=> $row['run_name'], 
 					'run_id'		=> $row['run_id'], 			 
 					'directory'		=> $row['analyze_directory'], 
+					'hidden'		=> $row['analyze_hidden'],
 					'name' 			=> $row['analyze_name'],
 					'params'		=> $row['analyze_params'],
 					'class' 		=> $row['analyze_class'],

--- a/ui/nG6/pi1/analyzes/AnalaysisAccessDenied.tpl
+++ b/ui/nG6/pi1/analyzes/AnalaysisAccessDenied.tpl
+{*
+Copyright (C) 2009 INRA
+ 
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*}
+
+<div class="sub-content sc-top clearfix">
+	<div class="ng6-content-header-left run">
+		<h2>Analysis <small>--</small></h2>
+	</div>
+	<div class="ng6-content-header-right">
+	    <div class="alert alert-warning" > <strong>Access denied !</strong>Sorry you don't have access to this Analysis. Please select another analysis</div>
+	</div>
+</div>
+
+<div class="sub-content sc-bottom">&nbsp;</div>
--- a/ui/nG6/pi1/class.tx_nG6_pi1.php
+++ b/ui/nG6/pi1/class.tx_nG6_pi1.php
@@ -309,86 +309,94 @@ class tx_nG6_pi1 extends tslib_pibase {
 		if (!$GLOBALS['TSFE']->loginUser) { $user_id = null; }
 		else { $user_id = $GLOBALS['TSFE']->fe_user->user['uid']; }
 		
+		$smarty = new Smarty();
+		$smarty->setTemplateDir(t3lib_extMgm::extPath('nG6').'/pi1/analyzes');
+		$smarty->setCompileDir(t3lib_extMgm::extPath('nG6').'/res/smarty/templates_c');
+		$smarty->setCacheDir(t3lib_extMgm::extPath('nG6').'/res/smarty/cache');
+		$smarty->setConfigDir(t3lib_extMgm::extPath('nG6').'/res/smarty/configs');
+		$smarty->security = true;
+		$smarty->security_settings['MODIFIER_FUNCS'] = array('count');
+		
 		// is project admin
 		$is_project_admin = tx_nG6_db::is_project_administrator($GLOBALS['TSFE']->fe_user->user['uid'], $this->piVars['project_id']);
 		
 		// First select the analyse
 		$analyse = tx_nG6_db::select_analyse($this->piVars['analyze_id']);
 		
-		// Handle old fashion
-		if (file_exists($this->conf['data'].$analyse['directory'].'/index.html' )) {
-			// Add the analyse description
-			$content = '<div id="img_dialog" title=""></div>';
-			$content .= '<input type="hidden" id="analyse_name" value="'.$analyse['name'].'" />';
-			$content .= '<div'.$this->pi_classParam('singleView').'>';
-			$content .= '<h2>Analyse '.$analyse['name'].' : <span>'.$analyse['description'].'</span></h2></div>';
-			$fp = fopen((string)$this->conf['data'].$analyse['directory'].'/index.html',"r");
-			while (!feof($fp)) {
-				$content .= fgets($fp, 4096);
-			}
-			return $content;
-		// Else meaning using smarty
-		} else {
-			
-			$smarty = new Smarty();
-			$smarty->setTemplateDir(t3lib_extMgm::extPath('nG6').'/pi1/analyzes');
-			$smarty->setCompileDir(t3lib_extMgm::extPath('nG6').'/res/smarty/templates_c');
-			$smarty->setCacheDir(t3lib_extMgm::extPath('nG6').'/res/smarty/cache');
-			$smarty->setConfigDir(t3lib_extMgm::extPath('nG6').'/res/smarty/configs');
-			$smarty->security = true;
-			$smarty->security_settings['MODIFIER_FUNCS'] = array('count');
-
-			$smarty->assign('is_project_admin', $is_project_admin);
-			$smarty->assign('analyse', $analyse);
-			$analysis_size = tx_nG6_db::get_analysis_size($this->piVars['analyze_id']);
-			$smarty->assign('analyse_size', tx_nG6_utils::get_octet_string_representation($analysis_size));
-			$smarty->assign('data_folder', $this->conf["data"]);
-			$smarty->assign('analyze_id', $this->piVars['analyze_id']);
-			$smarty->assign('server_url', $this->conf['server_url']);
-			$smarty->assign('user_login', $GLOBALS['TSFE']->fe_user->user['username']);
-			$smarty->assign('user_id', $GLOBALS['TSFE']->fe_user->user['uid']);
-			
-			// Then select analyse results
-			$results = tx_nG6_db::select_analyse_results($this->piVars['analyze_id']);		
-			$smarty->assign('analyse_results', $results);
-			
-			//comments on the analysis
-			$comments = tx_nG6_db::get_all_analyze_comments($this->piVars['analyze_id']);
-			$smarty->assign('comments', $comments);
-			
-			// Select the run file description	
-			if ($analyse['run_id'] != 'None') {
-				$descriptions = tx_nG6_db::select_mid_descriptions($analyse['run_id']);
-			} else {
-				$descriptions = array();
-			}
-			$smarty->assign('descriptions', $descriptions);
-			$smarty->assign('data_folder', $this->conf['data']);		
-			// Try to process the analyse template
-			try {
-				if (file_exists(t3lib_extMgm::extPath($this->extKey).'pi1/analyzes/'.$analyse['class'].'.js')) {
-					$GLOBALS['TSFE']->additionalHeaderData[$this->prefixId] .= '
-						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'pi1/analyzes/'.$analyse['class'].'.js"></script>';
+		if (tx_nG6_db::user_is_authorized($user_id, $this->piVars['project_id'], $this->piVars['run_id'])) {
+			if ($is_project_admin || $analyse['hidden'] == "0") {
+				// Handle old fashion
+				if (file_exists($this->conf['data'].$analyse['directory'].'/index.html' )) {
+					// Add the analyse description
+					$content = '<div id="img_dialog" title=""></div>';
+					$content .= '<input type="hidden" id="analyse_name" value="'.$analyse['name'].'" />';
+					$content .= '<div'.$this->pi_classParam('singleView').'>';
+					$content .= '<h2>Analyse '.$analyse['name'].' : <span>'.$analyse['description'].'</span></h2></div>';
+					$fp = fopen((string)$this->conf['data'].$analyse['directory'].'/index.html',"r");
+					while (!feof($fp)) {
+						$content .= fgets($fp, 4096);
+					}
+					return $content;
+					// Else meaning using smarty
+				} else {
+				
+					$smarty->assign('is_project_admin', $is_project_admin);
+					$smarty->assign('analyse', $analyse);
+					$analysis_size = tx_nG6_db::get_analysis_size($this->piVars['analyze_id']);
+					$smarty->assign('analyse_size', tx_nG6_utils::get_octet_string_representation($analysis_size));
+					$smarty->assign('data_folder', $this->conf["data"]);
+					$smarty->assign('analyze_id', $this->piVars['analyze_id']);
+					$smarty->assign('server_url', $this->conf['server_url']);
+					$smarty->assign('user_login', $GLOBALS['TSFE']->fe_user->user['username']);
+					$smarty->assign('user_id', $GLOBALS['TSFE']->fe_user->user['uid']);
+				
+					// Then select analyse results
+					$results = tx_nG6_db::select_analyse_results($this->piVars['analyze_id']);
+					$smarty->assign('analyse_results', $results);
+				
+					//comments on the analysis
+					$comments = tx_nG6_db::get_all_analyze_comments($this->piVars['analyze_id']);
+					$smarty->assign('comments', $comments);
+				
+					// Select the run file description
+					if ($analyse['run_id'] != 'None') {
+						$descriptions = tx_nG6_db::select_mid_descriptions($analyse['run_id']);
+					} else {
+						$descriptions = array();
+					}
+					$smarty->assign('descriptions', $descriptions);
+					$smarty->assign('data_folder', $this->conf['data']);
+				
+					// Try to process the analyse template
+					try {
+						if (file_exists(t3lib_extMgm::extPath($this->extKey).'pi1/analyzes/'.$analyse['class'].'.js')) {
+							$GLOBALS['TSFE']->additionalHeaderData[$this->prefixId] .= '
+							<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'pi1/analyzes/'.$analyse['class'].'.js"></script>';
+						}
+						$GLOBALS['TSFE']->additionalHeaderData[$this->prefixId] .= '
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/tx_nG6_pi1_analysis.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.venny.min.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.exporting.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.more.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.exportcsv.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jsphylosvg-min.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/raphael-min.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/unitip.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.jstree.min.js"></script>
+						<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/d3-3.4.4.min.js"></script>
+						<link type="text/css" rel="stylesheet" media="screen" href="'.t3lib_extMgm::siteRelPath($this->extKey).'res/css/unitip.css"/>';
+						return $smarty->fetch($analyse['class'].'.tpl');
+					} catch (Exception $e) {
+						return 'No template found for class ' . $analyse['class'];
+					}
 				}
-				$GLOBALS['TSFE']->additionalHeaderData[$this->prefixId] .= '
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/tx_nG6_pi1_analysis.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.venny.min.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.exporting.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.more.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.highcharts.exportcsv.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jsphylosvg-min.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/raphael-min.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/unitip.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.jstree.min.js"></script>
-					<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/d3-3.4.4.min.js"></script>
-					<link type="text/css" rel="stylesheet" media="screen" href="'.t3lib_extMgm::siteRelPath($this->extKey).'res/css/unitip.css"/>';
-				return $smarty->fetch($analyse['class'].'.tpl'); 
-			} catch (Exception $e) { 
-				return 'No template found for class ' . $analyse['class'];
 			}
 		}
+		return $smarty->fetch('AnalaysisAccessDenied.tpl');
 	}
+	
+	
 	/**
 	 * Return the install view
 	 */

--- a/ui/nG6/pi1/run_view.tpl
+++ b/ui/nG6/pi1/run_view.tpl
@@ -39,11 +39,17 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 {* If no runs can be displayed *}
 {if $runs|@count == 0 || ($runs|@count == 1 && $runs[key($runs)].hidden == 1 && !$runs[key($runs)].is_admin) }
-	<div class="sub-content">
-		<br/>
-		<div class="alert alert-info" >Sorry no results to display</div>
-	</div>
-	
+    <div class="sub-content sc-top clearfix">
+		<div class="ng6-content-header-left run">
+			<h2>Run <small>--</small></h2>
+		</div>
+		<div class="ng6-content-header-right">
+		    <div class="alert alert-warning" > <strong>Access denied !</strong>Sorry you don't have access to this run. Please select another run</div>
+		</div>
+    </div>
+    
+    <div class="sub-content sc-bottom">&nbsp;</div>
+
 {* If a single run has to be displayed *}
 {elseif $single_run_display}
 	<div class="sub-content sc-top">