Changeset 2267

Timestamp:

01/15/08 14:05:53 (12 months ago)

Author:

david

Message:

fixed the issue where ecurity filters cannot perform checks in addition to isSecure(), closes #671

Location:

trunk/src

Files:

• controller/AgaviExecutionContainer.class.php (modified) (1 diff)
• filter/AgaviSecurityFilter.class.php (modified) (1 diff)

trunk/src/controller/AgaviExecutionContainer.class.php

@@ -325 +325 @@
         if(AgaviConfig::get('core.available', false)) {
           // the application is available so we'll register
-          // global and module filters, otherwise skip them
+          // globally defined and module-specific action filters, otherwise skip them
 
           // does this action require security?
-          if(AgaviConfig::get('core.use_security', false) && $this->actionInstance->isSecure()) {
+          if(AgaviConfig::get('core.use_security', false)) {
             // register security filter
             $filterChain->register($controller->getFilter('security'));

trunk/src/filter/AgaviSecurityFilter.class.php

@@ -59 +59 @@
     $credential = $actionInstance->getCredentials();
 
+    if(!$actionInstance->isSecure()) {
+      // the action instance does not require authentication, so we can continue in the chain and then bail out early
+      return $filterChain->execute($container);
+    }
+
     // credentials can be anything you wish; a string, array, object, etc.
     // as long as you add the same exact data to the user as a credential,