'NO-ACL' is more clear that we don't have an ACL for the given admin than three aster...

diff --git a/inc/filters.php b/inc/filters.php
index 079efbc60aad554cce494c08a771fe18ac719a75..c8b52da2c81ef4dabc3415d27884e8f91c2e18bd 100644 (file)
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -813,7 +813,7 @@ function FILTER_CHECK_ADMIN_ACL () {
                } // END - if
 
                // Check for access control line of current menu entry
-               $ret = adminsCheckAdminAcl($action, getWhat());
+               $ret = isAdminsAllowedByAcl($action, getWhat());
        } // END - if
 
        // Set it here

diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php
index 9739305777b21a352542a83ef24cf3e966d20b73..c1987fb465b8c4cfd7b5841f26f25a63ab040f4f 100644 (file)
--- a/inc/libs/admins_functions.php
+++ b/inc/libs/admins_functions.php
@@ -41,18 +41,20 @@ if (!defined('__SECURITY')) {
 }
 
 // Check ACL for menu combination
-function adminsCheckAdminAcl ($action, $what) {
-       // If action is login or logout allow allways!
-       $default = 'allow';
+function isAdminsAllowedByAcl ($action, $what) {
+       // Get admin's id
+       $adminId = getCurrentAdminId();
+
        if (($action == 'login') || ($action == 'logout')) {
+               // If action is login or logout allow allways!
                return true;
-       } // END - if
-
-       // Default is deny
-       $ret = false;
+       } elseif (isset($GLOBALS[__FUNCTION__][$adminId][$action][$what])) {
+               // If we have cache, use it
+               return $GLOBALS[__FUNCTION__][$adminId][$action][$what];
+       }
 
-       // Get admin's id
-       $adminId = getCurrentAdminId();
+       // But default result is failed
+       $GLOBALS[__FUNCTION__][$action][$what] = false;
 
        // Get admin's defult access right
        $default = getAdminDefaultAcl($adminId);
@@ -63,7 +65,7 @@ function adminsCheckAdminAcl ($action, $what) {
                $parent_action = getActionFromModuleWhat('admin', $what);
 
                // Check with this function...
-               $parent = adminsCheckAdminAcl($parent_action, '');
+               $parent = isAdminsAllowedByAcl($parent_action, '');
        } else {
                // Anything else is true!
                $parent = false;
@@ -81,7 +83,7 @@ function adminsCheckAdminAcl ($action, $what) {
                        $aclMode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$adminId][$key];
 
                        // Log debug message
-                       logDebugMessage(__FUNCTION__, __LINE__, 'action=' . $action . ',key=' . $key . ',acl_mode=' . $aclMode);
+                       //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'action=' . $action . ',key=' . $key . ',acl_mode=' . $aclMode);
 
                        // Count cache hits
                        incrementStatsEntry('cache_hits');
@@ -93,13 +95,13 @@ function adminsCheckAdminAcl ($action, $what) {
                        $aclMode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$adminId][$key];
 
                        // Log debug message
-                       logDebugMessage(__FUNCTION__, __LINE__, 'what=' . $what . ',key=' . $key . ',acl_mode=' . $aclMode);
+                       //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'what=' . $what . ',key=' . $key . ',acl_mode=' . $aclMode);
 
                        // Count cache hits
                        incrementStatsEntry('cache_hits');
                }
        } elseif (!isExtensionActive('cache')) {
-               // Old version, so load it from database
+               // Extension ext-cache is absent, so load it from database
                $result = false;
                if (!empty($action)) {
                        // Main menu
@@ -123,14 +125,14 @@ function adminsCheckAdminAcl ($action, $what) {
 
        // Check ACL and (maybe) allow
        //* DEBUG: */ debugOutput('default='.$default.',acl_mode='.$aclMode.',parent='.intval($parent));
-       if ((($default == 'allow') && ($aclMode != 'deny')) || (($default == 'deny') && ($aclMode == 'allow')) || ($parent === true) || (($default == '***') && ($aclMode == 'failed') && ($parent === false))) {
+       if ((($default == 'allow') && ($aclMode != 'deny')) || (($default == 'deny') && ($aclMode == 'allow')) || ($parent === true) || (($default == 'NO-ACL') && ($aclMode == 'failed') && ($parent === false))) {
                // Access is granted
-               $ret = true;
+               $GLOBALS[__FUNCTION__][$adminId][$action][$what] = true;
        } // END - if
 
        // Return value
        //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:act='.$action.',wht='.$what.',default='.$default.',aclMode='.$aclMode);
-       return $ret;
+       return $GLOBALS[__FUNCTION__][$adminId][$action][$what];
 }
 
 // Create email link to admins's account

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index e34b0cf014f0a22421e43f54ca3c6bae1c479fdc..e5427c7409fafb4d3f3ffc60e604b1ab59f31d10 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -240,7 +240,7 @@ function isAdminAllowedAccessMenu ($action, $what = null) {
        if (!isset($GLOBALS[__FUNCTION__][$action][$what])) {
                // ACL is always 'allow' when no ext-admins is installed
                // @TODO This can be rewritten into a filter
-               $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (adminsCheckAdminAcl($action, $what)));
+               $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (isAdminsAllowedByAcl($action, $what)));
        } // END - if
 
        // Return the cached value

diff --git a/inc/modules/admin/what-list_admins_acls.php b/inc/modules/admin/what-list_admins_acls.php
index e8159b074c4d8f31666889d61138f2ef1b0676a5..b5fb48cd431921d87c15ced76d06f91b6d924940 100644 (file)
--- a/inc/modules/admin/what-list_admins_acls.php
+++ b/inc/modules/admin/what-list_admins_acls.php
@@ -154,7 +154,7 @@ LIMIT 1",
        $ACL = false;
        if (isPostRequestParameterSet('what_menu')) {
                // Check parent ACL
-               $ACL = adminsCheckAdminAcl(getActionFromModuleWhat('admin', postRequestParameter('what_menu')), '');
+               $ACL = isAdminsAllowedByAcl(getActionFromModuleWhat('admin', postRequestParameter('what_menu')), '');
        } // END - if
 
        if (($mode != postRequestParameter('mode')) || (($ACL === true) && (postRequestParameter('mode') == 'deny'))) {

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index 121ff9c02ec240b845c8708f00e20d33ae0e92d2..aecb0317be43d219a26733d02766037d63177a2a 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -1390,7 +1390,7 @@ function getAdminEmail ($adminId) {
 // Get default ACL  of admin id
 function getAdminDefaultAcl ($adminId) {
        // By default an invalid ACL value is returned
-       $data['default_acl'] = '***';
+       $data['default_acl'] = 'NO-ACL';
 
        // Is sql_patches there and was it found in cache?
        if (!isExtensionActive('sql_patches')) {
@@ -1406,6 +1406,8 @@ function getAdminDefaultAcl ($adminId) {
                // Load from database
                $result_admin_id = SQL_QUERY_ESC("SELECT `default_acl` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
                        array(bigintval($adminId)), __FUNCTION__, __LINE__);
+
+               // Do we have an entry?
                if (SQL_NUMROWS($result_admin_id) == 1) {
                        // Fetch data
                        $data = SQL_FETCHARRAY($result_admin_id);