Sourcecode in HopObject/securityFunctions.js:
1: function onRequest() {
2: autoLogin();
3: // defining skinpath, membershipLevel
4: req.data.memberlevel = null;
5: // if root.sys_frontSite is set and the site is online
6: // we put it into res.handlers.site to ensure that the mirrored
7: // site works as expected
8: if (!path.Site && root.sys_frontSite && root.sys_frontSite.online)
9: res.handlers.site = root.sys_frontSite;
10: if (res.handlers.site) {
11: if (res.handlers.site.blocked)
12: res.redirect(root.href("blocked"));
13: if (session.user)
14: req.data.memberlevel = res.handlers.site.members.getMembershipLevel(session.user);
15: // set a handler that contains the context
16: res.handlers.context = res.handlers.site;
17: } else {
18: // set a handler that contains the context
19: res.handlers.context = root;
20: }
21:
22: if (session.data.layout) {
23: // test drive a layout
24: res.handlers.layout = session.data.layout;
25: res.message = session.data.layout.renderSkinAsString("testdrive");
26: } else {
27: // define layout handler
28: res.handlers.layout = res.handlers.context.getLayout();
29: }
30:
31: // set skinpath
32: res.skinpath = res.handlers.layout.getSkinPath();
33:
34: if (session.user && session.user.blocked) {
35: // user was blocked recently, so log out
36: session.logout();
37: res.message = new Exception("accountBlocked");
38: res.redirect(res.handlers.context.href());
39: }
40: // check access, but only if user is *not* a sysadmin
41: // sysadmins are allowed to to everything
42: if (!session.user || !session.user.sysadmin)
43: this.checkAccess(req.action, session.user, req.data.memberlevel);
44: return;
45: }
|