statistics: Simplify access check.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2597 44740490-163a-0410-bde0-09ae8108e29a

statistics: Simplify access check.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2597 44740490-163a-0410-bde0-09ae8108e29a
3423fe55 · Olav Morken · 02d0c23f · 3423fe55
Commit 3423fe55 authored 14 years ago by Olav Morken
--- a/modules/statistics/lib/AccessCheck.php
+++ b/modules/statistics/lib/AccessCheck.php
@@ -26,61 +26,61 @@ class sspmod_statistics_AccessCheck {
 			throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
 		}
-		if ($protected) {
+		if (!$protected) {
+			return;
-			if (SimpleSAML_Utilities::isAdmin()) {
+		}
-				// User logged in as admin. OK.
-				SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
-			} elseif(isset($authsource) && $session->isValid($authsource) ) {
-				// User logged in with auth source.
-				SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
-				// Retrieving attributes
-				$attributes = $session->getAttributes();
-				$allow = FALSE;
-				if (!empty($allowedusers)) {
-					// Check if userid exists
-					if (!isset($attributes[$useridattr][0]))
-						throw new Exception('User ID is missing');
-					// Check if userid is allowed access..
-					if (!in_array($attributes[$useridattr][0], $allowedusers)) {
-						SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
-					} else {
-						SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
-						$allow = TRUE;
-					}
-				} else {
-					SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
-				}
-				if (!$allow && !is_null($acl)) {
+		if (SimpleSAML_Utilities::isAdmin()) {
-					$acl = new sspmod_core_ACL($acl);
+			// User logged in as admin. OK.
-					if (!$acl->allows($attributes)) {
+			SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
-						SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
+			return;
-					} else {
+		}
-						SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
-						$allow = TRUE;
+		if (isset($authsource) && $session->isValid($authsource) ) {
-					}
-				} else {
+			// User logged in with auth source.
-					SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
+			SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
-				}
+			// Retrieving attributes
+			$attributes = $session->getAttributes();
+			if (!empty($allowedusers)) {
+				// Check if userid exists
+				if (!isset($attributes[$useridattr][0]))
+					throw new Exception('User ID is missing');
-				if (!$allow) {
+				// Check if userid is allowed access..
-					throw new SimpleSAML_Error_Exception('Access denied to the current user.');
+				if (in_array($attributes[$useridattr][0], $allowedusers)) {
+					SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
+					return;
 				}
+				SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
-			} elseif(isset($authsource)) {
+			} else {
-				// If user is not logged in init login with authrouce if authsousrce is defined.
+				SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
-				SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
+			}
+			if (!is_null($acl)) {
+				$acl = new sspmod_core_ACL($acl);
+				if ($acl->allows($attributes)) {
+					SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
+					return;
+				}
+				SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
 			} else {
-				// If authsource is not defined, init admin login.
+				SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
-				SimpleSAML_Utilities::requireAdmin();
 			}
+			throw new SimpleSAML_Error_Exception('Access denied to the current user.');
+		}
+		if(isset($authsource)) {
+			// If user is not logged in init login with authrouce if authsousrce is defined.
+			SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
+		} else {
+			// If authsource is not defined, init admin login.
+			SimpleSAML_Utilities::requireAdmin();
 		}
 	}