Beispiel #1
0
 public function testRolesAclAdditivity()
 {
     $r1 = new \AJXP_Role("role1");
     $r2 = new \AJXP_Role("role2");
     $r1->setAcl("repository_id", "");
     $r2->setAcl("repository_id", "w");
     $r3 = $r2->override($r1);
     $this->assertEquals("w", $r3->getAcl("repository_id"));
     $r1->setAcl("repository_id", "r");
     $r2->setAcl("repository_id", "w");
     $r3 = $r2->override($r1);
     $this->assertEquals("w", $r3->getAcl("repository_id"));
     $r1->setAcl("repository_id", "r");
     $r2->setAcl("repository_id", "");
     $r3 = $r2->override($r1);
     $this->assertEquals("r", $r3->getAcl("repository_id"));
     $r1->setAcl("repository_id", "r");
     $r2->setAcl("repository_id", AJXP_VALUE_CLEAR);
     $r3 = $r2->override($r1);
     $this->assertEquals("", $r3->getAcl("repository_id"));
 }
 public function testRolesStorage()
 {
     $r = new \AJXP_Role("phpunit_temporary_role");
     $r->setAcl(0, "rw");
     \AuthService::updateRole($r);
     $r1 = \AuthService::getRole("phpunit_temporary_role");
     $this->assertTrue(is_a($r1, "AJXP_Role"));
     $this->assertEquals("rw", $r1->getAcl(0));
     \AuthService::deleteRole("phpunit_temporary_role");
     $r2 = \AuthService::getRole("phpunit_temporary_role");
     $this->assertFalse($r2);
 }
Beispiel #3
0
 /**
  * @param AJXP_Role $role
  * @return AJXP_Role
  */
 public function override(AJXP_Role $role)
 {
     $newRole = new AJXP_Role($role->getId());
     $roleAcl = $role->listAcls();
     $newAcls = $this->array_merge_recursive2($roleAcl, $this->listAcls());
     foreach ($newAcls as $repoId => $rightString) {
         //if($rightString == AJXP_VALUE_CLEAR) continue;
         if (empty($rightString) && !empty($roleAcl[$repoId])) {
             $rightString = $roleAcl[$repoId];
         }
         $newRole->setAcl($repoId, $rightString);
     }
     $roleParameters = $role->listParameters(true);
     $newParams = $this->array_merge_recursive2($roleParameters, $this->listParameters(true));
     foreach ($newParams as $repoId => $data) {
         foreach ($data as $pluginId => $param) {
             foreach ($param as $parameterName => $parameterValue) {
                 if ($parameterValue === true || $parameterValue === false) {
                     $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId);
                     continue;
                 }
                 if ($parameterValue == AJXP_VALUE_CLEAR) {
                     continue;
                 }
                 if ($parameterValue === "" && !empty($roleParameters[$repoId][$pluginId][$parameterName])) {
                     $parameterValue = $newParams[$repoId][$pluginId][$parameterName];
                 }
                 $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId);
             }
         }
     }
     $newActions = $this->array_merge_recursive2($role->listActionsStates(), $this->listActionsStates());
     foreach ($newActions as $repoId => $data) {
         foreach ($data as $pluginId => $action) {
             foreach ($action as $actionName => $actionState) {
                 $newRole->setActionState($pluginId, $actionName, $repoId, $actionState);
             }
         }
     }
     $roleMasks = $role->listMasks();
     $allKeys = array_merge(array_keys($this->masks), array_keys($roleMasks));
     foreach ($allKeys as $repoId) {
         if (isset($roleMasks[$repoId]) && isset($this->masks[$repoId])) {
             $newRole->setMask($repoId, $roleMasks[$repoId]->override($this->masks[$repoId]));
         } else {
             if (isset($roleMasks[$repoId])) {
                 $newRole->setMask($repoId, $roleMasks[$repoId]);
             } else {
                 $newRole->setMask($repoId, $this->masks[$repoId]);
             }
         }
     }
     return $newRole;
 }
Beispiel #4
0
 /**
  * Specific operations to perform at boot time
  * @static
  * @param array $START_PARAMETERS A HashTable of parameters to send back to the client
  * @return void
  */
 public static function bootSequence(&$START_PARAMETERS)
 {
     if (AJXP_Utils::detectApplicationFirstRun()) {
         return;
     }
     if (file_exists(AJXP_CACHE_DIR . "/admin_counted")) {
         return;
     }
     $rootRole = AuthService::getRole("ROOT_ROLE", false);
     if ($rootRole === false) {
         $rootRole = new AJXP_Role("ROOT_ROLE");
         $rootRole->setLabel("Root Role");
         $rootRole->setAutoApplies(array("standard", "admin"));
         $dashId = "";
         foreach (ConfService::getRepositoriesList("all") as $repositoryId => $repoObject) {
             if ($repoObject->isTemplate) {
                 continue;
             }
             if ($repoObject->getAccessType() == "ajxp_user") {
                 $dashId = $repositoryId;
             }
             $gp = $repoObject->getGroupPath();
             if (empty($gp) || $gp == "/") {
                 if ($repoObject->getDefaultRight() != "") {
                     $rootRole->setAcl($repositoryId, $repoObject->getDefaultRight());
                 }
             }
         }
         if (!empty($dashId)) {
             $rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", $dashId);
         }
         $paramNodes = AJXP_PluginsService::searchAllManifests("//server_settings/param[@scope]", "node", false, false, true);
         if (is_array($paramNodes) && count($paramNodes)) {
             foreach ($paramNodes as $xmlNode) {
                 $default = $xmlNode->getAttribute("default");
                 if (empty($default)) {
                     continue;
                 }
                 $parentNode = $xmlNode->parentNode->parentNode;
                 $pluginId = $parentNode->getAttribute("id");
                 if (empty($pluginId)) {
                     $pluginId = $parentNode->nodeName . "." . $parentNode->getAttribute("name");
                 }
                 $rootRole->setParameterValue($pluginId, $xmlNode->getAttribute("name"), $default);
             }
         }
         AuthService::updateRole($rootRole);
     }
     $miniRole = AuthService::getRole("MINISITE", false);
     if ($miniRole === false) {
         $rootRole = new AJXP_Role("MINISITE");
         $rootRole->setLabel("Minisite Users");
         $actions = array("access.fs" => array("ajxp_link", "chmod", "purge"), "meta.watch" => array("toggle_watch"), "conf.serial" => array("get_bookmarks"), "conf.sql" => array("get_bookmarks"), "index.lucene" => array("index"), "action.share" => array("share"), "gui.ajax" => array("bookmark"), "auth.serial" => array("pass_change"), "auth.sql" => array("pass_change"));
         foreach ($actions as $pluginId => $acts) {
             foreach ($acts as $act) {
                 $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
             }
         }
         AuthService::updateRole($rootRole);
     }
     $miniRole = AuthService::getRole("MINISITE_NODOWNLOAD", false);
     if ($miniRole === false) {
         $rootRole = new AJXP_Role("MINISITE_NODOWNLOAD");
         $rootRole->setLabel("Minisite Users - No Download");
         $actions = array("access.fs" => array("download", "download_chunk", "prepare_chunk_dl", "download_all"));
         foreach ($actions as $pluginId => $acts) {
             foreach ($acts as $act) {
                 $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
             }
         }
         AuthService::updateRole($rootRole);
     }
     $miniRole = AuthService::getRole("GUEST", false);
     if ($miniRole === false) {
         $rootRole = new AJXP_Role("GUEST");
         $rootRole->setLabel("Guest user role");
         $actions = array("access.fs" => array("purge"), "meta.watch" => array("toggle_watch"), "index.lucene" => array("index"));
         $rootRole->setAutoApplies(array("guest"));
         foreach ($actions as $pluginId => $acts) {
             foreach ($acts as $act) {
                 $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_ALL);
             }
         }
         AuthService::updateRole($rootRole);
     }
     $adminCount = AuthService::countAdminUsers();
     if ($adminCount == 0) {
         $authDriver = ConfService::getAuthDriverImpl();
         $adminPass = ADMIN_PASSWORD;
         if ($authDriver->getOption("TRANSMIT_CLEAR_PASS") !== true) {
             $adminPass = md5(ADMIN_PASSWORD);
         }
         AuthService::createUser("admin", $adminPass, true);
         if (ADMIN_PASSWORD == INITIAL_ADMIN_PASSWORD) {
             $userObject = ConfService::getConfStorageImpl()->createUserObject("admin");
             $userObject->setAdmin(true);
             AuthService::updateAdminRights($userObject);
             if (AuthService::changePasswordEnabled()) {
                 $userObject->setLock("pass_change");
             }
             $userObject->save("superuser");
             $START_PARAMETERS["ALERT"] .= "Warning! User 'admin' was created with the initial password '" . INITIAL_ADMIN_PASSWORD . "'. \\nPlease log in as admin and change the password now!";
         }
         AuthService::updateUser($userObject);
     } else {
         if ($adminCount == -1) {
             // Here we may come from a previous version! Check the "admin" user and set its right as admin.
             $confStorage = ConfService::getConfStorageImpl();
             $adminUser = $confStorage->createUserObject("admin");
             $adminUser->setAdmin(true);
             $adminUser->save("superuser");
             $START_PARAMETERS["ALERT"] .= "There is an admin user, but without admin right. Now any user can have the administration rights, \\n your 'admin' user was set with the admin rights. Please check that this suits your security configuration.";
         }
     }
     file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true");
 }
 /**
  * @param AJXP_Role $role
  * @return AJXP_Role
  */
 public function override(AJXP_Role $role)
 {
     $newRole = new AJXP_Role($role->getId());
     $newAcls = $this->array_merge_recursive2($role->listAcls(), $this->listAcls());
     foreach ($newAcls as $repoId => $rightString) {
         if ($rightString == AJXP_VALUE_CLEAR) {
             continue;
         }
         $newRole->setAcl($repoId, $rightString);
     }
     $newParams = $this->array_merge_recursive2($role->listParameters(true), $this->listParameters(true));
     foreach ($newParams as $repoId => $data) {
         foreach ($data as $pluginId => $param) {
             foreach ($param as $parameterName => $parameterValue) {
                 if ($parameterValue === true || $parameterValue === false) {
                     $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId);
                     continue;
                 }
                 if ($parameterValue == AJXP_VALUE_CLEAR) {
                     continue;
                 }
                 $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId);
             }
         }
     }
     $newActions = $this->array_merge_recursive2($role->listActionsStates(), $this->listActionsStates());
     foreach ($newActions as $repoId => $data) {
         foreach ($data as $pluginId => $action) {
             foreach ($action as $actionName => $actionState) {
                 $newRole->setActionState($pluginId, $actionName, $repoId, $actionState);
             }
         }
     }
     return $newRole;
 }