/** * This method should be called when a user claims existing sso account * and it turns out that the sso account he wants to use is already linked * to existing user. In such case all accounts and permissions * from his partial account should be relinked to his existing account. * * @param integer $fromUserId * @param integer $toUserId * @return boolean */ function relinkAccounts($existingUserId, $partialUserId) { $existingAccountIds = $this->getLinkedAccountsIds($existingUserId); $partialAccountIds = $this->getLinkedAccountsIds($partialUserId); $newAccounts = array_diff($partialAccountIds, $existingAccountIds); foreach ($newAccounts as $newAccountId) { if (!OA_Permission::setAccountAccess($newAccountId, $existingUserId)) { return false; } } return $this->addUserPermissions($existingUserId, $this->getUsersPermissions($partialUserId)); }
/** * Links a user to an account. * * @param int $userId * @param int $accountId * @param array $aPermissions array of permissions to set (see OA_Permission.) eg: * array(OA_PERM_SUPER_ACCOUNT, OA_PERM_BANNER_EDIT) * @param array $aAllowedPermissions array of permissions that are allowed to be set. * Confusingly, the array format is different from * $aPermissions in that the permission is set in the * array key. The array value is not used and should be set to true. eg: * array(OA_PERM_SUPER_ACCOUNT => true, OA_PERM_BANNER_EDIT => true) * @return boolean true on successful linking, false otherwise. */ private function linkUserToAccount($userId, $accountId, $aPermissions = null, $aAllowedPermissions = null) { if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) { return false; } if (!$this->checkIdExistence('users', $userId)) { $this->raiseError(self::ERROR_UNKNOWN_USER_ID); return false; } $result = OA_Permission::setAccountAccess($accountId, $userId); if (PEAR::isError($result)) { $this->raiseError($result->getMessage()); return false; } if (!empty($aPermissions)) { $result = OA_Permission::storeUserAccountsPermissions($aPermissions, $accountId, $userId, $aAllowedPermissions); if (PEAR::isError($result)) { $this->raiseError($result->getMessage()); return false; } } return true; }
function _setAccountsAndPermissions($userId, $accountPermissions) { foreach ($accountPermissions as $accountId => $aPermissions) { OA_Permission::setAccountAccess($accountId, $userId); OA_Permission::storeUserAccountsPermissions($aPermissions, $accountId, $userId); } }
/** * Create the admin user and account, plus a default manager * * @param array $aAdmin * @return boolean */ function putAdmin($aAdmin) { // Create Admin account $doAccount = OA_Dal::factoryDO('accounts'); $doAccount->account_name = 'Administrator account'; $doAccount->account_type = OA_ACCOUNT_ADMIN; $adminAccountId = $doAccount->insert(); if (!$adminAccountId) { $this->oLogger->logError('error creating the admin account'); return false; } // Create Manager entity $doAgency = OA_Dal::factoryDO('agency'); $doAgency->name = 'Default manager'; $doAgency->email = $doUser->email_address; $doAgency->active = 1; $agencyId = $doAgency->insert(); if (!$agencyId) { $this->oLogger->logError('error creating the manager entity'); return false; } $doAgency = OA_Dal::factoryDO('agency'); if (!$doAgency->get($agencyId)) { $this->oLogger->logError('error retrieving the manager account ID'); return false; } $agencyAccountId = $doAgency->account_id; // Create Admin user $doUser = OA_Dal::factoryDO('users'); $doUser->contact_name = 'Administrator'; $doUser->email_address = $aAdmin['email']; $doUser->username = $aAdmin['name']; $doUser->password = md5($aAdmin['pword']); $doUser->default_account_id = $agencyAccountId; $doUser->language = $aAdmin['language']; $userId = $doUser->insert(); if (!$userId) { $this->oLogger->logError('error creating the admin user'); return false; } $result = OA_Permission::setAccountAccess($adminAccountId, $userId); if (!$result) { $this->oLogger->logError("error creating access to admin account, account id: {$adminAccountId}, user ID: {$userId}"); return false; } $result = OA_Permission::setAccountAccess($agencyAccountId, $userId); if (!$result) { $this->oLogger->logError("error creating access to default agency account, account id: {$agencyAccountId}, user ID: {$userId}"); return false; } // Insert preferences and return return $this->putDefaultPreferences($adminAccountId); }
/** * A method to create a new user * * @param array $aUser * @return int The User Id */ function createUser($aUser) { $doUser = OA_Dal::factoryDO('users'); $doUser->setFrom($aUser); $userId = $doUser->insert(); if (!$userId) { return false; } $result = OA_Permission::setAccountAccess($this->account_id, $userId); if (!$result) { return false; } return $userId; }
/** * This method modifies an existing agency. Undefined fields do not change * and defined fields with a NULL value also remain unchanged. * * @access public * * @param OA_Dll_AgencyInfo &$oAgency <br /> * <b>For adding</b><br /> * <b>Required properties:</b> agencyName<br /> * <b>Optional properties:</b> contactName, emailAddress, username, password<br /> * * <b>For modify</b><br /> * <b>Required properties:</b> agencyId<br /> * <b>Optional properties:</b> agencyName, contactName, emailAddress<br /> * * @return boolean True if the operation was successful * */ function modify(&$oAgency) { if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) { return false; } $agencyData = (array) $oAgency; // Name $agencyData['name'] = $oAgency->agencyName; // Default fields $agencyData['contact'] = $oAgency->contactName; $agencyData['email'] = $oAgency->emailAddress; if ($this->_validate($oAgency)) { $doAgency = OA_Dal::factoryDO('agency'); if (!isset($agencyData['agencyId'])) { $doAgency->setFrom($agencyData); $oAgency->agencyId = $doAgency->insert(); if ($oAgency->agencyId) { // Set the account ID $doAgency = OA_Dal::staticGetDO('agency', $oAgency->agencyId); $oAgency->accountId = (int) $doAgency->account_id; } if (isset($agencyData['username']) || isset($agencyData['userEmail'])) { // Use the authentication plugin to create the user $oPlugin = OA_Auth::staticGetAuthPlugin(); $userId = $oPlugin->getMatchingUserId($agencyData['userEmail'], $agencyData['username']); $userId = $oPlugin->saveUser($userId, $agencyData['username'], $agencyData['password'], $agencyData['contactName'], $agencyData['userEmail'], $agencyData['language'], $oAgency->accountId); if ($userId) { // Link the user and give permission to create new accounts $aAllowedPermissions = array(OA_PERM_SUPER_ACCOUNT => 'This string intentionally left blank. WTF?'); $aPermissions = array(OA_PERM_SUPER_ACCOUNT); OA_Permission::setAccountAccess($oAgency->accountId, $userId); OA_Permission::storeUserAccountsPermissions($aPermissions, $oAgency->accountId, $userId, $aAllowedPermissions); } } } else { $doAgency->get($agencyData['agencyId']); $doAgency->setFrom($agencyData); $doAgency->update(); } return true; } else { return false; } }
/** * Links user with account and set apropriate messages. * Common method reused across user access pages * * @param integer $userId User ID * @param integer $accountId Account ID * @param array $permissions Array of permissions * @param array $aAllowedPermissions Array of allowed permissions */ function linkUserToAccount($userId, $accountId, $permissions, $aAllowedPermissions) { if (!empty($userId)) { if (!OA_Permission::isUserLinkedToAccount($accountId, $userId)) { OA_Session::setMessage($GLOBALS['strUserLinkedToAccount']); } else { OA_Session::setMessage($GLOBALS['strUserAccountUpdated']); } OA_Permission::setAccountAccess($accountId, $userId); OA_Permission::storeUserAccountsPermissions($permissions, $accountId, $userId, $aAllowedPermissions); } }
/** * Create the admin user and account, plus a default manager, also * inserts admin default timezone preferences * * @param array $aAdmin * @param array $aPrefs * @return boolean */ public function putAdmin($aAdmin, $aPrefs) { try { // init transaction $oDbh = OA_DB::singleton(); $useTransaction = $oDbh->supports('transactions'); if ($useTransaction) { $oDbh->beginTransaction(); } // Create Admin account $doAccount = OA_Dal::factoryDO('accounts'); $doAccount->account_name = 'Administrator account'; $doAccount->account_type = OA_ACCOUNT_ADMIN; $adminAccountId = $doAccount->insert(); if (!$adminAccountId) { throw new Exception('error creating the admin account'); } // Create Manager entity $doAgency = OA_Dal::factoryDO('agency'); $doAgency->name = 'Default manager'; $doAgency->email = $aAdmin['email']; $doAgency->active = 1; $agencyId = $doAgency->insert(); if (!$agencyId) { throw new Exception('error creating the manager entity'); } $doAgency = OA_Dal::factoryDO('agency'); if (!$doAgency->get($agencyId)) { throw new Exception('error retrieving the manager account ID'); } $agencyAccountId = $doAgency->account_id; // Create Admin user $doUser = OA_Dal::factoryDO('users'); $doUser->contact_name = 'Administrator'; $doUser->email_address = $aAdmin['email']; $doUser->username = $aAdmin['name']; $doUser->password = md5($aAdmin['pword']); $doUser->default_account_id = $agencyAccountId; $doUser->language = $aAdmin['language']; $userId = $doUser->insert(); if (!$userId) { throw new Exception('error creating the admin user'); } $result = OA_Permission::setAccountAccess($adminAccountId, $userId); if (!$result) { throw new Exception("error creating access to admin account, account id: {$adminAccountId}, user ID: {$userId}"); } $result = OA_Permission::setAccountAccess($agencyAccountId, $userId); if (!$result) { throw new Exception("error creating access to default agency account, account id: {$agencyAccountId}, user ID: {$userId}"); } $this->putDefaultPreferences($adminAccountId); if (!$this->putTimezoneAccountPreference($aPrefs)) { // rollback if fails throw new Exception(); } if ($useTransaction) { $oDbh->commit(); } } catch (Exception $e) { $this->oLogger->logErrorUnlessEmpty($e->getMessage()); if ($useTransaction) { $oDbh->rollback(); } else { $this->_rollbackPutAdmin(); } return false; } return true; }
/** * This method modifies an existing user. Undefined fields do not change * and defined fields with a NULL value also remain unchanged. * * @access public * * @param OA_Dll_UserInfo $oUser * <b>For adding</b><br /> * <b>Required properties:</b> contactName, emailAddress, defaultAccountId<br /> * <b>Optional properties:</b> username, password (both depending on the authentication type)<br /> * * <b>For modify</b><br /> * <b>Required properties:</b> userId<br /> * <b>Optional properties:</b> contactName, emailAddress, defaultAccountId, password (depending on the authentication type)<br /> * * @return success boolean True if the operation was successful * */ function modify(&$oUser) { if (!isset($oUser->userId)) { // Add $oUser->setDefaultForAdd(); } if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) { return false; } $userData = (array) $oUser; // Name $userData['contact_name'] = $oUser->contactName; $userData['email_address'] = $oUser->emailAddress; $userData['default_account_id'] = $oUser->defaultAccountId; // Add a reference for username and password, they might be modified during validation $userData['username'] =& $oUser->username; $userData['password'] =& $oUser->password; if ($this->_validate($oUser)) { $doUser = OA_Dal::factoryDO('users'); if (!isset($userData['userId'])) { $doUser->setFrom($userData); $oUser->userId = $doUser->insert(); if ($oUser->userId) { if (!OA_Permission::setAccountAccess($oUser->defaultAccountId, $oUser->userId)) { $this->raiseError('Could not link the user to the default account'); return false; } } } else { $doUser->get($userData['userId']); $doUser->setFrom($userData); $doUser->update(); } return true; } else { return false; } }