public function tearDown() { parent::tearDown(); $testRole = new Opus_UserRole($this->roleId); $testRole->delete(); $userAccount = new Opus_Account($this->userId); $userAccount->delete(); }
/** * Post-store hook will be called right after the document has been stored * to the database. * * @see {Opus_Model_Plugin_Interface::postStore} */ public function postStore(Opus_Model_AbstractDb $model) { // only index Opus_File instances if (false === $model instanceof Opus_File) { $this->getLogger()->err(__METHOD__ . '#1 argument must be instance of Opus_File'); return; } // only new Opus_File instances if (true !== $model->isNewRecord()) { return; } $config = Zend_Registry::get('Zend_Config'); if (!is_null($config) && isset($config->securityPolicy->files->defaultAccessRole)) { $roleName = $config->securityPolicy->files->defaultAccessRole; // Empty name -> don't set any role for access if (strlen(trim($roleName)) > 0) { $accessRole = Opus_UserRole::fetchByName($roleName); if (is_null($accessRole)) { $this->getLogger()->err(__METHOD__ . ": Failed to add role '{$roleName}' to file " . $model->getId() . "; '{$roleName}' role does not exist!"); return; } $accessRole->appendAccessFile($model->getId()); $accessRole->store(); } } }
/** * Publishes documents and adds the given Person as referee. * * @param array $docIds * @param mixed $userId * @param Opus_Person $person * * FIXME capture success or failure for display afterwards */ public function clear(array $docIds = null, $userId = null, $person = null) { $logger = Zend_Registry::get('Zend_Log'); foreach ($docIds as $docId) { $logger->debug('Change state to "published" for document: ' . $docId); $document = new Opus_Document($docId); $document->setServerState('published'); $date = new Opus_Date(); $date->setNow(); $document->setServerDatePublished($date); $document->setPublishedDate($date); $guest_role = Opus_UserRole::fetchByName('guest'); foreach ($document->getFile() as $file) { $guest_role->appendAccessFile($file->getId()); } if (isset($person)) { $document->addPersonReferee($person); } $enrichment = $document->addEnrichment(); $enrichment->setKeyName('review.accepted_by')->setValue($userId); // TODO: Put into same transaction... $document->store(); $guest_role->store(); } return; }
public function getRolePermissions($acl, $roleName) { $role = Opus_UserRole::fetchByName($roleName); if (is_null($role)) { Zend_Registry::get('Zend_Log')->err("Attempt to load unknown role '{$roleName}'."); return; } $resources = $role->listAccessModules(); $resourcesConfigured = false; $accessibleModules = array(); foreach ($resources as $resource) { if (!strncmp('resource_', $resource, 9)) { // resource (like languages); $resource = new Zend_Acl_Resource(substr($resource, 9)); $acl->allow($roleName, $resource); $resourcesConfigured = true; } else { if (!strncmp('workflow_', $resource, 9)) { // workflow permission $resource = new Zend_Acl_Resource($resource); $acl->allow($roleName, $resource); } else { // module access $accessibleModules[] = $resource; } } } if (!$resourcesConfigured) { foreach ($accessibleModules as $module) { if ($acl->has(new Zend_Acl_Resource($module))) { $acl->allow($roleName, $module); } } } }
public function testRequestUnpublishedDoc() { $r = Opus_UserRole::fetchByName('guest'); $modules = $r->listAccessModules(); $addOaiModuleAccess = !in_array('oai', $modules); if ($addOaiModuleAccess) { $r->appendAccessModule('oai'); $r->store(); } // enable security $config = Zend_Registry::get('Zend_Config'); $security = $config->security; $config->security = '1'; Zend_Registry::set('Zend_Config', $config); $doc = $this->createTestDocument(); $doc->setServerState('unpublished'); $doc->store(); $this->dispatch('/oai/container/index/docId/' . $doc->getId()); if ($addOaiModuleAccess) { $r->removeAccessModule('oai'); $r->store(); } // restore security settings $config->security = $security; Zend_Registry::set('Zend_Config', $config); $this->assertResponseCode(500); $this->assertContains('access to requested document is forbidden', $this->getResponse()->getBody()); }
public function testGetRolesMultiOptions() { $element = new Application_Form_Element_Roles('Roles'); $options = $element->getRolesMultiOptions(); $this->assertEquals(count(Opus_UserRole::getAll()), count($options)); foreach ($options as $value => $label) { $this->assertEquals($value, $label); } }
public function tearDown() { $this->logoutUser(); $this->restoreSecuritySetting(); $user = Opus_Account::fetchAccountByLogin($this->userName); $user->delete(); $userRole = Opus_UserRole::fetchByName($this->roleName); $userRole->delete(); parent::tearDown(); }
/** * Test setting selected roles. */ public function testSetSelectedRoles() { $form = new Admin_Form_IpRange(); $roles = array(); $roles[] = Opus_UserRole::fetchByName('administrator'); $form->setSelectedRoles($roles); $this->assertEquals(1, $form->getElement('roleadministrator')->getValue()); // TODO 'guest' is always selected because of policy $this->assertEquals(1, $form->getElement('roleguest')->getValue()); }
public function getRolesMultiOptions() { $roles = Opus_UserRole::getAll(); $options = array(); foreach ($roles as $role) { $roleName = $role->getDisplayName(); $options[$roleName] = $roleName; } return $options; }
/** * Initialize model with the following fields: * - staringip * - endingip * - Name * * @return void */ protected function _init() { $startingip = new Opus_Model_Field('Startingip'); $endingip = new Opus_Model_Field('Endingip'); $name = new Opus_Model_Field('Name'); $role = new Opus_Model_Field('Role'); $startingip->setMandatory(true)->setValidator(new Zend_Validate_NotEmpty())->setValidator(new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_IP)); $endingip->setMandatory(true)->setValidator(new Zend_Validate_NotEmpty())->setValidator(new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_IP)); $role->setMultiplicity('*')->setDefault(Opus_UserRole::getAll())->setSelection(true); $this->addField($startingip)->addField($endingip)->addField($name)->addField($role); }
/** * Checks if a login name already exists in database. * @param string $login * @return boolean */ protected function _isRoleUsed($role) { try { $role = Opus_UserRole::fetchByName($role); if (empty($role)) { return false; } } catch (Exception $ex) { return false; } return true; }
public static function parseSelectedRoleNames($postData) { $roles = Opus_UserRole::getAll(); $selectedRoles = array(); foreach ($roles as $roleName) { $keyName = 'role' . $roleName; // FIXME: Kludge to avoid undefined array indices. if (!array_key_exists($keyName, $postData)) { continue; } // If role-checkbox is activated, add role to returned array. if ($postData[$keyName]) { $selectedRoles[] = $roleName; } } return $selectedRoles; }
private function addTestAccountWithRoles() { // Make sure, the role exists. $role = Opus_UserRole::fetchByName("administrator"); $this->assertNotNull($role); // Prepare first request. $this->login = '******' . rand(); $this->password = '******'; $this->roles = array("reviewer", "administrator"); $this->requestData = array('login' => $this->login, 'password' => $this->password, 'user-roles' => implode(",", $this->roles)); /* Creating first collection to work with. */ $this->request->setMethod('POST')->setPost($this->requestData); $this->dispatch('/remotecontrol/account/add'); // Make sure, this request returned successfully. $this->assertResponseCode(200); $this->assertController('account'); $this->assertAction('add'); $body = $this->getResponse()->getBody(); $this->checkForBadStringsInHtml($body); $this->assertContains('SUCCESS', $body); }
public function addAction() { $this->_helper->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); $request = $this->getRequest(); $login = $request->getParam('login'); $password = $request->getParam('password'); $userRoles = $request->getParam('user-roles'); $testAccount = Opus_Account::fetchAccountByLogin($login); if (!is_null($testAccount)) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Account '{$login}' already exists."); return; } $account = new Opus_Account(); $account->setLogin($login); $account->setPassword($password); foreach (explode(",", $userRoles) as $roleName) { $roleName = trim($roleName); $role = Opus_UserRole::fetchByName($roleName); if ($role instanceof Opus_UserRole) { $account->addRole($role); } else { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist."); return; } } try { $account->store(); } catch (Opus_Security_Exception $e) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: " . $e->getMessage()); return; } $this->getResponse()->setBody('SUCCESS'); }
public function testFormWithValidDocumentIdSubmitSetsReviewerRole() { $this->loginUser('referee', 'refereereferee'); $loggedUserModel = new Publish_Model_LoggedUser(); $loggedUserId = $loggedUserModel->getUserId(); $docId = $this->createValidDocument($loggedUserId); $session = new Zend_Session_Namespace('Publish'); $session->depositConfirmDocumentId = $docId; $this->request->setMethod('POST')->setPost(array('reviewerid' => $loggedUserId, 'submit' => 'Send')); $this->dispatch('/matheon/select-reviewer/form'); $this->assertResponseCode(200); // Check, that right privilege has been set. $reviewer = Opus_UserRole::fetchByName('reviewer'); $this->assertContains($docId, $reviewer->listAccessDocuments()); }
private function resetSecurity() { $r = Opus_UserRole::fetchByName('guest'); if ($this->_addOaiModuleAccess) { $r->removeAccessModule('oai'); $r->store(); } // restore security settings $config = Zend_Registry::get('Zend_Config'); $config->security = $this->_security; Zend_Registry::set('Zend_Config', $config); }
public function updateFileRoles($file, $selectedRoles) { $selectedRoles = is_array($selectedRoles) ? $selectedRoles : array($selectedRoles); $fileId = $file->getId(); $currentRoleNames = $this->getRolesForFile($fileId); // remove roles that are not selected foreach ($currentRoleNames as $index => $roleName) { if (!in_array($roleName, $selectedRoles)) { $role = Opus_UserRole::fetchByName($roleName); $role->removeAccessFile($fileId); $role->store(); $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' removed."); } } if (count($selectedRoles) == 1 && is_null($selectedRoles[0])) { return; } // add selected roles foreach ($selectedRoles as $roleName) { $role = Opus_UserRole::fetchByName($roleName); if (!is_null($role)) { if (!in_array($roleName, $currentRoleNames)) { $role->appendAccessFile($fileId); $role->store(); $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' added."); } else { $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' already permitted."); } } else { $this->getLogger()->err(__METHOD__ . " Unknown role '{$roleName}'.'"); } } }
public function testPopulateFromRole() { $role = Opus_UserRole::fetchByName('guest'); $form = new Admin_Form_Role($role->getId()); $this->assertEquals('guest', $form->getElement('name')->getValue()); }
/** * Stores roles for document. * * @param <type> $request * * TODO Is it a problem if document is append twice? */ private function storeRoles($request) { $docId = $request->getParam('docid'); $roles = Opus_UserRole::getAll(); foreach ($roles as $role) { $roleName = $role->getName(); $checked = $request->getParam($roleName); if ($checked) { $role->appendAccessDocument($docId); $role->store(); } else { $role->removeAccessDocument($docId); $role->store(); } } }
protected function _isRoleNameExists($name) { $role = Opus_UserRole::fetchByName($name); if (empty($role)) { return false; } else { return true; } }
/** Get OAI-Visibility according to the Role. * * @param string * @return boolean */ private function getVisibilityInOai($subdir) { if (strpos($subdir, "original") === 0 || strpos($subdir, "html") === 0) { return false; } if (!is_null($this->roleId)) { $role = new Opus_UserRole($this->roleId); if ($role->getName() == 'guest') { return true; } } return false; }
public function testUserAccessToInstituteWithInstituteRightsRegression3245() { $testRole = new Opus_UserRole(); $testRole->setName('TestRole'); $testRole->appendAccessModule('admin'); $testRole->appendAccessModule('resource_institutions'); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('role_tester')->setPassword('role_tester'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->enableSecurity(); $this->loginUser('role_tester', 'role_tester'); $this->useEnglish(); $this->dispatch('/admin/dnbinstitute/edit/id/1'); $this->assertNotRedirect(); $this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); $this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); }
private function mapRoles() { $mf = $this->config->migration->mapping->roles; $fp = null; try { $fp = @fopen($mf, 'w'); if (!$fp) { throw new Exception("ERROR Opus3RoleImport: Could not create '" . $mf . "' for Roles.\n"); } } catch (Exception $e) { $this->logger->log($e->getMessage(), Zend_Log::ERR); return; } try { if (count($this->roles) > 0) { foreach ($this->roles as $r) { $name = $r->name; $bereich = $r->bereich; $role = null; if (Opus_UserRole::fetchByname($name)) { $role = Opus_UserRole::fetchByname($name); $this->logger->log("Role in DB found: " . $r->name, Zend_Log::DEBUG); } else { $role = new Opus_UserRole(); $role->setName($r->name); $role->store(); $this->logger->log("Role imported: " . $r->name, Zend_Log::DEBUG); } $db_ips = array(); $db_ips = Opus_Iprange::getAll(); if (count($r->ip) > 0) { foreach ($r->ip as $role_ip) { foreach ($db_ips as $db_ip) { if ($role_ip == $db_ip->getDisplayName()) { $roles = array(); $roles = $db_ip->getRole(); array_push($roles, $role); $db_ip->setRole($roles); $db_ip->store(); } } } } fputs($fp, $r->bereich . ' ' . $role->getId() . "\n"); } } } catch (Exception $e) { $this->logger->log($e->getMessage(), Zend_Log::ERR); } fclose($fp); }
/** * @depends testUpdateActionInvalidInput */ public function testDeleteAction() { $role = Opus_UserRole::fetchByName('testrole2'); $this->assertNotNull($role); $this->dispatch('/admin/role/delete/id/' . $role->getId()); $this->assertModule('admin'); $this->assertController('role'); $this->assertAction('delete'); $this->assertRedirect(); }
public function run($argv) { if (count($argv) < 2) { echo "missing file name\n"; return; } $ignoreHeader = true; if (count($argv) > 3 && $argv[3] == 'noheader') { $ignoreHeader = false; } if (count($argv) > 2) { if (!is_readable($argv[2])) { echo "fulltext directory '" . $argv[2] . "' is not readable -- check path or permissions\n"; } else { $this->_fulltextDir = $argv[2]; $this->_guestRole = Opus_UserRole::fetchByName('guest'); } } $filename = $argv[1]; if (!is_readable($filename)) { echo "import file does not exist or is not readable\n"; } $file = fopen($filename, 'r'); if (!$file) { echo "Error while opening import file\n"; } $rowCounter = 0; $docCounter = 0; $errorCounter = 0; // TODO Feldtrenner und Feldbegrenzer konfigurierbar machen while (($row = fgetcsv($file, 0, "\t", '"', '\\')) != false) { $rowCounter++; $numOfCols = count($row); if ($numOfCols != self::NUM_OF_COLUMNS) { echo "unexpected number of columns ({$numOfCols}) in row {$rowCounter}: row is skipped\n"; // TODO add to reject.log continue; } if ($ignoreHeader && $rowCounter == 1) { continue; } if ($this->processRow($row)) { $docCounter++; } else { $errorCounter++; } } echo "number of rows: {$rowCounter}\n"; echo "number of created docs: {$docCounter}\n"; echo "number of skipped docs: {$errorCounter}\n"; // Informationen zu den vergebenen Bandnummern foreach ($this->_seriesIdsMap as $seriesId => $number) { echo "series # {$seriesId} : max. number is {$number}\n"; } fclose($file); }
public function testAccessUserToFileRegression3281() { $this->enableSecurity(); // test document access as user with document access rights $doc = $this->createTestDocument(); $doc->setServerState('published'); $publishedDocId = $doc->store(); $doc = $this->createTestDocument(); $doc->setServerState('unpublished'); $unpublishedDocId = $doc->store(); $testRole = new Opus_UserRole(); $testRole->setName('test_access'); $testRole->appendAccessDocument($unpublishedDocId); $testRole->appendAccessDocument($publishedDocId); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('test_account')->setPassword('role_tester_user2'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->loginUser('test_account', 'role_tester_user2'); $this->tryAccessForDocument($publishedDocId, true); $this->tryAccessForDocument($unpublishedDocId, true); $this->logoutUser(); }
/** * Updates account information. */ public function updateAction() { if ($this->getRequest()->isPost()) { $button = $this->getRequest()->getParam('cancel'); if (isset($button)) { $this->_helper->redirector('index'); return; } $id = $this->getRequest()->getParam('id'); $accountForm = new Admin_Form_Account($id); $postData = $this->getRequest()->getPost(); $passwordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution (validation context?) $postData['password'] = '******'; $postData['confirmPassword'] = '******'; $passwordChanged = false; } $account = new Opus_Account($id); $postData['oldLogin'] = strtolower($account->getLogin()); if ($accountForm->isValid($postData)) { $account->setFirstName($postData['firstname']); $account->setLastName($postData['lastname']); $account->setEmail($postData['email']); $oldLogin = strtolower($account->getLogin()); // update login name $newLogin = $postData['username']; if ($newLogin !== $oldLogin) { $account->setLogin($newLogin); $loginChanged = true; } else { $loginChanged = false; } // update password if ($passwordChanged) { $password = $postData['password']; $account->setPassword($password); } // update roles $newRoles = Admin_Form_Account::parseSelectedRoles($postData); // TODO optimize code $hasAdministratorRole = false; foreach ($newRoles as $role) { if (strtolower($role->getDisplayName()) === 'administrator') { $hasAdministratorRole = true; break; } } $currentUser = Zend_Auth::getInstance()->getIdentity(); $isCurrentUser = $currentUser === $oldLogin ? true : false; if (!$hasAdministratorRole && $isCurrentUser) { $newRoles[] = Opus_UserRole::fetchByName('administrator'); } $account->setRole($newRoles); $account->store(); if ($isCurrentUser && ($loginChanged || $passwordChanged)) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'update', 'id' => $id)); $accountForm->setAction($actionUrl); $this->view->form = $accountForm; $this->view->title = 'admin_account_edit'; return $this->renderScript('account/edit.phtml'); } } $this->_helper->redirector('index'); }
public function testFileAccess() { $guest = Opus_UserRole::fetchByName('guest'); $this->assertContains($this->doc->getFile(0)->getId(), $guest->listAccessFiles()); $this->assertContains($this->doc->getFile(1)->getId(), $guest->listAccessFiles()); $this->assertContains($this->doc->getFile(2)->getId(), $guest->listAccessFiles()); }
/** * Regression test for OPUSVIER-2337 */ public function testUnavailableSolrServerReturns503() { $this->requireSolrConfig(); // role guest needs privilege to access module export $r = Opus_UserRole::fetchByName('guest'); $modules = $r->listAccessModules(); $addOaiModuleAccess = !in_array('export', $modules); if ($addOaiModuleAccess) { $r->appendAccessModule('export'); $r->store(); } // manipulate solr configuration $config = Zend_Registry::get('Zend_Config'); $host = $config->searchengine->index->host; $port = $config->searchengine->index->port; $oldValue = $config->searchengine->index->app; $this->disableSolr(); $security = $config->security; $config->security = '1'; Zend_Registry::set('Zend_Config', $config); $this->dispatch('/export/index/index/searchtype/all/export/xml/stylesheet/example'); $body = $this->getResponse()->getBody(); // restore security settings if ($addOaiModuleAccess) { $r->removeAccessModule('export'); $r->store(); } // restore configuration $config = Zend_Registry::get('Zend_Config'); $config->searchengine->index->app = $oldValue; $config->security = $security; Zend_Registry::set('Zend_Config', $config); $this->assertNotContains("http://{$host}:{$port}/solr/corethatdoesnotexist", $body); $this->assertContains("exception 'Application_SearchException' with message 'search server is not responding -- try again later'", $body); $this->assertResponseCode(503); }
public function testRemoveGuestAccess() { $document = $this->createTestDocument(); $file = $document->addFile(); $file->setPathName('testdatei.txt'); $this->documentId = $document->store(); $document = new Opus_Document($this->documentId); $fileId = $document->getFile(0)->getId(); $roleGuest = Opus_UserRole::fetchByName('guest'); $files = $roleGuest->listAccessFiles(); $this->assertContains($fileId, $files); $this->getRequest()->setMethod('POST')->setPost(array('FileManager' => array('Files' => array('File0' => array('Id' => $fileId, 'FileLink' => $fileId, 'Language' => 'deu', 'Comment' => 'Testkommentar', 'Roles' => array('administrator'))), 'Save' => 'Speichern'))); $this->dispatch('/admin/filemanager/index/id/' . $this->documentId); $this->assertRedirectTo('/admin/document/index/id/' . $this->documentId); $roleGuest = Opus_UserRole::fetchByName('guest'); $files = $roleGuest->listAccessFiles(); $this->assertNotContains($fileId, $files); }