/**
* Check $action rights returning user
*
* @param string $action
* @param RestoUser $user
* @param string $token
* @param RestoCollection $collection
* @param RestoFeature $feature
*
*/
private function checkRights($action, $user, $token, $collection, $feature)
{
/*
* Get token inititiator - bypass user rights
*/
if (!empty($token)) {
$initiatorEmail = $this->context->dbDriver->check(RestoDatabaseDriver::SHARED_LINK, array('resourceUrl' => $this->context->baseUrl . '/' . $this->context->path, 'token' => $token));
/*
* Non existing Token => exit
*/
if (!$initiatorEmail) {
RestoLogUtil::httpError(403);
}
if ($user->profile['email'] !== $initiatorEmail) {
$user = new RestoUser($this->context->dbDriver->get(RestoDatabaseDriver::USER_PROFILE, array('email' => strtolower($initiatorEmail))), $this->context);
}
} else {
if ($action === 'download' && !$user->hasRightsTo(RestoUser::DOWNLOAD, array('collectionName' => $collection->name, 'featureIdentifier' => $feature->identifier))) {
RestoLogUtil::httpError(403);
}
if ($action === 'visualize' && !$user->hasRightsTo(RestoUser::VISUALIZE, array('collectionName' => $collection->name, 'featureIdentifier' => $feature->identifier))) {
RestoLogUtil::httpError(403);
}
}
return $user;
}
/**
* @depends testGetCollection
*/
public function testRegisteredUser()
{
$this->initContext();
$profile = array('userid' => 2, 'groups' => 'default', 'email' => 'test_email', 'password' => 'test_password', 'username' => 'test_username', 'givenname' => 'test_givenname', 'lastname' => 'test_lastname', 'country' => 'FR', 'organization' => 'test_organization', 'flags' => null, 'topics' => null, 'validatedby' => 'admin', 'validationdate' => 'now()', 'activated' => 1);
$user = new RestoUser($profile, $this->context);
$this->assertEquals(false, $user->isAdmin());
$this->assertEquals(true, $user->isValidated());
$this->assertEquals(false, $user->hasRightsTo('create'));
$this->assertEquals(true, $user->hasRightsTo('download', array('collectionName' => 'Landsat')));
$this->assertEquals(false, $user->hasRightsTo('update', array('collectionName' => 'Landsat')));
$this->assertEquals(true, $user->hasRightsTo('visualize', array('collectionName' => 'Landsat')));
$license = new RestoLicense($this->context, 'Example', true);
$this->assertEquals(true, $license->isApplicableToUser($user));
/*
* Test when user has not signed license
*/
$this->assertEquals(true, $license->hasToBeSignedByUser($user));
/*
* Sign license
*/
$user->signLicense($license);
$signatures = $user->getSignatures();
$this->assertEquals(false, empty($signatures));
/*
* Test when user has signed license
*/
$this->assertEquals(false, $license->hasToBeSignedByUser($user));
$this->assertEquals(false, $user->activate());
$this->assertEquals(true, array_key_exists('token', $user->connect()));
$this->assertEquals(true, $user->disconnect());
$_aa = $this->admin->addGroups('toto');
$_rr = $this->admin->removeGroups('toto');
$this->assertEquals('success', $_aa['status']);
$this->assertEquals('success', $_rr['status']);
}
/**
* Return formated rights
*
* @param RestoUser $user
* @param string $collectionName
* @param string $featureIdentifier
*/
private function getRights($user, $collectionName, $featureIdentifier)
{
return RestoLogUtil::success('Rights for ' . $user->profile['email'], array('email' => $user->profile['email'], 'userid' => $user->profile['userid'], 'groups' => $user->profile['groups'], 'rights' => $user->getRights($collectionName, $featureIdentifier)));
}
/**
* Filter search result on group attribute using
* the groups list from user profile
*
* @param RestoUser $user
* @param RestoModel $model
* @return string
*/
private function prepareFilterQuery_contextualSearch($user, $model)
{
/*
* Admin user has no restriction on search
*/
if ($user->isAdmin()) {
return null;
}
/*
* Merge user groups with 'public' visibility
* Note: feature with 'public' visibility can be seen by every user
* (even unregistered)
*/
$visibilities = array();
$groups = explode(',', (isset($user->profile['groups']) ? $user->profile['groups'] . ',' : '') . 'public');
for ($i = count($groups); $i--;) {
$visibilities[] = '\'' . pg_escape_string($groups[$i]) . '\'';
}
return $model->properties['visibility']['name'] . ' IN (' . join(',', $visibilities) . ')';
}
