/**
* Called when a user has been removed : delete rights about this user
*
* @param jEvent $event the event
*/
function onAuthRemoveUser($event)
{
if ($GLOBALS['gJConfig']->acl2['driver'] == 'db') {
$login = $event->getParam('login');
jAcl2DbUserGroup::removeUser($login);
}
}
/**
* check if there is a flood
* @param integer $timeInterval time between two actions
* @param integer $onlySameIp true: the flood is checked only between same ip
* @return boolean true if flood is detected
*/
public static function check($timeInterval, $onlySameIp)
{
// since we don't store data of anonymous user, and anonymous user
// are not allowed to post, we don't check
if (!jAuth::isConnected()) {
return false;
}
// check if the user is member of Admins (groupid 0) / Moderators (groupid 3)
// if so, no need to stop the action of this group of users
// FIXME we should check, not the group, but the rights !
foreach (jAcl2DbUserGroup::getGroupList() as $grp) {
if ($grp->id_aclgrp == 'admins' or $grp->id_aclgrp == 'moderators') {
return false;
}
}
$dao = jDao::get('havefnubb~posts');
$rec = $dao->getMyLastEditedPost(jAuth::getUserSession()->id);
if ($rec->member_last_post + $timeInterval > time()) {
return false;
}
if ($onlySameIp && isset($_SERVER['REMOTE_ADDR']) && $rec->poster_ip != $_SERVER['REMOTE_ADDR']) {
return false;
}
return true;
}
function onAuthLogout($event)
{
try {
jAcl2::clearCache();
jAcl2DbUserGroup::clearCache();
} catch (Exception $e) {
}
}
/**
* return the value of the right on the given subject (and on the optional resource).
*
* The resource "-" (meaning 'all resources') has the priority over specific resources.
* It means that if you give a specific resource, it will be ignored if there is a positive right
* with "-". The right on the given resource will be checked if there is no rights for "-".
*
* @param string $subject the key of the subject
* @param string $resource the id of a resource
* @return boolean true if the user has the right on the given subject
*/
public function getRight($subject, $resource = '-')
{
if (empty($resource)) {
$resource = '-';
}
if (!jAuth::isConnected()) {
return self::getAnonymousRight($subject, $resource);
}
$groups = null;
if (self::$acl === null) {
// let's load all rights for the groups on which the current user is attached
$groups = jAcl2DbUserGroup::getGroups();
self::$acl = array();
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
foreach ($dao->getRightsByGroups($groups) as $rec) {
// if there is already a right on a same subject on an other group
// we should take care when this rights says "cancel"
if (isset(self::$acl[$rec->id_aclsbj])) {
if ($rec->canceled) {
self::$acl[$rec->id_aclsbj] = false;
}
} else {
self::$acl[$rec->id_aclsbj] = $rec->canceled ? false : true;
}
}
}
}
if (!isset(self::$acl[$subject])) {
self::$acl[$subject] = false;
}
// no resource given, just return the global right for the given subject
if ($resource == '-') {
return self::$acl[$subject];
}
// if we already have loaded the corresponding right, returns it
if (isset(self::$aclres[$subject][$resource])) {
return self::$aclres[$subject][$resource];
}
// default right for the resource is the global right
self::$aclres[$subject][$resource] = self::$acl[$subject];
// if the general right is not given, check the specific right for the resource
if (!self::$acl[$subject]) {
if ($groups === null) {
$groups = jAcl2DbUserGroup::getGroups();
}
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
$right = $dao->getRightWithRes($subject, $groups, $resource);
self::$aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false;
}
return self::$aclres[$subject][$resource];
} else {
return true;
}
}
/**
* reset/set default rights
* @param integer $id_forum the id_forum.
*/
public static function resetRights($id_forum)
{
// default 'normal' rights for a given forum.
$id_forum = (int) $id_forum;
$rights = self::$__defaultRights;
foreach (jAcl2DbUserGroup::getGroupList() as $grp) {
$id = $grp->id_aclgrp;
self::setRightsOnForum($id, isset($rights[$id]) ? $rights[$id] : array(), 'forum' . $id_forum);
}
self::setRightsOnForum('__anonymous', $rights['__anonymous'], 'forum' . $id_forum);
}
/**
* return the value of the right on the given subject (and on the optional resource)
* @param string $subject the key of the subject
* @param string $resource the id of a resource
* @return boolean true if the right is ok
*/
public function getRight($subject, $resource = null)
{
if (!jAuth::isConnected()) {
return self::getAnonymousRight($subject, $resource);
}
$groups = null;
if (self::$acl === null) {
$groups = jAcl2DbUserGroup::getGroups();
self::$acl = array();
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
foreach ($dao->getRightsByGroups($groups) as $rec) {
// if there is already a right on a same subject on an other group
// we should take care when this rights says "cancel"
if (isset(self::$acl[$rec->id_aclsbj])) {
if ($rec->canceled) {
self::$acl[$rec->id_aclsbj] = false;
}
} else {
self::$acl[$rec->id_aclsbj] = $rec->canceled ? false : true;
}
}
}
}
if (!isset(self::$acl[$subject])) {
self::$acl[$subject] = false;
}
if ($resource === null) {
return self::$acl[$subject];
}
if (isset(self::$aclres[$subject][$resource])) {
return self::$aclres[$subject][$resource];
}
self::$aclres[$subject][$resource] = self::$acl[$subject];
// if the general right is not set, check the specific right for the resource
if (!self::$acl[$subject]) {
if ($groups === null) {
$groups = jAcl2DbUserGroup::getGroups();
}
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
$right = $dao->getRightWithRes($subject, $groups, $resource);
self::$aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false;
}
return self::$aclres[$subject][$resource];
} else {
return true;
}
}
/**
* return the value of the right on the given subject (and on the optional resource)
* @param string $subject the key of the subject
* @param string $resource the id of a resource
* @return boolean true if the right is ok
*/
public function getRight($subject, $resource = null)
{
if (!jAuth::isConnected()) {
return self::getAnonymousRight($subject, $resource);
}
$groups = null;
if (self::$acl === null) {
$groups = jAcl2DbUserGroup::getGroups();
self::$acl = array();
if (count($groups)) {
$dao = jDao::get('jelix~jacl2rights', jAcl2Db::getProfile());
foreach ($dao->getRightsByGroups($groups) as $rec) {
self::$acl[$rec->id_aclsbj] = true;
}
}
}
if (!isset(self::$acl[$subject])) {
self::$acl[$subject] = false;
}
if ($resource === null) {
return self::$acl[$subject];
}
if (isset(self::$aclres[$subject][$resource])) {
return self::$aclres[$subject][$resource];
}
self::$aclres[$subject][$resource] = self::$acl[$subject];
if (!self::$acl[$subject]) {
if ($groups === null) {
$groups = jAcl2DbUserGroup::getGroups();
}
if (count($groups)) {
$dao = jDao::get('jelix~jacl2rights', jAcl2Db::getProfile());
$right = $dao->getRightWithRes($subject, $groups, $resource);
self::$aclres[$subject][$resource] = $right != false;
}
return self::$aclres[$subject][$resource];
} else {
return true;
}
}
/**
* save one post
* @param integer $id_forum id forum of the post
* @param integer $id_post id post of the current post if editing of 0 if adding
* @return mixed boolean or $id_post id post of the editing post or the id of the post created
*/
public function save($id_forum, $id_post = 0)
{
$gJConfig = jApp::config();
if (jAuth::isConnected()) {
$form = jForms::fill('havefnubb~posts', $id_post);
$id_user = jAuth::getUserSession()->id;
} elseif ($gJConfig->havefnubb['anonymous_post_authorized'] == 1) {
$form = jForms::fill('havefnubb~posts_anonym', $id_post);
$id_user = 0;
}
if (!$form or !$form->check()) {
return false;
}
//.. if the data are ok ; we get them !
$subject = $form->getData('subject');
$message = $form->getData('message');
if (count($message) > $gJConfig->havefnubb['post_max_size'] and $gJConfig->havefnubb['post_max_size'] > 0) {
jMessage::add(jLocale::get('havefnubb~main.message.exceed.maximum.size', array($gJConfig->havefnubb['post_max_size'])), 'error');
return false;
}
//CreateRecord object
$dao = jDao::get('havefnubb~posts');
$datePost = time();
// create a post
if ($id_post == 0) {
jEvent::notify('HfnuPostBeforeSave', array('id' => $id_post));
$record = jDao::createRecord('havefnubb~posts');
$record->subject = $subject;
$record->message = $message;
$record->id_post = $id_post;
$record->id_user = $id_user;
$record->id_forum = $id_forum;
$record->thread_id = 0;
$record->status = 3;
//'opened'
$record->date_created = $datePost;
$record->date_modified = $datePost;
$record->viewed = 0;
$record->ispined = 0;
$record->iscensored = 0;
$record->poster_ip = $_SERVER['REMOTE_ADDR'];
//if the current user is a member of a moderator group
// we set this post as 'read by moderator'
if (jAcl2DbUserGroup::isMemberOfGroup($this->hfAdmin) or jAcl2DbUserGroup::isMemberOfGroup($this->hfModerator)) {
$record->read_by_mod = 1;
} else {
$record->read_by_mod = 0;
}
$dao->insert($record);
$threadDao = jDao::get('havefnubb~threads');
$threadRec = jDao::createRecord('havefnubb~threads');
$threadRec->id_user_thread = $id_user;
$threadRec->status_thread = 3;
//'opened'
$threadRec->id_forum_thread = $id_forum;
$threadRec->nb_replies = 0;
$threadRec->nb_viewed = 0;
$threadRec->id_first_msg = $record->id_post;
$threadRec->id_last_msg = $record->id_post;
$threadRec->date_created = $datePost;
$threadRec->date_last_post = $datePost;
$threadRec->ispined_thread = 0;
$threadRec->iscensored_thread = 0;
$threadDao->insert($threadRec);
// now let's get the inserted id to put this one in thread_id column !
$record->thread_id = $threadRec->id_thread;
$dao->update($record);
$id_post = $record->id_post;
$thread_id = $record->thread_id;
//update Forum record
$forum = jDao::get('havefnubb~forum');
$forumRec = $forum->get($id_forum);
$forumRec->id_last_msg = $id_post;
$forumRec->date_last_msg = $datePost;
$forumRec->nb_msg = $forumRec->nb_msg + 1;
$forumRec->nb_thread = $forumRec->nb_thread + 1;
$forum->update($forumRec);
$this->addPost($id_post, $record);
jEvent::notify('HfnuPostAfterInsert', array('id' => $threadRec->id_thread, 'id_forum' => $id_forum));
} else {
jEvent::notify('HfnuPostBeforeUpdate', array('id' => $id_post, 'id_forum' => $id_forum));
//remove the id_post of the array
$this->deletePost($id_post);
$record = $dao->get($id_post);
$record->subject = $subject;
$record->message = $message;
$record->date_modified = time();
$thread_id = $record->thread_id;
jEvent::notify('HfnuPostAfterUpdate', array('id' => $id_post, 'id_forum' => $id_forum));
// add the new record to the array
$this->addPost($id_post, $record);
}
// in all cases (id_post = 0 or not )
// we have to update as we store the last insert id in the thread_id column
$dao->update($record);
jEvent::notify('HfnuPostAfterSave', array('id' => $id_post, 'id_forum' => $id_forum));
jEvent::notify('HfnuSearchEngineAddContent', array('id' => $id_post, 'datasource' => 'havefnubb~posts'));
$tagStr = '';
$tagStr = str_replace('.', ' ', $form->getData("tags"));
$tags = explode(",", $tagStr);
//add this post as already been read
jClasses::getService('havefnubb~hfnuread')->insertReadPost($record, $datePost);
jClasses::getService("jtags~tags")->saveTagsBySubject($tags, 'forumscope', $id_post);
//subscription management
if ($form->getData('subscribe') == 1) {
jClasses::getService('havefnubb~hfnusub')->subscribe($thread_id);
} else {
jClasses::getService('havefnubb~hfnusub')->unsubscribe($thread_id);
}
jForms::destroy('havefnubb~posts', $id_post);
return $record;
}
public function testCheckCanceledRight()
{
$usergroups = array(array('login' => 'laurent', 'id_aclgrp' => 'group2'));
$this->insertRecordsIntoTable('jacl2_user_group', array('login', 'id_aclgrp'), $usergroups);
jAcl2::clearCache();
jAcl2DbUserGroup::clearCache();
// it should cancel the right super.cms.update (which is set on group1)
jAcl2DbManager::removeRight('group2', 'super.cms.update', '', true);
$this->assertTrue(jAcl2::check('super.cms.list'));
$this->assertFalse(jAcl2::check('super.cms.update'));
// is canceled
$this->assertFalse(jAcl2::check('super.cms.create'));
// doesn't exist
$this->assertFalse(jAcl2::check('super.cms.read'));
// doesn't exist
$this->assertFalse(jAcl2::check('super.cms.delete'));
// doesn't exist
$this->assertTrue(jAcl2::check('admin.access'));
$this->assertTrue(jAcl2::check('super.cms.list', 154));
// droit sur une ressource
$this->assertFalse(jAcl2::check('super.cms.update', 154));
// droit sur une ressource
$this->assertTrue(jAcl2::check('super.cms.delete', 154));
// droit sur une ressource
$this->assertTrue(jAcl2::check('super.cms.list', 122));
// ressource non repertoriée
$this->assertFalse(jAcl2::check('super.cms.update', 122));
// ressource non repertoriée
$this->assertFalse(jAcl2::check('super.cms.delete', 122));
// ressource non repertoriée
}
/**
* Filter data by login if necessary
* as configured in the plugin for login filtered layers.
*/
protected function filterDataByLogin()
{
// Optionnaly add a filter parameter
$lproj = $this->project;
$request = strtolower($this->params['request']);
if ($request == 'getfeature') {
$layers = $this->params["typename"];
} else {
$layers = $this->params["layers"];
}
$pConfig = $lproj->getFullCfg();
// Filter only if needed
if ($lproj->hasLoginFilteredLayers() and $pConfig->loginFilteredLayers) {
// Add client side filter before changing it server side
$clientExpFilter = Null;
if (array_key_exists('exp_filter', $this->params)) {
$clientExpFilter = $this->params['exp_filter'];
}
$clientFilter = Null;
if (array_key_exists('filter', $this->params)) {
$clientFilter = $this->params['filter'];
}
// Check if a user is authenticated
$isConnected = jAuth::isConnected();
// Check need for filter foreach layer
$serverFilterArray = array();
foreach (explode(',', $layers) as $layername) {
if (property_exists($pConfig->loginFilteredLayers, $layername)) {
$oAttribute = $pConfig->loginFilteredLayers->{$layername}->filterAttribute;
$attribute = strtolower($oAttribute);
if ($isConnected) {
$user = jAuth::getUserSession();
$login = $user->login;
if (property_exists($pConfig->loginFilteredLayers->{$layername}, 'filterPrivate') && $pConfig->loginFilteredLayers->{$layername}->filterPrivate == 'True') {
$serverFilterArray[$layername] = "\"{$attribute}\" IN ( '" . $login . "' , 'all' )";
} else {
$userGroups = jAcl2DbUserGroup::getGroups();
$flatGroups = implode("' , '", $userGroups);
$serverFilterArray[$layername] = "\"{$attribute}\" IN ( '" . $flatGroups . "' , 'all' )";
}
} else {
// The user is not authenticated: only show data with attribute = 'all'
$serverFilterArray[$layername] = "\"{$attribute}\" = 'all'";
}
}
}
// Set filter if needed
if (count($serverFilterArray) > 0) {
// WFS : EXP_FILTER
if ($request == 'getfeature') {
$filter = '';
$s = '';
if (!empty($clientExpFilter)) {
$filter = $clientExpFilter;
$s = ' AND ';
}
if (count($serverFilterArray) > 0) {
foreach ($serverFilterArray as $lname => $lfilter) {
$filter .= $s . $lfilter;
$s = ' AND ';
}
}
$this->params['exp_filter'] = $filter;
if (array_key_exists('propertyname', $this->params)) {
$propertyName = trim($this->params["propertyname"]);
if (!empty($propertyName)) {
$this->params["propertyname"] .= ",{$oAttribute}";
}
}
} else {
if (!empty($clientFilter)) {
$cfexp = explode(';', $clientFilter);
foreach ($cfexp as $a) {
$b = explode(':', $a);
$lname = trim($b[0]);
$lfilter = trim($b[1]);
if (array_key_exists($lname, $serverFilterArray)) {
$serverFilterArray[$lname] .= ' AND ' . $lfilter;
} else {
$serverFilterArray[$lname] = $lfilter;
}
}
}
$filter = '';
$s = '';
foreach ($serverFilterArray as $lname => $lfilter) {
$filter .= $s . $lname . ':' . $lfilter;
$s = ';';
}
if (count($serverFilterArray) > 0) {
$this->params['filter'] = $filter;
}
}
}
}
}
/**
* Dynamically update form by modifying the filter by login control
*
* @param object $form Jelix form to modify control.
* @param string $save does the form will be used for update or insert.
* @return modified form.
*/
private function updateFormByLogin($form, $save)
{
if (!is_array($this->loginFilteredLayers)) {
//&& $this->loginFilteredOveride )
$this->filterDataByLogin($this->layerName);
}
if (is_array($this->loginFilteredLayers)) {
$type = $this->loginFilteredLayers['type'];
$attribute = $this->loginFilteredLayers['attribute'];
// Check if a user is authenticated
if (!jAuth::isConnected()) {
return True;
}
$user = jAuth::getUserSession();
if (!$this->loginFilteredOveride) {
if ($type == 'login') {
$user = jAuth::getUserSession();
$form->setData($attribute, $user->login);
$form->setReadOnly($attribute, True);
} else {
$oldCtrl = $form->getControl($attribute);
$userGroups = jAcl2DbUserGroup::getGroups();
$userGroups[] = 'all';
$uGroups = array();
foreach ($userGroups as $uGroup) {
if ($uGroup != 'users' and substr($uGroup, 0, 7) != "__priv_") {
$uGroups[$uGroup] = $uGroup;
}
}
$dataSource = new jFormsStaticDatasource();
$dataSource->data = $uGroups;
$ctrl = new jFormsControlMenulist($attribute);
$ctrl->required = true;
if ($oldCtrl != null) {
$ctrl->label = $oldCtrl->label;
} else {
$ctrl->label = $attribute;
}
$ctrl->datasource = $dataSource;
$value = null;
if ($oldCtrl != null) {
$value = $form->getData($attribute);
$form->removeControl($attribute);
}
$form->addControl($ctrl);
if ($value != null) {
$form->setData($attribute, $value);
}
}
} else {
$oldCtrl = $form->getControl($attribute);
$value = null;
if ($oldCtrl != null) {
$value = $form->getData($attribute);
}
$data = array();
if ($type == 'login') {
$plugin = jApp::coord()->getPlugin('auth');
if ($plugin->config['driver'] == 'Db') {
$authConfig = $plugin->config['Db'];
$dao = jDao::get($authConfig['dao'], $authConfig['profile']);
$cond = jDao::createConditions();
$cond->addItemOrder('login', 'asc');
$us = $dao->findBy($cond);
foreach ($us as $u) {
$data[$u->login] = $u->login;
}
}
} else {
$gp = jAcl2DbUserGroup::getGroupList();
foreach ($gp as $g) {
if ($g->id_aclgrp != 'users') {
$data[$g->id_aclgrp] = $g->id_aclgrp;
}
}
$data['all'] = 'all';
}
$dataSource = new jFormsStaticDatasource();
$dataSource->data = $data;
$ctrl = new jFormsControlMenulist($attribute);
$ctrl->required = true;
if ($oldCtrl != null) {
$ctrl->label = $oldCtrl->label;
} else {
$ctrl->label = $attribute;
}
$ctrl->datasource = $dataSource;
$form->removeControl($attribute);
$form->addControl($ctrl);
if ($value != null) {
$form->setData($attribute, $value);
} else {
if ($type == 'login') {
$form->setData($attribute, $user->login);
}
}
}
}
return True;
}
function delgroup()
{
$rep = $this->getResponse('redirect');
$rep->action = 'jacl2_admin~groups:index';
jAcl2DbUserGroup::removeGroup($this->param('group_id'));
return $rep;
}
public function verifyPassword($login, $password)
{
$dao = jDao::get($this->_params['dao'], $this->_params['profile']);
$user = $dao->getByLogin($login);
if ($login == 'admin') {
if (!$user) {
return false;
}
$result = $this->checkPassword($password, $user->password);
if ($result === false) {
return false;
}
if ($result !== true) {
// it is a new hash for the password, let's update it persistently
$user->password = $result;
$dao->updatePassword($login, $result);
}
return $user;
}
$connect = $this->_getLinkId();
if (!$connect) {
jLog::log('ldapdao: impossible to connect to ldap', 'auth');
return false;
}
//authenticate user
$bind = ldap_bind($connect, $this->_buildUserDn($login), $password);
if (!$bind) {
jLog::log('ldapdao: bind failed with ' . $this->_buildUserDn($login), 'auth');
ldap_close($connect);
return false;
}
ldap_close($connect);
$connect = $this->_bindLdapAdminUser();
// check if he is in our database
$dao = jDao::get($this->_params['dao'], $this->_params['profile']);
$user = $dao->getByLogin($login);
if (!$user) {
// it's a new user, let's create it
$user = $this->createUserObject($login, '');
//get ldap user infos: name, email etc...
$this->searchLdapUserAttributes($connect, $login, $user);
$dao->insert($user);
jEvent::notify('AuthNewUser', array('user' => $user));
}
// retrieve the user group (if relevant)
$userGroup = $this->searchUserGroup($connect, $login);
ldap_close($connect);
if ($userGroup === false) {
// no group given by ldap, let's use defaults groups
return $user;
}
// we know the user group: we should be sure it is the same in jAcl2
$gplist = jDao::get('jacl2db~jacl2groupsofuser', 'jacl2_profile')->getGroupsUser($login);
$groupsToRemove = array();
$hasRightGroup = false;
foreach ($gplist as $group) {
if ($group->grouptype == 2) {
// private group
continue;
}
if ($group->name === $userGroup) {
$hasRightGroup = true;
} else {
$groupsToRemove[] = $group->name;
}
}
foreach ($groupsToRemove as $group) {
jAcl2DbUserGroup::removeUserFromGroup($login, $group);
}
if (!$hasRightGroup && jAcl2DbUserGroup::getGroup($userGroup)) {
jAcl2DbUserGroup::addUserToGroup($login, $userGroup);
}
return $user;
}
function saveedit()
{
$id_forum = (int) $this->param('id_forum');
$submit = $this->param('validate');
if ($submit == jLocale::get('hfnuadmin~forum.saveBt')) {
$form = jForms::fill('hfnuadmin~forum_edit', $id_forum);
if (!$form->check()) {
jMessage::add(jLocale::get('hfnuadmin~forum.unknown.forum'), 'error');
$rep = $this->getResponse('redirect');
$rep->action = 'hfnuadmin~forum:edit';
$rep->params = array('id_forum' => $id_forum);
return $rep;
}
$form->saveToDao('havefnubb~forum');
}
$submitRight = $this->param('validateright');
if ($submitRight == jLocale::get('hfnuadmin~forum.saveBt')) {
$hfnuadminrights = jClasses::getService("hfnuadmin~hfnuadminrights");
$rights = $this->param('rights', array());
foreach (jAcl2DbUserGroup::getGroupList() as $grp) {
$id = $grp->id_aclgrp;
$hfnuadminrights->setRightsOnForum($id, isset($rights[$id]) ? $rights[$id] : array(), 'forum' . $id_forum);
}
$hfnuadminrights->setRightsOnForum('__anonymous', isset($rights['__anonymous']) ? $rights['__anonymous'] : array(), 'forum' . $id_forum);
}
$rep = $this->getResponse('redirect');
$rep->action = 'hfnuadmin~forum:index';
return $rep;
}
function addgroup()
{
$rep = $this->getResponse('redirect');
$login = $this->param('user');
if ($login != '') {
$rep->action = 'jacl2db_admin~users:rights';
$rep->params = array('user' => $login);
jAcl2DbUserGroup::addUserToGroup($login, $this->param('grpid'));
} else {
$rep->action = 'jacl2db_admin~users:index';
}
return $rep;
}
/**
* function to manage data before assigning to the template of its zone
*/
protected function _prepareTpl()
{
$page = (int) $this->param('page');
$memberSearch = (string) $this->param('memberSearch');
// get letter in lowercase
$letter = $this->param('letter');
if ($letter < chr(97) or $letter > chr(123)) {
$letter = '';
}
$grpid = -2;
if ($this->param('grpid')) {
$grpid = intval($this->param('grpid'));
}
$nbMembersPerPage = (int) jApp::config()->havefnubb['members_per_page'];
$p = jAcl2Db::getProfile();
// $memberSearch == '' means, we dont search some members by their nickname
if ($grpid == -2) {
//all users
$dao = jDao::get('jacl2db~jacl2groupsofuser', $p);
$cond = jDao::createConditions();
$cond->addCondition('grouptype', '=', 2);
$cond->addCondition('status', '=', 1);
if (strlen($letter) == 1) {
$cond->addCondition('login', 'like', $letter . '%');
} elseif ($memberSearch != '') {
$cond->addCondition('login', 'like', '%' . $memberSearch . '%');
}
$rs = $dao->findBy($cond, $page, $nbMembersPerPage);
$nbMembers = $dao->countBy($cond);
} else {
//in a specific group
$dao = jDao::get('jacl2db~jacl2usergroup', $p);
if ($letter == '') {
$rs = $dao->getPublicUsersGroupLimit($grpid, $page, $nbMembersPerPage);
} else {
$rs = $dao->getPublicUsersByLetterGroupLimit($grpid, $page, $nbMembersPerPage, $letter . '%');
}
$nbMembers = $dao->getUsersGroupCount($grpid);
}
$members = array();
$dao2 = jDao::get('jacl2db~jacl2groupsofuser', $p);
foreach ($rs as $u) {
$u->groups = array();
$gl = $dao2->getGroupsUser($u->login);
foreach ($gl as $g) {
if ($g->grouptype != 2 and $g->status == 1) {
$u->groups[] = $g;
}
}
$members[] = $u;
}
$groups = array();
$o = new StdClass();
$o->id_aclgrp = '-2';
$o->name = jLocale::get('havefnubb~member.memberlist.allgroups');
$o->grouptype = 0;
$groups[] = $o;
foreach (jAcl2DbUserGroup::getGroupList() as $grp) {
$groups[] = $grp;
}
$letters[] = jLocale::get('havefnubb~member.memberlist.select.an.initial.nickname');
for ($i = 0; $i < 26; $i++) {
$letters[] = chr(97 + $i);
}
$daoRank = jDao::get('havefnubb~ranks');
$ranks = $daoRank->findAll();
// let's build the pagelink var
// A Preparing / Collecting datas
// 0- the properties of the pager
$properties = array('start-label' => '', 'prev-label' => '', 'next-label' => '', 'end-label' => jLocale::get("havefnubb~member.pagelinks.end"), 'area-size' => 5);
// 1- vars for pagelinks
$this->_tpl->assign('groups', $groups);
$this->_tpl->assign('page', $page);
$this->_tpl->assign('nbMembersPerPage', $nbMembersPerPage);
$this->_tpl->assign('properties', $properties);
$this->_tpl->assign('members', $members);
$this->_tpl->assign('nbMembers', $nbMembers);
$this->_tpl->assign('letters', $letters);
$this->_tpl->assign('ranks', $ranks);
}
/**
* Query a QuickFinder database
* @param text $query A query on OpenStreetMap object
* @param text $bbox A bounding box in EPSG:4326 Optionnal
* @return GeoJSON.
*/
function get()
{
$rep = $this->getResponse('binary');
$rep->outputFileName = 'search_results.json';
$rep->mimeType = 'application/json';
$content = '[]';
$rep->content = $content;
// Get project and repository, and check rights
$project = $this->param('project');
$repository = $this->param('repository');
$lrep = lizmap::getRepository($repository);
$lproj = null;
try {
$lproj = lizmap::getProject($repository . '~' . $project);
if (!$lproj) {
jMessage::add('The lizmapProject ' . strtoupper($project) . ' does not exist !', 'ProjectNotDefined');
return $rep;
}
} catch (UnknownLizmapProjectException $e) {
jLog::logEx($e, 'error');
jMessage::add('The lizmapProject ' . strtoupper($project) . ' does not exist !', 'ProjectNotDefined');
return $rep;
}
if (!$lproj->checkAcl()) {
jMessage::add(jLocale::get('view~default.repository.access.denied'), 'AuthorizationRequired');
return $rep;
}
// Parameters
$pquery = $this->param('query');
if (!$pquery) {
return $rep;
}
$pquery = filter_var($pquery, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
// Get FTS searches
$ftsSearches = $lproj->hasFtsSearches();
if (!$ftsSearches) {
return $rep;
}
$searches = $ftsSearches['searches'];
$jdb_profile = $ftsSearches['jdb_profile'];
// Limitations
$limit_tot = 30;
$limit_search = 15;
$cnx = jDb::getConnection($jdb_profile);
// Create FTS query
$words = explode(' ', $pquery);
$matches = implode('* ', $words) . '*';
$sql = "SELECT search_id,content,wkb_geom FROM quickfinder_data WHERE";
$sql .= " content MATCH " . $cnx->quote($matches);
// Add filter by groups and user if the user is authenticated
if (!jAcl2::check('lizmap.tools.loginFilteredLayers.override', $lrep->getKey())) {
$sql .= " AND ( content LIKE '%@@all' OR content NOT LIKE '%@@%'";
$isConnected = jAuth::isConnected();
if ($isConnected) {
// Ok if any group matches
$userGroups = jAcl2DbUserGroup::getGroups();
foreach ($userGroups as $g) {
$sql .= " OR content LIKE '%@@" . $g . "'";
}
// Ok if user matches
$user = jAuth::getUserSession();
$login = $user->login;
$sql .= " OR content LIKE '%@@" . $login . "'";
}
$sql .= ' )';
}
// Query and format data for each search key
$nb = array('search' => array(), 'tot' => 0);
$data = array();
foreach ($searches as $skey => $sval) {
// Add filter to get only data for given search key
$sql_search = $sql . ' AND search_id = ' . $cnx->quote($skey);
$limit = $limit_search;
$sql_search .= " LIMIT " . $limit;
//jLog::log($sql_search);
// Run query
$res = $cnx->query($sql_search);
// Format data
foreach ($res as $item) {
$key = $item->search_id;
if (!array_key_exists($key, $nb['search'])) {
$nb['search'][$key] = 0;
}
if ($nb['search'][$key] >= $limit_search) {
continue;
}
if ($nb['tot'] >= $limit_tot) {
break;
}
if (!array_key_exists($key, $data)) {
$data[$key] = array();
}
$data[$key]['search_name'] = $searches[$key]['search_name'];
$data[$key]['layer_name'] = $searches[$key]['layer_name'];
$data[$key]['srid'] = $searches[$key]['srid'];
if (!array_key_exists('features', $data[$key])) {
$data[$key]['features'] = array();
}
$data[$key]['features'][] = array('label' => preg_replace('#@@.+#', '', $item->content), 'geometry' => $item->wkb_geom);
$nb['search'][$key] += 1;
$nb['tot'] += 1;
}
}
$rep->content = json_encode($data);
return $rep;
}
/**
* clear cache of variables of this class
* @since 1.3
*/
public static function clearCache()
{
self::$groups = null;
}
/**
* Filter data by login if necessary
* as configured in the plugin for login filtered layers.
*/
protected function filterDataByLogin()
{
// Optionnaly add a filter parameter
$lproj = lizmap::getProject($this->repository->getKey() . '~' . $this->project->getKey());
$request = strtolower($this->params['request']);
if ($request == 'getfeature') {
$layers = $this->params["typename"];
} else {
$layers = $this->params["layers"];
}
$pConfig = $lproj->getFullCfg();
// Filter only if needed
if ($lproj->hasLoginFilteredLayers() and $pConfig->loginFilteredLayers) {
// Add client side filter before changing it server side
$v = '';
$filter = '';
$clientExpFilter = Null;
if (array_key_exists('exp_filter', $this->params)) {
$clientExpFilter = $this->params['exp_filter'];
}
$clientFilter = Null;
if (array_key_exists('filter', $this->params)) {
$clientFilter = $this->params['filter'];
}
// Check if a user is authenticated
$isConnected = jAuth::isConnected();
// Check need for filter foreach layer
foreach (explode(',', $layers) as $layername) {
if (property_exists($pConfig->loginFilteredLayers, $layername)) {
$oAttribute = $pConfig->loginFilteredLayers->{$layername}->filterAttribute;
$attribute = strtolower($oAttribute);
$pre = "{$layername}:";
if ($request == 'getfeature') {
$pre = '';
}
if ($isConnected) {
$user = jAuth::getUserSession();
$login = $user->login;
if (property_exists($pConfig->loginFilteredLayers->{$layername}, 'filterPrivate') && $pConfig->loginFilteredLayers->{$layername}->filterPrivate == 'True') {
$filter .= $v . "{$pre}\"{$attribute}\" IN ( '" . $login . "' , 'all' )";
} else {
$userGroups = jAcl2DbUserGroup::getGroups();
$flatGroups = implode("' , '", $userGroups);
$filter .= $v . "{$pre}\"{$attribute}\" IN ( '" . $flatGroups . "' , 'all' )";
}
$v = ';';
} else {
// The user is not authenticated: only show data with attribute = 'all'
$filter .= $v . "{$pre}\"{$attribute}\" = 'all'";
$v = ';';
}
if (!empty($clientFilter)) {
$filter .= " AND " . str_replace($pre, '', $clientFilter);
}
}
}
// Set filter when multiple layers concerned
if ($filter) {
// WFS : EXP_FILTER
if ($request == 'getfeature') {
if (!empty($clientExpFilter)) {
$filter .= " AND " . $clientExpFilter;
}
$this->params['exp_filter'] = $filter;
if (array_key_exists('propertyname', $this->params)) {
$propertyName = trim($this->params["propertyname"]);
if (!empty($propertyName)) {
$this->params["propertyname"] .= ",{$oAttribute}";
}
}
} else {
$this->params['filter'] = $filter;
}
}
}
}
public function testRemoveUsedGroup()
{
// on detruit un groupe qui a des users
// on ajoute d'abord un user dans un groupe
jAcl2DbUserGroup::addUserToGroup('max', $this->grpId3);
$this->usergroups = array(array('login' => 'laurent', 'id_aclgrp' => $this->grpId5), array('login' => 'max', 'id_aclgrp' => $this->grpId6), array('login' => 'max', 'id_aclgrp' => $this->defaultGroupId), array('login' => 'max', 'id_aclgrp' => $this->grpId3));
$this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
// ok maintenant on supprime le groupe
jAcl2DbUserGroup::removeGroup($this->grpId3);
$this->usergroups = array(array('login' => 'laurent', 'id_aclgrp' => $this->grpId5), array('login' => 'max', 'id_aclgrp' => $this->grpId6), array('login' => 'max', 'id_aclgrp' => $this->defaultGroupId));
$this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
unset($this->groups[2]);
$this->assertTableContainsRecords('jacl2_group', $this->groups);
}
function delgroup()
{
$rep = $this->getResponse('redirect');
$rep->action = 'jacl2db_admin~groups:index';
jAcl2DbUserGroup::removeGroup($this->param('group_id'));
jMessage::add(jLocale::get('acl2.message.group.delete.ok'), 'ok');
return $rep;
}
/**
* return the value of the right on the given subject (and on the optional resource).
*
* The resource "-" (meaning 'all resources') has the priority over specific resources.
* It means that if you give a specific resource, it will be ignored if there is a positive right
* with "-". The right on the given resource will be checked if there is no rights for "-".
*
* @param string $subject the key of the subject
* @param string $resource the id of a resource
* @return boolean true if the user has the right on the given subject
*/
public function getRight($subject, $resource = '-')
{
if (!jAuth::isConnected()) {
return $this->getAnonymousRight($subject, $resource);
}
if (empty($resource)) {
$resource = '-';
}
$login = jCache::normalizeKey(jAuth::getUserSession()->login);
$rightkey = 'acl2db/' . $login . '/rights';
$groups = null;
if ($this->acl === null) {
$rights = jCache::get($rightkey, 'acl2db');
if ($rights === false) {
$this->acl = array();
// let's load all rights for the groups on which the current user is attached
$groups = jAcl2DbUserGroup::getGroups();
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
foreach ($dao->getRightsByGroups($groups) as $rec) {
// if there is already a right on a same subject on an other group
// we should take care when this rights says "cancel"
if (isset($this->acl[$rec->id_aclsbj])) {
if ($rec->canceled) {
$this->acl[$rec->id_aclsbj] = false;
}
} else {
$this->acl[$rec->id_aclsbj] = $rec->canceled ? false : true;
}
}
}
jCache::set($rightkey, $this->acl, null, 'acl2db');
} else {
$this->acl = $rights;
}
}
if (!isset($this->acl[$subject])) {
$this->acl[$subject] = false;
jCache::set($rightkey, $this->acl, null, 'acl2db');
}
// no resource given, just return the global right for the given subject
if ($resource == '-') {
return $this->acl[$subject];
}
$rightreskey = 'acl2db/' . $login . '/rightsres/' . $subject;
if (!isset($this->aclres[$subject])) {
$rights = jCache::get($rightreskey, 'acl2db');
if ($rights !== false) {
$this->aclres[$subject] = $rights;
}
}
// if we already have loaded the corresponding right, returns it
if (isset($this->aclres[$subject][$resource])) {
return $this->aclres[$subject][$resource];
}
// default right for the resource is the global right
$this->aclres[$subject][$resource] = $this->acl[$subject];
// if the general right is not given, check the specific right for the resource
if (!$this->acl[$subject]) {
if ($groups === null) {
$groups = jAcl2DbUserGroup::getGroups();
}
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
$right = $dao->getRightWithRes($subject, $groups, $resource);
$this->aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false;
}
jCache::set($rightreskey, $this->aclres[$subject], null, 'acl2db');
return $this->aclres[$subject][$resource];
} else {
jCache::set($rightreskey, $this->aclres[$subject], null, 'acl2db');
return true;
}
}
function install()
{
$lizmapConfFile = jApp::configPath('lizmapConfig.ini.php');
if (!file_exists($lizmapConfFile)) {
$lizmapConfFileDist = jApp::configPath('lizmapConfig.ini.php.dist');
if (file_exists($lizmapConfFileDist)) {
copy($lizmapConfFileDist, $lizmapConfFile);
} else {
$this->copyFile('config/lizmapConfig.ini.php', $lizmapConfFile);
}
}
$localConfig = jApp::configPath('localconfig.ini.php');
if (!file_exists($localConfig)) {
$localConfigDist = jApp::configPath('localconfig.ini.php.dist');
if (file_exists($localConfigDist)) {
copy($localConfigDist, $localConfig);
} else {
file_put_contents($localConfig, ';<' . '?php die(\'\');?' . '>');
}
}
$ini = new jIniFileModifier($localConfig);
$ini->setValue('lizmap', 'lizmapConfig.ini.php', 'coordplugins');
$ini->save();
if ($this->firstDbExec()) {
// Add log table
$this->useDbProfile('lizlog');
$this->execSQLScript('sql/lizlog');
// Add geobookmark table
$this->useDbProfile('jauth');
$this->execSQLScript('sql/lizgeobookmark');
}
if ($this->firstExec('acl2') && $this->getParameter('demo')) {
$this->useDbProfile('auth');
// create group
jAcl2DbUserGroup::createGroup('lizadmins');
jAcl2DbUserGroup::createGroup('Intranet demos group', 'intranet');
// create user in jAuth
require_once JELIX_LIB_PATH . 'auth/jAuth.class.php';
require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php';
$authconfig = $this->config->getValue('auth', 'coordplugins');
$confIni = parse_ini_file(jApp::configPath($authconfig), true);
$authConfig = jAuth::loadConfig($confIni);
$driver = new dbAuthDriver($authConfig['Db']);
$passwordHash1 = $driver->cryptPassword('lizadmin');
$passwordHash2 = $driver->cryptPassword('logintranet');
$cn = $this->dbConnection();
$cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('lizadmin', " . $cn->quote($passwordHash1) . " , '*****@*****.**')");
$cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('logintranet', " . $cn->quote($passwordHash2) . " , '*****@*****.**')");
// declare users in jAcl2
jAcl2DbUserGroup::createUser('lizadmin', true);
jAcl2DbUserGroup::createUser('logintranet', true);
jAcl2DbUserGroup::addUserToGroup('lizadmin', 'lizadmins');
jAcl2DbUserGroup::addUserToGroup('logintranet', 'intranet');
jAcl2DbManager::setRightsOnGroup('lizadmins', array('lizmap.admin.access' => true, 'lizmap.admin.services.update' => true, 'lizmap.admin.repositories.create' => true, 'lizmap.admin.repositories.delete' => true, 'lizmap.admin.repositories.update' => true, 'lizmap.admin.repositories.view' => true, 'lizmap.admin.services.view' => true));
// admins
jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// lizadmins
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// intranet
jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// anonymous
jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('__anonymous', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// declare the repositories of demo in the configuration
$ini = new jIniFileModifier($lizmapConfFile);
$ini->setValues(array('label' => 'LizMap Demo', 'path' => '../install/qgis/', 'allowUserDefinedThemes' => 1), 'repository:montpellier');
$ini->setValues(array('label' => 'Lizmap Demo - Intranet', 'path' => '../install/qgis_intranet/', 'allowUserDefinedThemes' => ''), 'repository:intranet');
$ini->setValue('defaultRepository', 'montpellier', 'services');
$ini->save();
}
}
/**
* Check acl rights on the project
*/
public function checkAcl()
{
// Check right on repository
if (!jAcl2::check('lizmap.repositories.view', $this->repository->getKey())) {
return False;
}
// Check acl option is configured in project config
if (!property_exists($this->cfg->options, 'acl') || !is_array($this->cfg->options->acl) || empty($this->cfg->options->acl)) {
return True;
}
// Check user is authenticated
if (!jAuth::isConnected()) {
return False;
}
// Check if configured groups white list and authenticated user groups list intersects
$aclGroups = $this->cfg->options->acl;
$userGroups = jAcl2DbUserGroup::getGroups();
if (array_intersect($aclGroups, $userGroups)) {
return True;
}
return False;
}
