/**
* @param string $username
* @param string $password
*
* @return bool
*/
public function authCallback($username, $password)
{
try {
$accessManager = AccessManager::singleton();
$authResult = $accessManager->checkLogin($username, $password);
// module development must be enabled to login via WebDav
$quota = new \Cms\Quota();
if (!$quota->getModuleQuota()->getEnableDev()) {
Registry::getLogger()->log(__METHOD__, __LINE__, sprintf('DAV access denied: module development is disabled (%s)', $username), SbLog::ERR);
return false;
}
// login success?
if (!$accessManager->isAuthResultValid($authResult)) {
Registry::getLogger()->log(__METHOD__, __LINE__, sprintf('DAV access denied: incorrect user credentials (%s)', $username), SbLog::NOTICE);
return false;
}
// only superusers are allowed to login via webdav
$identity = $authResult->getIdentity();
if (!is_array($identity) || !isset($identity['superuser']) || $identity['superuser'] != true) {
Registry::getLogger()->log(__METHOD__, __LINE__, sprintf('DAV access denied: user is not a superuser (%s)', $username), SbLog::ERR);
return false;
}
} catch (\Exception $e) {
Registry::getLogger()->logException(__METHOD__, __LINE__, $e, SbLog::ERR);
return false;
}
// authentication successful
return true;
}
/**
* checks if actual role has access for this request
*
* @param \Zend_Controller_Request_Abstract $request
*/
public function preDispatch(\Zend_Controller_Request_Abstract $request)
{
$accessManager = AccessManager::singleton();
if ($this->isGroupCheckEnabled()) {
$resource = strtolower($request->getControllerName());
$privilege = strtolower($request->getActionName());
if (!$accessManager->isAllowed($resource, $privilege)) {
if ($accessManager->hasIdentityRoleGuest($accessManager->getIdentityAsArray(), true)) {
\Cms\ExceptionStack::addException(new \Cms\Exception(5));
} else {
\Cms\ExceptionStack::addException(new \Cms\Exception(4, __METHOD__, __LINE__, array('resource' => $resource, 'privilege' => $request->getActionName())));
}
}
}
/**
* Sind Fehler aufgetreten, so muss hier explizit auf den Error-Controller
* verwiesen werden.
* Da wir im preDespatch sind greift unsere normale Weiterleitung auf den
* Error-Controller bei nicht gefangenen Exception noch nicht.
*/
if (count(\Cms\ExceptionStack::getExceptions()) > 0) {
$request->setControllerName('Error');
$request->setActionName('error');
}
}
/**
* @param string $username
* @param string $userpassword
*
* @return \Cms\Access\Auth\Result
* @throws \Cms\Exception (auch bei fehlerhafter Anmeldung)
*/
public function checkLogin($username, $userpassword)
{
$accessManager = AccessManager::singleton();
$autResult = $accessManager->checkLogin($username, $userpassword);
if (!$accessManager->isAuthResultValid($autResult)) {
// Login falsch
throw new \Cms\Exception(2008, __METHOD__, __LINE__);
}
return $autResult->getIdentity();
}
/**
* Benutzer am System anmelden
*/
protected function doLogin($userNr, $logout)
{
if ($logout) {
\Cms\Access\Manager::singleton()->logout();
}
$userName = sprintf('*****@*****.**', $userNr);
$userPassword = '******';
$this->assertSuccessfulLogin($userName, $userPassword);
$this->activateGroupCheck();
}
protected function setTicketParamsFromSession()
{
$accessManager = AccessManager::singleton();
$identity = $accessManager->getIdentityAsArray();
if ($accessManager->hasIdentityRoleTicket($identity)) {
if (isset($identity['ticketParams'])) {
$this->getRequest()->setParams($identity['ticketParams']);
}
}
}
/**
* Wird nach dem Routing aufgerufen
*
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function routeShutdown(\Zend_Controller_Request_Abstract $request)
{
$lang = $request->getParam('lang');
if (isset($lang) && $this->setCurrentLang($request->getParam('lang'))) {
return;
}
$identity = AccessManager::singleton()->getIdentityAsArray();
if (isset($identity['language']) && $this->setCurrentLang($identity['language'])) {
return;
}
}
/**
* Pruefung, ob der User angemeldet ist
*
* @return boolean
*/
private function isUserDeclared()
{
$accessManager = AccessManager::singleton();
return $accessManager->hasIdentity();
}
/**
* @return string
*/
private function getUserloginFromSession()
{
$accessManager = AccessManager::singleton();
$identity = $accessManager->getIdentityAsArray();
return isset($identity['email']) ? $identity['email'] : 'unknown-userlogin';
}
protected function _initAuth()
{
$this->bootstrap('router');
$this->bootstrap('frontController');
$router = $this->getResource('router');
$controller = Zend_Controller_Front::getInstance();
$controller->setRouter($router);
$access = AccessManager::singleton();
$access->init($this->getResource('frontController'), \Zend_Auth::getInstance());
}
/**
* @return \Cms\Access\Manager
*/
protected function getAccessManager()
{
return AccessManager::singleton();
}
/**
*
* @param Cms\Data\Website $website
* @return array
*/
protected function getWebsitePrivileges($website)
{
$websiteId = $website->getId();
$accessManager = AccessManager::singleton();
$allWebsitePrivileges = $accessManager->getWebsitePrivileges();
if (is_null($websiteId) || !isset($allWebsitePrivileges[$websiteId])) {
return $this->getBusiness('Group')->getDefaultNegativeWebsitePrivileges();
}
return $allWebsitePrivileges[$websiteId];
}