/**
* Does not respect params
*
* @param string $url
* @return boolean
*/
public static function hasAccessUrl($url)
{
$user = common_session_SessionManager::getSession()->getUser();
try {
$resolver = new ActionResolver($url);
return AclProxy::hasAccess($user, $resolver->getController(), $resolver->getAction(), array());
$className = $resolver->getController();
} catch (ResolverException $e) {
return false;
}
}
protected function verifyAuthorization()
{
$user = common_session_SessionManager::getSession()->getUser();
if (!AclProxy::hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters())) {
$func = new FuncProxy();
$data = new DataAccessControl();
//now go into details to see which kind of permissions are not correct
if ($func->hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters()) && !$data->hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters())) {
throw new PermissionException($user->getIdentifier(), $this->getAction(), $this->getControllerClass(), $this->getExtensionId());
}
throw new tao_models_classes_AccessDeniedException($user->getIdentifier(), $this->getAction(), $this->getControllerClass(), $this->getExtensionId());
}
}
/**
* actions that get prevented by a lock are forwareded to this action
* parameter view is currently ignored
*/
public function locked()
{
$resource = new core_kernel_classes_Resource($this->getRequestParameter('id'));
$lockData = LockManager::getImplementation()->getLockData($resource);
$this->setData('topclass-label', $this->hasRequestParameter('topclass-label') ? $this->getRequestParameter('topclass-label') : __('Resource'));
if (AclProxy::hasAccess(common_session_SessionManager::getSession()->getUser(), __CLASS__, 'forceRelease', array('uri' => $resource->getUri()))) {
$this->setData('id', $resource->getUri());
$this->setData('forceRelease', true);
}
$this->setData('lockDate', $lockData->getCreationTime());
$this->setData('ownerHtml', UserHelper::renderHtmlUser($lockData->getOwnerId()));
if ($this->hasRequestParameter('view') && $this->hasRequestParameter('ext')) {
$this->setView($this->getRequestParameter('view'), $this->getRequestParameter('ext'));
} else {
$this->setView('Lock/locked.tpl', 'tao');
}
}
/**
* get all result delivery execution to display
*/
public function getResults()
{
$page = $this->getRequestParameter('page');
$limit = $this->getRequestParameter('rows');
$order = $this->getRequestParameter('sortby');
$sord = $this->getRequestParameter('sortorder');
$start = $limit * $page - $limit;
$gau = array('order' => $order, 'orderdir' => strtoupper($sord), 'offset' => $start, 'limit' => $limit, 'recursive' => true);
$delivery = new \core_kernel_classes_Resource(tao_helpers_Uri::decode($this->getRequestParameter('classUri')));
try {
$implementation = $this->getResultStorage($delivery);
$this->getClassService()->setImplementation($implementation);
$data = array();
$readOnly = array();
$user = \common_session_SessionManager::getSession()->getUser();
$rights = array('view' => !AclProxy::hasAccess($user, 'oat\\taoOutcomeUi\\controller\\Results', 'viewResult', array()), 'delete' => !AclProxy::hasAccess($user, 'oat\\taoOutcomeUi\\controller\\Results', 'delete', array()));
$results = $this->getClassService()->getImplementation()->getResultByDelivery(array($delivery->getUri()), $gau);
$counti = $this->getClassService()->getImplementation()->countResultByDelivery(array($delivery->getUri()));
foreach ($results as $res) {
$deliveryExecution = \taoDelivery_models_classes_execution_ServiceProxy::singleton()->getDeliveryExecution($res['deliveryResultIdentifier']);
$testTaker = new core_kernel_classes_Resource($res['testTakerIdentifier']);
try {
$startTime = \tao_helpers_Date::displayeDate($deliveryExecution->getStartTime());
} catch (\common_exception_NotFound $e) {
\common_Logger::w($e->getMessage());
$startTime = '';
}
$data[] = array('id' => $deliveryExecution->getIdentifier(), 'ttaker' => _dh($testTaker->getLabel()), 'time' => $startTime);
$readOnly[$deliveryExecution->getIdentifier()] = $rights;
}
$this->returnJson(array('data' => $data, 'page' => floor($start / $limit) + 1, 'total' => ceil($counti / $limit), 'records' => count($data), 'readonly' => $readOnly));
} catch (\common_exception_Error $e) {
$this->returnJson(array('error' => $e->getMessage()));
}
}
/**
* compulte permissions for a node against actions
* @param array[] $actions the actions data with context, name and the resolver
* @param User $user the user
* @param array $node a tree node
* @return array the node augmented with permissions
*/
private function computePermissions($actions, $user, $node)
{
if (isset($node['attributes']['data-uri'])) {
foreach ($actions as $action) {
if ($node['type'] == $action['context'] || $action['context'] == 'resource') {
$resolver = $action['resolver'];
try {
if ($node['type'] == 'class') {
$params = array('classUri' => $node['attributes']['data-uri']);
} else {
$params = array();
foreach ($node['attributes'] as $key => $value) {
if (substr($key, 0, strlen('data-')) == 'data-') {
$params[substr($key, strlen('data-'))] = $value;
}
}
}
$params['id'] = $node['attributes']['data-uri'];
$required = array_keys(ControllerHelper::getRequiredRights($resolver->getController(), $resolver->getAction()));
if (count(array_diff($required, array_keys($params))) == 0) {
$node['permissions'][$action['id']] = AclProxy::hasAccess($user, $resolver->getController(), $resolver->getAction(), $params);
} else {
common_Logger::d('Unable to determine access to ' . $action['id'], 'ACL');
}
//@todo should be a checked exception!
} catch (Exception $e) {
common_Logger::w('Unable to resolve permission for action ' . $action['id'] . ' : ' . $e->getMessage());
}
}
}
}
if (isset($node['children'])) {
foreach ($node['children'] as $index => $child) {
$node['children'][$index] = $this->computePermissions($actions, $user, $child);
}
}
return $node;
}
