public function setupDatabaseContent()
{
$this->createIdentification('Student', 'Schüler / Eltern');
$this->createIdentification('Teacher', 'Lehrer');
$this->createIdentification('Management', 'Verwaltung');
$this->createIdentification('System', 'System');
$tblConsumer = Consumer::useService()->getConsumerById(1);
$tblIdentification = $this->getIdentificationByName('System');
$tblRole = Access::useService()->getRoleByName('Administrator');
// System (Gerd)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccdilkui');
$tblAccount = $this->createAccount('System', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
// System (Jens)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccectjge');
$tblAccount = $this->createAccount('Kmiezik', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
// System (Sidney)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgt');
$tblAccount = $this->createAccount('Rackel', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
// System (Johannes)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgr');
$tblAccount = $this->createAccount('Kauschke', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
}
public static function registerModule()
{
Consumer::registerModule();
Token::registerModule();
Access::registerModule();
Account::registerModule();
}
/**
* @return string
*/
public function getContent()
{
if (Access::useService()->hasAuthorization($this->Path)) {
return $this->Template->getContent();
} else {
return '';
}
}
/**
* @return bool|TblRight
*/
public function getTblRight()
{
if (null === $this->tblRight) {
return false;
} else {
return Access::useService()->getRightById($this->tblRight);
}
}
/**
* @return bool|\SPHERE\Application\Platform\Gatekeeper\Authorization\Access\Service\Entity\TblRole
*/
public function getServiceTblRole()
{
if (null === $this->serviceTblRole) {
return false;
} else {
return Access::useService()->getRoleById($this->serviceTblRole);
}
}
/**
* @return bool|TblLevel
*/
public function getTblLevel()
{
if (null === $this->tblLevel) {
return false;
} else {
return Access::useService()->getLevelById($this->tblLevel);
}
}
/**
* @param RouteParameter $Route
*
* @throws \Exception
*/
public static function registerRoute(RouteParameter $Route)
{
if (Access::useService()->hasAuthorization($Route->getPath())) {
if (in_array($Route->getPath(), self::$Router->getRouteList())) {
throw new \Exception(__CLASS__ . ' > Route already available! (' . $Route->getPath() . ')');
} else {
self::$Router->addRoute($Route);
}
}
}
/**
* @return Stage
*/
public static function frontendAccount()
{
$Stage = new Stage('Benutzerkonnten');
$tblAccount = Account::useService()->getAccountBySession();
if ($tblAccount) {
$isSystem = Account::useService()->hasAuthorization($tblAccount, Access::useService()->getRoleByName('Administrator'));
} else {
$isSystem = false;
}
$tblConsumer = Consumer::useService()->getConsumerBySession();
// Token
$tblTokenAll = Token::useService()->getTokenAll();
array_walk($tblTokenAll, function (TblToken &$tblToken) {
if (Account::useService()->getAccountAllByToken($tblToken)) {
$tblToken = false;
} else {
$tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId());
}
});
$tblTokenAll = array_filter($tblTokenAll);
array_unshift($tblTokenAll, new RadioBox('Account[Token]', new \SPHERE\Common\Frontend\Text\Repository\Danger('KEIN Hardware-Token'), null));
// Identification
$tblIdentificationAll = Account::useService()->getIdentificationAll();
/** @noinspection PhpUnusedParameterInspection */
array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification, $Index, $isSystem) {
if ($tblIdentification->getName() == 'System' && !$isSystem) {
$tblIdentification = false;
} else {
$tblIdentification = new RadioBox('Account[Identification]', $tblIdentification->getDescription(), $tblIdentification->getId());
}
}, $isSystem);
$tblIdentificationAll = array_filter($tblIdentificationAll);
// Role
$tblRoleAll = Access::useService()->getRoleAll();
/** @noinspection PhpUnusedParameterInspection */
array_walk($tblRoleAll, function (TblRole &$tblRole, $Index, $isSystem) {
if ($tblRole->getName() == 'Administrator' && !$isSystem) {
$tblRole = false;
} else {
$tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId());
}
}, $isSystem);
$tblRoleAll = array_filter($tblRoleAll);
// Account
$tblAccountAll = Account::useService()->getAccountAll();
array_walk($tblAccountAll, function (TblAccount &$tblAccount) {
/** @noinspection PhpUndefinedFieldInspection */
$tblAccount->Option = new Danger('Löschen', '/Platform/Gatekeeper/Authorization/Account/Destroy', new Remove(), array('Id' => $tblAccount->getId()), 'Löschen');
});
$Stage->setContent(($tblAccountAll ? new TableData($tblAccountAll, new Title('Bestehende Benutzerkonnten'), array('Username' => 'Benutzername')) : new Warning('Keine Benutzerkonnten vorhanden')) . new Form(array(new FormGroup(array(new FormRow(array(new FormColumn((new TextField('Account[Name]', 'Benutzername', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), 4), new FormColumn(new PasswordField('Account[Password]', 'Passwort', 'Passwort', new Lock()), 4), new FormColumn(new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat()), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Benutzerkonnto anlegen')), new FormGroup(array(new FormRow(array(new FormColumn(array(new Panel('Authentifizierungstyp', $tblIdentificationAll)), 4), new FormColumn(array(new Panel('Berechtigungsstufe', $tblRoleAll)), 4), new FormColumn(array(new Panel('Hardware-Token', $tblTokenAll)), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Berechtigungen zuweisen'))), new Primary('Hinzufügen')));
return $Stage;
}
/**
* @param RouteParameter $Route
*
* @throws \Exception
*/
public static function registerRoute(RouteParameter $Route)
{
try {
if (Access::useService()->hasAuthorization($Route->getPath())) {
if (in_array($Route->getPath(), self::$Router->getRouteList())) {
throw new \Exception(__CLASS__ . ' > Route already available! (' . $Route->getPath() . ')');
} else {
self::$Router->addRoute($Route);
}
}
if (!Access::useService()->getRightByName('/' . $Route->getPath())) {
if (!in_array($Route->getPath(), self::$PublicRoutes)) {
array_push(self::$PublicRoutes, '/' . $Route->getPath());
}
}
} catch (\Exception $Exception) {
Main::runSelfHeal($Exception);
}
}
/**
* @param integer $Id
* @param null|integer $tblRight
* @param null|bool $Remove
*
* @return Stage
*/
public function frontendPrivilegeGrantRight($Id, $tblRight, $Remove = null)
{
$Stage = new Stage('Berechtigungen', 'Privileg');
$this->menuButton($Stage);
$tblPrivilege = Access::useService()->getPrivilegeById($Id);
if ($tblPrivilege && null !== $tblRight && ($tblRight = Access::useService()->getRightById($tblRight))) {
if ($Remove) {
Access::useService()->removePrivilegeRight($tblPrivilege, $tblRight);
$Stage->setContent(new Redirect('/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', 0, array('Id' => $Id)));
return $Stage;
} else {
Access::useService()->addPrivilegeRight($tblPrivilege, $tblRight);
$Stage->setContent(new Redirect('/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', 0, array('Id' => $Id)));
return $Stage;
}
}
$tblAccessList = Access::useService()->getRightAllByPrivilege($tblPrivilege);
if (!$tblAccessList) {
$tblAccessList = array();
}
$tblAccessListAvailable = array_udiff(Access::useService()->getRightAll(), $tblAccessList, function (TblRight $ObjectA, TblRight $ObjectB) {
return $ObjectA->getId() - $ObjectB->getId();
});
/** @noinspection PhpUnusedParameterInspection */
array_walk($tblAccessListAvailable, function (TblRight &$Entity, $Index, $Id) {
/** @noinspection PhpUndefinedFieldInspection */
$Entity->Option = new PullRight(new Success('Hinzufügen', '/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', new Plus(), array('Id' => $Id, 'tblRight' => $Entity->getId())));
}, $Id);
/** @noinspection PhpUnusedParameterInspection */
array_walk($tblAccessList, function (TblRight &$Entity, $Index, $Id) {
/** @noinspection PhpUndefinedFieldInspection */
$Entity->Option = new PullRight(new Danger('Entfernen', '/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', new Minus(), array('Id' => $Id, 'tblRight' => $Entity->getId(), 'Remove' => true)));
}, $Id);
$Stage->setContent(new Info($tblPrivilege->getName()) . new Layout(new LayoutGroup(new LayoutRow(array(new LayoutColumn(array(new \SPHERE\Common\Frontend\Layout\Repository\Title('Rechte', 'Zugewiesen'), empty($tblAccessList) ? new Warning('Keine Rechte vergeben') : new TableData($tblAccessList, null, array('Route' => 'Route', 'Option' => 'Optionen'))), 6), new LayoutColumn(array(new \SPHERE\Common\Frontend\Layout\Repository\Title('Rechte', 'Verfügbar'), empty($tblAccessListAvailable) ? new Info('Keine weiteren Rechte verfügbar') : new TableData($tblAccessListAvailable, null, array('Route' => 'Route', 'Option' => 'Optionen'))), 6))))));
return $Stage;
}
/**
* @param IFormInterface $Form
* @param array $Account
*
* @return IFormInterface
*/
public function createAccount(IFormInterface $Form, $Account)
{
if (null === $Account) {
return $Form;
}
$Error = false;
$Username = trim($Account['Name']);
$Password = trim($Account['Password']);
$PasswordSafety = trim($Account['PasswordSafety']);
$tblConsumer = GatekeeperConsumer::useService()->getConsumerBySession();
if (!($tblToken = GatekeeperToken::useService()->getTokenById((int) $Account['Token']))) {
$tblToken = null;
}
if (empty($Username)) {
$Form->setError('Account[Name]', 'Bitte geben Sie einen Benutzernamen an');
$Error = true;
} else {
if (preg_match('!^[a-z0-9]{5,}$!is', $Username)) {
$Username = $tblConsumer->getAcronym() . '-' . $Username;
if (!GatekeeperAccount::useService()->getAccountByUsername($Username)) {
$Form->setSuccess('Account[Name]', '');
} else {
$Form->setError('Account[Name]', 'Der angegebene Benutzername ist bereits vergeben');
$Error = true;
}
} else {
$Form->setError('Account[Name]', 'Der Benutzername darf nur Buchstaben und Zahlen enthalten und muss mindestens 5 Zeichen lang sein');
$Error = true;
}
}
if (empty($Password)) {
$Form->setError('Account[Password]', 'Bitte geben Sie ein Passwort an');
$Error = true;
} else {
if (strlen($Password) >= 8) {
$Form->setSuccess('Account[Password]', '');
} else {
$Form->setError('Account[Password]', 'Das Passwort muss mindestens 8 Zeichen lang sein');
$Error = true;
}
}
if (empty($PasswordSafety)) {
$Form->setError('Account[PasswordSafety]', 'Bitte geben Sie das Passwort erneut an');
$Error = true;
}
if ($Password != $PasswordSafety) {
$Form->setError('Account[Password]', '');
$Form->setError('Account[PasswordSafety]', 'Die beiden Passworte stimmen nicht überein');
$Error = true;
} else {
if (!empty($Password) && !empty($PasswordSafety)) {
$Form->setSuccess('Account[PasswordSafety]', '');
} else {
$Form->setError('Account[PasswordSafety]', '');
}
}
if (!$Error) {
$tblAccount = GatekeeperAccount::useService()->insertAccount($Username, $Password, $tblToken, $tblConsumer);
if ($tblAccount) {
$tblIdentification = GatekeeperAccount::useService()->getIdentificationById($Account['Identification']);
GatekeeperAccount::useService()->addAccountAuthentication($tblAccount, $tblIdentification);
if (isset($Account['Role'])) {
foreach ((array) $Account['Role'] as $Role) {
$tblRole = GatekeeperAccess::useService()->getRoleById($Role);
GatekeeperAccount::useService()->addAccountAuthorization($tblAccount, $tblRole);
}
}
if (isset($Account['User'])) {
$tblPerson = Person::useService()->getPersonById($Account['User']);
GatekeeperAccount::useService()->addAccountPerson($tblAccount, $tblPerson);
}
return new Success('Das Benutzerkonnto wurde erstellt') . new Redirect('/Setting/Authorization/Account', 3);
} else {
return new Danger('Das Benutzerkonnto konnte nicht erstellt werden') . new Redirect('/Setting/Authorization/Account', 3);
}
}
return $Form;
}
/**
* @return bool|TblRight[]
*/
public function getTblRightAll()
{
return Access::useService()->getRightAllByPrivilege($this);
}
/**
* @param Link $Link
*
* @return Display
*/
public function addServiceNavigation(Link $Link)
{
if (Access::useService()->hasAuthorization($Link->getRoute()->getValue())) {
if ($Link->isActive()) {
$this->ClusterBreadcrumb = $Link->getName()->getValue();
}
array_push($this->ServiceNavigation, $Link);
}
return $this;
}
/**
* @return bool|TblLevel[]
*/
public function getTblLevelAll()
{
return Access::useService()->getLevelAllByRole($this);
}
/**
* @return Form
*/
private function formAccount()
{
$tblConsumer = Consumer::useService()->getConsumerBySession();
// Identification
$tblIdentificationAll = Account::useService()->getIdentificationAll();
array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification) {
if ($tblIdentification->getName() == 'System') {
$tblIdentification = false;
} else {
switch (strtoupper($tblIdentification->getName())) {
case 'STUDENT':
$Global = $this->getGlobal();
if (!isset($Global->POST['Account']['Identification'])) {
$Global->POST['Account']['Identification'] = $tblIdentification->getId();
$Global->savePost();
}
$Label = $tblIdentification->getDescription();
break;
default:
$Label = $tblIdentification->getDescription() . ' (' . new Key() . ')';
}
$tblIdentification = new RadioBox('Account[Identification]', $Label, $tblIdentification->getId());
}
});
$tblIdentificationAll = array_filter($tblIdentificationAll);
// Role
$tblRoleAll = Access::useService()->getRoleAll();
array_walk($tblRoleAll, function (TblRole &$tblRole) {
if ($tblRole->getName() == 'Administrator') {
$tblRole = false;
} else {
$tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId());
}
});
$tblRoleAll = array_filter($tblRoleAll);
// Token
$Global = $this->getGlobal();
if (!isset($Global->POST['Account']['Token'])) {
$Global->POST['Account']['Token'] = 0;
$Global->savePost();
}
$tblTokenAll = Token::useService()->getTokenAllByConsumer(Consumer::useService()->getConsumerBySession());
array_walk($tblTokenAll, function (TblToken &$tblToken) {
if (Account::useService()->getAccountAllByToken($tblToken)) {
$tblToken = false;
} else {
$tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId());
}
});
$tblTokenAll = array_filter($tblTokenAll);
array_unshift($tblTokenAll, new RadioBox('Account[Token]', new Danger('KEIN Hardware-Schlüssel'), 0));
// Person
$tblPersonAll = Account::useService()->getPersonAllHavingNoAccount();
if ($tblPersonAll) {
array_walk($tblPersonAll, function (TblPerson &$tblPerson) {
$tblPerson = new RadioBox('Account[User]', $tblPerson->getFullName(), $tblPerson->getId());
});
$tblPersonAll = array_filter($tblPersonAll);
}
return new Form(array(new FormGroup(array(new FormRow(array(new FormColumn(new Panel(new PersonKey() . ' Benutzerkonto hinzufügen', array((new TextField('Account[Name]', 'Benutzername (min. 5 Zeichen)', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), new PasswordField('Account[Password]', 'Passwort (min. 8 Zeichen)', 'Passwort', new Lock()), new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat())), Panel::PANEL_TYPE_INFO), 4), new FormColumn(array(new Panel(new Nameplate() . ' Berechtigungsstufe zuweisen', $tblRoleAll, Panel::PANEL_TYPE_INFO), new Panel(new Person() . ' Person zuweisen', $tblPersonAll, Panel::PANEL_TYPE_INFO, null, true)), 4), new FormColumn(array(new Panel(new Lock() . ' Authentifizierungstyp wählen', $tblIdentificationAll, Panel::PANEL_TYPE_INFO), new Panel(new Key() . ' Hardware-Schlüssel zuweisen', $tblTokenAll, Panel::PANEL_TYPE_INFO)), 4)))))));
}
/**
* @return bool|TblPrivilege[]
*/
public function getTblPrivilegeAll()
{
return Access::useService()->getPrivilegeAllByLevel($this);
}