function install()
{
if ($this->firstExec('acl2')) {
$this->useDbProfile('auth');
// create rights
jAcl2DbManager::addSubjectGroup("lizmap.admin.grp", "admin~jacl2.lizmap.admin.grp");
jAcl2DbManager::addSubjectGroup("lizmap.grp", "admin~jacl2.lizmap.grp");
jAcl2DbManager::addSubject("lizmap.admin.access", "admin~jacl2.lizmap.admin.access", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.services.update", "admin~jacl2.lizmap.admin.services.update", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.create", "admin~jacl2.lizmap.admin.repositories.create", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.update", "admin~jacl2.lizmap.admin.repositories.update", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.delete", "admin~jacl2.lizmap.admin.repositories.delete", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.repositories.view", "admin~jacl2.lizmap.repositories.view", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.view", "admin~jacl2.lizmap.admin.repositories.view", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.services.view", "admin~jacl2.lizmap.admin.services.view", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.tools.edition.use", "admin~jacl2.lizmap.tools.edition.use", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.tools.loginFilteredLayers.override", "admin~jacl2.lizmap.tools.loginFilteredLayers.override", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.tools.displayGetCapabilitiesLinks", "admin~jacl2.lizmap.tools.displayGetCapabilitiesLinks", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.tools.layer.export", "admin~jacl2.lizmap.tools.layer.export", "lizmap.grp");
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.view');
jAcl2DbManager::addRight('admins', 'lizmap.admin.services.view');
jAcl2DbManager::addRight('admins', 'lizmap.admin.access');
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.create');
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.delete');
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.update');
jAcl2DbManager::addRight('admins', 'lizmap.admin.services.update');
}
}
function postInstall()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('servinfo.access', 'servinfo~servinfo.acl.access');
jAcl2DbManager::addRight('admins', 'servinfo.access');
// for admin group
}
}
function install()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('modulesinfo.access', 'modulesinfo~modulesinfo.acl.access');
jAcl2DbManager::addRight('admins', 'modulesinfo.access');
// for admin group
}
}
function install()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubjectGroup('jprefs.prefs.management', 'jpref_admin~admin.acl.grp.prefs.management');
jAcl2DbManager::addSubject('jprefs.prefs.list', 'jpref_admin~admin.acl.prefs.list', 'jprefs.prefs.management');
jAcl2DbManager::addRight('admins', 'jprefs.prefs.list');
// for admin group
}
}
function install()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('jelixcache.access', 'jelixcache~jelixcache.acl.access');
jAcl2DbManager::addRight('admins', 'jelixcache.access');
// for admin group
//jAcl2DbManager::addRight('moderators', 'jelixcache.access');
}
}
function install()
{
//if ($this->firstDbExec())
// $this->execSQLScript('sql/install');
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('activeusers.configuration', 'activeusers_admin~main.acl.subject');
jAcl2DbManager::addRight('admins', 'activeusers.configuration');
// for admin group
}
}
/**
* set rights on the given forum
* @param integer $group the group id.
* @param array $rights list of rights key = subject, value = true
* @param string $resource the resource corresponding to the "forum" string + id_forum
*/
public static function setRightsOnForum($group, $rights, $resource)
{
$dao = jDao::get('jacl2db~jacl2rights', jAcl2Db::getProfile());
$dao->deleteHfnuByGroup($group, $resource);
foreach ($rights as $sbj => $val) {
if ($val != '') {
jAcl2DbManager::addRight($group, $sbj, $resource);
}
}
jAcl2::clearCache();
}
function install()
{
if ($this->firstDbExec() && $this->getParameter('demo')) {
$this->useDbProfile('jauth');
// admins
jAcl2DbManager::addRight('admins', 'lizmap.tools.layer.export', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.layer.export', 'montpellier');
// lizadmins
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.layer.export', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.layer.export', 'montpellier');
// intranet
jAcl2DbManager::addRight('intranet', 'lizmap.tools.layer.export', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.layer.export', 'montpellier');
}
}
function install()
{
if ($this->getParameter('masteradmin')) {
$this->config->setValue('loginResponse', 'htmlauth', 'jcommunity');
}
if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) {
jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity');
jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management');
jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change');
// for admin group
}
if ($this->firstExec('preferences')) {
$prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini');
$prefFile = jApp::configPath('preferences.ini.php');
if (file_exists($prefFile)) {
$mainPref = new jIniFileModifier($prefFile);
//import this way to not erase changed value.
$prefIni->import($mainPref);
}
$prefIni->saveAs($prefFile);
}
}
function install()
{
$lizmapConfFile = jApp::configPath('lizmapConfig.ini.php');
if (!file_exists($lizmapConfFile)) {
$lizmapConfFileDist = jApp::configPath('lizmapConfig.ini.php.dist');
if (file_exists($lizmapConfFileDist)) {
copy($lizmapConfFileDist, $lizmapConfFile);
} else {
$this->copyFile('config/lizmapConfig.ini.php', $lizmapConfFile);
}
}
$localConfig = jApp::configPath('localconfig.ini.php');
if (!file_exists($localConfig)) {
$localConfigDist = jApp::configPath('localconfig.ini.php.dist');
if (file_exists($localConfigDist)) {
copy($localConfigDist, $localConfig);
} else {
file_put_contents($localConfig, ';<' . '?php die(\'\');?' . '>');
}
}
$ini = new jIniFileModifier($localConfig);
$ini->setValue('lizmap', 'lizmapConfig.ini.php', 'coordplugins');
$ini->save();
if ($this->firstDbExec()) {
// Add log table
$this->useDbProfile('lizlog');
$this->execSQLScript('sql/lizlog');
// Add geobookmark table
$this->useDbProfile('jauth');
$this->execSQLScript('sql/lizgeobookmark');
}
if ($this->firstExec('acl2') && $this->getParameter('demo')) {
$this->useDbProfile('auth');
// create group
jAcl2DbUserGroup::createGroup('lizadmins');
jAcl2DbUserGroup::createGroup('Intranet demos group', 'intranet');
// create user in jAuth
require_once JELIX_LIB_PATH . 'auth/jAuth.class.php';
require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php';
$authconfig = $this->config->getValue('auth', 'coordplugins');
$confIni = parse_ini_file(jApp::configPath($authconfig), true);
$authConfig = jAuth::loadConfig($confIni);
$driver = new dbAuthDriver($authConfig['Db']);
$passwordHash1 = $driver->cryptPassword('lizadmin');
$passwordHash2 = $driver->cryptPassword('logintranet');
$cn = $this->dbConnection();
$cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('lizadmin', " . $cn->quote($passwordHash1) . " , '*****@*****.**')");
$cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('logintranet', " . $cn->quote($passwordHash2) . " , '*****@*****.**')");
// declare users in jAcl2
jAcl2DbUserGroup::createUser('lizadmin', true);
jAcl2DbUserGroup::createUser('logintranet', true);
jAcl2DbUserGroup::addUserToGroup('lizadmin', 'lizadmins');
jAcl2DbUserGroup::addUserToGroup('logintranet', 'intranet');
jAcl2DbManager::setRightsOnGroup('lizadmins', array('lizmap.admin.access' => true, 'lizmap.admin.services.update' => true, 'lizmap.admin.repositories.create' => true, 'lizmap.admin.repositories.delete' => true, 'lizmap.admin.repositories.update' => true, 'lizmap.admin.repositories.view' => true, 'lizmap.admin.services.view' => true));
// admins
jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet');
jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// lizadmins
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// intranet
jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// anonymous
jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.edition.use', 'montpellier');
jAcl2DbManager::addRight('__anonymous', 'lizmap.repositories.view', 'montpellier');
jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.loginFilteredLayers.override', 'montpellier');
jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier');
// declare the repositories of demo in the configuration
$ini = new jIniFileModifier($lizmapConfFile);
$ini->setValues(array('label' => 'LizMap Demo', 'path' => '../install/qgis/', 'allowUserDefinedThemes' => 1), 'repository:montpellier');
$ini->setValues(array('label' => 'Lizmap Demo - Intranet', 'path' => '../install/qgis_intranet/', 'allowUserDefinedThemes' => ''), 'repository:intranet');
$ini->setValue('defaultRepository', 'montpellier', 'services');
$ini->save();
}
}
/**
* Save rights for a repository.
* Used to save rights for each subject and for each group of one repository.
* @param object $form Jform object concerned.
* @param object $repository Repository key.
* @return boolean Success or failure of the saving.
*/
protected function saveRepositoryRightsFromRequest($form, $repository)
{
// Daos to use
$daoright = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
$daogroup = jDao::get('jacl2db~jacl2group', 'jacl2_profile');
// Loop through the form controls
foreach ($form->getControls() as $ctrl) {
// Filter controls corresponding to lizmap subjects
if (preg_match('#^' . $this->lizmapClientPrefix . '#', $ctrl->ref) && $ctrl->isContainer()) {
$id_aclsbj = $ctrl->ref;
// Edit control ref to get request params
$param = str_replace('.', '_', $id_aclsbj);
// Get values for the selected subject
if (isset(jApp::coord()->request->params[$param])) {
$values = array_values(jApp::coord()->request->params[$param]);
} else {
// the list in the form may be empty, so no parameters
$values = array();
}
// Loop through the groups
foreach ($daogroup->findAll() as $group) {
// Retrieve only normal groups which are not blacklisted
if (!in_array($group->id_aclgrp, $this->groupBlacklist) && $group->grouptype == 0) {
// Add the right if needed else remove it
if (in_array($group->id_aclgrp, $values)) {
jAcl2DbManager::addRight($group->id_aclgrp, $id_aclsbj, $repository);
} else {
$daoright->delete($id_aclsbj, $group->id_aclgrp, $repository);
}
}
}
}
}
}
public function testAddResourceRight()
{
$this->assertTrue(jAcl2DbManager::addRight('group1', 'super.cms.update', 154));
$this->assertTrue(jAcl2DbManager::addRight('group1', 'super.cms.update', 92));
$this->rights[] = array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => '154');
$this->rights[] = array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => '92');
$this->assertTableContainsRecords('jacl2_rights', $this->rights);
}
function install()
{
$authconfig = $this->config->getValue('auth', 'coordplugins');
$authconfigMaster = $this->config->getValue('auth', 'coordplugins', null, true);
$forWS = in_array($this->entryPoint->type, array('json', 'jsonrpc', 'soap', 'xmlrpc'));
$createdConfFile = false;
if (!$authconfig || $forWS && $authconfig == $authconfigMaster) {
//if ($this->entryPoint->type == 'cmdline') {
// return;
//}
if ($forWS) {
$pluginIni = 'authsw.coord.ini.php';
} else {
$pluginIni = 'auth.coord.ini.php';
}
$authconfig = dirname($this->entryPoint->configFile) . '/' . $pluginIni;
if ($this->firstExec($authconfig)) {
// no configuration, let's install the plugin for the entry point
$this->config->setValue('auth', $authconfig, 'coordplugins');
$this->copyFile('var/config/' . $pluginIni, 'epconfig:' . $pluginIni);
$createdConfFile = true;
}
}
$conf = new jIniFileModifier(jApp::configPath($authconfig));
$usedStandardDao = $conf->getValue('dao', 'Db') == 'jauthdb~jelixuser';
$this->useDbProfile($conf->getValue('profile', 'Db'));
if ($createdConfFile) {
mt_srand();
$conf->setValue('persistant_crypt_key', sha1("jelix" . time() . mt_rand()));
$conf->save();
}
if ($this->firstExec($authconfig) && $this->getParameter('rewriteconfig')) {
$conf->setValue('driver', 'Db');
$conf->setValue('dao', 'jcommunity~user', 'Db');
$conf->setValue('form', 'jcommunity~account_admin', 'Db');
$conf->setValue('error_message', 'jcommunity~login.error.notlogged');
$conf->setValue('on_error_action', 'jcommunity~login:out');
$conf->setValue('bad_ip_action', 'jcommunity~login:out');
$conf->setValue('after_logout', 'jcommunity~login:index');
$conf->setValue('enable_after_login_override', 'on');
$conf->setValue('enable_after_logout_override', 'on');
$conf->setValue('after_login', 'jcommunity~account:show');
$conf->save();
}
if ($this->getParameter('masteradmin')) {
$conf->setValue('after_login', 'master_admin~default:index');
$conf->save();
$this->config->setValue('loginResponse', 'htmlauth', 'jcommunity');
}
if ($this->firstDbExec() && !$this->getParameter('notjcommunitytable')) {
$conf->setValue('dao', 'jcommunity~user', 'Db');
$conf->setValue('form', 'jcommunity~account_admin', 'Db');
$conf->save();
$this->execSQLScript('sql/install');
$cn = $this->dbConnection();
if ($usedStandardDao && $this->getParameter('migratejauthdbusers')) {
$cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . "\n (login, password, email, nickname, status, create_date)\n SELECT usr_login, usr_password, usr_email, usr_login, 1, '" . date('Y-m-d H:i:s') . "'\n FROM " . $cn->prefixTable('jlx_user'));
} else {
if ($this->getParameter('defaultuser')) {
require_once JELIX_LIB_PATH . 'auth/jAuth.class.php';
require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php';
$confIni = parse_ini_file(jApp::configPath($authconfig), true);
$authConfig = jAuth::loadConfig($confIni);
$driver = new dbAuthDriver($authConfig['Db']);
$passwordHash = $driver->cryptPassword('admin');
$cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . " (login, password, email, nickname, status, create_date) VALUES\n ('admin', " . $cn->quote($passwordHash) . ", '*****@*****.**', 'admin', 1, '" . date('Y-m-d H:i:s') . "')");
}
}
}
if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) {
jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity');
jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management');
jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change');
// for admin group
}
if ($this->firstExec('preferences')) {
$prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini');
$prefFile = jApp::configPath('preferences.ini.php');
if (file_exists($prefFile)) {
$mainPref = new jIniFileModifier($prefFile);
//import this way to not erase changed value.
$prefIni->import($mainPref);
}
$prefIni->saveAs($prefFile);
}
}
public function testGetRightDisconnect()
{
jAuth::logout();
jAcl2::clearCache();
$this->assertFalse(jAcl2::check('super.cms.list'));
$this->assertFalse(jAcl2::check('admin.access'));
jAcl2::clearCache();
jAcl2DbManager::addRight('__anonymous', 'super.cms.list');
$this->assertTrue(jAcl2::check('super.cms.list'));
$this->assertFalse(jAcl2::check('admin.access'));
jAcl2::clearCache();
}
