function install()
{
if ($this->firstDbExec()) {
$this->useDbProfile('jauth');
jAcl2DbManager::addSubject("lizmap.tools.layer.export", "admin~jacl2.lizmap.tools.layer.export", "lizmap.grp");
}
}
function install()
{
if ($this->firstExec('acl2')) {
$this->useDbProfile('auth');
// create rights
jAcl2DbManager::addSubjectGroup("lizmap.admin.grp", "admin~jacl2.lizmap.admin.grp");
jAcl2DbManager::addSubjectGroup("lizmap.grp", "admin~jacl2.lizmap.grp");
jAcl2DbManager::addSubject("lizmap.admin.access", "admin~jacl2.lizmap.admin.access", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.services.update", "admin~jacl2.lizmap.admin.services.update", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.create", "admin~jacl2.lizmap.admin.repositories.create", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.update", "admin~jacl2.lizmap.admin.repositories.update", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.delete", "admin~jacl2.lizmap.admin.repositories.delete", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.repositories.view", "admin~jacl2.lizmap.repositories.view", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.admin.repositories.view", "admin~jacl2.lizmap.admin.repositories.view", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.admin.services.view", "admin~jacl2.lizmap.admin.services.view", "lizmap.admin.grp");
jAcl2DbManager::addSubject("lizmap.tools.edition.use", "admin~jacl2.lizmap.tools.edition.use", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.tools.loginFilteredLayers.override", "admin~jacl2.lizmap.tools.loginFilteredLayers.override", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.tools.displayGetCapabilitiesLinks", "admin~jacl2.lizmap.tools.displayGetCapabilitiesLinks", "lizmap.grp");
jAcl2DbManager::addSubject("lizmap.tools.layer.export", "admin~jacl2.lizmap.tools.layer.export", "lizmap.grp");
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.view');
jAcl2DbManager::addRight('admins', 'lizmap.admin.services.view');
jAcl2DbManager::addRight('admins', 'lizmap.admin.access');
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.create');
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.delete');
jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.update');
jAcl2DbManager::addRight('admins', 'lizmap.admin.services.update');
}
}
public function testCheckRight()
{
jAcl2DbManager::addSubject('super.cms.list', 'cms~rights.super.cms');
jAcl2DbManager::addSubject('super.cms.update', 'cms~rights.super.cms');
jAcl2DbManager::addSubject('super.cms.delete', 'cms~rights.super.cms');
jAcl2DbManager::addSubject('admin.access', 'admin~rights.access');
jAcl2DbManager::addRight('group1', 'super.cms.list');
jAcl2DbManager::addRight('group1', 'super.cms.update');
jAcl2DbManager::addRight('group1', 'super.cms.delete', 154);
$this->assertTrue(jAcl2::check('super.cms.list'));
$this->assertTrue(jAcl2::check('super.cms.update'));
$this->assertFalse(jAcl2::check('super.cms.create'));
// doesn't exist
$this->assertFalse(jAcl2::check('super.cms.read'));
// doesn't exist
$this->assertFalse(jAcl2::check('super.cms.delete'));
// doesn't exist
$this->assertFalse(jAcl2::check('admin.access'));
$this->assertTrue(jAcl2::check('super.cms.list', 154));
// droit sur une ressource
$this->assertTrue(jAcl2::check('super.cms.update', 154));
// droit sur une ressource
$this->assertTrue(jAcl2::check('super.cms.delete', 154));
// droit sur une ressource
$this->assertTrue(jAcl2::check('super.cms.list', 122));
// ressource non repertoriée
$this->assertTrue(jAcl2::check('super.cms.update', 122));
// ressource non repertoriée
$this->assertFalse(jAcl2::check('super.cms.delete', 122));
// ressource non repertoriée
jAcl2DbManager::addRight('group1', 'admin.access');
$this->assertTrue(jAcl2::check('admin.access'));
}
function postInstall()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('servinfo.access', 'servinfo~servinfo.acl.access');
jAcl2DbManager::addRight('admins', 'servinfo.access');
// for admin group
}
}
function install()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('modulesinfo.access', 'modulesinfo~modulesinfo.acl.access');
jAcl2DbManager::addRight('admins', 'modulesinfo.access');
// for admin group
}
}
function install()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubjectGroup('jprefs.prefs.management', 'jpref_admin~admin.acl.grp.prefs.management');
jAcl2DbManager::addSubject('jprefs.prefs.list', 'jpref_admin~admin.acl.prefs.list', 'jprefs.prefs.management');
jAcl2DbManager::addRight('admins', 'jprefs.prefs.list');
// for admin group
}
}
function install()
{
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('jelixcache.access', 'jelixcache~jelixcache.acl.access');
jAcl2DbManager::addRight('admins', 'jelixcache.access');
// for admin group
//jAcl2DbManager::addRight('moderators', 'jelixcache.access');
}
}
function install()
{
//if ($this->firstDbExec())
// $this->execSQLScript('sql/install');
if ($this->firstExec('acl2')) {
jAcl2DbManager::addSubject('activeusers.configuration', 'activeusers_admin~main.acl.subject');
jAcl2DbManager::addRight('admins', 'activeusers.configuration');
// for admin group
}
}
function install()
{
if ($this->getParameter('masteradmin')) {
$this->config->setValue('loginResponse', 'htmlauth', 'jcommunity');
}
if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) {
jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity');
jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management');
jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change');
// for admin group
}
if ($this->firstExec('preferences')) {
$prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini');
$prefFile = jApp::configPath('preferences.ini.php');
if (file_exists($prefFile)) {
$mainPref = new jIniFileModifier($prefFile);
//import this way to not erase changed value.
$prefIni->import($mainPref);
}
$prefIni->saveAs($prefFile);
}
}
public function testSetNewRightsOnGroup()
{
$this->emptyTable('jacl2_user_group');
$this->emptyTable('jacl2_rights');
$this->emptyTable('jacl2_subject');
$groups = array(array('id_aclgrp' => 'group1', 'name' => 'group1', 'grouptype' => 0, 'ownerlogin' => null), array('id_aclgrp' => 'group2', 'name' => 'group2', 'grouptype' => 0, 'ownerlogin' => null));
$this->insertRecordsIntoTable('jacl2_group', array('id_aclgrp', 'name', 'grouptype', 'ownerlogin'), $groups, true);
jAcl2DbManager::addSubject('super.cms.list', 'cms~rights.super.cms.list');
jAcl2DbManager::addSubject('super.cms.update', 'cms~rights.super.cms.update');
jAcl2DbManager::addSubject('super.cms.create', 'cms~rights.super.cms.update');
jAcl2DbManager::addSubject('super.cms.view', 'cms~rights.super.cms.update');
jAcl2DbManager::addSubject('super.cms.delete', 'cms~rights.super.cms.delete');
$rights = array();
$this->assertTableContainsRecords('jacl2_rights', $rights);
// rights for group 1
$newRights = array('super.cms.list' => 'y', 'super.cms.create' => 'y');
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// rights for group 2 (we won't modify them, we add them to verify that changes on rights of group1
// won't changed rights of group 2)
$newRights = array('super.cms.list' => 'y', 'super.cms.view' => 'y');
jAcl2DbManager::setRightsOnGroup('group2', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// add a right for group 1
$newRights = array('super.cms.list' => 'y', 'super.cms.create' => 'y', 'super.cms.delete' => 'y');
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.delete', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// remove rights for group 1
$newRights = array('super.cms.list' => 'y', 'super.cms.create' => '');
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// new rights for group 1, by deleting existing one and adding new ones
$newRights = array('super.cms.create' => 'y', 'super.cms.update' => 'y');
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// cancel a right for group 1
$newRights = array('super.cms.create' => 'y', 'super.cms.update' => 'n');
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '1'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// changed a canceled right to an approuve right for group 1
$newRights = array('super.cms.create' => 'y', 'super.cms.update' => 'y');
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
// remove all rights for group 1
$newRights = array();
jAcl2DbManager::setRightsOnGroup('group1', $newRights);
$rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'));
$this->assertTableContainsRecords('jacl2_rights', $rights);
}
function install()
{
$authconfig = $this->config->getValue('auth', 'coordplugins');
$authconfigMaster = $this->config->getValue('auth', 'coordplugins', null, true);
$forWS = in_array($this->entryPoint->type, array('json', 'jsonrpc', 'soap', 'xmlrpc'));
$createdConfFile = false;
if (!$authconfig || $forWS && $authconfig == $authconfigMaster) {
//if ($this->entryPoint->type == 'cmdline') {
// return;
//}
if ($forWS) {
$pluginIni = 'authsw.coord.ini.php';
} else {
$pluginIni = 'auth.coord.ini.php';
}
$authconfig = dirname($this->entryPoint->configFile) . '/' . $pluginIni;
if ($this->firstExec($authconfig)) {
// no configuration, let's install the plugin for the entry point
$this->config->setValue('auth', $authconfig, 'coordplugins');
$this->copyFile('var/config/' . $pluginIni, 'epconfig:' . $pluginIni);
$createdConfFile = true;
}
}
$conf = new jIniFileModifier(jApp::configPath($authconfig));
$usedStandardDao = $conf->getValue('dao', 'Db') == 'jauthdb~jelixuser';
$this->useDbProfile($conf->getValue('profile', 'Db'));
if ($createdConfFile) {
mt_srand();
$conf->setValue('persistant_crypt_key', sha1("jelix" . time() . mt_rand()));
$conf->save();
}
if ($this->firstExec($authconfig) && $this->getParameter('rewriteconfig')) {
$conf->setValue('driver', 'Db');
$conf->setValue('dao', 'jcommunity~user', 'Db');
$conf->setValue('form', 'jcommunity~account_admin', 'Db');
$conf->setValue('error_message', 'jcommunity~login.error.notlogged');
$conf->setValue('on_error_action', 'jcommunity~login:out');
$conf->setValue('bad_ip_action', 'jcommunity~login:out');
$conf->setValue('after_logout', 'jcommunity~login:index');
$conf->setValue('enable_after_login_override', 'on');
$conf->setValue('enable_after_logout_override', 'on');
$conf->setValue('after_login', 'jcommunity~account:show');
$conf->save();
}
if ($this->getParameter('masteradmin')) {
$conf->setValue('after_login', 'master_admin~default:index');
$conf->save();
$this->config->setValue('loginResponse', 'htmlauth', 'jcommunity');
}
if ($this->firstDbExec() && !$this->getParameter('notjcommunitytable')) {
$conf->setValue('dao', 'jcommunity~user', 'Db');
$conf->setValue('form', 'jcommunity~account_admin', 'Db');
$conf->save();
$this->execSQLScript('sql/install');
$cn = $this->dbConnection();
if ($usedStandardDao && $this->getParameter('migratejauthdbusers')) {
$cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . "\n (login, password, email, nickname, status, create_date)\n SELECT usr_login, usr_password, usr_email, usr_login, 1, '" . date('Y-m-d H:i:s') . "'\n FROM " . $cn->prefixTable('jlx_user'));
} else {
if ($this->getParameter('defaultuser')) {
require_once JELIX_LIB_PATH . 'auth/jAuth.class.php';
require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php';
$confIni = parse_ini_file(jApp::configPath($authconfig), true);
$authConfig = jAuth::loadConfig($confIni);
$driver = new dbAuthDriver($authConfig['Db']);
$passwordHash = $driver->cryptPassword('admin');
$cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . " (login, password, email, nickname, status, create_date) VALUES\n ('admin', " . $cn->quote($passwordHash) . ", '*****@*****.**', 'admin', 1, '" . date('Y-m-d H:i:s') . "')");
}
}
}
if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) {
jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity');
jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management');
jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change');
// for admin group
}
if ($this->firstExec('preferences')) {
$prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini');
$prefFile = jApp::configPath('preferences.ini.php');
if (file_exists($prefFile)) {
$mainPref = new jIniFileModifier($prefFile);
//import this way to not erase changed value.
$prefIni->import($mainPref);
}
$prefIni->saveAs($prefFile);
}
}
