protected function _loadEntityMetadata($entityId) { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $entityController = new sspmod_janus_EntityController($janusConfig); $entityController->setEntity($entityId); $entityController->loadEntity(); $this->_entityMetadata = $entityController->getMetaArray(); }
protected function _loadEntity($entityId) { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $entityController = new sspmod_janus_EntityController($janusConfig); $entityController->setEntity($entityId); $entityController->loadEntity(); $this->_entityController = $entityController; return $entityController ? true : false; }
protected function _loadEntityCertificate($entityId) { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $entityController = new sspmod_janus_EntityController($janusConfig); $entityController->setEntity($entityId); $entityController->loadEntity(); try { $certificate = $entityController->getCertificate(); } catch (Exception $e) { $this->_response->Errors[] = "Certificate data invalid!"; return false; } if (!$certificate) { $this->_response->Warnings[] = "No certificate data for this entity"; return false; } $this->_certificate = $certificate; return true; }
$entity = $xpath->query($query); $entityid = $entity->item(0)->getAttribute('entityID'); $query = '/md:EntityDescriptor/md:SPSSODescriptor'; $sp = $xpath->query($query); if ($sp->length > 0) { $type = 'saml20-sp'; } $query = '/md:EntityDescriptor/md:IDPSSODescriptor'; $idp = $xpath->query($query); if ($idp->length > 0) { $type = 'saml20-idp'; } $msg = $mcontrol->createNewEntity($entityid, $type); if (is_int($msg)) { $econtroller = new sspmod_janus_EntityController($janus_config); $econtroller->setEntity((string) $msg); $econtroller->loadEntity(); $pm->subscribe($user->getUid(), 'ENTITYUPDATE-' . $msg); $directlink = SimpleSAML_Module::getModuleURL('janus/editentity.php', array('eid' => $msg)); $pm->post('New entity created', 'Permalink: <a href="' . $directlink . '">' . $directlink . '</a><br /><br />A new entity has been created.<br />Entityid: ' . $_POST['entityid'] . '<br />Entity type: ' . $_POST['entitytype'], 'ENTITYCREATE', $user->getUid()); $msg = 'text_entity_created'; if ($type == 'saml20-sp') { $msg = $econtroller->importMetadata20SP($_POST['metadata_xml'], $update); } else { if ($type == 'saml20-idp') { $msg = $econtroller->importMetadata20IdP($_POST['metadata_xml'], $update); } else { $msg = 'error_metadata_not_import'; } } $econtroller->saveEntity();
$session = SimpleSAML_Session::getInstance(); $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $authSource = $janusConfig->getValue('auth', 'login-admin'); // Validate user if (!$session->isValid($authSource)) { SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php', array('selectedtab' => "'federation'"))); } $entities = array(); $util = new sspmod_janus_AdminUtil(); $userController = new sspmod_janus_UserController($janusConfig); $entities = array_merge($userController->searchEntitiesByType('saml20-idp'), $userController->searchEntitiesByType('saml20-sp')); foreach ($entities as $entity) { /** * @var sspmod_janus_Entity $entity */ $entityId = $entity->getEid(); $entityController = new sspmod_janus_EntityController($janusConfig); $entityController->setEntity($entityId); $entityController->loadEntity(); $controllerEntity = $entityController->getEntity(); $entityType = $controllerEntity->getType(); if (!isset($entities[$entityType])) { $entities[$entityType] = array(); } $entities_info[$entityType][] = array('Id' => $controllerEntity->getEntityid(), 'Name' => $controllerEntity->getPrettyname(), 'WorkflowStatus' => $controllerEntity->getWorkflow(), 'MetadataUrl' => $controllerEntity->getMetadataURL(), 'Eid' => $controllerEntity->getEid()); } ksort($entities_info); $template = new SimpleSAML_XHTML_Template(SimpleSAML_Configuration::getInstance(), 'janus:show-entities-validation.php', 'janus:show-entities-validation'); $template->data['header'] = "Service Registry JANUS entities validation"; $template->data['entities'] = $entities_info; $template->show();
$now = time(); $util = new sspmod_janus_AdminUtil(); if (SimpleSAML_Module::isModuleEnabled('x509')) { $strict_cert_validation = $janus_config->getBoolean('cert.strict.validation', true); $cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array()); $cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30); } $notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5); $meta_time_limit = $now + $notify_meta_expiring_before * 86400; $workflowstates = $janus_config->getValue('workflowstates'); foreach ($util->getEntities() as $entity) { $entry = array(); $eid = $entity['eid']; // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); $mcontroller->setEntity($eid); $mcontroller->loadEntity(); // Grab some basic fields $metadata = $mcontroller->getMetadata(); $entity_id = $mcontroller->getEntity()->getEntityid(); $entity_type = $mcontroller->getEntity()->getType(); $prettyname = $mcontroller->getEntity()->getPrettyname(); $entity_workflow = $mcontroller->getEntity()->getWorkflow(); $metaArray = $mcontroller->getMetaArray(); $entry['entityid'] = $entity_id; $entry['entitytype'] = $entity_type; $entry['prettyname'] = $prettyname; $entry['workflow'] = $entity_workflow; // Check if the entity has all the required fields $metadata_alowed = $janus_config->getArray('metadatafields.' . $entity_type, array()); $metadata_required = array();
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array("Not doing metadata_refresh"); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { $entityController = new sspmod_janus_EntityController($janusConfig); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entity = $entityController->getEntity(); $entityId = $entity->getEntityId(); $metadataUrl = $entity->getMetadataURL(); $metadataCachingInfo = $entityController->getMetadataCaching(); if (empty($metadataUrl)) { $cronLogger->with($entityId)->warn("No metadata url."); continue; } $nextRun = time(); switch ($cronTag) { case 'hourly': $nextRun += 3600; break; case 'daily': $nextRun += 24 * 60 * 60; break; case 'frequent': $nextRun += 0; // How often is frequent? break; default: throw new Exception("Unknown cron tag '{$cronTag}'"); } if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) { $cronLogger->with($entityId)->notice("Should not update, cache still valid."); continue; } $xml = @file_get_contents($metadataUrl); if (!$xml) { $cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? "); continue; } $document = new DOMDocument(); if (!@$document->loadXML($xml)) { $cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?"); continue; } $query = new DOMXPath($document); $nsFound = false; foreach ($query->query('namespace::*') as $node) { if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") { $nsFound = true; break; } } if (!$nsFound) { $cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?"); continue; } $query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata"); $entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]"); if ($entityDescriptorDomElement->length === 0) { $cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?"); continue; } $updated = false; if ($entity->getType() == 'saml20-sp') { $statusCode = $entityController->importMetadata20SP($xml, $updated); if ($statusCode !== 'status_metadata_parsed_ok') { $cronLogger->with($entityId)->error("Entity not updated"); } } else { if ($entity->getType() == 'saml20-idp') { $statusCode = $entityController->importMetadata20IdP($xml, $updated); if ($statusCode !== 'status_metadata_parsed_ok') { $cronLogger->with($entityId)->error("Entity not updated"); } } else { $cronLogger->with($entityId)->error("Failed import of entity. Wrong type"); } } if ($updated) { $this->_mailUpdatedMetaData($entity, $xml); $cronLogger->with($entityId)->notice("Entity updated"); $metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId); $entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']); } else { $cronLogger->with($entityId)->notice("Entity not updated, no changes required"); // Update metadata caching info (validUntil ) $metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId); $entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']); } } } catch (Exception $e) { $cronLogger->error($e->getMessage()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array(); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $srConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $rootCertificatesFile = $srConfig->getString('ca_bundle_file'); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { try { $entityController = new sspmod_janus_EntityController($janusConfig); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entityId = $entityController->getEntity()->getEntityid(); $entityType = $entityController->getEntity()->getType(); try { try { $certificate = $entityController->getCertificate(); // @workaround // Since getCertificate() returns false when certificate does not exist following check is required to skip validation if (empty($certificate)) { throw new Exception('No certificate found'); } } catch (Exception $e) { if ($entityType === 'saml20-sp') { $cronLogger->with($entityId)->notice("SP does not have a certificate"); } else { if ($entityType === 'saml20-idp') { $cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?"); } } continue; } $validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate); $validator->setIgnoreSelfSigned(true); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile); $chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate); $validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain); $validator->setIgnoreSelfSigned(true); $validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } } catch (Exception $e) { $cronLogger->with($entityId)->error($e->getMessage()); } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }
/** * Delete the ARP identified by the aid. * * @return PDOStatement|false The statement or false on error. */ public function delete() { if (empty($this->_aid)) { SimpleSAML_Logger::error('JANUS:ARP:delete - aid needs to be set.'); return false; } $deleteStatement = $this->execute('UPDATE ' . self::$prefix . 'arp SET `deleted` = ? WHERE `aid` = ?;', array(date('c'), $this->_aid)); if ($deleteStatement === false) { return false; } // Get all entities with the just removed ARP $st = $this->execute('SELECT eid FROM ' . self::$prefix . 'entity WHERE `arp` = ?;', array($this->_aid)); if (!$st) { return $deleteStatement; } $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $controller = new sspmod_janus_EntityController($janus_config); // Remove the ARP from all entities $entity_rows = $st->fetchAll(); foreach ($entity_rows as $entity_row) { $controller->setEntity($entity_row['eid']); $controller->loadEntity(); $controller->setArp('0'); $controller->saveEntity(); } return $deleteStatement; }
<?php require_once '/opt/www/serviceregistry/www/_include.php'; # $session = SimpleSAML_Session::getInstance(); $config = SimpleSAML_Configuration::getInstance(); $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $econtroller = new sspmod_janus_EntityController($janus_config); $econtroller->setEntity('http://example.openconext.local'); $econtroller->addMetaData('SingleSignOnService', 'http://example.openconext.local'); # $econtroller->saveEntity();
/** * Create new entity with parsed entityid * * Create a new entity and give the user access to the entity. * * @param string $entityid Entity id for the new entity * @param string $type Entity type * * @return sspmod_janus_Entity|bool Returns the entity or false on error. * @since Method available since Release 1.0.0 */ public function createNewEntity($entityid, $type) { assert('is_string($entityid)'); assert('is_string($type)'); if ($this->isEntityIdInUse($entityid, $errorMessage)) { return $errorMessage; } if ($this->hasEntityIdBeenUsed($entityid, $errorMessage)) { return $errorMessage; } $startstate = $this->_config->getString('workflowstate.default'); // Get the default ARP $default_arp = '0'; $st = $this->execute("SELECT aid FROM " . self::$prefix . "arp WHERE is_default = TRUE AND deleted = ''"); if ($st) { $rows = $st->fetchAll(); if (count($rows) === 1) { $default_arp = $rows[0]['aid']; } } // Instantiate a new entity $entity = new sspmod_janus_Entity($this->_config, true); $entity->setEntityid($entityid); $entity->setWorkflow($startstate); $entity->setType($type); $entity->setArp($default_arp); $entity->setUser($this->_user->getUid()); $entity->setRevisionnote('Entity created.'); $entity->save(); $st = $this->execute('INSERT INTO ' . self::$prefix . 'hasEntity (`uid`, `eid`, `created`, `ip`) VALUES (?, ?, ?, ?);', array($this->_user->getUid(), $entity->getEid(), date('c'), $_SERVER['REMOTE_ADDR'])); if ($st === false) { return 'error_db'; } $ec = new sspmod_janus_EntityController($this->_config); $ec->setEntity($entity); $update = false; // Get metadatafields for new type $nm_mb = new sspmod_janus_MetadatafieldBuilder($this->_config->getArray('metadatafields.' . $type)); $metadatafields = $nm_mb->getMetadatafields(); // Add all required fileds foreach ($metadatafields as $mf) { if (isset($mf->required) && $mf->required === true) { $ec->addMetadata($mf->name, $mf->default); $update = true; } } if ($update === true) { $ec->saveEntity(); } // Reset list of entities $this->_entities = null; $this->_loadEntities(); return $entity->getEid(); }
/** * @param $entityId * @return \sspmod_janus_EntityController */ protected function getEntityControllerForEntityId($entityId) { if (!isset($this->entityControllers[$entityId])) { $controller = new \sspmod_janus_EntityController($this->configuration); $controller->setEntity($entityId); $this->entityControllers[$entityId] = $controller; } return $this->entityControllers[$entityId]; }
protected static function _checkIdPMetadataIsConnectionAllowed(array $data, $revisionId = NULL) { $idpcontroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php')); $idpcontroller->setEntity($data['idpentityid'], $revisionId); if ($idpcontroller->getAllowedAll() != "yes") { $idpblocked = $idpcontroller->getBlockedEntities(); if (count($idpblocked) && !array_key_exists($data['spentityid'], $idpblocked)) { return true; } $idpallowed = $idpcontroller->getAllowedEntities(); if (count($idpallowed) && array_key_exists($data['spentityid'], $idpallowed)) { return true; } return false; } return true; }
private static function getMetadata($eid, $revision, $type = null, array $option = null) { assert('ctype_digit($eid)'); assert('ctype_digit($revision)'); $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $econtroller = new sspmod_janus_EntityController($janus_config); if (!($entity = $econtroller->setEntity($eid, $revision))) { self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revisionid); return false; } $metadata_raw = $econtroller->getMetadata(); // Get metadata fields $nm_mb = new sspmod_janus_MetadatafieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType())); $metadatafields_required = $nm_mb->getMetadatafields(); // Get required metadata fields $required = array(); foreach ($metadatafields_required as $mf) { if (isset($mf->required) && $mf->required === true) { $required[] = $mf->name; } } // Get metadata to me tested $metadata = array(); foreach ($metadata_raw as $k => $v) { // Metadata field not defined if (!isset($metadatafields_required[$v->getKey()])) { continue; } // Value not set for metadata if (is_string($v->getValue()) && $v->getValue() == '') { continue; } // Compute is the default values is allowed $default_allow = false; if (isset($metadatafield_required[$v->getKey()]->default_allow) && is_bool($metadata_required[$v->getKey()]->default_allow)) { $default_allow = $metadata_required[$v->getKey()]->default_allow; } /* * Do not include metadata if value is set to default and default * is not allowed. */ if (!$default_allow && (isset($metadata_required[$v->getKey()]->default) && $v->getValue() == $metadata_required[$v->getKey()]->default)) { continue; } $metadata[] = $v->getKey(); } // Compute missing metadata that is required $missing_required = array_diff($required, $metadata); $entityid = $entity->getEntityid(); if (empty($missing_required)) { try { $metaArray = $econtroller->getMetaArray(); $metaArray['eid'] = $eid; $blocked_entities = $econtroller->getBlockedEntities(); $allowed_entities = $econtroller->getAllowedEntities(); $disable_consent = $econtroller->getDisableConsent(); $metaflat = '// Revision: ' . $entity->getRevisionid() . "\n"; $metaflat .= var_export($entityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ','; // Add authproc filter to block blocked entities if (!empty($blocked_entities) || !empty($allowed_entities)) { $metaflat = substr($metaflat, 0, -2); if (!empty($blocked_entities)) { $metaflat .= " 'blocked' => array(\n"; foreach ($blocked_entities as $bentity => $value) { $metaflat .= " '" . $bentity . "',\n"; } $metaflat .= " ),\n"; } if (!empty($allowed_entities)) { $metaflat .= " 'allowed' => array(\n"; foreach ($allowed_entities as $aentity => $value) { $metaflat .= " '" . $aentity . "',\n"; } $metaflat .= " ),\n"; } $metaflat .= '),'; } // Add disable consent if (!empty($disable_consent)) { $metaflat = substr($metaflat, 0, -2); $metaflat .= " 'consent.disable' => array(\n"; foreach ($disable_consent as $key => $value) { $metaflat .= " '" . $key . "',\n"; } $metaflat .= " ),\n"; $metaflat .= '),'; } $maxCache = isset($option['maxCache']) ? $option['maxCache'] : null; $maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null; try { $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityid, $maxCache, $maxDuration); $metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityid . ' - Error generating XML metadata - ' . var_export($e, true)); self::$_error = array('Error generating XML metadata - ' . $e->getMessage()); return false; } // Add organization info if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) { $metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL'])); } // Add contact info if (!empty($metaArray['contact'])) { $metaBuilder->addContact('technical', $metaArray['contact']); } switch ($type) { case self::XML: return $metaBuilder->getEntityDescriptor(); case self::XMLREADABLE: return $metaBuilder->getEntityDescriptorText(); case self::PHPARRAY: return $metaArray; case self::FLATFILE: default: return $metaflat; } } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance(); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception); } } else { SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityid); self::$_error = $missing_required; return false; } }
throw new SimpleSAML_Error_Exception('eid parameter must be set'); } $eid = $_GET['eid']; if (isset($_GET['revisionid'])) { $revisionid = $_GET['revisionid']; } if (isset($_GET['msg']) && !empty($_GET['msg'])) { $msg = $_GET['msg']; } } else { throw new SimpleSAML_Error_Exception('eid and revisionid parameter must be set'); } } // Revisin id has been set. Fetch the correct version of the entity if ($revisionid > -1) { if (!($entity = $mcontroller->setEntity($eid, $revisionid))) { throw new SimpleSAML_Error_Exception('Error in setEntity'); } } else { // Revision not set, get latest if (!($entity = $mcontroller->setEntity($eid))) { throw new SimpleSAML_Error_Exception('Error in setEntity'); } } // load entity $mcontroller->loadEntity(); // Check if user is allowed to se entity $guard = new sspmod_janus_UIguard($janus_config->getArray('access', array())); $allowedUsers = $mcontroller->getUsers(); if (!(array_key_exists($userid, $allowedUsers) || $guard->hasPermission('allentities', null, $user->getType(), TRUE))) { SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php'));
throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { echo $et->t('error_no_access'); exit; } // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); // Get the user $user = new sspmod_janus_User($janus_config->getValue('store')); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); // Get the correct entity $eid = $_GET['eid']; if (!($entity = $mcontroller->setEntity($eid))) { throw new SimpleSAML_Error_Exception('Error in setEntity'); } $workflowstates = $janus_config->getValue('workflowstates'); // load entity $mcontroller->loadEntity(); // Check if user is allowed to se entity $allowedUsers = $mcontroller->getUsers(); $uiguard = new sspmod_janus_UIguard($janus_config->getValue('access')); $output = ''; $wfstate = $entity->getWorkflow(); if ((array_key_exists($userid, $allowedUsers) || $uiguard->hasPermission('allentities', null, $user->getType(), true)) && $uiguard->hasPermission('entityhistory', $wfstate, $user->getType())) { $history_size = $mcontroller->getHistorySize(); $history = $mcontroller->getHistory(10, $history_size); foreach ($history as $data) { $rid = $data->getRevisionid();