addUserAccess() public method

public addUserAccess ( $userLogin, $access, $idSites )
Ejemplo n.º 1
0
 /**
  * Set an access level to a given user for a list of websites ID.
  *
  * If access = 'noaccess' the current access (if any) will be deleted.
  * If access = 'view' or 'admin' the current access level is deleted and updated with the new value.
  *
  * @param string $userLogin The user login
  * @param string $access Access to grant. Must have one of the following value : noaccess, view, admin
  * @param int|array $idSites The array of idSites on which to apply the access level for the user.
  *       If the value is "all" then we apply the access level to all the websites ID for which the current authentificated user has an 'admin' access.
  *
  * @throws Exception if the user doesn't exist
  * @throws Exception if the access parameter doesn't have a correct value
  * @throws Exception if any of the given website ID doesn't exist
  *
  * @return bool true on success
  */
 public function setUserAccess($userLogin, $access, $idSites)
 {
     $this->checkAccessType($access);
     $this->checkUserExists($userLogin);
     $this->checkUserHasNotSuperUserAccess($userLogin);
     if ($userLogin == 'anonymous' && $access == 'admin') {
         throw new Exception(Piwik::translate("UsersManager_ExceptionAdminAnonymous"));
     }
     // in case idSites is all we grant access to all the websites on which the current connected user has an 'admin' access
     if ($idSites === 'all') {
         $idSites = \Piwik\Plugins\SitesManager\API::getInstance()->getSitesIdWithAdminAccess();
     } else {
         $idSites = Site::getIdSitesFromIdSitesString($idSites);
     }
     if (empty($idSites)) {
         throw new Exception('Specify at least one website ID in &idSites=');
     }
     // it is possible to set user access on websites only for the websites admin
     // basically an admin can give the view or the admin access to any user for the websites he manages
     Piwik::checkUserHasAdminAccess($idSites);
     $this->model->deleteUserAccess($userLogin, $idSites);
     // if the access is noaccess then we don't save it as this is the default value
     // when no access are specified
     if ($access != 'noaccess') {
         $this->model->addUserAccess($userLogin, $access, $idSites);
     } else {
         if (!empty($idSites) && !is_array($idSites)) {
             $idSites = array($idSites);
         }
         Piwik::postEvent('UsersManager.removeSiteAccess', array($userLogin, $idSites));
     }
     // we reload the access list which doesn't yet take in consideration this new user access
     Access::getInstance()->reloadAccess();
     Cache::deleteTrackerCache();
 }
Ejemplo n.º 2
0
 private function createManyUsers()
 {
     $this->model->addUser('login1', md5('pass'), '*****@*****.**', 'alias1', md5('token1'), '2008-01-01 00:00:00');
     $this->model->addUser('login2', md5('pass'), '*****@*****.**', 'alias2', md5('token2'), '2008-01-01 00:00:00');
     // login3 won't have access to any site
     $this->model->addUser('login3', md5('pass'), '*****@*****.**', 'alias3', md5('token3'), '2008-01-01 00:00:00');
     $this->model->addUser('login4', md5('pass'), '*****@*****.**', 'alias4', md5('token4'), '2008-01-01 00:00:00');
     $this->model->addUser('login5', md5('pass'), '*****@*****.**', 'alias5', md5('token5'), '2008-01-01 00:00:00');
     $this->model->addUser('login6', md5('pass'), '*****@*****.**', 'alias6', md5('token6'), '2008-01-01 00:00:00');
     $this->model->addUser('login7', md5('pass'), '*****@*****.**', 'alias7', md5('token7'), '2008-01-01 00:00:00');
     $this->model->addUser('login8', md5('pass'), '*****@*****.**', 'alias8', md5('token8'), '2008-01-01 00:00:00');
     $this->model->addUser('anonymous', '', '*****@*****.**', 'anonymous', 'anonymous', '2008-01-01 00:00:00');
     $this->model->setSuperUserAccess('login1', true);
     // we treat this one as our superuser
     foreach ($this->users as $login => $permissions) {
         foreach ($permissions as $access => $idSites) {
             $this->model->addUserAccess($login, $access, $idSites);
         }
     }
 }
 /**
  * Authenticates user
  *
  * @return AuthResult
  */
 public function authenticate()
 {
     $logger = StaticContainer::get('Psr\\Log\\LoggerInterface');
     $model = new Model();
     $user = $model->getUser($this->login);
     if (!$user) {
         $user = $model->getUserByTokenAuth($this->token_auth);
         if (!$user) {
             $logger->info("Creating user " . $this->login);
             $model->addUser($this->login, $this->getTokenAuthSecret(), $this->email, $this->alias, $this->token_auth, Date::now()->getDatetime());
             $user = $model->getUser($this->login);
         }
     }
     $accessCode = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
     $this->login = $user['login'];
     if ($this->getViewableUserStatus() || $this->getSuperUserStatus()) {
         $site_ids = $this->getDefaultSiteIds();
         $current_accesses = array();
         foreach ($site_ids as $site_id) {
             $accesses = $model->getUsersAccessFromSite($site_id);
             foreach ($accesses as $user => $access) {
                 if ($this->login == $user && ($access == "view" || $access == 'admin')) {
                     $current_accesses[] = $site_id;
                 }
             }
         }
         $new_accesses = array();
         foreach ($site_ids as $site_id) {
             if (!in_array($site_id, $current_accesses)) {
                 $new_accesses[] = $site_id;
             }
         }
         if (count($new_accesses) > 0) {
             $logger->info("Adding default site ids to " . $this->login);
             $model->addUserAccess($this->login, "view", $new_accesses);
         }
     }
     $is_superuser = $this->getSuperUserStatus();
     $model->setSuperUserAccess($this->login, $is_superuser);
     return new AuthResult($accessCode, $this->login, $this->token_auth);
 }
Ejemplo n.º 4
0
 private function createAdminUserForSite($idSite)
 {
     $login = '******';
     $passwordHash = UsersManager::getPasswordHash('password');
     $token = API::getInstance()->getTokenAuth($login, $passwordHash);
     $user = new Model();
     $user->addUser($login, $passwordHash, 'admin@piwik', 'alias', $token, '2014-01-01 00:00:00');
     $user->addUserAccess($login, 'admin', array($idSite));
     return $token;
 }