/**
* Enable or disable Super user access to the given user login. Note: When granting Super User access all previous
* permissions of the user will be removed as the user gains access to everything.
*
* @param string $userLogin the user login.
* @param bool|int $hasSuperUserAccess true or '1' to grant Super User access, false or '0' to remove Super User
* access.
* @throws \Exception
*/
public function setSuperUserAccess($userLogin, $hasSuperUserAccess)
{
Piwik::checkUserHasSuperUserAccess();
$this->checkUserIsNotAnonymous($userLogin);
$this->checkUserExists($userLogin);
if (!$hasSuperUserAccess && $this->isUserTheOnlyUserHavingSuperUserAccess($userLogin)) {
$message = Piwik::translate("UsersManager_ExceptionRemoveSuperUserAccessOnlySuperUser", $userLogin) . " " . Piwik::translate("UsersManager_ExceptionYouMustGrantSuperUserAccessFirst");
throw new Exception($message);
}
$this->model->deleteUserAccess($userLogin);
$this->model->setSuperUserAccess($userLogin, $hasSuperUserAccess);
}
private function createManyUsers()
{
$this->model->addUser('login1', md5('pass'), '*****@*****.**', 'alias1', md5('token1'), '2008-01-01 00:00:00');
$this->model->addUser('login2', md5('pass'), '*****@*****.**', 'alias2', md5('token2'), '2008-01-01 00:00:00');
// login3 won't have access to any site
$this->model->addUser('login3', md5('pass'), '*****@*****.**', 'alias3', md5('token3'), '2008-01-01 00:00:00');
$this->model->addUser('login4', md5('pass'), '*****@*****.**', 'alias4', md5('token4'), '2008-01-01 00:00:00');
$this->model->addUser('login5', md5('pass'), '*****@*****.**', 'alias5', md5('token5'), '2008-01-01 00:00:00');
$this->model->addUser('login6', md5('pass'), '*****@*****.**', 'alias6', md5('token6'), '2008-01-01 00:00:00');
$this->model->addUser('login7', md5('pass'), '*****@*****.**', 'alias7', md5('token7'), '2008-01-01 00:00:00');
$this->model->addUser('login8', md5('pass'), '*****@*****.**', 'alias8', md5('token8'), '2008-01-01 00:00:00');
$this->model->addUser('anonymous', '', '*****@*****.**', 'anonymous', 'anonymous', '2008-01-01 00:00:00');
$this->model->setSuperUserAccess('login1', true);
// we treat this one as our superuser
foreach ($this->users as $login => $permissions) {
foreach ($permissions as $access => $idSites) {
$this->model->addUserAccess($login, $access, $idSites);
}
}
}
/**
* Authenticates user
*
* @return AuthResult
*/
public function authenticate()
{
$logger = StaticContainer::get('Psr\\Log\\LoggerInterface');
$model = new Model();
$user = $model->getUser($this->login);
if (!$user) {
$user = $model->getUserByTokenAuth($this->token_auth);
if (!$user) {
$logger->info("Creating user " . $this->login);
$model->addUser($this->login, $this->getTokenAuthSecret(), $this->email, $this->alias, $this->token_auth, Date::now()->getDatetime());
$user = $model->getUser($this->login);
}
}
$accessCode = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
$this->login = $user['login'];
if ($this->getViewableUserStatus() || $this->getSuperUserStatus()) {
$site_ids = $this->getDefaultSiteIds();
$current_accesses = array();
foreach ($site_ids as $site_id) {
$accesses = $model->getUsersAccessFromSite($site_id);
foreach ($accesses as $user => $access) {
if ($this->login == $user && ($access == "view" || $access == 'admin')) {
$current_accesses[] = $site_id;
}
}
}
$new_accesses = array();
foreach ($site_ids as $site_id) {
if (!in_array($site_id, $current_accesses)) {
$new_accesses[] = $site_id;
}
}
if (count($new_accesses) > 0) {
$logger->info("Adding default site ids to " . $this->login);
$model->addUserAccess($this->login, "view", $new_accesses);
}
}
$is_superuser = $this->getSuperUserStatus();
$model->setSuperUserAccess($this->login, $is_superuser);
return new AuthResult($accessCode, $this->login, $this->token_auth);
}
