/**
*
*/
function setUpEnvForAnonymousAccess(&$dbHandler, $apikey, $rightsCheck = null, $opt = null)
{
$my = array('opt' => array('setPaths' => false, 'clearSession' => false));
$my['opt'] = array_merge($my['opt'], (array) $opt);
if ($my['opt']['clearSession']) {
$_SESSION = null;
}
doSessionStart($my['opt']['setPaths']);
if (isset($_SESSION['locale']) && !is_null($_SESSION['locale'])) {
setDateTimeFormats($_SESSION['locale']);
}
doDBConnect($dbHandler);
// @since 1.9.14
$checkMode = 'paranoic';
if (property_exists($rightsCheck->args, 'envCheckMode')) {
$checkMode = $rightsCheck->args->envCheckMode;
}
switch ($checkMode) {
case 'hippie':
$tk = array('testplan', 'testproject');
break;
default:
$tk[] = intval($rightsCheck->args->tplan_id) != 0 ? 'testplan' : 'testproject';
break;
}
foreach ($tk as $ak) {
$item = getEntityByAPIKey($dbHandler, $apikey, $ak);
if (!is_null($item)) {
break;
}
}
$status_ok = false;
if (!is_null($item)) {
$_SESSION['lastActivity'] = time();
$userObj = new tlUser();
$_SESSION['currentUser'] = $userObj;
$_SESSION['userID'] = -1;
$_SESSION['locale'] = config_get('default_language');
// if user do this:
// 1. login to test link
// 2. get direct link and open in new tab or new window while still logged
// 3. logout
// If user refresh tab / window open on (2), because on (3) we destroyed
// session we have loose basehref, and we are not able to recreate it.
// Without basehref we are not able to get CSS, JS, etc.
// In this situation we destroy session, this way user is forced to login
// again in one of two ways
// a. using the direct link
// b. using traditional login
// In both way we assure that behaivour will be OK.
//
if (!isset($_SESSION['basehref'])) {
// echo $rightsCheck->redirect_target;
session_unset();
session_destroy();
if (property_exists($rightsCheck, 'redirect_target') && !is_null($rightsCheck->redirect_target)) {
redirect($rightsCheck->redirect_target);
} else {
// best guess for all features that live on ./lib/results/
redirect("../../login.php?note=logout");
}
exit;
}
if (!is_null($rightsCheck->method)) {
checkUserRightsFor($dbHandler, $rightsCheck->method, true);
}
$status_ok = true;
}
return $status_ok;
}
// test specifications
//
// - test plan api key:
// is needed to get attacments for:
// test case executions
// test specifications ( access to parent data - OK!)
//
// What kind of attachments I've got ?
$doIt = false;
$attContext = $attachmentInfo['fk_table'];
switch ($attContext) {
case 'executions':
// check apikey
// 1. has to be a test plan key
// 2. execution must belong to the test plan.
$item = getEntityByAPIKey($db, $args->apikey, 'testplan');
if (!is_null($item)) {
$tables = tlObjectWithDB::getDBTables(array('executions'));
$sql = "SELECT testplan_id FROM {$tables['executions']} " . "WHERE id = " . intval($attachmentInfo['fk_id']);
$rs = $db->get_recordset($sql);
if (!is_null($rs)) {
if ($rs['0']['testplan_id'] == $item['id']) {
// GOOD !
$doIt = true;
}
}
}
break;
}
break;
case 'GUI':
