protected function getViewModerated() { if (!isset($this->_viewModerated)) { $this->_viewModerated = false; return false; if (isset($this->_userid)) { if (userIsAdminOrManager($this->_userid)) { $this->_viewModerated = true; } } } return $this->_viewModerated; }
protected function getViewModerated() { if (!isset($this->_viewModerated)) { $this->_viewModerated = false; return false; if (isset($this->_userid)) { $us = new Default_Model_Researchers(); $us->viewModerated = false; // must be set in order to avoid infinite nesting $us->filter->id->equals($this->_userid); if (count($us->items) > 0) { if (userIsAdminOrManager($this->_userid)) { $this->_viewModerated = true; } } } } return $this->_viewModerated; }
public function moderatecommentAction() { $this->_helper->layout->disableLayout(); if ($this->session->userid !== null) { if (userIsAdminOrManager($this->session->userid)) { $id = $this->_getParam("id"); if ($this->_getParam("moderate") == 0) { $moderate = "0"; } else { $moderate = "1"; } $ratings = new Default_Model_AppRatings(); $ratings->filter->id->equals($id); if (count($ratings->items) > 0) { $rating = $ratings->items[0]; $rating->moderated = $moderate; $rating->save(); echo '{"id":"' . $rating->id . '","comment":"' . base64_encode($rating->comment) . '"}'; } } } }
public function canManageVOWideImageList($target) { //return $this->queryPriv(37, $this->_actor, $target); if ($this->_actor === null || $this->_actor->id === null) { return false; } // admin access if ($this->_actor !== null && userIsAdminOrManager($this->_actor->id)) { return true; } $db->setFetchMode(Zend_Db::FETCH_NUM); $res = db()->query("query_vowide_img_list_manage_perm(?, ?)", array($this->_actor->id, $target))->fetchAll(); if (count($res) == 0) { return false; } else { $res = $res[0]; return filter_var($res[0], FILTER_VALIDATE_BOOLEAN); } }
public function faqreorderAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); //Check user $invalidUser = !($this->session->userid !== null && userIsAdminOrManager($this->session->userid)); if ($invalidUser) { echo "<response error='access denied' />"; return; } //Check parameters $invalidParameters = !(isset($_POST["ordering"]) && trim($_POST["ordering"]) !== ""); if ($invalidParameters) { echo "<response error='invalid parameters' />"; return; } //Start reordering $ordering = split(",", $_POST["ordering"]); $faqs = new Default_Model_FAQs(); $faqs->filter->orderby('ord'); $cnt = count($faqs->items); if ($cnt == 0) { echo "<response error='No faqs to reorder'></response>"; return; } $currentOrdering = 0; for ($j = 0; $j < count($ordering); $j += 1) { for ($i = 0; $i < $cnt; $i++) { //Check if faq exists (if any removed before reordering) if ($faqs->items[$i]->id == $ordering[$j]) { $currentOrdering += 1; $faqs->items[$i]->ord = $currentOrdering; break; } } } $faqs->save(); echo "<response></response>"; }
public function indexAction() { trackPage('/'); if (isset($_COOKIE['rememberme']) && $this->session->userid === null) { //save permaLink in order to handle it after login if (array_key_exists('p', $_GET)) { $this->session->permaLink = $_GET['p']; } if (APPLICATION_ENV == "production") { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/users/login'); } else { header('Location: http://' . $_SERVER['HTTP_HOST'] . '/users/logindev2'); } return; } /* * Check if user is signed in from a different service or browser tab. */ if ($this->session->isLocked()) { $this->session->unLock(); } if ($this->session !== null && $this->session->developsession === true) { //do nothing. It's local development instance where no SImpleSaml installed } else { $auth = SamlAuth::isAuthenticated(); if ($auth === false) { //if logged in but not authdicated the clear session if (isset($this->session->userid) && is_numeric($this->session->userid)) { SamlAuth::logout($this->session); $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); header('Location: http://' . $_SERVER["HTTP_HOST"]); return; } } else { if (isset($this->session) === false || isset($this->session->userid) === false || is_numeric($this->session->userid) === false) { //if authenticated but not logged in setup user session $this->session = new Zend_Session_Namespace('default'); $attributes = $auth->getAttributes(); $uid = $attributes['idp:uid'][0]; $_SESSION['identity'] = $uid; $_SESSION['logouturl'] = $auth->getLogoutURL(); $this->session->samlattrs = $attributes; $this->session->samlauthsource = isset($attributes["idp:sourceIdentifier"]) ? $attributes["idp:sourceIdentifier"][0] : ""; SamlAuth::setupSamlAuth($this->session); if ($this->session->isNewUser === true) { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/newaccount'); return; } //Check and redirect if user account is blocked if ($this->session->accountStatus === "blocked") { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/blockedaccount'); return; } //Check and redirect if user is deleted if ($this->session->userDeleted === true) { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/deletedprofile'); return; } } } } $this->session->appCriteria = null; $this->session->pplCriteria = null; $this->session->certLogin = false; $this->view->username = $this->session->username; if ($this->session->userid !== null) { $ppl = new Default_Model_Researchers(); $ppl->filter->id->equals($this->session->userid); $user = $ppl->items[0]; $this->view->user = $user; /* Get count of user requests */ $urs = new Default_Model_UserRequests(); $s2 = new Default_Model_PermissionsFilter(); $s2->actor->equals($this->session->userguid); $s3 = new Default_Model_UserRequestStatesFilter(); $s3->name->equals("submitted"); $urs->filter->chain($s2->chain($s3, "AND"), "AND"); $reqsitems = $urs->items; $uritems = array_merge($reqsitems); //Fetch user requests for NILs if (userIsAdminOrManager($this->session->userid) === false && userIsNIL($this->session->userid) === true) { $nilusers = new Default_Model_UserRequests(); $s1 = new Default_Model_UserRequestTypesFilter(); $s1->id->numequals(3); $s2 = new Default_Model_ResearchersFilter(); $s2->countryid->equals($this->session->userCountryID); $s3 = new Default_Model_UserRequestStatesFilter(); $s3->name->equals("submitted"); $s4 = new Default_Model_ActorGroupsFilter(); $s4->id->numequals(-3); $nilusers->filter->chain($s1->chain($s2->chain($s3->chain($s4, "AND"), "AND"), "AND"), "AND"); if (count($nilusers->items) > 0) { $uritems = array_merge($uritems, $nilusers->items); $uritems = array_filter($uritems, 'uniqueDBObjectFilter'); } } $this->view->userRequests = count($uritems); } $p = ''; if ($this->session->permaLink != '') { $p = $this->session->permaLink; $this->session->permaLink = ''; } elseif (array_key_exists('p', $_GET)) { $p = $_GET["p"]; } else { //TODO : needs review $p = $_SERVER["QUERY_STRING"]; $pos = strpos($p, "p="); if ($pos === false) { $p = ''; } else { $p = substr($p, 2, strlen($p) - 2); } } if ($p != "") { if ($p == "reports") { $this->view->permaLink = $p; } elseif ($p == "brokenlinks") { $this->view->permaLink = $p; } elseif (substr($p, 0, 6) == "about:") { $this->view->permaLink = $p; } elseif (substr($p, 0, 5) == "apps:") { $this->view->permaLink = $p; } elseif (substr($p, 0, 7) == "people:") { $this->view->permaLink = $p; } else { $pp = base64_decode($p); $pp = mb_convert_encoding($pp, 'UTF-8'); $this->view->permaLink = $pp; } } }
public function setUserRequestToState($reqid, $stateid) { $err = ''; $reqs = null; $req = null; $states = null; if (is_numeric($reqid) === false) { $err = 'Invalid user request id given.'; } else { if (is_numeric($stateid) === false) { $err = 'Invalid state given.'; } else { $reqs = new Default_Model_UserRequests(); $reqs->filter->id->equals($reqid); if ($reqs->count() === 0) { $err = 'User request not found.'; } else { $states = new Default_Model_UserRequestStates(); $states->filter->id->equals($stateid); if ($states->count() === 0) { $err = 'User request state not found.'; } } } } if ($err !== '') { echo "<response error='" . $err . "'></response>"; return; } db()->beginTransaction(); try { $req = $reqs->items[0]; $user = new Default_Model_Researchers(); $user->filter->id->equals($this->session->userid); $actorguid = $user->items[0]->guid; $actorid = $user->items[0]->id; //Get group id if ($req->requestType->name === "accessgroup") { $groups = new Default_Model_ActorGroups(); $groups->filter->guid->equals($req->targetguid); $group = $groups->items[0]; $groupid = $group->id; } else { //Get application id $apps = new Default_Model_Applications(); $apps->filter->guid->equals($req->targetguid); $app = $apps->items[0]; $appid = $app->id; } //Get user(requestor) id $users = new Default_Model_Researchers(); $users->filter->guid->equals($req->userguid); $user = $users->items[0]; $userid = $user->id; $userguid = $user->guid; //Check if actor is the owner of the application in case of release manager request if ($req->requestType->name == "releasemanager") { if ($app->ownerid != $actorid && $app->addedby != $actorid && !userIsAdminOrManager($actorid)) { db()->rollBack(); echo "<response error='User needs to be owner of the software in order to grant release management privileges to other users.'></response>"; return; } } if ($req->requestType->name !== "accessgroup") { //in case of access groups we first include user and then accept or reject //NOTE:Must update request state before inserting in order to //prevent database triggers from claiming the request. //Update request state $trans = 0; $req->stateid = $stateid; $req->actorguid = $actorguid; $req->save(); $trans = 1; if ($req->requestType->name == "joinapplication" && $stateid == 2) { //if accepted add to related contacts //Set relation between researcher and application(if there is none) $resapp = new Default_Model_ResearchersApps(); $resappfilter = new Default_Model_ResearchersAppsFilter(); $resapp->filter->appid->equals($appid)->and($resapp->filter->researcherid->equals($userid)); if ($resapp->count() === 0) { $resapp = new Default_Model_ResearchersApp(); $resapp->appid = $appid; $resapp->researcherid = $userid; $resapp->save(); } } else { if ($req->requestType->name == "releasemanager" && $stateid == 2) { $privs = new Default_Model_Privileges(); $privs->filter->actor->equals($user->guid)->and($privs->filter->actionid->equals(30)->and($privs->filter->object->equals($app->guid))); if (count($privs->items) == 0) { $prv = new Default_Model_Privilege(); $prv->actor = $user->guid; $prv->actionid = 30; $prv->object = $app->guid; $prv->save(); } } } db()->commit(); //Send email notification to requestor try { UserRequests::sendEmailResponseNotification($user, $app, $stateid, $req->requestType->name); } catch (Exception $e) { error_log("EMAIL ERROR:Could not send email notification to user request response.Details:" . $e->getMessage()); } } else { if ($req->requestType->name === "accessgroup" && intval($stateid) === 2) { AccessGroups::handleUserGroupAction($this->session->userid, $user, "accept", array($group->id)); } else { if ($req->requestType->name === "accessgroup" && intval($stateid) === 3) { AccessGroups::handleUserGroupAction($this->session->userid, $user, "reject", array($group->id)); } } } db()->commit(); } catch (Exception $e) { db()->rollBack(); error_log("Error while setting User request:" . $e->getMessage()); if ($trans == 0) { echo "<response error='Error while updating user request'>" . $e->getMessage() . "</response>"; } else { if ($trans == 1) { echo "<response error='Error while updating software contact association'>" . $e->getMessage() . "</response>"; } else { echo "<response error='Error while processing user request'>" . $e->getMessage() . "</response>"; } } return; } echo "<response id='" . $req->id . "' state='" . $stateid . "' ></response>"; }
public function dispatchswapplianceoutdatedAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $dispatch = isset($_GET["dispatch"]) ? $_GET["dispatch"] : "false"; $islocal = localRequest(); $isAdmin = userIsAdminOrManager($this->session->userid); if (strtolower(trim($dispatch)) === "true") { $dispatch = true; } else { $dispatch = false; } if ($dispatch === false && $isAdmin === false || $dispatch === true && $islocal === false) { header('HTTP/1.0 404 Not Found'); header("Status: 404 Not Found"); return; } if ($dispatch === false) { $res = ContextualizationNotifications::getNotificationList(); foreach ($res as $r) { echo "<h1>" . $r["user"]["name"] . " [" . implode(",", $r["recipient"]) . "]</h1>"; echo "<h2>Subject: " . $r["subject"] . "</h2>"; echo "<h3 style='border:1px solid #aaa;background-color:#f8f8f8;margin: 5px;margin-bottom:20px;padding:10px;'><pre>"; echo $r["message"]; echo "</pre></h3><br/>"; } } else { ContextualizationNotifications::sendNotificationList(); } }
public function dispatchobsoleteimagelistAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $dispatch = isset($_GET["dispatch"]) ? $_GET["dispatch"] : "false"; $islocal = localRequest(); $isAdmin = userIsAdminOrManager($this->session->userid); if (strtolower(trim($dispatch)) === "true") { $dispatch = true; } else { $dispatch = false; } if ($dispatch === true && $islocal === false || $dispatch === false && $isAdmin === false) { header('HTTP/1.0 404 Not Found'); header("Status: 404 Not Found"); return; } if ($dispatch === false) { $res = VoAdminNotifications::createVOObsoleteNotifications(); echo "<h2>VO Obsolete Images Notifications:</h2>"; foreach ($res as $r) { echo "<div class='notification' style='border:1px solid #aaa;background-color:#f8f8f8;margin: 5px;margin-bottom:20px;padding:10px;'>"; echo "<div class='recipient'>recipients: <pre style='display:inline;white-space:pre-wrap;color: #333;'>" . implode(", ", $r["recipients"]) . "</pre></div>"; echo "<div class='subject'>subject: <pre style='display:inline;'>" . $r["subject"] . "</pre></div>"; echo "<div style='padding:5px;border:1px solid #bbb;background-color:#fefefe;margin-top:5px;padding:3px;'><pre style='padding:5px;'>" . htmlentities($r["message"]) . "</pre></div>"; echo "</div>"; } } else { VoAdminNotifications::sendVOObsoleteNotifications(); } }
public function bmindexAction() { if ($this->view->isAdmin || $this->view->Authenticated && $this->_getParam['id'] == $_GET['id'] || $this->session->userid !== null && $this->_getParam['id'] == $this->session->userid || userIsAdminOrManager($this->session->userid)) { $format = $this->_getParam("format"); if ($format === "json") { $format = "xml"; } trackPage('/apps', $this->_getParam("format")); $this->_helper->layout->disableLayout(); $this->view->subindex = "bmindex"; if ($this->session->userid !== null) { $this->appindex(3); } else { if ($format == 'xml') { if ($this->_getParam("id") != '') { $this->session->userid = $this->_getParam("id"); $this->appindex(3, true, 'xml'); } } } } else { $this->accessDenied(); } }