function upgradeRootRoleForWelcome()
{
$rootRole = AuthService::getRole("ROOT_ROLE");
if (!empty($rootRole)) {
echo '<br>Upgrading Root Role to let users access the new welcome page<br>';
$rootRole->setAcl("ajxp_home", "rw");
$rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", "ajxp_home");
AuthService::updateRole($rootRole);
}
}
public function testRolesStorage()
{
$r = new \AJXP_Role("phpunit_temporary_role");
$r->setAcl(0, "rw");
\AuthService::updateRole($r);
$r1 = \AuthService::getRole("phpunit_temporary_role");
$this->assertTrue(is_a($r1, "AJXP_Role"));
$this->assertEquals("rw", $r1->getAcl(0));
\AuthService::deleteRole("phpunit_temporary_role");
$r2 = \AuthService::getRole("phpunit_temporary_role");
$this->assertFalse($r2);
}
/**
* Specific operations to perform at boot time
* @static
* @param array $START_PARAMETERS A HashTable of parameters to send back to the client
* @return void
*/
public static function bootSequence(&$START_PARAMETERS)
{
if (AJXP_Utils::detectApplicationFirstRun()) {
return;
}
if (file_exists(AJXP_CACHE_DIR . "/admin_counted")) {
return;
}
$rootRole = AuthService::getRole("ROOT_ROLE", false);
if ($rootRole === false) {
$rootRole = new AJXP_Role("ROOT_ROLE");
$rootRole->setLabel("Root Role");
$rootRole->setAutoApplies(array("standard", "admin"));
$dashId = "";
foreach (ConfService::getRepositoriesList("all") as $repositoryId => $repoObject) {
if ($repoObject->isTemplate) {
continue;
}
if ($repoObject->getAccessType() == "ajxp_user") {
$dashId = $repositoryId;
}
$gp = $repoObject->getGroupPath();
if (empty($gp) || $gp == "/") {
if ($repoObject->getDefaultRight() != "") {
$rootRole->setAcl($repositoryId, $repoObject->getDefaultRight());
}
}
}
if (!empty($dashId)) {
$rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", $dashId);
}
$paramNodes = AJXP_PluginsService::searchAllManifests("//server_settings/param[@scope]", "node", false, false, true);
if (is_array($paramNodes) && count($paramNodes)) {
foreach ($paramNodes as $xmlNode) {
$default = $xmlNode->getAttribute("default");
if (empty($default)) {
continue;
}
$parentNode = $xmlNode->parentNode->parentNode;
$pluginId = $parentNode->getAttribute("id");
if (empty($pluginId)) {
$pluginId = $parentNode->nodeName . "." . $parentNode->getAttribute("name");
}
$rootRole->setParameterValue($pluginId, $xmlNode->getAttribute("name"), $default);
}
}
AuthService::updateRole($rootRole);
}
$miniRole = AuthService::getRole("MINISITE", false);
if ($miniRole === false) {
$rootRole = new AJXP_Role("MINISITE");
$rootRole->setLabel("Minisite Users");
$actions = array("access.fs" => array("ajxp_link", "chmod", "purge"), "meta.watch" => array("toggle_watch"), "conf.serial" => array("get_bookmarks"), "conf.sql" => array("get_bookmarks"), "index.lucene" => array("index"), "action.share" => array("share"), "gui.ajax" => array("bookmark"), "auth.serial" => array("pass_change"), "auth.sql" => array("pass_change"));
foreach ($actions as $pluginId => $acts) {
foreach ($acts as $act) {
$rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
}
}
AuthService::updateRole($rootRole);
}
$miniRole = AuthService::getRole("MINISITE_NODOWNLOAD", false);
if ($miniRole === false) {
$rootRole = new AJXP_Role("MINISITE_NODOWNLOAD");
$rootRole->setLabel("Minisite Users - No Download");
$actions = array("access.fs" => array("download", "download_chunk", "prepare_chunk_dl", "download_all"));
foreach ($actions as $pluginId => $acts) {
foreach ($acts as $act) {
$rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
}
}
AuthService::updateRole($rootRole);
}
$miniRole = AuthService::getRole("GUEST", false);
if ($miniRole === false) {
$rootRole = new AJXP_Role("GUEST");
$rootRole->setLabel("Guest user role");
$actions = array("access.fs" => array("purge"), "meta.watch" => array("toggle_watch"), "index.lucene" => array("index"));
$rootRole->setAutoApplies(array("guest"));
foreach ($actions as $pluginId => $acts) {
foreach ($acts as $act) {
$rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_ALL);
}
}
AuthService::updateRole($rootRole);
}
$adminCount = AuthService::countAdminUsers();
if ($adminCount == 0) {
$authDriver = ConfService::getAuthDriverImpl();
$adminPass = ADMIN_PASSWORD;
if ($authDriver->getOption("TRANSMIT_CLEAR_PASS") !== true) {
$adminPass = md5(ADMIN_PASSWORD);
}
AuthService::createUser("admin", $adminPass, true);
if (ADMIN_PASSWORD == INITIAL_ADMIN_PASSWORD) {
$userObject = ConfService::getConfStorageImpl()->createUserObject("admin");
$userObject->setAdmin(true);
AuthService::updateAdminRights($userObject);
if (AuthService::changePasswordEnabled()) {
$userObject->setLock("pass_change");
}
$userObject->save("superuser");
$START_PARAMETERS["ALERT"] .= "Warning! User 'admin' was created with the initial password '" . INITIAL_ADMIN_PASSWORD . "'. \\nPlease log in as admin and change the password now!";
}
AuthService::updateUser($userObject);
} else {
if ($adminCount == -1) {
// Here we may come from a previous version! Check the "admin" user and set its right as admin.
$confStorage = ConfService::getConfStorageImpl();
$adminUser = $confStorage->createUserObject("admin");
$adminUser->setAdmin(true);
$adminUser->save("superuser");
$START_PARAMETERS["ALERT"] .= "There is an admin user, but without admin right. Now any user can have the administration rights, \\n your 'admin' user was set with the admin rights. Please check that this suits your security configuration.";
}
}
file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true");
}
function tryToLogUser(&$httpVars, $isLast = false)
{
if (isset($_SESSION["CURRENT_MINISITE"])) {
return false;
}
$this->loadConfig();
if (isset($_SESSION['AUTHENTICATE_BY_CAS'])) {
$flag = $_SESSION['AUTHENTICATE_BY_CAS'];
} else {
$flag = 0;
}
$pgtIou = !empty($httpVars['pgtIou']);
$logged = isset($_SESSION['LOGGED_IN_BY_CAS']);
$enre = !empty($httpVars['put_action_enable_redirect']);
$ticket = !empty($httpVars['ticket']);
$pgt = !empty($_SESSION['phpCAS']['pgt']);
$clientModeTicketPendding = isset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
if ($this->cas_modify_login_page) {
if ($flag == 0 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($flag == 1 && !$enre && !$logged && !$pgtIou && !$ticket && !$pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
} elseif ($flag == 1 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($pgtIou || $pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($ticket) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
$_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING'] = 1;
} elseif ($logged && $pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 2;
} else {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
}
if ($_SESSION['AUTHENTICATE_BY_CAS'] < 1) {
if ($clientModeTicketPendding) {
unset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
} else {
return false;
}
}
}
/**
* Depend on phpCAS mode configuration
*/
switch ($this->cas_mode) {
case PHPCAS_MODE_CLIENT:
if ($this->checkConfigurationForClientMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Client: ", "sucessfully");
phpCAS::client(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
phpCAS::forceAuthentication();
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode CLIENT, please verify the configuration", "");
return false;
}
break;
case PHPCAS_MODE_PROXY:
/**
* If in login page, user click on login via CAS, the page will be reload with manuallyredirectocas is set.
* Or force redirect to cas login page even the force redirect is set in configuration of this module
*
*/
if ($this->checkConfigurationForProxyMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Proxy: ", "sucessfully");
/**
* init phpCAS in mode proxy
*/
phpCAS::proxy(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
if (!empty($this->cas_setFixedCallbackURL)) {
phpCAS::setFixedCallbackURL($this->cas_setFixedCallbackURL);
}
//
/**
* PTG storage
*/
$this->setPTGStorage();
phpCAS::forceAuthentication();
/**
* Get proxy ticket (PT) for SAMBA to authentication at CAS via pam_cas
* In fact, we can use any other service. Of course, it should be enabled in CAS
*
*/
$err_code = null;
$serviceURL = $this->cas_proxied_service;
AJXP_Logger::debug(__FUNCTION__, "Try to get proxy ticket for service: ", $serviceURL);
$res = phpCAS::serviceSMB($serviceURL, $err_code);
if (!empty($res)) {
$_SESSION['PROXYTICKET'] = $res;
AJXP_Logger::info(__FUNCTION__, "Get Proxy ticket successfully ", "");
} else {
AJXP_Logger::info(__FUNCTION__, "Could not get Proxy ticket. ", "");
}
break;
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode PROXY, please verify the configuration", "");
return false;
}
default:
return false;
break;
}
AJXP_Logger::debug(__FUNCTION__, "Call phpCAS::getUser() after forceAuthentication ", "");
$cas_user = phpCAS::getUser();
if (!AuthService::userExists($cas_user) && $this->is_AutoCreateUser) {
AuthService::createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if (AuthService::userExists($cas_user)) {
$res = AuthService::logUser($cas_user, "", true);
if ($res > 0) {
AJXP_Safe::storeCredentials($cas_user, $_SESSION['PROXYTICKET']);
$_SESSION['LOGGED_IN_BY_CAS'] = true;
if (!empty($this->cas_additional_role)) {
$userObj = ConfService::getConfStorageImpl()->createUserObject($cas_user);
$roles = $userObj->getRoles();
$cas_RoleID = $this->cas_additional_role;
$userObj->addRole(AuthService::getRole($cas_RoleID, true));
AuthService::updateUser($userObj);
}
return true;
}
}
return false;
}
/**
* @param Array $httpVars
* @param Repository $repository
* @param AbstractAccessDriver $accessDriver
* @param null $uniqueUser
* @throws Exception
* @return int|Repository
*/
public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null)
{
// ERRORS
// 100 : missing args
// 101 : repository label already exists
// 102 : user already exists
// 103 : current user is not allowed to share
// SUCCESS
// 200
if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") {
return 100;
}
$foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId());
if (isset($foldersharing) && $foldersharing === false) {
return 103;
}
$loggedUser = AuthService::getLoggedUser();
$actRights = $loggedUser->mergedRole->listActionsStatesFor($repository);
if (isset($actRights["share"]) && $actRights["share"] === false) {
return 103;
}
$users = array();
$uRights = array();
$uPasses = array();
$groups = array();
$index = 0;
$prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId());
while (isset($httpVars["user_" . $index])) {
$eType = $httpVars["entry_type_" . $index];
$rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : "");
if ($this->watcher !== false) {
$uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false;
}
if (empty($rightString)) {
$index++;
continue;
}
if ($eType == "user") {
$u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS);
if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) {
$index++;
continue;
} else {
if (AuthService::userExists($u) && isset($httpVars["user_pass_" . $index])) {
throw new Exception("User {$u} already exists, please choose another name.");
}
}
if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) {
$u = $prefix . $u;
}
$users[] = $u;
} else {
$u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]);
if (strpos($u, "/AJXP_TEAM/") === 0) {
$confDriver = ConfService::getConfStorageImpl();
if (method_exists($confDriver, "teamIdToUsers")) {
$teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u));
foreach ($teamUsers as $userId) {
$users[] = $userId;
$uRights[$userId] = $rightString;
if ($this->watcher !== false) {
$uWatches[$userId] = $uWatch;
}
}
}
$index++;
continue;
} else {
$groups[] = $u;
}
}
$uRights[$u] = $rightString;
$uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : "";
if ($this->watcher !== false) {
$uWatches[$u] = $uWatch;
}
$index++;
}
$label = AJXP_Utils::decodeSecureMagic($httpVars["repo_label"]);
$description = AJXP_Utils::decodeSecureMagic($httpVars["repo_description"]);
if (isset($httpVars["repository_id"])) {
$editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]);
}
// CHECK USER & REPO DOES NOT ALREADY EXISTS
if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) {
$repos = ConfService::getRepositoriesList();
foreach ($repos as $obj) {
if ($obj->getDisplay() == $label && (!isset($editingRepo) || $editingRepo != $obj)) {
return 101;
}
}
}
$confDriver = ConfService::getConfStorageImpl();
foreach ($users as $userName) {
if (AuthService::userExists($userName)) {
// check that it's a child user
$userObject = $confDriver->createUserObject($userName);
if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) {
return 102;
}
} else {
if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) {
return 102;
}
if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") {
return 100;
}
}
}
// CREATE SHARED OPTIONS
$options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository);
$customData = array();
foreach ($httpVars as $key => $value) {
if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") {
$customData[substr($key, strlen("PLUGINS_DATA_"))] = $value;
}
}
if (count($customData)) {
$options["PLUGINS_DATA"] = $customData;
}
if (isset($editingRepo)) {
$newRepo = $editingRepo;
if ($editingRepo->getDisplay() != $label) {
$newRepo->setDisplay($label);
ConfService::replaceRepository($httpVars["repository_id"], $newRepo);
}
$editingRepo->setDescription($description);
} else {
if ($repository->getOption("META_SOURCES")) {
$options["META_SOURCES"] = $repository->getOption("META_SOURCES");
foreach ($options["META_SOURCES"] as $index => $data) {
if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) {
$options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString();
}
}
}
$newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null);
$gPath = $loggedUser->getGroupPath();
if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) {
$newRepo->setGroupPath($gPath);
}
$newRepo->setDescription($description);
ConfService::addRepository($newRepo);
}
$file = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
if (isset($editingRepo)) {
$currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file);
$originalUsers = array_keys($currentRights["USERS"]);
$removeUsers = array_diff($originalUsers, $users);
if (count($removeUsers)) {
foreach ($removeUsers as $user) {
if (AuthService::userExists($user)) {
$userObject = $confDriver->createUserObject($user);
$userObject->personalRole->setAcl($newRepo->getUniqueId(), "");
$userObject->save("superuser");
}
}
}
$originalGroups = array_keys($currentRights["GROUPS"]);
$removeGroups = array_diff($originalGroups, $groups);
if (count($removeGroups)) {
foreach ($removeGroups as $groupId) {
$role = AuthService::getRole("AJXP_GRP_" . AuthService::filterBaseGroup($groupId));
if ($role !== false) {
$role->setAcl($newRepo->getUniqueId(), "");
AuthService::updateRole($role);
}
}
}
}
foreach ($users as $userName) {
if (AuthService::userExists($userName, "r")) {
// check that it's a child user
$userObject = $confDriver->createUserObject($userName);
} else {
if (ConfService::getAuthDriverImpl()->getOption("TRANSMIT_CLEAR_PASS")) {
$pass = $uPasses[$userName];
} else {
$pass = md5($uPasses[$userName]);
}
$limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, "");
if (!empty($limit) && intval($limit) > 0) {
$count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId()));
if ($count >= $limit) {
$mess = ConfService::getMessages();
throw new Exception($mess['483']);
}
}
AuthService::createUser($userName, $pass);
$userObject = $confDriver->createUserObject($userName);
$userObject->personalRole->clearAcls();
$userObject->setParent($loggedUser->id);
$userObject->setGroupPath($loggedUser->getGroupPath());
$userObject->setProfile("shared");
if (isset($httpVars["minisite"])) {
$mess = ConfService::getMessages();
$userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . $newRepo->getDisplay());
}
AJXP_Controller::applyHook("user.after_create", array($userObject));
}
// CREATE USER WITH NEW REPO RIGHTS
$userObject->personalRole->setAcl($newRepo->getUniqueId(), $uRights[$userName]);
if (isset($httpVars["minisite"])) {
$newRole = new AJXP_Role("AJXP_SHARED-" . $newRepo->getUniqueId());
$r = AuthService::getRole("MINISITE");
if (is_a($r, "AJXP_Role")) {
if ($httpVars["disable_download"]) {
$f = AuthService::getRole("MINISITE_NODOWNLOAD");
if (is_a($f, "AJXP_Role")) {
$r = $f->override($r);
}
}
$allData = $r->getDataArray();
$newData = $newRole->getDataArray();
if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["ACTIONS"][$newRepo->getUniqueId()] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED];
}
if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["PARAMETERS"][$newRepo->getUniqueId()] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED];
}
$newRole->bunchUpdate($newData);
AuthService::updateRole($newRole);
$userObject->addRole($newRole);
}
}
$userObject->save("superuser");
if ($this->watcher !== false) {
// Register a watch on the current folder for shared user
if ($uWatches[$userName] == "true") {
$this->watcher->setWatchOnFolder(new AJXP_Node($this->urlBase . $file), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId()));
} else {
$this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $userName, true);
}
}
}
if ($this->watcher !== false) {
// Register a watch on the new repository root for current user
if ($httpVars["self_watch_folder"] == "true") {
$this->watcher->setWatchOnFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH);
} else {
$this->watcher->removeWatchFromFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId());
}
}
foreach ($groups as $group) {
$grRole = AuthService::getRole("AJXP_GRP_" . AuthService::filterBaseGroup($group), true);
$grRole->setAcl($newRepo->getUniqueId(), $uRights[$group]);
AuthService::updateRole($grRole);
}
if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) {
AJXP_Controller::applyHook("node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo));
}
return $newRepo;
}
/**
* @param string $parameterName Plugin parameter name
* @param AbstractAjxpUser|string $userIdOrObject
* @param string $pluginId Plugin name, core.conf by default
* @param null $defaultValue
* @return mixed
*/
public static function getUserPersonalParameter($parameterName, $userIdOrObject, $pluginId = "core.conf", $defaultValue = null)
{
$cacheId = $pluginId . "-" . $parameterName;
if (!isset(self::$usersParametersCache[$cacheId])) {
self::$usersParametersCache[$cacheId] = array();
}
// Passed an already loaded object
if (is_a($userIdOrObject, "AbstractAjxpUser")) {
$value = $userIdOrObject->personalRole->filterParameterValue($pluginId, $parameterName, AJXP_REPO_SCOPE_ALL, $defaultValue);
self::$usersParametersCache[$cacheId][$userIdOrObject->getId()] = $value;
if (empty($value) && !empty($defaultValue)) {
$value = $defaultValue;
}
return $value;
}
// Already in memory cache
if (isset(self::$usersParametersCache[$cacheId][$userIdOrObject])) {
return self::$usersParametersCache[$cacheId][$userIdOrObject];
}
// Try to load personal role if it was already loaded.
$uRole = AuthService::getRole("AJXP_USR_/" . $userIdOrObject);
if ($uRole === false) {
$uObject = self::getConfStorageImpl()->createUserObject($userIdOrObject);
if (isset($uObject)) {
$uRole = $uObject->personalRole;
}
}
if (empty($uRole)) {
return $defaultValue;
}
$value = $uRole->filterParameterValue($pluginId, $parameterName, AJXP_REPO_SCOPE_ALL, $defaultValue);
if (empty($value) && !empty($defaultValue)) {
$value = $userIdOrObject;
}
self::$usersParametersCache[$cacheId][$userIdOrObject] = $value;
return $value;
}
public function __wakeup()
{
$this->storage = ConfService::getConfStorageImpl();
if (!is_object($this->personalRole)) {
$this->personalRole = AuthService::getRole("AJXP_USR_/" . $this->getId());
}
$this->recomputeMergedRole();
}
/**
* @param Array $httpVars
* @param Repository $repository
* @param AbstractAccessDriver $accessDriver
* @param null $uniqueUser
* @throws Exception
* @return int|Repository
*/
public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null)
{
// ERRORS
// 100 : missing args
// 101 : repository label already exists
// 102 : user already exists
// 103 : current user is not allowed to share
// SUCCESS
// 200
if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") {
return 100;
}
/*
// FILE IS ALWAYS THE PARENT FOLDER SO WE NOW CHECK FOLDER_SHARING AT A HIGHER LEVEL
$file = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
$foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId());
$foldersharingDisabled = isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable"));
if (is_dir($this->urlBase.$file) && $foldersharingDisabled) {
return 103;
}
*/
$loggedUser = AuthService::getLoggedUser();
$actRights = $loggedUser->mergedRole->listActionsStatesFor($repository);
if (isset($actRights["share"]) && $actRights["share"] === false) {
return 103;
}
$users = array();
$uRights = array();
$uPasses = array();
$groups = array();
$uWatches = array();
$index = 0;
$prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId());
while (isset($httpVars["user_" . $index])) {
$eType = $httpVars["entry_type_" . $index];
$uWatch = false;
$rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : "");
if ($this->watcher !== false) {
$uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false;
}
if (empty($rightString)) {
$index++;
continue;
}
if ($eType == "user") {
$u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS);
if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) {
$index++;
continue;
} else {
if (AuthService::userExists($u, "w") && isset($httpVars["user_pass_" . $index])) {
throw new Exception("User {$u} already exists, please choose another name.");
}
}
if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) {
$u = $prefix . $u;
}
$users[] = $u;
} else {
$u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]);
if (strpos($u, "/AJXP_TEAM/") === 0) {
$confDriver = ConfService::getConfStorageImpl();
if (method_exists($confDriver, "teamIdToUsers")) {
$teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u));
foreach ($teamUsers as $userId) {
$users[] = $userId;
$uRights[$userId] = $rightString;
if ($this->watcher !== false) {
$uWatches[$userId] = $uWatch;
}
}
}
$index++;
continue;
} else {
$groups[] = $u;
}
}
$uRights[$u] = $rightString;
$uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : "";
if ($this->watcher !== false) {
$uWatches[$u] = $uWatch;
}
$index++;
}
$label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML);
$description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML);
if (isset($httpVars["repository_id"])) {
$editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]);
}
// CHECK USER & REPO DOES NOT ALREADY EXISTS
if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) {
$count = 0;
$similarLabelRepos = ConfService::listRepositoriesWithCriteria(array("display" => $label), $count);
if ($count && !isset($editingRepo)) {
return 101;
}
if ($count && isset($editingRepo)) {
foreach ($similarLabelRepos as $slr) {
if ($slr->getUniqueId() != $editingRepo->getUniqueId()) {
return 101;
}
}
}
/*
$repos = ConfService::getRepositoriesList();
foreach ($repos as $obj) {
if ($obj->getDisplay() == $label && (!isSet($editingRepo) || $editingRepo != $obj)) {
}
}
*/
}
$confDriver = ConfService::getConfStorageImpl();
foreach ($users as $userName) {
if (AuthService::userExists($userName)) {
// check that it's a child user
$userObject = $confDriver->createUserObject($userName);
if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) {
return 102;
}
} else {
if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) {
return 102;
}
if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") {
return 100;
}
}
}
// CREATE SHARED OPTIONS
$options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository);
$customData = array();
foreach ($httpVars as $key => $value) {
if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") {
$customData[substr($key, strlen("PLUGINS_DATA_"))] = $value;
}
}
if (count($customData)) {
$options["PLUGINS_DATA"] = $customData;
}
if (isset($editingRepo)) {
$this->getShareStore()->testUserCanEditShare($editingRepo->getOwner());
$newRepo = $editingRepo;
$replace = false;
if ($editingRepo->getDisplay() != $label) {
$newRepo->setDisplay($label);
$replace = true;
}
if ($editingRepo->getDescription() != $description) {
$newRepo->setDescription($description);
$replace = true;
}
if ($replace) {
ConfService::replaceRepository($httpVars["repository_id"], $newRepo);
}
} else {
if ($repository->getOption("META_SOURCES")) {
$options["META_SOURCES"] = $repository->getOption("META_SOURCES");
foreach ($options["META_SOURCES"] as $index => &$data) {
if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) {
$options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString();
}
if ($index == "meta.syncable" && (!isset($data["REPO_SYNCABLE"]) || $data["REPO_SYNCABLE"] === true)) {
$data["REQUIRES_INDEXATION"] = true;
}
}
}
$newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null);
$gPath = $loggedUser->getGroupPath();
if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) {
$newRepo->setGroupPath($gPath);
}
$newRepo->setDescription($description);
$newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]);
if (isset($httpVars["filter_nodes"])) {
$newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"]));
}
ConfService::addRepository($newRepo);
if (!isset($httpVars["minisite"])) {
$this->getShareStore()->storeShare($repository->getId(), array("REPOSITORY" => $newRepo->getUniqueId(), "OWNER_ID" => $loggedUser->getId()), "repository");
}
}
$sel = new UserSelection($this->repository, $httpVars);
$file = $sel->getUniqueFile();
$newRepoUniqueId = $newRepo->getUniqueId();
if (isset($editingRepo)) {
$currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file);
$originalUsers = array_keys($currentRights["USERS"]);
$removeUsers = array_diff($originalUsers, $users);
if (count($removeUsers)) {
foreach ($removeUsers as $user) {
if (AuthService::userExists($user)) {
$userObject = $confDriver->createUserObject($user);
$userObject->personalRole->setAcl($newRepoUniqueId, "");
$userObject->save("superuser");
}
if ($this->watcher !== false) {
$this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $user, true);
}
}
}
$originalGroups = array_keys($currentRights["GROUPS"]);
$removeGroups = array_diff($originalGroups, $groups);
if (count($removeGroups)) {
foreach ($removeGroups as $groupId) {
$role = AuthService::getRole($groupId);
if ($role !== false) {
$role->setAcl($newRepoUniqueId, "");
AuthService::updateRole($role);
}
}
}
}
foreach ($users as $userName) {
if (AuthService::userExists($userName, "r")) {
// check that it's a child user
$userObject = $confDriver->createUserObject($userName);
} else {
if (ConfService::getAuthDriverImpl()->getOptionAsBool("TRANSMIT_CLEAR_PASS")) {
$pass = $uPasses[$userName];
} else {
$pass = md5($uPasses[$userName]);
}
if (!isset($httpVars["minisite"])) {
// This is an explicit user creation - check possible limits
AJXP_Controller::applyHook("user.before_create", array($userName, null, false, false));
$limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, "");
if (!empty($limit) && intval($limit) > 0) {
$count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId()));
if ($count >= $limit) {
$mess = ConfService::getMessages();
throw new Exception($mess['483']);
}
}
}
AuthService::createUser($userName, $pass, false, isset($httpVars["minisite"]));
$userObject = $confDriver->createUserObject($userName);
$userObject->personalRole->clearAcls();
$userObject->setParent($loggedUser->id);
$userObject->setGroupPath($loggedUser->getGroupPath());
$userObject->setProfile("shared");
if (isset($httpVars["minisite"])) {
$mess = ConfService::getMessages();
$userObject->setHidden(true);
$userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . AJXP_Utils::sanitize($newRepo->getDisplay(), AJXP_SANITIZE_EMAILCHARS));
}
AJXP_Controller::applyHook("user.after_create", array($userObject));
}
// CREATE USER WITH NEW REPO RIGHTS
$userObject->personalRole->setAcl($newRepoUniqueId, $uRights[$userName]);
// FORK MASK IF THERE IS ANY
if ($file != "/" && $loggedUser->mergedRole->hasMask($repository->getId())) {
$parentTree = $loggedUser->mergedRole->getMask($repository->getId())->getTree();
// Try to find a branch on the current selection
$parts = explode("/", trim($file, "/"));
while (($next = array_shift($parts)) !== null) {
if (isset($parentTree[$next])) {
$parentTree = $parentTree[$next];
} else {
$parentTree = null;
break;
}
}
if ($parentTree != null) {
$newMask = new AJXP_PermissionMask();
$newMask->updateTree($parentTree);
}
if (isset($newMask)) {
$userObject->personalRole->setMask($newRepoUniqueId, $newMask);
}
}
if (isset($httpVars["minisite"])) {
if (isset($editingRepo)) {
try {
AuthService::deleteRole("AJXP_SHARED-" . $newRepoUniqueId);
} catch (Exception $e) {
}
}
$newRole = new AJXP_Role("AJXP_SHARED-" . $newRepoUniqueId);
$r = AuthService::getRole("MINISITE");
if (is_a($r, "AJXP_Role")) {
if ($httpVars["disable_download"]) {
$f = AuthService::getRole("MINISITE_NODOWNLOAD");
if (is_a($f, "AJXP_Role")) {
$r = $f->override($r);
}
}
$allData = $r->getDataArray();
$newData = $newRole->getDataArray();
if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["ACTIONS"][$newRepoUniqueId] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED];
}
if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["PARAMETERS"][$newRepoUniqueId] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED];
}
$newRole->bunchUpdate($newData);
AuthService::updateRole($newRole);
$userObject->addRole($newRole);
}
}
$userObject->save("superuser");
if ($this->watcher !== false) {
// Register a watch on the current folder for shared user
if ($uWatches[$userName]) {
$this->watcher->setWatchOnFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId()));
} else {
$this->watcher->removeWatchFromFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), $userName, true);
}
}
}
if ($this->watcher !== false) {
// Register a watch on the new repository root for current user
if ($httpVars["self_watch_folder"] == "true") {
$this->watcher->setWatchOnFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH);
} else {
$this->watcher->removeWatchFromFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), AuthService::getLoggedUser()->getId());
}
}
foreach ($groups as $group) {
$r = $uRights[$group];
/*if($group == "AJXP_GRP_/") {
$group = "ROOT_ROLE";
}*/
$grRole = AuthService::getRole($group, true);
$grRole->setAcl($newRepoUniqueId, $r);
AuthService::updateRole($grRole);
}
if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) {
AJXP_Controller::applyHook(isset($editingRepo) ? "node.share.update" : "node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo));
}
return $newRepo;
}
/**
* @param $userObject AbstractAjxpUser
* @param $rolePrefix get all roles with prefix
* @param $includeString get roles in this string
* @param $excludeString eliminate roles in this string
* @param bool $byUserRoles
* @return array
*/
public function getUserRoleList($userObject, $rolePrefix, $includeString, $excludeString, $byUserRoles = false)
{
if ($userObject) {
if ($byUserRoles) {
$allUserRoles = $userObject->getRoles();
} else {
$allUserRoles = AuthService::getRolesList(array(), true);
}
$allRoles = array();
if (isset($allUserRoles)) {
// Exclude
if ($excludeString) {
if (strpos($excludeString, "preg:") !== false) {
$matchFilterExclude = "/" . str_replace("preg:", "", $excludeString) . "/i";
} else {
$valueFiltersExclude = array_map("trim", explode(",", $excludeString));
$valueFiltersExclude = array_map("strtolower", $valueFiltersExclude);
}
}
// Include
if ($includeString) {
if (strpos($includeString, "preg:") !== false) {
$matchFilterInclude = "/" . str_replace("preg:", "", $includeString) . "/i";
} else {
$valueFiltersInclude = array_map("trim", explode(",", $includeString));
$valueFiltersInclude = array_map("strtolower", $valueFiltersInclude);
}
}
foreach ($allUserRoles as $roleId => $role) {
if (!empty($rolePrefix) && strpos($roleId, $rolePrefix) === false) {
continue;
}
if (isset($matchFilterExclude) && preg_match($matchFilterExclude, substr($roleId, strlen($rolePrefix)))) {
continue;
}
if (isset($valueFiltersExclude) && in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersExclude)) {
continue;
}
if (isset($matchFilterInclude) && !preg_match($matchFilterInclude, substr($roleId, strlen($rolePrefix)))) {
continue;
}
if (isset($valueFiltersInclude) && !in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersInclude)) {
continue;
}
if (is_a($role, "AJXP_Role")) {
$roleObject = $role;
} else {
$roleObject = AuthService::getRole($roleId);
}
$label = $roleObject->getLabel();
$label = !empty($label) ? $label : substr($roleId, strlen($rolePrefix));
$allRoles[$roleId] = $label;
}
}
return $allRoles;
}
}
public function updateUserObject(&$userObject)
{
if (!empty($this->separateGroup)) {
$userObject->setGroupPath("/" . $this->separateGroup);
}
// SHOULD BE DEPRECATED
if (!empty($this->customParamsMapping)) {
$checkValues = array_values($this->customParamsMapping);
$prefs = $userObject->getPref("CUSTOM_PARAMS");
if (!is_array($prefs)) {
$prefs = array();
}
// If one value exist, we consider the mapping has already been done.
foreach ($checkValues as $val) {
if (array_key_exists($val, $prefs)) {
return;
}
}
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->customParamsMapping as $key => $value) {
if (isset($entry[$key])) {
$prefs[$value] = $entry[$key][0];
$changes = true;
}
}
}
if ($changes) {
$userObject->setPref("CUSTOM_PARAMS", $prefs);
$userObject->save();
}
}
if (!empty($this->paramsMapping)) {
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->paramsMapping as $params) {
$key = strtolower($params['MAPPING_LDAP_PARAM']);
if (isset($entry[$key])) {
$value = $entry[$key][0];
$memberValues = array();
if ($key == "memberof") {
// get CN from value
foreach ($entry[$key] as $possibleValue) {
$hnParts = array();
$parts = explode(",", ltrim($possibleValue, '/'));
foreach ($parts as $part) {
list($att, $attVal) = explode("=", $part);
if (strtolower($att) == "cn") {
$hnParts[] = $attVal;
}
}
if (count($hnParts)) {
$memberValues[implode(",", $hnParts)] = $possibleValue;
}
}
}
switch ($params['MAPPING_LOCAL_TYPE']) {
case "role_id":
if ($key == "memberof") {
foreach ($memberValues as $uniqValue => $fullDN) {
if (!in_array($uniqValue, array_keys($userObject->getRoles()))) {
$userObject->addRole(AuthService::getRole($uniqValue, true));
$userObject->recomputeMergedRole();
$changes = true;
}
}
}
break;
case "group_path":
if ($key == "memberof") {
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
foreach ($memberValues as $uniqValue => $fullDN) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) {
//break;
}
$humanName = $uniqValue;
$branch = array();
$this->buildGroupBranch($uniqValue, $branch);
$parent = "/";
if (count($branch)) {
$parent = "/" . implode("/", array_reverse($branch));
}
AuthService::createGroup($parent, $fullDN, $humanName);
$userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true);
// Update Roles from groupPath
$b = array_reverse($branch);
$b[] = $fullDN;
for ($i = 1; $i <= count($b); $i++) {
$userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true));
}
$userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN);
$userObject->recomputeMergedRole();
$changes = true;
}
}
break;
case "profile":
if ($userObject->getProfile() != $value) {
$changes = true;
$userObject->setProfile($value);
AuthService::updateAutoApplyRole($userObject);
}
break;
case "plugin_param":
default:
if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) {
list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]);
} else {
$pId = $this->getId();
$param = $params["MAPPING_LOCAL_PARAM"];
}
if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) {
$userObject->personalRole->setParameterValue($pId, $param, $value);
$userObject->recomputeMergedRole();
$changes = true;
}
break;
}
}
}
}
if ($changes) {
$userObject->save("superuser");
}
}
}
<?php
// FORCE bootstrap_repositories copy
if (is_file(AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php" . ".new-" . date("Ymd"))) {
rename(AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php", AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php.pre-update");
rename(AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php" . ".new-" . date("Ymd"), AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php");
}
// Add new repo to root role
$rootRole = AuthService::getRole("AJXP_GRP_/");
$rootRole->setAcl("inbox", "rw");
AuthService::updateRole($rootRole);
protected function actionUnshare($remoteId, $token, $parameters)
{
$token = \AJXP_Utils::sanitize($token, AJXP_SANITIZE_ALPHANUM);
$remoteId = \AJXP_Utils::sanitize($remoteId, AJXP_SANITIZE_ALPHANUM);
$store = new SQLStore();
$remoteShare = $store->remoteShareForOcsRemoteId($remoteId);
if (empty($remoteShare)) {
throw new InvalidArgumentsException();
}
if ($token !== $remoteShare->getOcsToken()) {
throw new InvalidArgumentsException();
}
$targetUser = $remoteShare->getUser();
$store->deleteRemoteShare($remoteShare);
$response = $this->buildResponse("ok", 200, "Successfully removed share.");
$this->sendResponse($response, $this->getFormat($parameters));
$userRole = \AuthService::getRole("AJXP_USR_/" . $targetUser);
if ($userRole !== false) {
// Artificially "touch" user role
// to force repositories reload if he is logged in
\AuthService::updateRole($userRole);
}
}
function ajxp_gluecode_updateRole($loginData, &$userObject)
{
$authPlug = ConfService::getAuthDriverImpl();
if (property_exists($authPlug, "drivers") && is_array($authPlug->drivers) && $authPlug->drivers["remote"]) {
$authPlug = $authPlug->drivers["remote"];
}
$rolesMap = $authPlug->getOption("ROLES_MAP");
if (!isset($rolesMap) || strlen($rolesMap) == 0) {
return;
}
// String like {key:value,key2:value2,key3:value3}
$rolesMap = explode(",", $rolesMap);
$newMap = array();
foreach ($rolesMap as $value) {
$parts = explode(":", trim($value));
$roleId = trim($parts[1]);
$roleObject = AuthService::getRole($roleId);
if ($roleObject != null) {
$newMap[trim($parts[0])] = $roleObject;
$userObject->removeRole($roleId);
}
}
$rolesMap = $newMap;
if (isset($loginData["roles"]) && is_array($loginData["roles"])) {
foreach ($loginData["roles"] as $role) {
if (isset($rolesMap[$role])) {
$userObject->addRole($rolesMap[$role]);
}
}
}
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
parent::accessPreprocess($action, $httpVars, $fileVars);
$loggedUser = AuthService::getLoggedUser();
if (ENABLE_USERS && !$loggedUser->isAdmin()) {
return;
}
if ($action == "edit") {
if (isset($httpVars["sub_action"])) {
$action = $httpVars["sub_action"];
}
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// BASIC LISTING
//------------------------------------
case "ls":
$rootNodes = array("repositories" => array("LABEL" => $mess["ajxp_conf.3"], "ICON" => "folder_red.png"), "users" => array("LABEL" => $mess["ajxp_conf.2"], "ICON" => "yast_kuser.png"), "roles" => array("LABEL" => $mess["ajxp_conf.69"], "ICON" => "user_group_new.png"), "files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png"), "logs" => array("LABEL" => $mess["ajxp_conf.4"], "ICON" => "toggle_log.png"), "diagnostic" => array("LABEL" => $mess["ajxp_conf.5"], "ICON" => "susehelpcenter.png"));
$dir = isset($httpVars["dir"]) ? $httpVars["dir"] : "";
$splits = explode("/", $dir);
if (count($splits)) {
if ($splits[0] == "") {
array_shift($splits);
}
if (count($splits)) {
$strippedDir = strtolower(urldecode($splits[0]));
} else {
$strippedDir = "";
}
}
if (array_key_exists($strippedDir, $rootNodes)) {
AJXP_XMLWriter::header();
if ($strippedDir == "users") {
$this->listUsers();
} else {
if ($strippedDir == "roles") {
$this->listRoles();
} else {
if ($strippedDir == "repositories") {
$this->listRepositories();
} else {
if ($strippedDir == "logs") {
$this->listLogFiles($dir);
} else {
if ($strippedDir == "diagnostic") {
$this->printDiagnostic();
} else {
if ($strippedDir == "files") {
$this->listSharedFiles();
}
}
}
}
}
}
AJXP_XMLWriter::close();
exit(1);
} else {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_conf.1" attributeName="ajxp_label" sortType="String"/></columns>');
foreach ($rootNodes as $key => $data) {
$src = '';
if ($key == "logs") {
$src = 'src="content.php?get_action=ls&dir=' . $key . '"';
}
print '<tree text="' . $data["LABEL"] . '" icon="' . $data["ICON"] . '" filename="/' . $key . '" parentname="/" ' . $src . ' />';
}
AJXP_XMLWriter::close();
exit(1);
}
break;
case "stat":
header("Content-type:application/json");
print '{"mode":true}';
exit(1);
break;
case "create_role":
$roleId = $httpVars["role_id"];
if (AuthService::getRole($roleId) !== false) {
throw new Exception($mess["ajxp_conf.65"]);
}
AuthService::updateRole(new AjxpRole($roleId));
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null);
AJXP_XMLWriter::reloadDataNode("", $httpVars["role_id"]);
AJXP_XMLWriter::close();
break;
case "edit_role":
$roleId = $httpVars["role_id"];
$role = AuthService::getRole($roleId);
AJXP_XMLWriter::header("admin_data");
print AJXP_XMLWriter::writeRoleRepositoriesData($role);
AJXP_XMLWriter::close("admin_data");
break;
case "update_role_right":
if (!isset($httpVars["role_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>";
AJXP_XMLWriter::close();
return;
//exit(1);
}
$role = AuthService::getRole($httpVars["role_id"]);
$role->setRight($httpVars["repository_id"], $httpVars["right"]);
AuthService::updateRole($role);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.64"] . $httpVars["role_id"], null);
print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $role->canRead($httpVars["repository_id"]) . "\" write=\"" . $role->canWrite($httpVars["repository_id"]) . "\"/>";
//AJXP_XMLWriter::reloadRepositoryList();
AJXP_XMLWriter::close();
//exit(1);
break;
case "update_role_actions":
if (!isset($httpVars["role_id"]) || !isset($httpVars["disabled_actions"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
return;
}
$role = AuthService::getRole($httpVars["role_id"]);
$actions = array_map("trim", explode(",", $httpVars["disabled_actions"]));
// Clear and reload actions
foreach ($role->getSpecificActionsRights("ajxp.all") as $actName => $actValue) {
$role->setSpecificActionRight("ajxp.all", $actName, true);
}
foreach ($actions as $action) {
if ($action == "") {
continue;
}
$role->setSpecificActionRight("ajxp.all", $action, false);
}
AuthService::updateRole($role);
AJXP_XMLWriter::header("admin_data");
print AJXP_XMLWriter::writeRoleRepositoriesData($role);
AJXP_XMLWriter::close("admin_data");
break;
case "edit_user":
$confStorage = ConfService::getConfStorageImpl();
$userId = $httpVars["user_id"];
$userObject = $confStorage->createUserObject($userId);
//print_r($userObject);
AJXP_XMLWriter::header("admin_data");
AJXP_XMLWriter::sendUserData($userObject, true);
// Add WALLET DATA : DEFINITIONS AND VALUES
print "<drivers>";
print ConfService::availableDriversToXML("user_param");
print "</drivers>";
$wallet = $userObject->getPref("AJXP_WALLET");
if (is_array($wallet) && count($wallet) > 0) {
print "<user_wallet>";
foreach ($wallet as $repoId => $options) {
foreach ($options as $optName => $optValue) {
print "<wallet_data repo_id=\"{$repoId}\" option_name=\"{$optName}\" option_value=\"{$optValue}\"/>";
}
}
print "</user_wallet>";
}
$editPass = $userId != "guest" ? "1" : "0";
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->passwordsEditable()) {
$editPass = "******";
}
print "<edit_options edit_pass=\"" . $editPass . "\" edit_admin_right=\"" . ($userId != "guest" && $userId != $loggedUser->getId() ? "1" : "0") . "\" edit_delete=\"" . ($userId != "guest" && $userId != $loggedUser->getId() && $authDriver->usersEditable() ? "1" : "0") . "\"/>";
print "<ajxp_roles>";
foreach (AuthService::getRolesList() as $roleId => $roleObject) {
print "<role id=\"{$roleId}\"/>";
}
print "</ajxp_roles>";
AJXP_XMLWriter::close("admin_data");
exit(1);
break;
case "create_user":
if (!isset($httpVars["new_user_login"]) || $httpVars["new_user_login"] == "" || !isset($httpVars["new_user_pwd"]) || $httpVars["new_user_pwd"] == "") {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
exit(1);
}
$forbidden = array("guest", "share");
if (AuthService::userExists($httpVars["new_user_login"]) || in_array($httpVars["new_user_login"], $forbidden)) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.43"]);
AJXP_XMLWriter::close();
exit(1);
}
if (get_magic_quotes_gpc()) {
$httpVars["new_user_login"] = stripslashes($httpVars["new_user_login"]);
}
$httpVars["new_user_login"] = str_replace("'", "", $httpVars["new_user_login"]);
$confStorage = ConfService::getConfStorageImpl();
$newUser = $confStorage->createUserObject($httpVars["new_user_login"]);
$newUser->save();
AuthService::createUser($httpVars["new_user_login"], $httpVars["new_user_pwd"]);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.44"], null);
AJXP_XMLWriter::reloadFileList($httpVars["new_user_login"]);
AJXP_XMLWriter::close();
exit(1);
break;
case "change_admin_right":
$userId = $httpVars["user_id"];
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($userId);
$user->setAdmin($httpVars["right_value"] == "1" ? true : false);
$user->save();
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.45"] . $httpVars["user_id"], null);
AJXP_XMLWriter::reloadFileList(false);
AJXP_XMLWriter::close();
exit(1);
break;
case "update_user_right":
if (!isset($httpVars["user_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"]) || !AuthService::userExists($httpVars["user_id"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>";
AJXP_XMLWriter::close();
exit(1);
}
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($httpVars["user_id"]);
$user->setRight($httpVars["repository_id"], $httpVars["right"]);
$user->save();
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser->getId() == $user->getId()) {
AuthService::updateUser($user);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.46"] . $httpVars["user_id"], null);
print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $user->canRead($httpVars["repository_id"]) . "\" write=\"" . $user->canWrite($httpVars["repository_id"]) . "\"/>";
AJXP_XMLWriter::reloadRepositoryList();
AJXP_XMLWriter::close();
return;
break;
case "user_add_role":
case "user_delete_role":
if (!isset($httpVars["user_id"]) || !isset($httpVars["role_id"]) || !AuthService::userExists($httpVars["user_id"])) {
throw new Exception($mess["ajxp_conf.61"]);
}
if ($action == "user_add_role") {
$act = "add";
$messId = "73";
} else {
$act = "remove";
$messId = "74";
}
$this->updateUserRole($httpVars["user_id"], $httpVars["role_id"], $act);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf." . $messId] . $httpVars["user_id"], null);
AJXP_XMLWriter::close();
return;
break;
case "batch_users_roles":
$confStorage = ConfService::getConfStorageImpl();
$selection = new UserSelection();
$selection->initFromHttpVars($httpVars);
$files = $selection->getFiles();
$detectedRoles = array();
if (isset($httpVars["role_id"]) && isset($httpVars["update_role_action"])) {
$update = $httpVars["update_role_action"];
$roleId = $httpVars["role_id"];
}
foreach ($files as $index => $file) {
$userId = basename($file);
if (isset($update)) {
$userObject = $this->updateUserRole($userId, $roleId, $update);
} else {
$userObject = $confStorage->createUserObject($userId);
}
if ($userObject->hasParent()) {
unset($files[$index]);
continue;
}
$userRoles = $userObject->getRoles();
foreach ($userRoles as $roleIndex => $bool) {
if (!isset($detectedRoles[$roleIndex])) {
$detectedRoles[$roleIndex] = 0;
}
if ($bool === true) {
$detectedRoles[$roleIndex]++;
}
}
}
$count = count($files);
AJXP_XMLWriter::header("admin_data");
print "<user><ajxp_roles>";
foreach ($detectedRoles as $roleId => $roleCount) {
if ($roleCount < $count) {
continue;
}
print "<role id=\"{$roleId}\"/>";
}
print "</ajxp_roles></user>";
print "<ajxp_roles>";
foreach (AuthService::getRolesList() as $roleId => $roleObject) {
print "<role id=\"{$roleId}\"/>";
}
print "</ajxp_roles>";
AJXP_XMLWriter::close("admin_data");
break;
case "save_repository_user_params":
$userId = $httpVars["user_id"];
if ($userId == $loggedUser->getId()) {
$user = $loggedUser;
} else {
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($userId);
}
$wallet = $user->getPref("AJXP_WALLET");
if (!is_array($wallet)) {
$wallet = array();
}
$repoID = $httpVars["repository_id"];
if (!array_key_exists($repoID, $wallet)) {
$wallet[$repoID] = array();
}
$options = $wallet[$repoID];
$this->parseParameters($httpVars, $options, $userId);
$wallet[$repoID] = $options;
$user->setPref("AJXP_WALLET", $wallet);
$user->save();
if ($loggedUser->getId() == $user->getId()) {
AuthService::updateUser($user);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.47"] . $httpVars["user_id"], null);
AJXP_XMLWriter::close();
exit(1);
break;
case "update_user_pwd":
if (!isset($httpVars["user_id"]) || !isset($httpVars["user_pwd"]) || !AuthService::userExists($httpVars["user_id"]) || trim($httpVars["user_pwd"]) == "") {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
exit(1);
}
$res = AuthService::updatePassword($httpVars["user_id"], $httpVars["user_pwd"]);
AJXP_XMLWriter::header();
if ($res === true) {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.48"] . $httpVars["user_id"], null);
} else {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.49"] . " : {$res}");
}
AJXP_XMLWriter::close();
exit(1);
break;
case "get_drivers_definition":
AJXP_XMLWriter::header("drivers");
print ConfService::availableDriversToXML("param");
AJXP_XMLWriter::close("drivers");
exit(1);
break;
case "create_repository":
$options = array();
$repDef = $httpVars;
unset($repDef["get_action"]);
$this->parseParameters($repDef, $options);
if (count($options)) {
$repDef["DRIVER_OPTIONS"] = $options;
}
// NOW SAVE THIS REPOSITORY!
$newRep = ConfService::createRepositoryFromArray(0, $repDef);
if (is_file(INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $newRep->getAccessType() . ".php")) {
chdir(INSTALL_PATH . "/server/tests/plugins");
include INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $newRep->getAccessType() . ".php";
$className = "ajxp_" . $newRep->getAccessType();
$class = new $className();
$result = $class->doRepositoryTest($newRep);
if (!$result) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $class->failedInfo);
AJXP_XMLWriter::close();
exit(1);
}
}
if ($this->repositoryExists($newRep->getDisplay())) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]);
AJXP_XMLWriter::close();
exit(1);
}
$res = ConfService::addRepository($newRep);
AJXP_XMLWriter::header();
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]);
} else {
$confStorage = ConfService::getConfStorageImpl();
$loggedUser = AuthService::getLoggedUser();
$loggedUser->setRight($newRep->getUniqueId(), "rw");
$loggedUser->save();
AuthService::updateUser($loggedUser);
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.52"], null);
AJXP_XMLWriter::reloadFileList($newRep->getDisplay());
AJXP_XMLWriter::reloadRepositoryList();
}
AJXP_XMLWriter::close();
exit(1);
break;
case "edit_repository":
$repId = $httpVars["repository_id"];
$repList = ConfService::getRootDirsList();
//print_r($repList);
AJXP_XMLWriter::header("admin_data");
if (!isset($repList[$repId])) {
AJXP_XMLWriter::close("admin_data");
exit(1);
}
$repository = $repList[$repId];
$nested = array();
print "<repository index=\"{$repId}\"";
foreach ($repository as $name => $option) {
if (!is_array($option)) {
if (is_bool($option)) {
$option = $option ? "true" : "false";
}
print " {$name}=\"" . SystemTextEncoding::toUTF8(AJXP_Utils::xmlEntities($option)) . "\" ";
} else {
if (is_array($option)) {
$nested[] = $option;
}
}
}
if (count($nested)) {
print ">";
foreach ($nested as $option) {
foreach ($option as $key => $optValue) {
if (is_array($optValue) && count($optValue)) {
print "<param name=\"{$key}\"><![CDATA[" . json_encode($optValue) . "]]></param>";
} else {
if (is_bool($optValue)) {
$optValue = $optValue ? "true" : "false";
}
print "<param name=\"{$key}\" value=\"{$optValue}\"/>";
}
}
}
print "</repository>";
} else {
print "/>";
}
$pServ = AJXP_PluginsService::getInstance();
$plug = $pServ->getPluginById("access." . $repository->accessType);
$manifest = $plug->getManifestRawContent("server_settings/param");
print "<ajxpdriver name=\"" . $repository->accessType . "\">{$manifest}</ajxpdriver>";
print "<metasources>";
$metas = $pServ->getPluginsByType("meta");
foreach ($metas as $metaPlug) {
print "<meta id=\"" . $metaPlug->getId() . "\">";
$manifest = $metaPlug->getManifestRawContent("server_settings/param");
print $manifest;
print "</meta>";
}
print "</metasources>";
AJXP_XMLWriter::close("admin_data");
exit(1);
break;
case "edit_repository_label":
case "edit_repository_data":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
$res = 0;
if (isset($httpVars["newLabel"])) {
$newLabel = SystemTextEncoding::fromPostedFileName($httpVars["newLabel"]);
if ($this->repositoryExists($newLabel)) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]);
AJXP_XMLWriter::close();
exit(1);
}
$repo->setDisplay($newLabel);
$res = ConfService::replaceRepository($repId, $repo);
} else {
$options = array();
$this->parseParameters($httpVars, $options);
if (count($options)) {
foreach ($options as $key => $value) {
$repo->addOption($key, $value);
}
}
if (is_file(INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $repo->getAccessType() . ".php")) {
chdir(INSTALL_PATH . "/server/tests/plugins");
include INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $repo->getAccessType() . ".php";
$className = "ajxp_" . $repo->getAccessType();
$class = new $className();
$result = $class->doRepositoryTest($repo);
if (!$result) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $class->failedInfo);
AJXP_XMLWriter::close();
exit(1);
}
}
ConfService::replaceRepository($repId, $repo);
}
AJXP_XMLWriter::header();
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.53"]);
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.54"], null);
AJXP_XMLWriter::reloadDataNode("", isset($httpVars["newLabel"]) ? SystemTextEncoding::fromPostedFileName($httpVars["newLabel"]) : false);
AJXP_XMLWriter::reloadRepositoryList();
}
AJXP_XMLWriter::close();
exit(1);
case "add_meta_source":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
$metaSourceType = $httpVars["new_meta_source"];
$options = array();
$this->parseParameters($httpVars, $options);
$repoOptions = $repo->getOption("META_SOURCES");
if (is_array($repoOptions) && isset($repoOptions[$metaSourceType])) {
throw new Exception($mess["ajxp_conf.55"]);
}
if (!is_array($repoOptions)) {
$repoOptions = array();
}
$repoOptions[$metaSourceType] = $options;
$repo->addOption("META_SOURCES", $repoOptions);
ConfService::replaceRepository($repId, $repo);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.56"], null);
AJXP_XMLWriter::close();
break;
case "delete_meta_source":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
$metaSourceId = $httpVars["plugId"];
$repoOptions = $repo->getOption("META_SOURCES");
if (is_array($repoOptions) && array_key_exists($metaSourceId, $repoOptions)) {
unset($repoOptions[$metaSourceId]);
$repo->addOption("META_SOURCES", $repoOptions);
ConfService::replaceRepository($repId, $repo);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.57"], null);
AJXP_XMLWriter::close();
break;
case "edit_meta_source":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
$metaSourceId = $httpVars["plugId"];
$options = array();
$this->parseParameters($httpVars, $options);
$repoOptions = $repo->getOption("META_SOURCES");
if (!is_array($repoOptions)) {
$repoOptions = array();
}
$repoOptions[$metaSourceId] = $options;
$repo->addOption("META_SOURCES", $repoOptions);
ConfService::replaceRepository($repId, $repo);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.58"], null);
AJXP_XMLWriter::close();
break;
case "delete":
if (isset($httpVars["repository_id"])) {
$repId = $httpVars["repository_id"];
//if(get_magic_quotes_gpc()) $repLabel = stripslashes($repLabel);
$res = ConfService::deleteRepository($repId);
AJXP_XMLWriter::header();
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]);
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.59"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::reloadRepositoryList();
}
AJXP_XMLWriter::close();
exit(1);
} else {
if (isset($httpVars["shared_file"])) {
AJXP_XMLWriter::header();
$element = basename($httpVars["shared_file"]);
$publicletData = $this->loadPublicletData(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php");
unlink(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php");
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.13"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
} else {
if (isset($httpVars["role_id"])) {
$roleId = $httpVars["role_id"];
if (AuthService::getRole($roleId) === false) {
throw new Exception($mess["ajxp_conf.67"]);
}
AuthService::deleteRole($roleId);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
} else {
$forbidden = array("guest", "share");
if (!isset($httpVars["user_id"]) || $httpVars["user_id"] == "" || in_array($httpVars["user_id"], $forbidden) || $loggedUser->getId() == $httpVars["user_id"]) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
exit(1);
}
$res = AuthService::deleteUser($httpVars["user_id"]);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.60"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
exit(1);
}
}
}
break;
case "clear_expired":
$deleted = $this->clearExpiredFiles();
AJXP_XMLWriter::header();
if (count($deleted)) {
AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null);
AJXP_XMLWriter::reloadDataNode();
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null);
}
AJXP_XMLWriter::close();
break;
default:
break;
}
return;
}
public function updateUserRole($userId, $roleId, $addOrRemove, $updateSubUsers = false)
{
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($userId);
if (!AuthService::canAdministrate($user)) {
throw new Exception("Cannot update user data for " . $userId);
}
if ($addOrRemove == "add") {
$roleObject = AuthService::getRole($roleId);
$user->addRole($roleObject);
} else {
$user->removeRole($roleId);
}
$user->save("superuser");
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser->getId() == $user->getId()) {
AuthService::updateUser($user);
}
return $user;
}
/**
* @param AbstractAjxpUser $userObject
*/
public function updateUserObject(&$userObject)
{
$applyRole = $this->getOption("AUTO_APPLY_ROLE");
if (!empty($applyRole)) {
$rObject = AuthService::getRole($applyRole, true);
$userObject->addRole($rObject);
$userObject->save("superuser");
}
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
parent::accessPreprocess($action, $httpVars, $fileVars);
$loggedUser = AuthService::getLoggedUser();
if (AuthService::usersEnabled() && !$loggedUser->isAdmin()) {
return;
}
if ($action == "edit") {
if (isset($httpVars["sub_action"])) {
$action = $httpVars["sub_action"];
}
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// BASIC LISTING
//------------------------------------
case "ls":
$rootNodes = array("data" => array("LABEL" => $mess["ajxp_conf.110"], "ICON" => "user.png", "CHILDREN" => array("repositories" => array("LABEL" => $mess["ajxp_conf.3"], "ICON" => "hdd_external_unmount.png", "LIST" => "listRepositories"), "users" => array("LABEL" => $mess["ajxp_conf.2"], "ICON" => "user.png", "LIST" => "listUsers"), "roles" => array("LABEL" => $mess["ajxp_conf.69"], "ICON" => "yast_kuser.png", "LIST" => "listRoles"))), "config" => array("LABEL" => $mess["ajxp_conf.109"], "ICON" => "preferences_desktop.png", "CHILDREN" => array("core" => array("LABEL" => $mess["ajxp_conf.98"], "ICON" => "preferences_desktop.png", "LIST" => "listPlugins"), "plugins" => array("LABEL" => $mess["ajxp_conf.99"], "ICON" => "folder_development.png", "LIST" => "listPlugins"))), "admin" => array("LABEL" => $mess["ajxp_conf.111"], "ICON" => "toggle_log.png", "CHILDREN" => array("logs" => array("LABEL" => $mess["ajxp_conf.4"], "ICON" => "toggle_log.png", "LIST" => "listLogFiles"), "files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png", "LIST" => "listSharedFiles"), "diagnostic" => array("LABEL" => $mess["ajxp_conf.5"], "ICON" => "susehelpcenter.png", "LIST" => "printDiagnostic"))));
AJXP_Controller::applyHook("ajxp_conf.list_config_nodes", array(&$rootNodes));
$dir = trim(AJXP_Utils::decodeSecureMagic(isset($httpVars["dir"]) ? $httpVars["dir"] : ""), " /");
if ($dir != "") {
$splits = explode("/", $dir);
$root = array_shift($splits);
if (count($splits)) {
$child = $splits[0];
if (strstr(urldecode($child), "#") !== false) {
list($child, $hash) = explode("#", urldecode($child));
}
if (isset($rootNodes[$root]["CHILDREN"][$child])) {
$callback = $rootNodes[$root]["CHILDREN"][$child]["LIST"];
if (is_string($callback) && method_exists($this, $callback)) {
AJXP_XMLWriter::header();
call_user_func(array($this, $callback), implode("/", $splits), $root, $hash);
AJXP_XMLWriter::close();
} else {
if (is_array($callback)) {
call_user_func($callback, implode("/", $splits), $root, $hash);
}
}
return;
}
} else {
$parentName = "/" . $root . "/";
$nodes = $rootNodes[$root]["CHILDREN"];
}
} else {
$parentName = "/";
$nodes = $rootNodes;
}
if (isset($nodes)) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_conf.1" attributeName="ajxp_label" sortType="String"/></columns>');
foreach ($nodes as $key => $data) {
print '<tree text="' . AJXP_Utils::xmlEntities($data["LABEL"]) . '" icon="' . $data["ICON"] . '" filename="' . $parentName . $key . '"/>';
}
AJXP_XMLWriter::close();
}
break;
case "stat":
header("Content-type:application/json");
print '{"mode":true}';
return;
break;
case "create_role":
$roleId = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["role_id"]), AJXP_SANITIZE_HTML_STRICT);
if (!strlen($roleId)) {
throw new Exception($mess[349]);
}
if (AuthService::getRole($roleId) !== false) {
throw new Exception($mess["ajxp_conf.65"]);
}
AuthService::updateRole(new AjxpRole($roleId));
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null);
AJXP_XMLWriter::reloadDataNode("", $httpVars["role_id"]);
AJXP_XMLWriter::close();
break;
case "edit_role":
$roleId = SystemTextEncoding::magicDequote($httpVars["role_id"]);
$role = AuthService::getRole($roleId);
if ($role === false) {
throw new Exception("Cant find role! ");
}
AJXP_XMLWriter::header("admin_data");
print AJXP_XMLWriter::writeRoleRepositoriesData($role);
AJXP_XMLWriter::close("admin_data");
break;
case "update_role_right":
if (!isset($httpVars["role_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>";
AJXP_XMLWriter::close();
return;
}
$role = AuthService::getRole($httpVars["role_id"]);
if ($role === false) {
throw new Exception("Cant find role!");
}
$role->setRight($httpVars["repository_id"], $httpVars["right"]);
AuthService::updateRole($role);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.64"] . $httpVars["role_id"], null);
print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $role->canRead($httpVars["repository_id"]) . "\" write=\"" . $role->canWrite($httpVars["repository_id"]) . "\"/>";
//AJXP_XMLWriter::reloadRepositoryList();
AJXP_XMLWriter::close();
break;
case "update_role_actions":
if (!isset($httpVars["role_id"]) || !isset($httpVars["disabled_actions"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
return;
}
$role = AuthService::getRole($httpVars["role_id"]);
if ($role === false) {
throw new Exception("Cant find role!");
}
$actions = explode(",", $httpVars["disabled_actions"]);
// Clear and reload actions
foreach ($role->getSpecificActionsRights("ajxp.all") as $actName => $actValue) {
$role->setSpecificActionRight("ajxp.all", $actName, true);
}
foreach ($actions as $action) {
if (($action = AJXP_Utils::sanitize($action, AJXP_SANITIZE_ALPHANUM)) == "") {
continue;
}
$role->setSpecificActionRight("ajxp.all", $action, false);
}
AuthService::updateRole($role);
AJXP_XMLWriter::header("admin_data");
print AJXP_XMLWriter::writeRoleRepositoriesData($role);
AJXP_XMLWriter::close("admin_data");
break;
case "update_role_default":
if (!isset($httpVars["role_id"]) || !isset($httpVars["default_value"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
return;
}
$role = AuthService::getRole($httpVars["role_id"]);
if ($role === false) {
throw new Exception("Cannot find role!");
}
$role->setDefault($httpVars["default_value"] == "true");
AuthService::updateRole($role);
AJXP_XMLWriter::header("admin_data");
print AJXP_XMLWriter::writeRoleRepositoriesData($role);
AJXP_XMLWriter::close("admin_data");
break;
case "get_custom_params":
$confStorage = ConfService::getConfStorageImpl();
AJXP_XMLWriter::header("admin_data");
$confDriver = ConfService::getConfStorageImpl();
$customData = $confDriver->options['CUSTOM_DATA'];
if (is_array($customData) && count($customData) > 0) {
print "<custom_data>";
foreach ($customData as $custName => $custValue) {
print "<param name=\"{$custName}\" type=\"string\" label=\"{$custValue}\" description=\"\" value=\"\"/>";
}
print "</custom_data>";
}
AJXP_XMLWriter::close("admin_data");
break;
case "edit_user":
$confStorage = ConfService::getConfStorageImpl();
$userId = $httpVars["user_id"];
if (!AuthService::userExists($userId)) {
throw new Exception("Invalid user id!");
}
$userObject = $confStorage->createUserObject($userId);
//print_r($userObject);
AJXP_XMLWriter::header("admin_data");
AJXP_XMLWriter::sendUserData($userObject, true);
// Add CUSTOM USER DATA
$confDriver = ConfService::getConfStorageImpl();
$customData = $confDriver->options['CUSTOM_DATA'];
if (is_array($customData) && count($customData) > 0) {
$userCustom = $userObject->getPref("CUSTOM_PARAMS");
print "<custom_data>";
foreach ($customData as $custName => $custValue) {
$value = isset($userCustom[$custName]) ? $userCustom[$custName] : '';
print "<param name=\"{$custName}\" type=\"string\" label=\"{$custValue}\" description=\"\" value=\"{$value}\"/>";
}
print "</custom_data>";
}
// Add WALLET DATA : DEFINITIONS AND VALUES
print "<drivers>";
print AJXP_XMLWriter::replaceAjxpXmlKeywords(ConfService::availableDriversToXML("user_param"));
print "</drivers>";
$wallet = $userObject->getPref("AJXP_WALLET");
if (is_array($wallet) && count($wallet) > 0) {
print "<user_wallet>";
foreach ($wallet as $repoId => $options) {
foreach ($options as $optName => $optValue) {
print "<wallet_data repo_id=\"{$repoId}\" option_name=\"{$optName}\" option_value=\"{$optValue}\"/>";
}
}
print "</user_wallet>";
}
$editPass = $userId != "guest" ? "1" : "0";
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->passwordsEditable()) {
$editPass = "******";
}
print "<edit_options edit_pass=\"" . $editPass . "\" edit_admin_right=\"" . ($userId != "guest" && $userId != $loggedUser->getId() ? "1" : "0") . "\" edit_delete=\"" . ($userId != "guest" && $userId != $loggedUser->getId() && $authDriver->usersEditable() ? "1" : "0") . "\"/>";
print "<ajxp_roles>";
foreach (AuthService::getRolesList() as $roleId => $roleObject) {
print "<role id=\"" . AJXP_Utils::xmlEntities($roleId) . "\"/>";
}
print "</ajxp_roles>";
AJXP_XMLWriter::close("admin_data");
break;
case "create_user":
if (!isset($httpVars["new_user_login"]) || $httpVars["new_user_login"] == "" || !isset($httpVars["new_user_pwd"]) || $httpVars["new_user_pwd"] == "") {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
return;
}
$new_user_login = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["new_user_login"]), AJXP_SANITIZE_EMAILCHARS);
if (AuthService::userExists($new_user_login) || AuthService::isReservedUserId($new_user_login)) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.43"]);
AJXP_XMLWriter::close();
return;
}
$confStorage = ConfService::getConfStorageImpl();
$newUser = $confStorage->createUserObject($new_user_login);
$customData = array();
$this->parseParameters($httpVars, $customData);
if (is_array($customData) && count($customData) > 0) {
$newUser->setPref("CUSTOM_PARAMS", $customData);
}
$newUser->save("superuser");
AuthService::createUser($new_user_login, $httpVars["new_user_pwd"]);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.44"], null);
AJXP_XMLWriter::reloadDataNode("", $new_user_login);
AJXP_XMLWriter::close();
break;
case "change_admin_right":
$userId = $httpVars["user_id"];
if (!AuthService::userExists($userId)) {
throw new Exception("Invalid user id!");
}
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($userId);
$user->setAdmin($httpVars["right_value"] == "1" ? true : false);
$user->save("superuser");
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.45"] . $httpVars["user_id"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
case "update_user_right":
if (!isset($httpVars["user_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"]) || !AuthService::userExists($httpVars["user_id"])) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>";
AJXP_XMLWriter::close();
return;
}
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($httpVars["user_id"]);
$user->setRight(AJXP_Utils::sanitize($httpVars["repository_id"], AJXP_SANITIZE_ALPHANUM), AJXP_Utils::sanitize($httpVars["right"], AJXP_SANITIZE_ALPHANUM));
$user->save();
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser->getId() == $user->getId()) {
AuthService::updateUser($user);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.46"] . $httpVars["user_id"], null);
print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $user->canRead($httpVars["repository_id"]) . "\" write=\"" . $user->canWrite($httpVars["repository_id"]) . "\"/>";
AJXP_XMLWriter::reloadRepositoryList();
AJXP_XMLWriter::close();
return;
break;
case "user_add_role":
case "user_delete_role":
if (!isset($httpVars["user_id"]) || !isset($httpVars["role_id"]) || !AuthService::userExists($httpVars["user_id"]) || !AuthService::getRole($httpVars["role_id"])) {
throw new Exception($mess["ajxp_conf.61"]);
}
if ($action == "user_add_role") {
$act = "add";
$messId = "73";
} else {
$act = "remove";
$messId = "74";
}
$this->updateUserRole($httpVars["user_id"], $httpVars["role_id"], $act);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf." . $messId] . $httpVars["user_id"], null);
AJXP_XMLWriter::close();
return;
break;
case "batch_users_roles":
$confStorage = ConfService::getConfStorageImpl();
$selection = new UserSelection();
$selection->initFromHttpVars($httpVars);
$files = $selection->getFiles();
$detectedRoles = array();
if (isset($httpVars["role_id"]) && isset($httpVars["update_role_action"])) {
$update = $httpVars["update_role_action"];
$roleId = $httpVars["role_id"];
if (AuthService::getRole($roleId) === false) {
throw new Exception("Invalid role id");
}
}
foreach ($files as $index => $file) {
$userId = basename($file);
if (isset($update)) {
$userObject = $this->updateUserRole($userId, $roleId, $update);
} else {
$userObject = $confStorage->createUserObject($userId);
}
if ($userObject->hasParent()) {
unset($files[$index]);
continue;
}
$userRoles = $userObject->getRoles();
foreach ($userRoles as $roleIndex => $bool) {
if (!isset($detectedRoles[$roleIndex])) {
$detectedRoles[$roleIndex] = 0;
}
if ($bool === true) {
$detectedRoles[$roleIndex]++;
}
}
}
$count = count($files);
AJXP_XMLWriter::header("admin_data");
print "<user><ajxp_roles>";
foreach ($detectedRoles as $roleId => $roleCount) {
if ($roleCount < $count) {
continue;
}
print "<role id=\"{$roleId}\"/>";
}
print "</ajxp_roles></user>";
print "<ajxp_roles>";
foreach (AuthService::getRolesList() as $roleId => $roleObject) {
print "<role id=\"{$roleId}\"/>";
}
print "</ajxp_roles>";
AJXP_XMLWriter::close("admin_data");
break;
case "save_custom_user_params":
$userId = $httpVars["user_id"];
if ($userId == $loggedUser->getId()) {
$user = $loggedUser;
} else {
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($userId);
}
$custom = $user->getPref("CUSTOM_PARAMS");
if (!is_array($custom)) {
$custom = array();
}
$options = $custom;
$this->parseParameters($httpVars, $options, $userId);
$custom = $options;
$user->setPref("CUSTOM_PARAMS", $custom);
$user->save();
if ($loggedUser->getId() == $user->getId()) {
AuthService::updateUser($user);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.47"] . $httpVars["user_id"], null);
AJXP_XMLWriter::close();
break;
case "save_repository_user_params":
$userId = $httpVars["user_id"];
if ($userId == $loggedUser->getId()) {
$user = $loggedUser;
} else {
$confStorage = ConfService::getConfStorageImpl();
$user = $confStorage->createUserObject($userId);
}
$wallet = $user->getPref("AJXP_WALLET");
if (!is_array($wallet)) {
$wallet = array();
}
$repoID = $httpVars["repository_id"];
if (!array_key_exists($repoID, $wallet)) {
$wallet[$repoID] = array();
}
$options = $wallet[$repoID];
$this->parseParameters($httpVars, $options, $userId);
$wallet[$repoID] = $options;
$user->setPref("AJXP_WALLET", $wallet);
$user->save();
if ($loggedUser->getId() == $user->getId()) {
AuthService::updateUser($user);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.47"] . $httpVars["user_id"], null);
AJXP_XMLWriter::close();
break;
case "update_user_pwd":
if (!isset($httpVars["user_id"]) || !isset($httpVars["user_pwd"]) || !AuthService::userExists($httpVars["user_id"]) || trim($httpVars["user_pwd"]) == "") {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
return;
}
$res = AuthService::updatePassword($httpVars["user_id"], $httpVars["user_pwd"]);
AJXP_XMLWriter::header();
if ($res === true) {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.48"] . $httpVars["user_id"], null);
} else {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.49"] . " : {$res}");
}
AJXP_XMLWriter::close();
break;
case "save_user_preference":
if (!isset($httpVars["user_id"]) || !AuthService::userExists($httpVars["user_id"])) {
throw new Exception($mess["ajxp_conf.61"]);
}
$userId = $httpVars["user_id"];
if ($userId == $loggedUser->getId()) {
$userObject = $loggedUser;
} else {
$confStorage = ConfService::getConfStorageImpl();
$userObject = $confStorage->createUserObject($userId);
}
$i = 0;
while (isset($httpVars["pref_name_" . $i]) && isset($httpVars["pref_value_" . $i])) {
$prefName = AJXP_Utils::sanitize($httpVars["pref_name_" . $i], AJXP_SANITIZE_ALPHANUM);
$prefValue = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["pref_value_" . $i]));
if ($prefName == "password") {
continue;
}
if ($prefName != "pending_folder" && $userObject == null) {
$i++;
continue;
}
$userObject->setPref($prefName, $prefValue);
$userObject->save("user");
$i++;
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage("Succesfully saved user preference", null);
AJXP_XMLWriter::close();
break;
case "get_drivers_definition":
AJXP_XMLWriter::header("drivers");
print AJXP_XMLWriter::replaceAjxpXmlKeywords(ConfService::availableDriversToXML("param", "", true));
AJXP_XMLWriter::close("drivers");
break;
case "get_templates_definition":
AJXP_XMLWriter::header("repository_templates");
$repositories = ConfService::getRepositoriesList();
foreach ($repositories as $repo) {
if (!$repo->isTemplate) {
continue;
}
$repoId = $repo->getUniqueId();
$repoLabel = $repo->getDisplay();
$repoType = $repo->getAccessType();
print "<template repository_id=\"{$repoId}\" repository_label=\"{$repoLabel}\" repository_type=\"{$repoType}\">";
foreach ($repo->getOptionsDefined() as $optionName) {
print "<option name=\"{$optionName}\"/>";
}
print "</template>";
}
AJXP_XMLWriter::close("repository_templates");
break;
case "create_repository":
$options = array();
$repDef = $httpVars;
$isTemplate = isset($httpVars["sf_checkboxes_active"]);
unset($repDef["get_action"]);
unset($repDef["sf_checkboxes_active"]);
$this->parseParameters($repDef, $options);
if (count($options)) {
$repDef["DRIVER_OPTIONS"] = $options;
}
if (strstr($repDef["DRIVER"], "ajxp_template_") !== false) {
$templateId = substr($repDef["DRIVER"], 14);
$templateRepo = ConfService::getRepositoryById($templateId);
$newRep = $templateRepo->createTemplateChild($repDef["DISPLAY"], $repDef["DRIVER_OPTIONS"]);
} else {
$pServ = AJXP_PluginsService::getInstance();
$driver = $pServ->getPluginByTypeName("access", $repDef["DRIVER"]);
$newRep = ConfService::createRepositoryFromArray(0, $repDef);
$testFile = $driver->getBaseDir() . "/test." . $newRep->getAccessType() . "Access.php";
if (!$isTemplate && is_file($testFile)) {
//chdir(AJXP_TESTS_FOLDER."/plugins");
include $testFile;
$className = $newRep->getAccessType() . "AccessTest";
$class = new $className();
$result = $class->doRepositoryTest($newRep);
if (!$result) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $class->failedInfo);
AJXP_XMLWriter::close();
return;
}
}
// Apply default metasource if any
if ($driver != null && $driver->getConfigs() != null) {
$confs = $driver->getConfigs();
if (!empty($confs["DEFAULT_METASOURCES"])) {
$metaIds = AJXP_Utils::parseCSL($confs["DEFAULT_METASOURCES"]);
$metaSourceOptions = array();
foreach ($metaIds as $metaID) {
$metaPlug = $pServ->getPluginById($metaID);
if ($metaPlug == null) {
continue;
}
$pNodes = $metaPlug->getManifestRawContent("//param[@default]", "nodes");
$defaultParams = array();
foreach ($pNodes as $domNode) {
$defaultParams[$domNode->getAttribute("name")] = $domNode->getAttribute("default");
}
$metaSourceOptions[$metaID] = $defaultParams;
}
$newRep->addOption("META_SOURCES", $metaSourceOptions);
}
}
}
if ($this->repositoryExists($newRep->getDisplay())) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]);
AJXP_XMLWriter::close();
return;
}
if ($isTemplate) {
$newRep->isTemplate = true;
}
$res = ConfService::addRepository($newRep);
AJXP_XMLWriter::header();
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]);
} else {
$loggedUser = AuthService::getLoggedUser();
$loggedUser->setRight($newRep->getUniqueId(), "rw");
$loggedUser->save("superuser");
AuthService::updateUser($loggedUser);
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.52"], null);
AJXP_XMLWriter::reloadDataNode("", $newRep->getUniqueId());
AJXP_XMLWriter::reloadRepositoryList();
}
AJXP_XMLWriter::close();
break;
case "edit_repository":
$repId = $httpVars["repository_id"];
$repList = ConfService::getRootDirsList();
//print_r($repList);
if (!isset($repList[$repId])) {
throw new Exception("Cannot find repository with id {$repId}");
}
$repository = $repList[$repId];
$pServ = AJXP_PluginsService::getInstance();
$plug = $pServ->getPluginById("access." . $repository->accessType);
if ($plug == null) {
throw new Exception("Cannot find access driver (" . $repository->accessType . ") for repository!");
}
AJXP_XMLWriter::header("admin_data");
$slug = $repository->getSlug();
if ($slug == "" && $repository->isWriteable()) {
$repository->setSlug();
ConfService::replaceRepository($repId, $repository);
}
$nested = array();
print "<repository index=\"{$repId}\"";
foreach ($repository as $name => $option) {
if (strstr($name, " ") > -1) {
continue;
}
if (!is_array($option)) {
if (is_bool($option)) {
$option = $option ? "true" : "false";
}
print " {$name}=\"" . SystemTextEncoding::toUTF8(AJXP_Utils::xmlEntities($option)) . "\" ";
} else {
if (is_array($option)) {
$nested[] = $option;
}
}
}
if (count($nested)) {
print ">";
foreach ($nested as $option) {
foreach ($option as $key => $optValue) {
if (is_array($optValue) && count($optValue)) {
print "<param name=\"{$key}\"><![CDATA[" . json_encode($optValue) . "]]></param>";
} else {
if (is_bool($optValue)) {
$optValue = $optValue ? "true" : "false";
}
print "<param name=\"{$key}\" value=\"{$optValue}\"/>";
}
}
}
// Add SLUG
if (!$repository->isTemplate) {
print "<param name=\"AJXP_SLUG\" value=\"" . $repository->getSlug() . "\"/>";
}
print "</repository>";
} else {
print "/>";
}
if ($repository->hasParent()) {
$parent = ConfService::getRepositoryById($repository->getParentId());
if (isset($parent) && $parent->isTemplate) {
$parentLabel = $parent->getDisplay();
$parentType = $parent->getAccessType();
print "<template repository_id=\"" . $repository->getParentId() . "\" repository_label=\"{$parentLabel}\" repository_type=\"{$parentType}\">";
foreach ($parent->getOptionsDefined() as $parentOptionName) {
print "<option name=\"{$parentOptionName}\"/>";
}
print "</template>";
}
}
$manifest = $plug->getManifestRawContent("server_settings/param");
$manifest = AJXP_XMLWriter::replaceAjxpXmlKeywords($manifest);
print "<ajxpdriver name=\"" . $repository->accessType . "\">{$manifest}</ajxpdriver>";
print "<metasources>";
$metas = $pServ->getPluginsByType("metastore");
$metas = array_merge($metas, $pServ->getPluginsByType("meta"));
$metas = array_merge($metas, $pServ->getPluginsByType("index"));
foreach ($metas as $metaPlug) {
print "<meta id=\"" . $metaPlug->getId() . "\" label=\"" . AJXP_Utils::xmlEntities($metaPlug->getManifestLabel()) . "\">";
$manifest = $metaPlug->getManifestRawContent("server_settings/param");
$manifest = AJXP_XMLWriter::replaceAjxpXmlKeywords($manifest);
print $manifest;
print "</meta>";
}
print "</metasources>";
AJXP_XMLWriter::close("admin_data");
return;
break;
case "edit_repository_label":
case "edit_repository_data":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
$res = 0;
if (isset($httpVars["newLabel"])) {
$newLabel = AJXP_Utils::decodeSecureMagic($httpVars["newLabel"]);
if ($this->repositoryExists($newLabel)) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]);
AJXP_XMLWriter::close();
return;
}
$repo->setDisplay($newLabel);
$res = ConfService::replaceRepository($repId, $repo);
} else {
$options = array();
$this->parseParameters($httpVars, $options);
if (count($options)) {
foreach ($options as $key => $value) {
if ($key == "AJXP_SLUG") {
$repo->setSlug($value);
continue;
}
$repo->addOption($key, $value);
}
}
if (is_file(AJXP_TESTS_FOLDER . "/plugins/test.ajxp_" . $repo->getAccessType() . ".php")) {
chdir(AJXP_TESTS_FOLDER . "/plugins");
include AJXP_TESTS_FOLDER . "/plugins/test.ajxp_" . $repo->getAccessType() . ".php";
$className = "ajxp_" . $repo->getAccessType();
$class = new $className();
$result = $class->doRepositoryTest($repo);
if (!$result) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $class->failedInfo);
AJXP_XMLWriter::close();
return;
}
}
ConfService::replaceRepository($repId, $repo);
}
AJXP_XMLWriter::header();
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.53"]);
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.54"], null);
AJXP_XMLWriter::reloadDataNode("", isset($httpVars["newLabel"]) ? $repId : false);
AJXP_XMLWriter::reloadRepositoryList();
}
AJXP_XMLWriter::close();
break;
case "add_meta_source":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
if (!is_object($repo)) {
throw new Exception("Invalid repository id! {$repId}");
}
$metaSourceType = AJXP_Utils::sanitize($httpVars["new_meta_source"], AJXP_SANITIZE_ALPHANUM);
$options = array();
$this->parseParameters($httpVars, $options);
$repoOptions = $repo->getOption("META_SOURCES");
if (is_array($repoOptions) && isset($repoOptions[$metaSourceType])) {
throw new Exception($mess["ajxp_conf.55"]);
}
if (!is_array($repoOptions)) {
$repoOptions = array();
}
$repoOptions[$metaSourceType] = $options;
uksort($repoOptions, array($this, "metaSourceOrderingFunction"));
$repo->addOption("META_SOURCES", $repoOptions);
ConfService::replaceRepository($repId, $repo);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.56"], null);
AJXP_XMLWriter::close();
break;
case "delete_meta_source":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
if (!is_object($repo)) {
throw new Exception("Invalid repository id! {$repId}");
}
$metaSourceId = $httpVars["plugId"];
$repoOptions = $repo->getOption("META_SOURCES");
if (is_array($repoOptions) && array_key_exists($metaSourceId, $repoOptions)) {
unset($repoOptions[$metaSourceId]);
uksort($repoOptions, array($this, "metaSourceOrderingFunction"));
$repo->addOption("META_SOURCES", $repoOptions);
ConfService::replaceRepository($repId, $repo);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.57"], null);
AJXP_XMLWriter::close();
break;
case "edit_meta_source":
$repId = $httpVars["repository_id"];
$repo = ConfService::getRepositoryById($repId);
if (!is_object($repo)) {
throw new Exception("Invalid repository id! {$repId}");
}
$metaSourceId = $httpVars["plugId"];
$options = array();
$this->parseParameters($httpVars, $options);
$repoOptions = $repo->getOption("META_SOURCES");
if (!is_array($repoOptions)) {
$repoOptions = array();
}
$repoOptions[$metaSourceId] = $options;
uksort($repoOptions, array($this, "metaSourceOrderingFunction"));
$repo->addOption("META_SOURCES", $repoOptions);
ConfService::replaceRepository($repId, $repo);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.58"], null);
AJXP_XMLWriter::close();
break;
case "delete":
if (isset($httpVars["repository_id"])) {
$repId = $httpVars["repository_id"];
$res = ConfService::deleteRepository($repId);
AJXP_XMLWriter::header();
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]);
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.59"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::reloadRepositoryList();
}
AJXP_XMLWriter::close();
return;
} else {
if (isset($httpVars["shared_file"])) {
AJXP_XMLWriter::header();
$element = basename($httpVars["shared_file"]);
$dlFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER");
$publicletData = $this->loadPublicletData($dlFolder . "/" . $element . ".php");
unlink($dlFolder . "/" . $element . ".php");
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.13"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
} else {
if (isset($httpVars["role_id"])) {
$roleId = $httpVars["role_id"];
if (AuthService::getRole($roleId) === false) {
throw new Exception($mess["ajxp_conf.67"]);
}
AuthService::deleteRole($roleId);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
} else {
if (!isset($httpVars["user_id"]) || $httpVars["user_id"] == "" || AuthService::isReservedUserId($httpVars["user_id"]) || $loggedUser->getId() == $httpVars["user_id"]) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]);
AJXP_XMLWriter::close();
}
$res = AuthService::deleteUser($httpVars["user_id"]);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.60"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
}
}
}
break;
case "clear_expired":
$deleted = $this->clearExpiredFiles();
AJXP_XMLWriter::header();
if (count($deleted)) {
AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null);
AJXP_XMLWriter::reloadDataNode();
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null);
}
AJXP_XMLWriter::close();
break;
case "get_plugin_manifest":
$ajxpPlugin = AJXP_PluginsService::getInstance()->getPluginById($httpVars["plugin_id"]);
AJXP_XMLWriter::header("admin_data");
echo AJXP_XMLWriter::replaceAjxpXmlKeywords($ajxpPlugin->getManifestRawContent());
$definitions = $ajxpPlugin->getConfigsDefinitions();
$values = $ajxpPlugin->getConfigs();
if (!is_array($values)) {
$values = array();
}
echo "<plugin_settings_values>";
foreach ($values as $key => $value) {
if ($definitions[$key]["type"] == "array" && is_array($value)) {
$value = implode(",", $value);
} else {
if ($definitions[$key]["type"] == "boolean") {
$value = $value === true || $value === "true" || $value == 1 ? "true" : "false";
} else {
if ($definitions[$key]["type"] == "textarea") {
//$value = str_replace("\\n", "\n", $value);
}
}
}
echo "<param name=\"{$key}\" value=\"" . AJXP_Utils::xmlEntities($value) . "\"/>";
}
if ($ajxpPlugin->getType() != "core") {
echo "<param name=\"AJXP_PLUGIN_ENABLED\" value=\"" . ($ajxpPlugin->isEnabled() ? "true" : "false") . "\"/>";
}
echo "</plugin_settings_values>";
echo "<plugin_doc><![CDATA[<p>" . $ajxpPlugin->getPluginInformationHTML("Charles du Jeu", "http://ajaxplorer.info/plugins/") . "</p>";
if (file_exists($ajxpPlugin->getBaseDir() . "/plugin_doc.html")) {
echo file_get_contents($ajxpPlugin->getBaseDir() . "/plugin_doc.html");
}
echo "]]></plugin_doc>";
AJXP_XMLWriter::close("admin_data");
break;
case "edit_plugin_options":
$options = array();
$this->parseParameters($httpVars, $options);
$confStorage = ConfService::getConfStorageImpl();
$confStorage->savePluginConfig($httpVars["plugin_id"], $options);
@unlink(AJXP_PLUGINS_CACHE_FILE);
@unlink(AJXP_PLUGINS_REQUIRES_FILE);
@unlink(AJXP_PLUGINS_MESSAGES_FILE);
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.97"], null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
default:
break;
}
return;
}
public function updateUserObject(&$userObject)
{
parent::updateUserObject($userObject);
if (!empty($this->separateGroup)) {
$userObject->setGroupPath("/" . $this->separateGroup);
}
// SHOULD BE DEPRECATED
if (!empty($this->customParamsMapping)) {
$checkValues = array_values($this->customParamsMapping);
$prefs = $userObject->getPref("CUSTOM_PARAMS");
if (!is_array($prefs)) {
$prefs = array();
}
// If one value exist, we consider the mapping has already been done.
foreach ($checkValues as $val) {
if (array_key_exists($val, $prefs)) {
return;
}
}
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->customParamsMapping as $key => $value) {
if (isset($entry[$key])) {
$prefs[$value] = $entry[$key][0];
$changes = true;
}
}
}
if ($changes) {
$userObject->setPref("CUSTOM_PARAMS", $prefs);
$userObject->save();
}
}
if (!empty($this->paramsMapping)) {
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->paramsMapping as $params) {
$key = strtolower($params['MAPPING_LDAP_PARAM']);
if (isset($entry[$key])) {
$value = $entry[$key][0];
$memberValues = array();
if ($key == "memberof") {
// get CN from value
foreach ($entry[$key] as $possibleValue) {
$hnParts = array();
$parts = explode(",", ltrim($possibleValue, '/'));
foreach ($parts as $part) {
list($att, $attVal) = explode("=", $part);
//if (strtolower($att) == "cn") $hnParts[] = $attVal;
/*
* In the example above, 1st CN indicates the name of group, from 2nd, CN indicate a container,
* therefore, we just take the first "cn" element by breaking the for if we found.
*
*/
if (strtolower($att) == "cn") {
$hnParts[] = $attVal;
break;
}
}
if (count($hnParts)) {
$memberValues[implode(",", $hnParts)] = $possibleValue;
}
}
}
switch ($params['MAPPING_LOCAL_TYPE']) {
case "role_id":
$valueFilters = null;
$matchFilter = null;
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
if ($key == "memberof") {
if (empty($valueFilters)) {
$valueFilters = $this->getLdapGroupListFromDN();
}
if ($this->mappedRolePrefix) {
$rolePrefix = $this->mappedRolePrefix;
} else {
$rolePrefix = "";
}
$userroles = $userObject->getRoles();
//remove all mapped roles before
if (is_array($userroles)) {
foreach ($userroles as $key => $role) {
if (AuthService::getRole($key) && !(strpos($key, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($key);
}
}
}
$userObject->recomputeMergedRole();
foreach ($memberValues as $uniqValue => $fullDN) {
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) {
continue;
}
$roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
$roleToAdd->setLabel($uniqValue);
AuthService::updateRole($roleToAdd);
$userObject->addRole($roleToAdd);
$changes = true;
}
} else {
foreach ($entry[$key] as $uniqValue) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if (!in_array($uniqValue, array_keys($userObject->getRoles())) && !empty($uniqValue)) {
$userObject->addRole(AuthService::getRole($uniqValue, true));
$changes = true;
}
}
}
break;
case "group_path":
if ($key == "memberof") {
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
foreach ($memberValues as $uniqValue => $fullDN) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) {
//break;
}
$humanName = $uniqValue;
$branch = array();
$this->buildGroupBranch($uniqValue, $branch);
$parent = "/";
if (count($branch)) {
$parent = "/" . implode("/", array_reverse($branch));
}
if (!ConfService::getConfStorageImpl()->groupExists(rtrim(AuthService::filterBaseGroup($parent), "/") . "/" . $fullDN)) {
AuthService::createGroup($parent, $fullDN, $humanName);
}
$userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true);
// Update Roles from groupPath
$b = array_reverse($branch);
$b[] = $fullDN;
for ($i = 1; $i <= count($b); $i++) {
$userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true));
}
$userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN);
$userObject->recomputeMergedRole();
$changes = true;
}
}
break;
case "profile":
if ($userObject->getProfile() != $value) {
$changes = true;
$userObject->setProfile($value);
AuthService::updateAutoApplyRole($userObject);
}
break;
case "plugin_param":
default:
if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) {
list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]);
} else {
$pId = $this->getId();
$param = $params["MAPPING_LOCAL_PARAM"];
}
if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) {
$userObject->personalRole->setParameterValue($pId, $param, $value);
$userObject->recomputeMergedRole();
$changes = true;
}
break;
}
}
}
}
if ($changes) {
$userObject->save("superuser");
}
}
}
/**
* @param string $repositoryId
* @param bool $disableDownload
* @param bool $replace
* @return AJXP_Role|null
*/
public function createRoleForMinisite($repositoryId, $disableDownload, $replace)
{
if ($replace) {
try {
AuthService::deleteRole("AJXP_SHARED-" . $repositoryId);
} catch (Exception $e) {
}
}
$newRole = new AJXP_Role("AJXP_SHARED-" . $repositoryId);
$r = AuthService::getRole("MINISITE");
if (is_a($r, "AJXP_Role")) {
if ($disableDownload) {
$f = AuthService::getRole("MINISITE_NODOWNLOAD");
if (is_a($f, "AJXP_Role")) {
$r = $f->override($r);
}
}
$allData = $r->getDataArray();
$newData = $newRole->getDataArray();
if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["ACTIONS"][$repositoryId] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED];
}
if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["PARAMETERS"][$repositoryId] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED];
}
$newRole->bunchUpdate($newData);
AuthService::updateRole($newRole);
return $newRole;
}
return null;
}
