/** * @param mixed $object * @param IMetaData $metaData * @param String $params * @throws EyeException * @throws EyeErrorException */ public function storeMeta($object, IMetaData $metaData = null, $params) { if (!$object instanceof EyeSysFile) { throw new EyeInvalidArgumentException('$object must be an EyeSysFile.'); } $urlParts = $object->getURLComponents(); $meta = $this->retrieveMeta($object, $params); SecurityManager::getInstance()->checkPermission($metaData, new MetaDataPermission('write', $meta, $object)); //{ // TODO: store metadata into database //} }
public function updateCollaboratorPermission(IShareable $object, AbstractEyeosPrincipal $collaborator, IPermission $permission) { try { if ($object->getId() === null) { throw new EyeNullPointerException('$object ID cannot be null.'); } $handlerClassName = null; foreach (self::getAllShareableObjectsHandlers() as $handler) { if ($handler->checkType($object)) { $handlerClassName = get_class($handler); break; } } if ($handlerClassName === null) { throw new EyeHandlerNotFoundException('Unable to find a ShareableObjectHandler for object of class ' . get_class($object) . '.'); } $owner = $object->getShareOwner(); SecurityManager::getInstance()->checkPermission($object, new SharePermission(array('updatecollaborator'), $collaborator)); //prepare query array $shareInfoQuery = array(self::SHAREINFO_KEY_OWNERID => $owner->getId(), self::SHAREINFO_KEY_SHAREABLEID => $object->getId(), self::SHAREINFO_KEY_COLLABORATORID => $collaborator->getId(), self::SHAREINFO_KEY_PERMISSIONACTIONS => $permission->getActionsAsString(), self::SHAREINFO_KEY_HANDLERCLASSNAME => $handlerClassName); $this->getProvider()->updateShareInfo($owner, $shareInfoQuery); // TODO: we could also add the ShareInfo object containing the old permission as a // "related source" of the event $event = new SharingEvent(new BasicShareInfo($owner, $object, $collaborator, $permission, $handlerClassName)); foreach ($this->listeners as $listener) { $listener->collaboratorPermissionUpdated($event); } } catch (Exception $e) { self::$Logger->warn('Unable to update collaborator ' . $collaborator->getName() . ' permissions for object of class ' . get_class($object) . '.'); if (self::$Logger->isDebugEnabled()) { self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false)); } throw $e; } }
public function checkWritePermission() { SecurityManager::getInstance()->checkWrite($this); }
public function processRequest(MMapRequest $request, MMapResponse $response, AppExecutionContext $appContext = null) { $status = ob_get_status(); $response->getHeaders()->append('Content-type:text/javascript'); if (isset($status['name']) && $status['name'] != 'ob_gzhandler') { ob_start("ob_gzhandler"); } try { MMapManager::startSession(); if (!$appContext instanceof AppExecutionContext) { $appContext = new AppExecutionContext(); $appContext->initFromRequest($request); } $appDesc = $appContext->getApplicationDescriptor(); // Check if the session has expired only if the application we want to execute is not "init" nor "logout" // FIXME: Not sure this way for checking session is the best here (maybe a flag in the metadata instead?) if ($appDesc->getName() != 'init' && $appDesc->getName() != 'logout') { MMapManager::checkSessionExpiration(); } // Restore parent process if available try { $checknum = (int) $request->getGET('checknum'); $procFather = ProcManager::getInstance()->getProcessByChecknum($checknum); ProcManager::getInstance()->setCurrentProcess($procFather); // Access control is based on current user, contained in the login context of // the current process, so we can only perform security checks when a process // is active. // In case no login context is defined, we can be sure that almost nothing unsafe // will be done, because this element is required in most of the operations. if ($procFather->getLoginContext() !== null) { SecurityManager::getInstance()->checkExecute($appDesc); } } catch (EyeProcException $e) { } // Start process (PHP) $this->startProcess($appContext); // Append necessary scripts and execute JS code (actually, only append it to the $response body) $appDesc->executeJavascript($appContext, $response); } catch (Exception $e) { self::$Logger->error('Uncaught exception while processing request: ' . $request); self::$Logger->error('Exception message: ' . $e->getMessage()); if (self::$Logger->isDebugEnabled()) { self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false)); } // Special processing on session expiration if ($e instanceof EyeSessionExpiredException) { $controlMessageBodyRenderer = new ControlMessageBodyRenderer(ControlMessageBodyRenderer::TYPE_SESSION_EXPIRED); } else { // Remove incomplete process $proc = $appContext->getProcess(); if ($proc instanceof Process) { try { ProcManager::getInstance()->kill($proc); } catch (Exception $e) { self::$Logger->error('Cannot kill incomplete process: ' . $proc); self::$Logger->error('Exception message: ' . $e->getMessage()); } } $controlMessageBodyRenderer = new ControlMessageBodyRenderer(ControlMessageBodyRenderer::TYPE_EXCEPTION, $e); } // When using qx.io.ScriptLoader on the JS side, no callback proxy is available // to intercept control messages, so we're using a little workaround here by // calling directly eyeos._callbackProxyWithContent() with the exception summary // in argument. $responseContent = $controlMessageBodyRenderer->getRenderedBody(); $response->setBody('eyeos._callbackProxyWithContent(null, null, null, ' . $responseContent . ');'); } $this->handleClientMessageQueue($response); }
/** * @param mixed $object * @param IMetaData $metaData * @param String $params * @throws EyeException * @throws EyeErrorException */ public function storeMeta($object, IMetaData $metaData = null, $params) { if (!$object instanceof EyeUserFile) { throw new EyeInvalidArgumentException('$object must be an EyeUserFile.'); } $meta = $this->retrieveMeta($object, $params); SecurityManager::getInstance()->checkPermission($metaData, new MetaDataPermission('write', $meta, $object)); $urlParts = $object->getURLComponents(); if ($urlParts['path'] == '/') { $filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . USERS_METAFILES_EXTENSION; } else { $filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . $urlParts['path'] . USERS_METAFILES_EXTENSION; } $dir = dirname($filepath); if (!is_dir($dir)) { if (!mkdir($dir, 0777, true)) { throw new EyeIOException('Unable to create necessary directories for meta file ' . $filepath . '.'); } } $provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath)); $provider->storeMeta(null, $metaData); }
/** * @param mixed $object * @param IMetaData $metaData * @param String $params * @throws EyeException * @throws EyeErrorException */ public function storeMeta($object, IMetaData $metaData = null, $params) { if (!$object instanceof EyeosUser) { throw new EyeInvalidArgumentException('$object must be an EyeosUser.'); } $meta = $this->retrieveMeta($object, $params); SecurityManager::getInstance()->checkPermission($meta, new MetaDataPermission('write', $metaData, $object)); $filepath = $this->getUserSettingsPath($object); $dir = dirname($filepath); if (!is_dir($dir)) { if (!mkdir($dir, 0777, true)) { throw new EyeIOException('Unable to create necessary directories for meta file ' . $filepath . '.'); } } $provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath, SimpleXMLMetaProvider::PARAM_FORMATOUTPUT => true)); $provider->storeMeta(null, $metaData); }
private function updateUserWorkgroupAssignation_private(IUserWorkgroupAssignation $assignation) { SecurityManager::getInstance()->checkPermission($assignation, new SimplePermission('', array('update'))); try { $this->eyeosDAO->update($assignation); } catch (Exception $e) { //{ //TODO: rollback //} throw new EyeUMException('Unable to update user/workgroup assignation between user ID "' . $assignation->getUserId() . '" and workgroup ID "' . $assignation->getWorkgroupId() . '".', 0, $e); } }
public function checkConnectPermission() { SecurityManager::getInstance()->checkConnect($this); }
/** * @param mixed $object * @param IMetaData $metaData * @param String $params * @throws EyeException * @throws EyeErrorException */ public function storeMeta($object, IMetaData $metaData = null, $params) { if (!$object instanceof SecurityManager) { throw new EyeInvalidArgumentException('$object must be an SecurityManager'); } $meta = $this->retrieveMeta($object, $params); SecurityManager::getInstance()->checkPermission($meta, new MetaDataPermission('write', $metaData, $object)); $filepath = SYSTEM_META_CONFIGURATION_PATH . 'system.xml'; $provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath, SimpleXMLMetaProvider::PARAM_FORMATOUTPUT => true)); $meta = $provider->storeMeta(null, $metaData); }
public function updateTag(ITag $tag, ITag $newTag) { SecurityManager::getInstance()->checkPermission($tag, new SimplePermission(null, array('update'))); try { $this->getProvider()->updateTag($tag, $newTag); } catch (Exception $e) { self::$Logger->error('Unable to update tag "' . $tag . '": ' . $e->getMessage()); if (self::$Logger->isDebugEnabled()) { self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false)); } throw $e; } }
public function deleteAllGroupEvents($event, $groupId) { $this->setCalendarId($event->getCalendarId()); SecurityManager::getInstance()->checkDelete($event); $this->getProvider()->deleteAllGroupEvents($groupId); }
/** * Kill a process, and remove it from the process table. * * @param Process $proc the process to be killed, the attribute <b>pid</b> should be filled with the process pid to kill * @throws EyeInvalidArgumentException If the arguments are incorrect * @throws EyeProcException If there is no such process with the given pid */ public function kill(Process $proc) { try { $processTable = $this->getProcessesTable(); $pid = $proc->getPid(); if (!isset($processTable[$pid])) { throw new EyeProcException('Process $proc with PID ' . $pid . ' not found.'); } SecurityManager::getInstance()->checkPermission($proc, new SimplePermission('', array('kill'))); unset($processTable[$pid]); Kernel::enterSystemMode(); $this->memoryManager->set('processTable', $processTable); Kernel::exitSystemMode(); if ($this->currentProcess->getPid() == $pid) { $this->currentProcess = null; } $this->logger->debug('Process killed: ' . $proc); $this->fireEvent('processKilled', new ProcEvent($proc)); } catch (Exception $e) { $this->logger->warn('Error killing process: ' . $proc . ' (' . $e->getMessage() . ')'); if ($this->logger->isDebugEnabled()) { $this->logger->debug(ExceptionStackUtil::getStackTrace($e, false)); } throw $e; } }