function render() { # Make sure the user has the appropriate permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_downloadlist, ''); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_downloadlist, 'erasedls'); # Instantiat the user system as necessary for the management of user preferences $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); $svcUserRecord->clearDownloadList($this->_currentSession['user']['userid']); $this->sendExpireHeaders(true); $result = new Dto_FormResult('success'); $this->template('jsonresult', array('result' => $result)); }
function render() { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_send_notifications_services, 'twitter'); # Instantieer het Spot user system & notificatiesysteem $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); $requestArray = array_merge_recursive($this->_currentSession['user']['prefs']['notifications']['twitter'], array('consumer_key' => $this->_settings->get('twitter_consumer_key'), 'consumer_secret' => $this->_settings->get('twitter_consumer_secret'))); if ($this->_params['action'] == 'verify') { $this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray); # een foute PIN invoeren geeft een notice, terwijl we zonder notice al een prima foutafhandeling hebben list($http_code, $access_token) = @$this->_notificationService->verifyPIN($this->_params['pin']); if ($http_code == 200) { # request_token hebben we niet meer nodig $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = ''; # access_token is wat we wel willen opslaan $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = $access_token['screen_name']; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = $access_token['oauth_token']; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = $access_token['oauth_token_secret']; $svcUserRecord->setUser($this->_currentSession['user']); echo "Account " . $access_token['screen_name'] . " geverifiëerd."; } else { echo "Code " . $http_code . ": " . $this->getError($http_code); } # if } elseif ($this->_params['action'] == 'remove') { $screen_name = $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name']; $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = ''; $svcUserRecord->setUser($this->_currentSession['user']); echo "Account " . $screen_name . " verwijderd."; } else { $this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray); list($http_code, $request_token, $registerURL) = @$this->_notificationService->requestAuthorizeURL(); if ($http_code == 200) { # request_token slaan we op in de preferences, deze hebben we # weer nodig wanneer de PIN wordt ingevoerd $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = $request_token['oauth_token']; $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = $request_token['oauth_token_secret']; $svcUserRecord->setUser($this->_currentSession['user']); echo $registerURL; } else { echo "Code " . $http_code . ": " . $this->getError($http_code); } # if } # if }
function render() { # Check users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_blacklist_spotter, ''); # Make sure the editresult is set to 'not comitted' per default $result = new Dto_FormResult('notsubmitted'); # Create the default blacklist information $blackList = array('spotterid' => '', 'origin' => ''); # set the page title $this->_pageTitle = "report: blacklist spotter"; /* * bring the forms' action into the local scope for * easier access */ if (isset($this->_blForm['action'])) { $formAction = $this->_blForm['action']; } else { $formAction = ''; } # else # Instantiate the user system which does the actually heavy lifting $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); if (!empty($formAction) && !$result->isError()) { $result->setResult('success'); # Make sure we have a complete blacklist information $blackList = array_merge($blackList, $this->_blForm); switch ($formAction) { case 'addspotterid': $result->mergeResult($svcUserRecord->addSpotterToList($this->_currentSession['user'], $blackList['spotterid'], $blackList['origin'], $blackList['idtype'])); break; # case addspotterid # case addspotterid case 'removespotterid': $result->mergeResult($svcUserRecord->removeSpotterFromList($this->_currentSession['user'], $blackList['spotterid'])); break; # case removespotterid } # switch } # if #- display stuff -# $this->template('jsonresult', array('result' => $result)); }
function render() { $result = new Dto_FormResult('success'); # Check the appropriate permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_mark_spots_asread, ''); # instantiate an user system $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # if this is allowed, mark all individual spots as read if ($this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_seenlist, '')) { $svcUserRecord->markAllAsRead($this->_currentSession['user']['userid']); } # if # never cache this action $this->sendExpireHeaders(true); # our results are always in json $this->sendContentTypeHeader('json'); # reset the lastvisit and lastread timestamp $svcUserRecord->resetReadStamp($this->_currentSession['user']); $this->template('jsonresult', array('result' => $result)); }
public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report) { $result = new Dto_FormResult(); $spotReportDao = $this->_daoFactory->getSpotReportDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to report spam")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); # Make sure no spam report has already been posted by this user to prevent flooding if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) { $result->addError(_('This spot has already been reported')); } # if /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $report['newmessageid'] = substr($report['newmessageid'], 1, -1); # retrieve the spot this is a report of $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be empty or very short $report['body'] = trim($report['body']); if (strlen($report['body']) < 2) { $result->addError(_('Please provide a reason why this Spot should be reported')); } # if # controleer dat de messageid waarop we replyen overeenkomt # met het newMessageid om replay-attacks te voorkomen. $replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@')); if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid consists of a certain length if (strlen($report['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if /* * Body is UTF-8 (we instruct the browser to do everything in UTF-*), but * usenet wants its body in UTF-8. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbReport = $report; $report['body'] = utf8_decode($report['body']); $report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title']; # en post daadwerkelijk de report if ($result->isSuccess()) { $this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report); $spotReportDao->addPostedReport($user['userid'], $dbReport); } # if return $result; }
function createSystem() { global $settings; global $_testInstall_Ok; try { /* * The settings system is used to create a lot of output, * we swallow it all */ ob_start(); /* * Get the schema version and other constants */ require_once "lib/Bootstrap.php"; $bootstrap = new Bootstrap(); /* * Now create the database */ $dbsettings = $_SESSION['spotsettings']['db']; $dbCon = dbeng_abs::getDbFactory($dbsettings['engine']); $dbCon->connect($dbsettings['host'], $dbsettings['user'], $dbsettings['pass'], $dbsettings['dbname']); $daoFactory = Dao_Factory::getDAOFactory($dbsettings['engine']); $daoFactory->setConnection($dbCon); /* * The database must exist before we can get the Service_Settings_Base instance */ $dbStruct = SpotStruct_abs::factory($dbsettings['engine'], $daoFactory->getConnection()); $dbStruct->updateSchema(); $spotSettings = $bootstrap->getSettings($daoFactory, false); $svcUpgradeBase = new Services_Upgrade_Base($daoFactory, $spotSettings, $dbsettings['engine']); /* * Create all the different settings (only the default) ones */ $svcUpgradeBase->settings(); /* * Create the users */ $svcUpgradeBase->users(); /* * print all the output as HTML comment for debugging */ $dbCreateOutput = ob_get_contents(); ob_end_clean(); /* * Now it is time to do something with * the information the user has given to us */ /* * Update the NNTP settings in the databas */ $spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']); $spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']); $spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']); /* * Create the given user */ $svcUserRecord = new Services_User_Record($daoFactory, $spotSettings); $spotUser = $_SESSION['spotsettings']['adminuser']; /* * and actually add the user */ $spotUser['userid'] = $svcUserRecord->createUserRecord($spotUser)->getData('userid'); /* * When the new user was created a random password was assigned, * so now have to set the supplied password */ $svcUserRecord->setUserPassword($spotUser); # Change the administrators' account password to that of this created user $adminUser = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID); $adminUser['newpassword1'] = $spotUser['newpassword1']; $svcUserRecord->setUserPassword($adminUser); # update the settings with our system type and our admin id $spotSettings->set('custom_admin_userid', $spotUser['userid']); $spotSettings->set('systemtype', $spotUser['systemtype']); # Set the system type $svcUpgradeBase->resetSystemType($spotUser['systemtype']); /* * Create the necessary database connection information */ $dbConnectionString = ''; switch ($_SESSION['spotsettings']['db']['engine']) { case 'pdo_mysql': $dbConnectionString .= "\$dbsettings['engine'] = 'pdo_mysql';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL; break; # mysql # mysql case 'pdo_pgsql': $dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL; break; # pdo_pgsql } # switch # Try to create the dbsettings.inc.php file for the user @file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString); $createdDbSettings = file_exists("dbsettings.inc.php"); showTemplate("step-final.inc.php", array('createdDbSettings' => $createdDbSettings, 'dbCreateOutput' => $dbCreateOutput, 'dbConnectionString' => $dbConnectionString)); } catch (Exception $x) { showTemplate("fatalerror.inc.php", array('x' => $x)); } # exception }
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment) { $result = new Dto_FormResult(); $commentDao = $this->_daoFactory->getCommentDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post comments")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be either empty or very short $comment['body'] = trim($comment['body']); if (strlen($comment['body']) < 2) { $result->addError(_('Please enter a comment')); } # if if (strlen($comment['body']) > 1024 * 10) { $result->addError(_('Comment is too long')); } # if # Rating must be within range if ($comment['rating'] > 10 || $comment['rating'] < 0) { $result->addError(_('Invalid rating')); } # if /* * The "newmessageid" is based upon the messageid we are replying to, * this is to make sure a user cannot reuse an calculated hashcash * for an spam attack on different posts */ $replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@')); if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($comment['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # Retrieve the spot to which we are commenting $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']); # Add the title as a comment property $comment['title'] = 'Re: ' . $fullSpot['title']; /* * Body is UTF-8 (we instruct the browser to do everything in UTF-8), but * usenet wants its body in iso-8859-1. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbComment = $comment; $comment['body'] = utf8_decode($comment['body']); # and actually post the comment if ($result->isSuccess()) { try { $this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment); $commentDao->addPostedComment($user['userid'], $dbComment); } catch (Exception $x) { $result->addError($x->getMessage()); } # catch } # if return $result; }
public function postSpot(Services_User_Record $svcUserRecord, array $user, array $spot, $imageFilename, $nzbFilename) { $result = new Dto_FormResult(); $spotDao = $this->_daoFactory->getSpotDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post spots")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); $hdr_newsgroup = $this->_settings->get('hdr_group'); $bin_newsgroup = $this->_settings->get('nzb_group'); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); /* $hdr_newsgroup = 'alt.test'; $bin_newsgroup = 'alt.test'; */ # If the hashcash doesn't match, we will never post it if (substr(sha1('<' . $spot['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Verify several properties from the caller $result->addData('spot', $spot); $result = $this->_spotValidator->verifyTitle($result); $result = $this->_spotValidator->verifyBody($result); $result = $this->_spotValidator->verifyCategories($result); $result = $this->_spotValidator->verifyWebsite($result); $result = $this->_spotValidator->verifyTag($result); /* * Retrieve the spot information from the result, * and remove it again. We do not want to send the * whole spot back to the caller */ $spot = $result->getData('spot'); $result->removeData('spot'); # Read the contents of image so we can check it $imageContents = file_get_contents($imageFilename); # the image should be below 1MB if (strlen($imageContents) > 1024 * 1024) { $result->addError(_('Uploaded image is too large (maximum 1MB)')); } # if /* * Get some image information, if it fails, this is an * error as well */ $tmpGdImageSize = getimagesize($imageFilename); if ($tmpGdImageSize === false) { $result->addError(_('Uploaded image was not recognized as an image')); } else { $imageInfo = array('width' => $tmpGdImageSize[0], 'height' => $tmpGdImageSize[1]); } # if /* * Load the NZB file as an XML file so we can make sure * it's a valid XML and NZB file and we can determine the * filesize */ $nzbFileContents = file_get_contents($nzbFilename); $nzbXml = simplexml_load_string($nzbFileContents); # Do some basic sanity checking for some required NZB elements if (empty($nzbXml->file)) { $result->addError(_('Incorrect NZB file')); } # if # and determine the total filesize $spot['filesize'] = 0; foreach ($nzbXml->file as $file) { foreach ($file->segments->segment as $seg) { $spot['filesize'] += (int) $seg['bytes']; } # foreach } # foreach /* * Make sure we didn't use this messageid recently or at all, this * prevents people from not recalculating the hashcash in order to spam * the system */ if (!$spotDao->isNewSpotMessageIdUnique($spot['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($spot['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # We require the keyid 7 because it is selfsigned $spot['key'] = 7; # Poster's username $spot['poster'] = $user['username']; # actually post the spot if ($result->isSuccess()) { /* * Retrieve the image information and post the image to * the appropriate newsgroup so we have the messageid list of * images */ $imgSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, $imageContents, ''); $imageInfo['segments'] = $imgSegmentList; # Post the NZB file to the appropriate newsgroups $nzbSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, gzdeflate($nzbFileContents), ''); # Convert the current Spotnet info, to an XML structure $spotCreator = new Services_Format_Creation(); $spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList); $spot['spotxml'] = $spotXml; # And actually post to the newsgroups $this->_nntp_post->postFullSpot($user, $this->_settings->get('privatekey'), $hdr_newsgroup, $spot); $spotDao->addPostedSpot($user['userid'], $spot, $spotXml); } # if return $result; }
function render() { # Make sure the result is set to 'not submitted' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the user system as necessary for the management of user preferences $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # set the page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); if ($spotUser === false) { $result->addError(sprintf(_('User %d can not be found'), $this->_userIdToEdit)); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * Check to see if a file was uploaded, if so, handle any associated errors */ $avatarFileName = ''; if ($formAction == 'edit') { $uploadHandler = new Services_Providers_FileUpload('edituserprefsform', 'avatar'); if ($uploadHandler->isUploaded()) { if (!$uploadHandler->success()) { $result->addError(_('Unable to update avatar') . '(' . $uploadHandler->errorText() . ')'); } else { $avatarFileName = $uploadHandler->getTempName(); } # else } # if } # if # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && !$result->isError()) { switch ($formAction) { case 'edit': $svcActn_EditUserPrefs = new Services_Actions_EditUserPrefs($this->_daoFactory, $this->_settings, $this->_spotSec); $result = $svcActn_EditUserPrefs->editUserPref($this->_editUserPrefsForm, $this->_tplHelper->getTemplatePreferences(), $spotUser, $avatarFileName); break; # case 'edit' # case 'edit' case 'cancel': $result->setResult('success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'result' => $result)); }
function allowedToPost() { $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); return $svcUserRecord->allowedToPost($this->_currentSession['user']); }
# if # Initialize translation to english SpotTranslation::initialize('en_US'); /* * When PHP is running in safe mode, max execution time cannot be set, * which is necessary on slow systems for retrieval and statistics generation */ if (ini_get('safe_mode')) { echo "WARNING: PHP safemode is enabled, maximum execution cannot be reset! Turn off safemode if this causes problems" . PHP_EOL . PHP_EOL; } # if /* * When retrieval is run from the webinterface, we want to make * sure this user is actually allowed to run retrieval. */ $svcUserRecord = new Services_User_Record($daoFactory, $settings); $svcUserAuth = new Services_User_Authentication($daoFactory, $settings); if (!SpotCommandline::isCommandline()) { /* * An API key is required, so request it and try to * create a session with it which we can use to validate * the user with */ $apiKey = $req->getDef('apikey', ''); $userSession = $svcUserAuth->verifyApi($apiKey); /* * If the session failed or the the user doesn't have access * to retrieve spots, let the user know */ if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) { throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, '');
function render() { $result = new Dto_FormResult('notsubmitted'); # check the users' permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the service userrecord object $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # and create a nice and shiny page title $this->_pageTitle = "spot: edit user"; # get the users' group membership $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); $groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction)) { switch ($formAction) { case 'delete': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $result->addError('Cannot delete your own user'); } else { $result = $svcUserRecord->removeUser($this->_userIdToEdit); } // removeUser break; # case delete # case delete case 'edit': # Mangle the grouplisting we get from the form to an usable format for the system $groupList = array(); if (isset($this->_editUserForm['grouplist'])) { foreach ($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # foreach } # if $this->_editUserForm['userid'] = $this->_userIdToEdit; $result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')); break; # case 'edit' # case 'edit' case 'removeallsessions': $svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings); $result = $svcUserAuth->removeAllUserSessions($spotUser['userid']); break; # case 'removeallsessions' # case 'removeallsessions' case 'resetuserapi': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); $result = $svcUserRecord->resetUserApi($spotUser); break; # case resetuserapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership)); }
function render() { $result = new Dto_FormResult('notsubmitted'); # Make sure the user has the appropriate rights $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_securitygroups, ''); # Instantiate the user record system $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # set the page title $this->_pageTitle = "spot: edit security groups"; /* * Retrieve the requested group and merge results */ if ($this->_groupId != 9999) { $this->_editSecGroupForm = array_merge($svcUserRecord->getSecGroup($this->_groupId), $this->_editSecGroupForm); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editSecGroupForm['action']; # Did the user submit already or are we just rendering the form? if (!empty($formAction)) { switch ($formAction) { case 'removegroup': $result = $svcUserRecord->removeSecGroup($this->_groupId); break; # case 'removegroup' # case 'removegroup' case 'addperm': $result = $svcUserRecord->addPermToSecGroup($this->_groupId, $this->_editSecGroupForm); break; # case 'addperm' # case 'addperm' case 'removeperm': $result = $svcUserRecord->removePermFromSecGroup($this->_groupId, $this->_editSecGroupForm); break; # case 'removeparm' # case 'removeparm' case 'setallow': case 'setdeny': $this->_editSecGroupForm['deny'] = (bool) ($formAction == 'setdeny'); $result = $svcUserRecord->setDenyForPermFromSecGroup($this->_groupId, $this->_editSecGroupForm); break; # case 'setallow' / 'setdeny' # case 'setallow' / 'setdeny' case 'addgroup': $result = $svcUserRecord->addSecGroup($this->_editSecGroupForm['name']); break; # 'addgroup' # 'addgroup' case 'changename': $result = $svcUserRecord->setSecGroup($this->_groupId, $this->_editSecGroupForm['name']); break; # case 'changename' } # switch } # if #- display stuff -# $this->template('editsecgroup', array('securitygroup' => $this->_editSecGroupForm, 'result' => $result, 'http_referer' => $this->_editSecGroupForm['http_referer'])); }