static function isAllowed($resource, $module = "default", $username = null)
{
$users_roles_table = new UsersRoles();
$user_roles = array();
$roles_table = new Roles();
if (!is_null($username)) {
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $username));
$user_roles = array();
if (count($users_roles_db) > 0) {
foreach ($users_roles_db as $role) {
$user_roles[] = $role->role_id;
}
}
} else {
$user_roles = array($roles_table->getIdByShortname("guest"));
}
$resource_name = $module . "-@@EXTRA-" . $resource;
$out = false;
if (Zend_Registry::isRegistered('acl')) {
$acl = Zend_Registry::get('acl');
if ($acl->has($resource_name)) {
foreach ($user_roles as $role) {
if ($acl->isAllowed($role, $resource_name)) {
$out = true;
}
}
}
}
return $out;
}
static function isAllowed($resource,$module = "default",$username = null,$controller = null){
$users_roles_table = new UsersRoles();
$roles_table = new Roles();
if(!is_null($username)){
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?",$username));
if(count($users_roles_db) > 0){
$user_roles = array();
$users_roles_db = $users_roles_db->toArray();
foreach($users_roles_db as $role){
$ancs = $roles_table->getAllAncestors($role['role_id']);
foreach ($ancs as $anc => $value) {
$user_roles[] = $value;
}
array_push($user_roles, $role['role_id']);
}
$user_roles = array_unique($user_roles);
}
} else {
$user_roles = array($roles_table->getIdByShortname("guest"));
}
if (is_null($controller)) {
$controller = "@@EXTRA";
}
$resource_name = $module ."-". $controller ."-". $resource;
$out = array();
if(Zend_Registry::isRegistered('acl')){
$acl = Zend_Registry::get('acl');
if($acl->has($resource_name)){
foreach($user_roles as $role){
if($acl->isAllowed($role, $resource_name)){
$out[] = $role;
}
}
}
}
return $out;
}
function editAction()
{
$errors = array();
$users_table = new Users();
$users_roles_table = new UsersRoles();
$request = new Bolts_Request($this->getRequest());
$countries_table = new Countries();
$this->view->countries = $countries_table->getCountriesArray('Choose a country...');
$roles_table = new Roles();
$roles = $roles_table->fetchAll(NULL, "shortname ASC");
$arRoles = array();
foreach ($roles as $role) {
if (!strpos($role->shortname, "-base")) {
$arRoles[$role->id] = $role->description;
}
}
$this->view->roles = $arRoles;
$is_new = true;
$user = array();
if ($request->has('username')) {
$obUser = $users_table->fetchByUsername($request->username);
if (!is_null($obUser)) {
$is_new = false;
$user_roles = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $obUser->username));
if (count($user_roles) > 0) {
$tmp_selected = array();
foreach ($user_roles as $user_role) {
$tmp_selected[] = $user_role->role_id;
}
$this->view->selected_roles = $tmp_selected;
}
$user = $obUser->toArray();
}
}
$this->view->is_new = $is_new;
if ($is_new) {
// defaults for form fields
$user['username'] = "";
$user['full_name'] = "";
$user['aboutme'] = "";
}
$pre_render = $this->_Bolts_plugin->doFilter($this->_mca . "_pre_render", array('user' => $user, 'request' => $this->_request));
// FILTER HOOK
$user = $pre_render['user'];
foreach ($pre_render as $key => $value) {
if ($key != "user") {
$this->view->{$key} = $value;
}
}
// $tags = unserialize($user['tags']);
if ($this->getRequest()->isPost()) {
$errors = array();
$request->stripTags(array('full_name', 'email', 'newpassword', 'confirm'));
// $request->stripTags(array('full_name', 'email', 'newpassword', 'confirm', 'aboutme'));
$user['username'] = $request->username;
$user['email'] = $request->email;
$user['password'] = $request->newpassword;
$user['confirm'] = $request->confirm;
$user['full_name'] = $request->full_name;
$user['birthday'] = $birthday = strtotime($request->Birthday_Day . $request->Birthday_Month . $request->Birthday_Year);
$user['gender'] = $request->gender;
$user['country_code'] = $request->country_code;
$user['aboutme'] = $request->aboutme;
// validate username
$username_validator = new Zend_Validate();
$username_validator->addValidator(new Zend_Validate_StringLength(1, Bolts_Registry::get('username_length')));
$username_validator->addValidator(new Zend_Validate_Alnum());
if (!$username_validator->isValid($user['username'])) {
$show_username = "******" . $user['username'] . "'";
if (trim($user['username']) == "") {
$show_username = "******" . $this->_T("empty") . "]";
}
$errors[] = $this->_T("%s isn't a valid username. (Between %d and %d characters, only letters and numbers)", array($show_username, 1, Bolts_Registry::get('username_length')));
}
if ($is_new) {
$user_where = $users_table->getAdapter()->quoteInto('username = ?', $user['username']);
if ($users_table->getCountByWhereClause($user_where) > 0) {
$errors[] = $this->_T("The username '%s' is already in use", $user['username']);
}
}
// validate email
if (!Bolts_Validate::checkEmail($user['email'])) {
$errors[] = $this->_T("Email is not valid");
}
// check to see if email is in use already by someone else
if ($users_table->isEmailInUse($user['email'], $user['username'])) {
$errors[] = $this->_T("Email already in use");
}
// if password isn't blank, validate it
if ($user['password'] != "") {
if (!Bolts_Validate::checkLength($user['password'], 6, Bolts_Registry::get('password_length'))) {
$errors[] = $this->_T("Password must be between 6 and 32 characters");
}
// if password is set, make sure it matches confirm
if ($user['password'] != $user['confirm']) {
$errors[] = $this->_T("Passwords don't match");
}
}
// convert birthday_ts to mysql date
$birthday = date("Y-m-d H:i:s", $user['birthday']);
$params = array('request' => $request, 'user' => $user, 'errors' => $errors);
// upload new avatar image if present
if (array_key_exists('filedata', $_FILES)) {
if ($_FILES['filedata']['tmp_name'] != '') {
$destination_path = Bolts_Registry::get('upload_path') . "/" . $user['username'] . "/original";
if (!is_dir($destination_path)) {
mkdir($destination_path, 0777, true);
Bolts_Log::report("Creating user folder at " . $destination_path, null, Zend_Log::DEBUG);
}
if (file_exists($destination_path . "/avatar")) {
unlink($destination_path . "/avatar");
Bolts_Log::report("Deleted existing user avatar from " . $destination_path, null, Zend_Log::DEBUG);
} else {
Bolts_Log::report("User avatar did not exist in " . $destination_path, null, Zend_Log::DEBUG);
}
move_uploaded_file($_FILES['filedata']['tmp_name'], $destination_path . "/avatar");
Users::clearUserCache($user['username']);
Bolts_Log::report("User avatar uploaded to " . $destination_path, null, Zend_Log::DEBUG);
$params['user']['hasnewfile'] = true;
} else {
$params['user']['hasnewfile'] = false;
}
}
$additional = $this->_Bolts_plugin->doFilter($this->_mca . "_pre_save", $params);
// FILTER HOOK
$errors = $additional['errors'];
$user = $additional['user'];
$users_roles_table->delete($users_roles_table->getAdapter()->quoteInto("username = ?", $user['username']));
foreach ($request->role_ids as $role_id) {
$role_data = array("username" => $user['username'], "role_id" => $role_id);
$users_roles_table->insert($role_data);
}
if (count($errors) == 0) {
/********** Commented out due to Plug-in compatibility issues.
$data = array(
'email' => $user['email'],
'birthday' => $birthday,
'aboutme' => nl2br($user['aboutme']),
'gender' => $user['gender'],
'full_name' => $user['full_name'],
'country_code' => $user['country_code'],
'last_modified_on' => date(DB_DATETIME_FORMAT),
);
**********/
$user['birthday'] = $birthday;
$user['aboutme'] = nl2br($user['aboutme']);
$user['last_modified_on'] = date(DB_DATETIME_FORMAT);
// This is a hold-over value from the form.
unset($user['confirm']);
if ($user['password'] != "") {
#$data['password'] = $user['password'];
} else {
unset($user['password']);
}
if ($is_new) {
// TODO - stuff? really?
$stuff = array('request' => $request, 'user' => $user, 'errors' => $errors);
$additional1 = $this->_Bolts_plugin->doFilter($this->_mca, $stuff);
// FILTER HOOK
$errors = $additional1['errors'];
$user = $additional1['user'];
$data['username'] = $user['username'];
#$data['created_on'] = date(DB_DATETIME_FORMAT);
$user['created_on'] = date(DB_DATETIME_FORMAT);
$users_table->insert($user);
$this->view->success = "Profile created.";
} else {
$where = $users_table->getAdapter()->quoteInto('username = ?', $user['username']);
#$users_table->update($data, $where);
$users_table->update($user, $where);
$this->view->success = "Profile updated.";
}
} else {
$this->view->errors = $errors;
}
}
$this->view->end_year = -Bolts_Registry::get('minimum_registration_age');
$this->view->genders = Bolts_Common::getGenderArray();
$user['aboutme'] = Bolts_Common::br2nl($user['aboutme']);
$this->view->user = $user;
}
function fetchRolesByUsername($username){
$users_roles_table = new UsersRoles();
$roles_for_user = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?",$username));
$select = $this->select();
if(count($roles_for_user) > 0){
foreach($roles_for_user as $role_for_user){
$select->orWhere("id = ?",$role_for_user->role_id);
}
}
return $this->fetchAll($select);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$frontController = Zend_Controller_Front :: getInstance();
$auth = Zend_Auth :: getInstance();
$roles_table = new Roles();
$appNamespace = new Zend_Session_Namespace('RivetyCore_Temp');
if (Zend_Registry :: isRegistered('acl'))
{
$acl = Zend_Registry :: get('acl');
}
else
{
$acl = new RivetyCore_Acl($auth);
Zend_Registry::set('acl', $acl);
}
// determine role
if ($auth->hasIdentity())
{
$user = Zend_Auth :: getInstance()->getIdentity();
$users_roles_table = new UsersRoles();
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username));
$user_roles = array();
if (count($users_roles_db) > 0)
{
foreach ($users_roles_db as $role)
{
$user_roles[] = $role->role_id;
$user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id));
}
}
$user_roles = array_unique($user_roles);
$user_is_guest = false;
$defaultNamespace = new Zend_Session_Namespace('Zend_Auth');
// REFRESH THE SESSION EXPIRATION
$defaultNamespace->setExpirationSeconds((int)RivetyCore_Registry::get('session_timeout'));
}
else
{
$user_roles = array($roles_table->getIdByShortname("guest"));
$user_is_guest = true;
}
$requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName();
$url = $frontController->getBaseUrl() . "/";
if (!$acl->has($requested))
{
// this doesn't exist, throw to 404
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('missing');
}
else
{
$isAllowed = array();
foreach ($user_roles as $user_role)
{
$isAllowed[$user_role] = $acl->isAllowed($user_role, $requested);
// if ($acl->isAllowed($user_role, $requested))
// {
// $isAllowed[$user_role] = true;
// }
// else
// {
// $isAllowed[$user_role] = false;
// }
}
if (!in_array(true, $isAllowed))
{
if ($user_is_guest)
{
$url .= $request->getModuleName() . "/";
$url .= $request->getControllerName() . "/";
$url .= $request->getActionName() . "/";
$params = $request->getParams();
while ($param = current($params))
{
if (key($params) != "module" && key($params) != "controller" && key($params) != "action") $url .= key($params) . '/' . $param . "/";
next($params);
}
if (substr($url,strlen($url) - 1, 1) == "/")
{
$url = substr($url, 0, strlen($url) - 1);
}
// place requested url in the session, unless this is the login controller
if ($request->getControllerName() != "auth")
{
$request->setParam('ourl', base64_encode($url));
// $appNamespace->requestedUrl = $url;
}
$blockedActions = RivetyCore_Registry::get('disable_login_redirect');
if (!empty($blockedActions)) $blockedActions = explode(',', $blockedActions);
$mca = $request->getModuleName() . "_" . $request->getControllerName() . "_" . $request->getActionName();
if (is_array($blockedActions) && in_array($mca, $blockedActions))
{
// forward to the 401 Unauthorized page
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('unauthorized');
}
else
{
// forward to the login script
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('login');
}
}
else
{
$admin = "default-Admin-index";
$isAdmin = array();
foreach($user_roles as $user_role)
{
$isAdmin[$user_role] = $acl->isAllowed($user_role, $admin);
// if ($acl->isAllowed($user_role, $admin))
// {
// $isAdmin[$user_role] = true;
// }
// else
// {
// $isAdmin[$user_role] = false;
// }
}
if (!in_array(true, $isAdmin))
{
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('denied');
}
else
{
$request->setModuleName('default');
$request->setControllerName('admin');
$request->setActionName('index');
}
}
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$frontController = Zend_Controller_Front::getInstance();
$auth = Zend_Auth::getInstance();
$roles_table = new Roles();
$appNamespace = new Zend_Session_Namespace('Bolts_Temp');
if (Zend_Registry::isRegistered('acl')) {
$acl = Zend_Registry::get('acl');
} else {
$acl = new Bolts_Acl($auth);
Zend_Registry::set('acl', $acl);
}
// determine role
if ($auth->hasIdentity()) {
$user = Zend_Auth::getInstance()->getIdentity();
$users_roles_table = new UsersRoles();
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username));
$user_roles = array();
if (count($users_roles_db) > 0) {
foreach ($users_roles_db as $role) {
$user_roles[] = $role->role_id;
$user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id));
}
}
$user_roles = array_unique($user_roles);
$user_is_guest = false;
$defaultNamespace = new Zend_Session_Namespace('Zend_Auth');
$defaultNamespace->setExpirationSeconds(86400);
} else {
$user_roles = array($roles_table->getIdByShortname("guest"));
$user_is_guest = true;
}
$requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName();
$url = $frontController->getBaseUrl() . "/";
if (!$acl->has($requested)) {
// this doesn't exist, throw to 404
$request->setModuleName('bolts');
$request->setControllerName('auth');
$request->setActionName('missing');
} else {
$isAllowed = array();
foreach ($user_roles as $user_role) {
if ($acl->isAllowed($user_role, $requested)) {
$isAllowed[$user_role] = true;
} else {
$isAllowed[$user_role] = false;
}
}
if (!in_array(true, $isAllowed)) {
if ($user_is_guest) {
$url .= $request->getModuleName() . "/";
$url .= $request->getControllerName() . "/";
$url .= $request->getActionName() . "/";
$params = $request->getParams();
while ($param = current($params)) {
if (key($params) != "module" and key($params) != "controller" and key($params) != "action") {
$url .= key($params) . '/' . $param . "/";
}
next($params);
}
if (substr($url, strlen($url) - 1, 1) == "/") {
$url = substr($url, 0, strlen($url) - 1);
}
//Zend_debug::dump($params);
//Zend_debug::dump($url);
// place requested url in the sesson,
// unless this is the login controller
if ($request->getControllerName() != "auth") {
$request->setParam('url', base64_encode($url));
//$appNamespace->requestedUrl = $url;
}
// send on to the login scipt
$request->setModuleName('bolts');
$request->setControllerName('auth');
$request->setActionName('login');
} else {
$admin = "bolts-Admin-index";
$isAdmin = array();
foreach ($user_roles as $user_role) {
if ($acl->isAllowed($user_role, $admin)) {
$isAdmin[$user_role] = true;
} else {
$isAdmin[$user_role] = false;
}
}
if (!in_array(true, $isAdmin)) {
$request->setModuleName('bolts');
$request->setControllerName('auth');
$request->setActionName('denied');
} else {
$request->setModuleName('bolts');
$request->setControllerName('admin');
$request->setActionName('index');
}
}
}
}
}
