/**
  * creates a new access group controller
  * @return AccessGroupController	AccessGroupController instance
  */
 public static function create()
 {
     //check, if an AccessGroupController instance already exists
     if (AccessGroupController::$accessGroupController == null) {
         AccessGroupController::$accessGroupController = new AccessGroupController();
     }
     return AccessGroupController::$accessGroupController;
 }
 /**
  * Ask for authorisation
  * @param $accessgroup		accessgroup of the user
  * @param $applicationpart	part of the application the user wants access
  * @return 			access permissions for the application part
  *				0 = no access, 1 = readonly, 2 = read/write
  */
 public function authorise($accessgroup, $applicationpart)
 {
     $accessGroupController = AccessGroupController::create();
     /* 
      * setup array with possible application parts. 
      * Example: objects/router => objects/router, objects, default 
      */
     $applicationparts = array();
     $applicationparts[] = "default";
     $applicationparts[] = $applicationpart;
     while (strrpos($applicationpart, '/') !== FALSE) {
         $newlength = strrpos($applicationpart, '/');
         $applicationpart = substr($applicationpart, 0, $newlength);
         $applicationparts[] = $applicationpart;
     }
     //get permissions from database
     $permissionDefault = -1;
     $permissionBestMatch = -1;
     $matchLevel = 0;
     try {
         $accessGroupObject = $accessGroupController->getAccessGroup($accessgroup);
         $accessRules = $accessGroupObject->getAccessRules();
         foreach ($accessRules as $accessRule) {
             $accessRuleAppPart = $accessRule->getApplicationPart();
             $accessRuleAccess = $accessRule->getAccess();
             if (array_search($accessRuleAppPart, $applicationparts) !== FALSE) {
                 $accessRuleMatchLevel = substr_count($accessRuleAppPart, '/');
                 if ($accessRuleAppPart == "default") {
                     $permissionDefault = $accessRuleAccess;
                 } elseif ($accessRuleMatchLevel >= $matchLevel) {
                     $permissionBestMatch = $accessRuleAccess;
                     $matchLevel = $accessRuleMatchLevel;
                 }
             }
         }
     } catch (Exception $e) {
         //doing nothing
     }
     //calculate permission
     $permission = 0;
     if ($permissionDefault > -1) {
         $permission = $permissionDefault;
     }
     if ($permissionBestMatch > -1) {
         $permission = $permissionBestMatch;
     }
     return $permission;
 }
Example #3
0
 /**
  * creates the default access groups in datastore
  * @return boolean	true, if access groups were created
  *			false, if there were errors
  */
 public function createDefaultAccessGroups()
 {
     try {
         $accessGroupController = AccessGroupController::create();
         //add access group
         $accessGroupController->addAccessGroup("admin");
         $accessGroupController->addAccessGroup("user");
         //add access rights
         $accessGroupController->addAccessRule("admin", "default", 2);
         $accessGroupController->addAccessRule("admin", "admin", 2);
         $accessGroupController->addAccessRule("admin", "rest", 2);
         $accessGroupController->addAccessRule("user", "default", 2);
         $accessGroupController->addAccessRule("user", "admin", 0);
         $accessGroupController->addAccessRule("user", "rest", 0);
         return true;
     } catch (Exception $e) {
         return false;
     }
 }
Example #4
0
use yourCMDB\controller\ObjectController;
use yourCMDB\controller\ObjectLinkController;
use yourCMDB\controller\ObjectLogController;
use yourCMDB\security\AuthorisationProviderLocal;
use yourCMDB\taskscheduler\EventProcessor;
use yourCMDB\info\InfoController;
//define base directories
$webScriptBaseDir = dirname(__FILE__);
$coreBaseDir = realpath("{$webScriptBaseDir}/../../core");
//include yourCMDB bootstrap
include "{$coreBaseDir}/bootstrap.php";
//include function definitions
include "functions.inc.php";
//define variables
$config = CmdbConfig::create();
$accessGroupController = AccessGroupController::create();
$objectController = ObjectController::create();
$objectLinkController = ObjectLinkController::create();
$objectLogController = ObjectLogController::create();
$authorisationProvider = new AuthorisationProviderLocal();
$eventProcessor = new EventProcessor();
$infoController = new InfoController();
//set default values of some variables
$authUser = "";
//get configuration
$installTitle = $config->getViewConfig()->getInstallTitle();
//setup i18n with gettext
$i18nLocale = $config->getViewConfig()->getLocale();
$i18nDomain = "web";
$i18nCodeset = "utf-8";
$i18nBaseDir = realpath("{$webScriptBaseDir}/../../i18n");