/**
* Prepares the taskbar by adding the user switch panel to it if allowed
* @return null
*/
public function prepareTaskbar($taskbar)
{
if (!SecurityManager::getInstance()->isRouteAllowed(self::ROUTE_USER_SWITCH)) {
return;
}
$taskbar->addNotificationPanel(new UserSwitchPanelView());
}
/**
* Action to view and change the profile
* @return null
*/
public function indexAction()
{
$user = SecurityManager::getInstance()->getUser();
if (!$user) {
throw new UnauthorizedException();
}
$form = new ProfileForm($this->request->getBasePath(), $user);
$form->addHook(new AccountProfileHook());
Zibo::getInstance()->runEvent(self::EVENT_PREPARE_FORM, $form);
if ($form->isSubmitted()) {
try {
$form->validate();
$form->processSubmit($this);
if (!$this->response->getView() && !$this->response->willRedirect()) {
$this->response->setRedirect($this->request->getBasePath());
}
return;
} catch (ValidationException $exception) {
$form->setValidationException($exception);
}
}
$translator = $this->getTranslator();
$view = new ProfileView($form);
$view->setPageTitle($translator->translate(self::TRANSLATION_TITLE));
$this->response->setView($view);
}
/**
* Authenticate a user and get his/her session id
* @param string username of the user
* @param string password of the user
* @return string id of the user's session
*/
public function authenticateUser($username, $password)
{
$securityManager = SecurityManager::getInstance();
$securityManager->login($username, $password);
$session = Session::getInstance();
$session->set(self::SESSION_AUTHENTICATED, true);
return $session->getId();
}
/**
* Initializes this module
* @return null
*/
public function initialize()
{
$zibo = Zibo::getInstance();
$zibo->registerEventListener(FileBrowserController::EVENT_PRE_ACTION, array($this, 'initializeFileBrowser'));
$zibo->registerEventListener(TinyMCEController::EVENT_PRE_IMAGE_LIST, array($this, 'addImagesToTinyMCE'));
$zibo->registerEventListener(TinyMCEController::EVENT_PRE_LINK_LIST, array($this, 'addLinksToTinyMCE'));
$this->path = $zibo->getConfigValue(self::CONFIG_PATH, self::DEFAULT_PATH);
$this->securityManager = SecurityManager::getInstance();
}
/**
* Constructs a new security table
* @param string $formAction URL where the form of the table will point to
* @return null
*/
public function __construct($formAction)
{
$manager = SecurityManager::getInstance();
$permissions = $manager->getPermissions();
$roles = $manager->getRoles();
$deniedRoutes = $manager->getDeniedRoutes();
parent::__construct($permissions, $formAction, self::FORM_NAME);
$this->addDecorators($roles);
$this->addFields($deniedRoutes);
}
function smarty_block_isAuthenticated($params, $content, &$smarty, &$repeat)
{
if ($repeat) {
return;
}
$user = SecurityManager::getInstance()->getUser();
if ($user) {
return $content;
}
return;
}
/**
* Action to auto complete a username
* @return null
*/
public function autocompleteAction()
{
$environment = $this->getEnvironment();
$term = $environment->getArgument('term');
if (!$term) {
return;
}
$securityModel = $this->securityManager->getSecurityModel();
$users = $securityModel->findUsersByUsername($term);
$view = new JsonView($users);
$this->response->setView($view);
}
/**
* Constructs a new authentication status panel
* @return null
*/
public function __construct()
{
parent::__construct(self::TEMPLATE);
$user = SecurityManager::getInstance()->getUser();
$request = Zibo::getInstance()->getRequest();
$baseUrl = $request->getBaseUrl() . Request::QUERY_SEPARATOR;
$basePath = $baseUrl . Module::ROUTE_AUTHENTICATION . Request::QUERY_SEPARATOR;
$this->set('user', $user);
$this->set('urlLogin', $basePath . AuthenticationController::ACTION_LOGIN);
$this->set('urlLogout', $basePath . AuthenticationController::ACTION_LOGOUT);
$this->set('urlProfile', $baseUrl . Module::ROUTE_PROFILE);
}
/**
* Checks if the current user uses the user directory
* @return boolean
*/
public function isUserDirectoryEnabled()
{
$isAllowed = $this->securityManager->isPermissionAllowed(self::PERMISSION_USERDIR);
if (!$isAllowed) {
return false;
}
$user = $this->securityManager->getUser();
// skip anonymous users and super users from the ORM security model
if (!$user || method_exists($user, 'isSuperUser') && $user->isSuperUser()) {
return false;
}
return true;
}
/**
* Action to show an overview of the system information
* @return null
*/
public function indexAction()
{
$zibo = Zibo::getInstance();
$configuration = $this->getConfiguration($zibo);
$routes = $this->getRoutes($zibo);
$softwareDetector = new SoftwareDetector();
$sm = SecurityManager::getInstance();
$numVisitors = $sm->getNumVisitors();
$numUsers = $sm->getNumUsers();
$numGuests = $numVisitors - $numUsers;
$currentUsers = $sm->getCurrentUsers();
$view = new SystemView($configuration, $this->request->getBaseUrl(), $routes, $softwareDetector, $numVisitors, $numUsers, $numGuests, $currentUsers);
$actions = array($this->request->getBasePath() . '/phpInfo' => self::TRANSLATION_PHP_INFO);
$this->setView($view, $actions);
}
/**
* Validate the permissions configuration value
* @param string $permissions permissions configuration setting
* @param zibo\library\validation\exception\ValidationException $validationException when a ValidationError occures, it will be added to this exception and null will be returned
* @return string valid permissions configuration value
*/
private function validatePermissions($permissions, ValidationException $validationException)
{
if ($permissions == NodeSettingModel::AUTHENTICATION_STATUS_ANONYMOUS || $permissions == NodeSettingModel::AUTHENTICATION_STATUS_AUTHENTICATED || $permissions == NodeSettingModel::AUTHENTICATION_STATUS_EVERYBODY) {
return $permissions;
}
$configurationString = '';
$securityManager = SecurityManager::getInstance();
$permissions = explode(',', $permissions);
foreach ($permissions as $permission) {
$permission = trim($permission);
if ($securityManager->hasPermission($permission)) {
$configurationString .= ($configurationString ? ',' : '') . $permission;
continue;
}
$error = new ValidationError('joppa.error.permission', 'permission \'%permission%\' does not exist', array('permission' => $permission));
$validationException->addErrors(NodeSettingModel::SETTING_PERMISSIONS, array($error));
return null;
}
return $configurationString;
}
function smarty_block_isNotAllowed($params, $content, &$smarty, &$repeat)
{
if ($repeat) {
return;
}
if (!isset($params['route']) && !isset($params['permission'])) {
throw new Exception('No route or permission provided');
}
if (isset($params['route']) && isset($params['permission'])) {
throw new Exception('Route and permissions provided');
}
$manager = SecurityManager::getInstance();
if (isset($params['route'])) {
if (!$manager->isRouteAllowed($params['route'])) {
return $content;
}
} elseif (!$manager->isPermissionAllowed($params['permission'])) {
return $content;
}
return;
}
/**
* Gets a display array of the provided managers
* @param array $managers the managers
* @param string $currentManager name of the current manager
* @return array Array with the name of the manager as key and a manager array as value.
*
* A manager array is an array with the following keys:
* <ul>
* <li>action: string</li>
* <li>name: string</li>
* <li>current: boolean</li>
* <li>icon: string</li>
* </ul>
*/
private function getViewManagers(array $managers, $currentManager = null)
{
$basePath = Module::getManagerBasePath();
$viewManagers = array();
$securityManager = SecurityManager::getInstance();
foreach ($managers as $name => $manager) {
$viewManager = array();
$actions = $manager->getActions();
if ($actions) {
$viewManager['actions'] = array();
foreach ($actions as $route => $label) {
$route = $basePath . $name . '/' . $route;
if ($securityManager->isRouteAllowed($route)) {
$viewManager['actions'][$route] = $label;
}
}
if (empty($viewManager['actions'])) {
continue;
}
}
$route = $basePath . $name;
if (!$securityManager->isRouteAllowed($route) && empty($viewManager['actions'])) {
continue;
}
$viewManager['action'] = $route;
$viewManager['name'] = $manager->getName();
$viewManager['current'] = $currentManager == $name;
$viewManager['icon'] = $manager->getIcon();
if (!$viewManager['icon']) {
$viewManager['icon'] = 'web/images/manager.png';
}
$viewManagers[$viewManager['name']] = $viewManager;
}
ksort($viewManagers);
return $viewManagers;
}
/**
* Saves the submitted security table to the security model
* @param zibo\admin\table\SecurityTable $table
* @return null
*/
private function processForm(SecurityTable $table)
{
$zibo = Zibo::getInstance();
$securityManager = SecurityManager::getInstance();
$errorsOccured = false;
$roles = $table->getRoles();
foreach ($roles as $role) {
try {
$permissions = $table->getPermissions($role->getRoleName());
$securityManager->setAllowedPermissionsToRole($role, $permissions);
} catch (Exception $exception) {
$errorsOccured = true;
$zibo->runEvent(Zibo::EVENT_LOG, $exception->getMessage(), $exception->getTraceAsString());
$this->addError(self::TRANSLATION_ERROR_PERMISSIONS_ROLE, array('role' => $role->getRoleName()));
}
try {
$routes = $table->getAllowedRoutes($role->getRoleName());
$securityManager->setAllowedRoutesToRole($role, $routes);
} catch (Exception $exception) {
$errorsOccured = true;
$zibo->runEvent(Zibo::EVENT_LOG, $exception->getMessage(), $exception->getTraceAsString());
$this->addError(self::TRANSLATION_ERROR_ROUTES_ROLE, array('role' => $role->getRoleName()));
}
}
try {
$routes = $table->getDeniedRoutes();
$securityManager->setDeniedRoutes($routes);
} catch (Exception $exception) {
$errorsOccured = true;
$zibo->runEvent(Zibo::EVENT_LOG, $exception->getMessage(), $exception->getTraceAsString());
$this->addError(self::TRANSLATION_ERROR_ROUTES_DENIED);
}
if (!$errorsOccured) {
$this->addInformation(self::TRANSLATION_SAVED);
}
}
/**
* Action to activate the user
* @param string $email The email address of the user
* @param string $key The secure key of the user
* @return null
*/
public function activateAction($email = null, $key = null)
{
$basePath = $this->request->getBasePath();
if (!$email || !$key) {
$this->response->setRedirect($basePath);
return;
}
$securityModel = SecurityManager::getInstance()->getSecurityModel();
$user = $securityModel->getUserByEmail($email);
if (!$user) {
$this->addError(self::TRANSLATION_ERROR_USER_NOT_FOUND_EMAIL, array('email' => $email));
$this->response->setRedirect($basePath);
return;
}
$userKey = $this->getUserKey($user);
if ($userKey != $key) {
$this->addError(self::TRANSLATION_ERROR_INCORRECT_KEY);
$this->response->setRedirect($basePath);
return;
}
try {
$user->setIsUserActive(true);
$securityModel->setUser($user);
$this->setRedirectToLogin();
return;
} catch (ValidationException $exception) {
}
$this->response->setRedirect($basePath);
}
/**
* Sets the main view of the builder to the response
* @param zibo\orm\builder\table\ModelTable $table
* @return null
*/
private function setBuilderView(ModelTable $table, ModelFilterForm $filterForm, ModelImportForm $importForm)
{
if ($this->downloadFile) {
$this->setDownloadView($this->downloadFile);
return;
}
$view = new BuilderView($table);
$view->setPageTitle(self::TRANSLATION_TITLE, true);
$sidebar = $view->getSidebar();
$sidebar->addPanel(new ModelFilterView($filterForm));
$basePath = $this->request->getBasePath() . '/';
if (!$this->isReadOnly) {
$addAction = $this->request->getBaseUrl() . '/' . Module::ROUTE_WIZARD . '/' . WizardController::ACTION_RESET;
$defineAction = $basePath . self::ACTION_DEFINE;
$scaffoldAction = $basePath . self::ACTION_SCAFFOLD . '/';
$table->addDecorator(new ModelActionDecorator($scaffoldAction, self::TRANSLATION_SCAFFOLD));
$sidebar->addPanel(new ModelImportView($importForm));
$sidebar->addAction($addAction, self::TRANSLATION_ADD, true);
$sidebar->addAction($defineAction, self::TRANSLATION_DEFINE, true);
}
if (class_exists(self::CLASS_ERD)) {
$sidebar->addAction($basePath . self::ACTION_ERD, self::TRANSLATION_ERD, true);
}
$databaseExportAction = $this->getDatabaseExportAction();
if (SecurityManager::getInstance()->isPermissionAllowed(Module::PERMISSION_EXPORT) && $databaseExportAction) {
$sidebar->addAction($databaseExportAction, self::TRANSLATION_EXPORT_DATABASE, true);
}
$sidebar->setInformation(self::TRANSLATION_INFORMATION_BUILDER, true);
$this->response->setView($view);
}
/**
* Sets the security manager to this controller
* @return null
*/
public function preAction()
{
$this->securityManager = SecurityManager::getInstance();
}
/**
* Prepares the taskbar and adds it to the view
* @return null
*/
protected function addTaskbar()
{
$securityModel = SecurityManager::getInstance()->getSecurityModel();
$translator = $this->getTranslator();
$systemMenu = new Menu($translator->translate(self::TRANSLATION_TASKBAR_SYSTEM));
$systemMenu->addMenuItem(new MenuItem($translator->translate(LocalesController::TRANSLATION_TITLE), Module::ROUTE_LOCALES));
$systemMenu->addMenuItem(new MenuItem($translator->translate(ModulesController::TRANSLATION_TITLE), Module::ROUTE_MODULES));
if ($securityModel) {
$systemMenu->addMenuItem(new MenuItem($translator->translate(SecurityController::TRANSLATION_TITLE), Module::ROUTE_SECURITY));
}
$systemMenu->addMenuItem(new MenuItem($translator->translate(SystemController::TRANSLATION_TITLE), Module::ROUTE_SYSTEM));
$settingsMenu = $this->taskbar->getSettingsMenu();
$settingsMenu->addMenu($systemMenu);
Zibo::getInstance()->runEvent(self::EVENT_TASKBAR, $this->taskbar);
if ($securityModel) {
$this->taskbar->addNotificationPanel(new UserPanelView());
}
$view = new TaskbarView($this->taskbar);
$this->setSubview('taskbar', $view);
}
/**
* Sets an unauthorized status code to the response and dispatch to the authentication form
* @return null
*/
private function showAuthenticationForm()
{
$zibo = Zibo::getInstance();
$request = $zibo->getRequest();
$response = $zibo->getResponse();
$securityManager = SecurityManager::getInstance();
$user = $securityManager->getUser();
if ($user) {
// already logged in, show blank page with error message
$response->addMessage(new Message(self::TRANSLATION_ERROR_FORBIDDEN, Message::TYPE_ERROR));
$response->setStatusCode(Response::STATUS_CODE_FORBIDDEN);
$response->setView(new BaseView());
return;
}
// not logged in, show authentication form
$response->addMessage(new Message(self::TRANSLATION_ERROR_UNAUTHORIZED, Message::TYPE_ERROR));
$authenticator = $securityManager->getAuthenticator();
if ($authenticator instanceof HttpAuthenticator) {
$response->addHeader(Response::HEADER_AUTHENTICATE, $authenticator->getAuthenticateHeader());
$response->setStatusCode(Response::STATUS_CODE_UNAUTHORIZED);
} else {
$response->setStatusCode(Response::STATUS_CODE_FORBIDDEN);
}
$dispatcher = $zibo->getDispatcher();
if (!$dispatcher) {
$dispatcher = new Dispatcher(new ObjectFactory());
}
$baseUrl = $request->getBaseUrl();
$basePath = $baseUrl . Request::QUERY_SEPARATOR . self::ROUTE_AUTHENTICATION;
$controller = self::CONTROLLER_AUTHENTICATION;
$request = new Request($baseUrl, $basePath, $controller, Dispatcher::ACTION_ASTERIX);
$dispatcher->dispatch($request, $response);
}
/**
* Gets the user from the security manager to use in this controller
* @return null
*/
public function preAction()
{
$this->user = SecurityManager::getInstance()->getUser();
}
/**
* Add a sub menu item to this menu
* @param MenuItem $menuItem
* @return null
*/
public function addMenuItem(MenuItem $menuItem)
{
if (!SecurityManager::getInstance()->isRouteAllowed($menuItem->getRoute())) {
return;
}
$this->items[] = $menuItem;
}
/**
* Saves the user
* @param zibo\library\security\model\User
* @return null
*/
protected function saveUser(User $user)
{
SecurityManager::getInstance()->setUser($user);
}
/**
* Checks whether the node of these settings is allowed for the current user
* @return boolean true if this node is allowed for the current user, false if not
* @throws zibo\ZiboException when the NodeSettings are not set to this node
*/
public function isAllowed()
{
$securityManager = SecurityManager::getInstance();
$user = $securityManager->getUser();
$permissions = $this->get(NodeSettingModel::SETTING_PERMISSIONS);
if (!$permissions || $permissions === NodeSettingModel::AUTHENTICATION_STATUS_EVERYBODY) {
return true;
}
if ($permissions === NodeSettingModel::AUTHENTICATION_STATUS_ANONYMOUS) {
if ($user === null) {
return true;
}
return false;
}
if ($permissions === NodeSettingModel::AUTHENTICATION_STATUS_AUTHENTICATED) {
if ($user === null) {
return false;
}
return true;
}
$permissions = explode(',', $permissions);
$isAllowed = true;
foreach ($permissions as $permission) {
if (!$securityManager->isPermissionAllowed($permission)) {
$isAllowed = false;
break;
}
}
return $isAllowed;
}
/**
* Action to logout the current user and redirect to the home page
* @return null
*/
public function indexAction()
{
$securityManager = SecurityManager::getInstance();
$securityManager->logout();
$this->response->setRedirect($this->request->getBaseUrl());
}
/**
* Protect the taskbar with the joppa.taskbar permission
* @return null
*/
protected function addTaskbar()
{
if (SecurityManager::getInstance()->isPermissionAllowed(Module::PERMISSION_TASKBAR)) {
parent::addTaskbar();
}
}
/**
* Action to show the authentication form and to process authentication
* @return null
*/
public function indexAction()
{
$securityManager = SecurityManager::getInstance();
$session = $this->getSession();
$redirect = $this->getRedirect();
$user = $securityManager->getUser();
if ($user) {
// user is already logged in
$redirectUrl = null;
switch ($redirect) {
case self::REDIRECT_HOME:
$redirectUrl = $this->request->getBaseUrl();
break;
case self::REDIRECT_REFERER:
$redirectUrl = $this->getReferer();
break;
}
if ($redirectUrl) {
$this->response->setRedirect($redirectUrl);
}
return;
}
// gets the general referer
$referer = $session->get(AdminModule::SESSION_REFERER);
if (!$referer || substr_compare($referer, $this->request->getBasePath(), 0, strlen($this->request->getBasePath())) == 1) {
$referer = $this->request->getBaseUrl();
}
$form = new AuthenticationForm($this->request->getBasePath());
if (!$form->isSubmitted()) {
// the form is not submitted, store the general referer as the login referer
$session->set(self::SESSION_REFERER, $referer);
$this->setLoginView($form);
return;
}
// gets the login referer
$redirectUrl = $session->get(self::SESSION_REFERER, $referer);
if ($form->isCancelled()) {
// the form is cancelled, redirect to the login referer
$this->response->setRedirect($redirectUrl);
return;
}
try {
// try to authenticate the user
$form->validate();
$username = $form->getValue(SecurityManager::USERNAME);
$password = $form->getValue(SecurityManager::PASSWORD);
$securityManager->login($username, $password);
// get the redirect url
$redirect = $this->getRedirect();
switch ($redirect) {
case self::REDIRECT_NO:
$redirectUrl = $this->request->getBasePath();
break;
case self::REDIRECT_HOME:
$redirectUrl = $this->request->getBaseUrl();
break;
}
$this->response->setRedirect($redirectUrl);
return;
} catch (AuthenticationException $e) {
// authentication error
if ($e->getField() == null) {
throw $e;
}
$error = new ValidationError($e->getTranslationKey(), $e->getMessage());
$exception = new ValidationException();
$exception->addErrors($e->getField(), array($error));
$form->setValidationException($exception);
} catch (ValidationException $exception) {
// no username or password filled in, exception already set to the form
}
$this->setLoginView($form);
}
/**
* Processes the next action of this step
* return string Name of the next step
*/
public function next()
{
try {
$this->wizard->validate();
} catch (ValidationException $validationException) {
return null;
}
try {
$username = $this->wizard->getValue(self::FIELD_USERNAME);
$password = $this->wizard->getValue(self::FIELD_PASSWORD);
$email = $this->wizard->getValue(self::FIELD_EMAIL);
$modelManager = ModelManager::getInstance();
$roleModel = $modelManager->getModel(RoleModel::NAME);
$role = $roleModel->findById(1);
if (!$role) {
$role = $roleModel->createData();
$role->name = 'Developer';
$role->isSuperRole = true;
$roleModel->save($role);
}
$userModel = $modelManager->getModel(UserModel::NAME);
$user = $userModel->findById(1);
if (!$user) {
$user = $userModel->createData();
}
$user->setUserName($username);
$user->setUserPassword($password);
$user->setIsUserActive(true);
$user->roles = array($role->id => $role->id);
$userModel->save($user);
$this->wizard->setVariable(self::VAR_USER, $user);
$deniedRoutes = array('admin/*');
$sm = SecurityManager::getInstance();
$sm->setDeniedRoutes($deniedRoutes);
} catch (ValidationException $validationException) {
$this->wizard->setValidationException($validationException);
return null;
}
return $this->wizard->getNextStep();
}
/**
* Login a user
* @param string $username
* @param string $password
* @return zibo\library\security\model\User User instance if login succeeded
* @throws zibo\library\security\exception\AuthenticationException when the login failed
*/
public function login($username, $password)
{
if (!$this->securityModel) {
throw new SecurityException('Could not login a user: no security model set');
}
$user = $this->securityModel->getUserByUsername($username);
if ($user === null) {
$this->clearAuthentification();
throw new UsernameAuthenticationException();
}
if (!$user->isUserActive()) {
$this->clearAuthentification();
throw new InactiveAuthenticationException();
}
$securityManager = SecurityManager::getInstance();
if ($securityManager->hashPassword($password) != $user->getUserPassword()) {
$this->clearAuthentification();
throw new PasswordAuthenticationException();
}
return $this->setUser($user);
}
/**
* Get a error report of an exception
* @param Exception $exception
* @param zibo\core\Request $request
* @return string
*/
private function getReport(Exception $exception, Request $request = null)
{
$report = 'Date: ' . date('d/m/Y H:i:s', time()) . "\n";
if ($request) {
$url = $request->getBasePath() . '/';
$url .= implode('/', $request->getParameters());
$report .= 'Request: ' . $url . "\n";
}
$user = SecurityManager::getInstance()->getUser();
if ($user) {
$report .= 'User: '******'User: anonymous';
}
$report .= "\n\nTrace:\n" . $this->getTrace($exception);
return $report;
}
/**
* Get the permissions from the SecurityManager for the permissions field
* @return array Array with the permission codes as key and value
*/
private function getPermissionOptions()
{
$options = array();
$permissions = SecurityManager::getInstance()->getPermissions();
foreach ($permissions as $permission) {
$code = $permission->getPermissionCode();
$options[$code] = $code;
}
return $options;
}
