/** * Get the access level for this user and tool * * @param string $tool Tool name * @param string $login Username * @return boolean True if the user has access */ private function _getToolAccess($tool, $login = '') { include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'tool.php'; include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'group.php'; include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php'; // Ensure we have a tool if (!$tool) { $this->setError(Lang::txt('COM_TOOLS_ERROR_TOOL_NOT_FOUND')); Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return false; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return false; } } $tv = new \Components\Tools\Tables\Version($this->database); $tv->loadFromInstance($tool); if (empty($tv->id)) { Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return false; } $tg = new \Components\Tools\Tables\Group($this->database); $this->database->setQuery("SELECT * FROM " . $tg->getTableName() . " WHERE toolid=" . $tv->toolid); $toolgroups = $this->database->loadObjectList(); if (empty($toolgroups)) { //Log::debug("mw::_getToolAccess($tool,$login) WARNING: no tool member groups"); } $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); if (empty($xgroups)) { //Log::debug("mw::_getToolAccess($tool,$login) WARNING: user not in any groups"); } // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } $exportAllowed = $this->_getToolExportControl($tv->exportControl); $tisPublished = $tv->state == 1; $tisDev = $tv->state == 3; $tisGroupControlled = $tv->toolaccess == '@GROUP'; if ($tisDev) { if ($indevgroup) { //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)"); return true; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_DEV_GROUP')); return false; } } } else { if ($tisPublished) { if ($tisGroupControlled) { if ($ingroup) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ACCESS GROUP)"); return true; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_ACCESS_GROUP')); return false; } } } else { if (!$exportAllowed) { Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); return false; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { if ($indevgroup) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)"); return true; } else { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED"); return true; } } } } } else { Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_VERSION_UNPUBLISHED')); return false; } } return false; }
/** * Return tool access * * @param $tool Tool name we are getting access rights to * @param $login User Login name * * @return BOOL */ public static function getToolAccess($tool, $login = '') { //include tool models include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php'; //instantiate objects $access = new stdClass(); $access->error = new stdClass(); $database = \App::get('db'); // Ensure we have a tool if (!$tool) { $access->valid = 0; $access->error->message = 'No tool provided.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return $access; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { $access->valid = 0; $access->error->message = 'Unable to grant tool access to user, no user was found.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return $access; } } //load tool version $toolVersion = new \Components\Tools\Tables\Version($database); $toolVersion->loadFromInstance($tool); if (empty($toolVersion)) { $access->valid = 0; $access->error->message = 'Unable to load the tool'; $xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return $access; } //load the tool groups $toolGroup = new \Components\Tools\Tables\Group($database); $query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid; $database->setQuery($query); $toolgroups = $database->loadObjectList(); //get users groups $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } //check to see if we are an admin $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } //get access settings $exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl); $isToolPublished = $toolVersion->state == 1; $isToolDev = $toolVersion->state == 3; $isGroupControlled = $toolVersion->toolaccess == '@GROUP'; //check for dev tools if ($isToolDev) { //if were not in the dev group or an admin we must deny if (!$indevgroup && !$admin) { $access->valid = 0; $access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if ($isToolPublished) { //are we checking for a group controlled tool if ($isGroupControlled) { //if were not in the group that controls it and not admin we must deny if (!$ingroup && !$admin) { $access->valid = 0; $access->error->message = 'This tool may only be accessed by members of it\'s access control groups.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if (!$exportAllowed->valid) { $access->valid = 0; $access->error->message = 'Export Access Denied'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); } else { $access->valid = 1; } } } else { $access->valid = 0; $access->error->message = 'This tool version is not published.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); } } //return access return $access; }