/** * 根据id获得User完整信息,在整个会话期内只有一个User对象 * 本函数当前仅用于用户登陆认证环节 * 用户修改密码,要对一级缓存更新,二级缓存可不更新 * @param $name * @return array */ public function getUserByName2($name) { if ($this->hasCache2 === true && $this->user !== NULL) { Yii::trace("cache 2 get userName:"******"miniyun.cache2"); return $this->user; } $this->user = MiniUser::getInstance()->getUserByName($name); return $this->user; }
public function save() { if ($this->validate()) { $userData = array("name" => $this->userName, "password" => $this->password, "is_admin" => 1, "email" => $this->email, "extend" => array("space" => $this->space)); MiniUser::getInstance()->create($userData); MiniPlugin::getInstance()->enablePlugin("businessTheme"); return true; } return false; }
/** * 初始化参数对象 * 解析外部参数 * @param string $uri * @param array $config * @throws Exception * @throws MException * @return mix */ public static function initMThumbnailBase($uri, $config = NULL) { $thumbnailBase = new MThumbnailBase(); $format = "jpeg"; $size = "small"; if (isset($_REQUEST["format"])) { $format = strtolower($_REQUEST["format"]); } // 默认值format if ($format != "jpeg" && $format != "png") { $format = "jpeg"; } // 默认值size if (isset($_REQUEST["size"])) { $size = $_REQUEST["size"]; } $signature = $_REQUEST["signature"]; // 解析文件路径,若返回false,则错误处理 $urlManager = new MUrlManager(); $path = $urlManager->parsePathFromUrl($uri); if ($path == false) { throw new MException(Yii::t('api', MConst::PATH_ERROR), MConst::HTTP_CODE_404); } $parts = array_slice(explode('/', $uri), 3); $root = $parts[0]; // 检索的根路径 // 解析路径 $path = "/" . $path; $path = MUtils::convertStandardPath($path); // 用户信息 $user = MUserManager::getInstance()->getCurrentUser(); if (!empty($_REQUEST["userId"]) && $_REQUEST["userId"] != 'undefined' && $user['user_name'] == 'admin') { $userId = $_REQUEST["userId"]; $user = MiniUser::getInstance()->getUser($userId); } if (dirname($path) == "/") { $path = "/" . $user['id'] . $path; } $device = MUserManager::getInstance()->getCurrentDevice(); $thumbnailBase->user_id = $user["user_id"]; $thumbnailBase->user_nick = $user["user_name"]; $thumbnailBase->user_device_id = $device["device_id"]; $thumbnailBase->size = $size; $thumbnailBase->format = $format; $thumbnailBase->path = MUtils::convertStandardPath($path); $thumbnailBase->root = $root; $thumbnailBase->config = $config; // 检查共享 $share_filter = MSharesFilter::init(); if ($share_filter->handlerCheck($thumbnailBase->user_id, $path, true)) { $thumbnailBase->user_id = $share_filter->master; $thumbnailBase->path = $share_filter->_path; } return $thumbnailBase; }
/** * * 验证用户信息 * @param $userName * @param $password * @return bool */ public function validUser($userName, $password) { //迷你云第三方源验证 //admin为系统保留账号,不能进行第三方用户源的验证 if ($userName !== "admin") { //是否开启用户源插件 $userSource = apply_filters('third_user_source', false); //用户源插件未开启时 if ($userSource !== false) { $userInfo = array(); $userInfo['userName'] = $userName; $userInfo['password'] = $password; $userData = $userSource->getUser($userInfo); //返回false的情况 if (!$userData) { // //不存在judgeSelf方法则直接返回错误码 // if (!method_exists($userSource, 'judgeSelf')) { // //设置错误码 // $this->errorCode = $userSource->errorCode; return false; } //迷你云系统进行验证 if ($userSource->judgeSelf()) { $user = $this->validUserSelf($userName, $password); return $user; } // //设置错误码 // $this->errorCode = $userSource->errorCode; return false; } //存在该账号 则存储部分信息至迷你云数据库 $userData["name"] = $userData["user_name"]; $user = MiniUser::getInstance()->create($userData); if (!empty($userData['departmentData'])) { $model = new DepartmentBiz(); $model->import($userData['departmentData']); } if ($user["user_status"] == 0) { $this->errorCode = MConst::ERROR_USER_DISABLED; return false; } return $user; } } //未开启则验证自有系统中是否存在此用户 return $this->validUserSelf($userName, $password); }
/** * 文件数据处理 */ public function dealFile($file) { $user = MiniUser::getInstance()->getUser($file['user_id']); $file['user_nick'] = $user['nick']; $parentPath = explode('/', $file['file_path']); array_pop($parentPath); array_shift($parentPath); array_shift($parentPath); $parentPath = '/' . implode('/', $parentPath); $file['parent_path'] = $parentPath; return $file; }
public function invoke() { $filter = new MUserFilter(); $filter->oauth2Judge(); //check user auth $user = MUserManager::getInstance()->getCurrentUser(); $userId = $user["id"]; $user = MiniUser::getInstance()->getUser($userId); if ($user["is_admin"] !== true) { throw new MiniException(1200); } parent::invoke(); }
/** * 获取events数据 */ public function getList($path, $time, $deviceUuid, $pageSize, $currentPage) { $user = $this->user; $userId = $user['id']; $time = $this->getTime($time); if ($path != "") { $path = MiniUtil::joinPath($path); } $total = MiniEvent::getInstance()->getTotal($path, $time, $userId, $deviceUuid); $totalPage = ceil($total / $pageSize); $events = MiniEvent::getInstance()->getByCondition($path, $userId, $time, $deviceUuid, $pageSize, ($currentPage - 1) * $pageSize); $itemList = array(); $data = array(); foreach ($events as $event) { $item = array(); $device = MiniUserDevice::getInstance()->getUserDevice($event['user_device_id']); $item['create_user_id'] = $device['user_id']; $item['file_path'] = MiniUtil::getRelativePath($event['file_path']); $item['action'] = $event['action']; $item['user_name'] = $user['user_name']; $item['user_device_type'] = $device['user_device_type']; if ($device['user_id'] == $userId) { $item['user_self'] = true; } else { $item['user_self'] = false; $user = MiniUser::getInstance()->getById($device['user_id']); $userMetas = MiniUserMeta::getInstance()->getUserMetas($device['user_id']); if (isset($userMetas['nick'])) { $item['user_name'] = $userMetas['nick']; } else { $item['user_name'] = $user['user_name']; } } $item['created_at'] = MiniUtil::formatTime(strtotime($event['created_at'])); $item['user_device_name'] = $device['user_device_name']; $item['context'] = MiniUtil::getRelativePath($event['context']); $item['device_uuid'] = $device['user_device_uuid']; if ($event['action'] == 2) { //判断是否是重命名还是创建 $fromParent = CUtils::pathinfo_utf($event['file_path']); $toParent = CUtils::pathinfo_utf($event['context']); if ($fromParent['dirname'] == $toParent['dirname']) { $item['action'] = MConst::RENAME; } } $itemList[] = $item; } $data['events'] = $itemList; $data['totalPage'] = $totalPage; return $data; }
public function createArray($value) { $messageData = array(); foreach ($value as $list) { $userList = MiniUser::getInstance()->getUser($list['uu_id']); $messageData['userName'] = $userList['user_name']; $messageData['content'] = $list["content"]; $messageData['created_at'] = $list['created_at']; $messageData['updated_at'] = $list['updated_at']; $messageData['status'] = $list['status']; $messageData['id'] = $list['id']; $messageList[] = $messageData; } return $messageList; }
/** * 删除多余数据 */ private function modifyData() { $users = MiniUser::getInstance()->getAll(); foreach ($users as $user) { $path = "/" . $user["id"]; $file = MiniFile::getInstance()->getByPath($path); if (!empty($file)) { if ($user["id"] === $file["user_id"]) { try { MiniFile::getInstance()->deleteFile($file["id"]); } catch (Exception $e) { } } } } }
public function getOnlineUsers($refresh = false) { $data = array(); if (empty($this->items) || $refresh) { $devices = MiniOnlineDevice::getInstance()->getOnlineDevices(); foreach ($devices as $item) { $appId = $item["application_id"]; $device = MiniUserDevice::getInstance()->getUserDevice($item["device_id"]); $user = MiniUser::getInstance()->getUser($device["user_id"]); $online = array("name" => $user["user_name"], "nick" => $user['nick'], "appname" => $appId, "deviceName" => $device["user_device_name"], "deviceType" => $device["user_device_type"], "lastLoginTime" => $item["updated_at"], "avatar" => $user["avatar"]); array_push($this->items, $online); } } $data['list'] = $this->items; $data['total'] = MiniOnlineDevice::getInstance()->getOnlineCount(); return $data; }
/** * 搜索用户 */ public function searchFriends($key) { $userId = $this->user["id"]; $items = MiniUser::getInstance()->searchByName($userId, $key); $users = array(); foreach ($items as $item) { $friend = array(); $friend["id"] = $item["id"]; $friend["nick"] = $item["nick"]; $friend["name"] = $item["user_name"]; $friend["avatar"] = $item['avatar']; $arr = MiniUserGroupRelation::getInstance()->findUserGroup($userId, $item["id"]); $friend["user_group"] = $arr; array_push($users, $friend); } return $users; }
/** * 群组下的用户列表 */ public function userList($groupId) { $items = MiniUserGroupRelation::getInstance()->getList($groupId); if ($items['success'] == true) { $list = $items['list']; $userList = array(); foreach ($list as $item) { $arr = array(); $user = MiniUser::getInstance()->getUser($item['user_id']); $arr['id'] = $item['user_id']; $arr['name'] = $user['user_name']; $arr['nick'] = $user['nick']; $arr['avatar'] = $user['avatar']; array_push($userList, $arr); } $items['list'] = $userList; return $items; } else { return $items; } }
/** * 分享用户指定分享 * @param $userNames * @return bool */ public function sendToTransfer($userNames) { $link = MiniLink::getInstance()->getByKey($this->key); if ($link === NULL) { return; } $file = MiniFile::getInstance()->getById($link["file_id"]); if ($file === NULL) { return; } $deviceId = $this->device["id"]; if (count($userNames) > 0) { foreach ($userNames as $name) { $user = MiniUser::getInstance()->getUserByName($name); if ($user === NULL) { continue; } MiniFile::getInstance()->copy($file["id"], $user['id'], $deviceId, 0); } return true; } return false; }
/** * 查找文件是否被锁定 */ public function status($filePath) { $fileMeta = MiniFileMeta::getInstance()->getFileMeta($filePath, 'lock'); $isLock = false; $userId = $this->user['id']; $isSelf = false; //判断是否自己去操作修改 $index = 0; $minArray = array(); $effectArray = array(); if (count($fileMeta) != 0) { $metaValues = unserialize($fileMeta['meta_value']); $nowTime = time(); foreach ($metaValues as $metaValue) { $openTime = strtotime($metaValue['open_time']); if ($metaValue['user_id'] == $userId && $nowTime - $openTime < 1800) { $isSelf = true; break; } if ($nowTime - $openTime < 1800) { $effectArray[] = $metaValue; $index++; } } $sortArray = $this->quickSort($effectArray); if (count($sortArray) != 0) { $minArray = $sortArray[count($sortArray) - 1]; $user = MiniUser::getInstance()->getById($minArray['user_id']); $minArray['user_name'] = $user['nick']; } } if (!$isSelf && $index > 0) { $isLock = true; } return array('success' => $isLock, 'data' => $minArray); }
/** * 获取文件信息 * @param $key * @throws MiniException * @return mixed */ public function getInfo($key) { $link = MiniLink::getInstance()->getByKey($key); if ($link !== NULL) { $file = MiniFile::getInstance()->getById($link["file_id"]); if ($file !== NULL) { $data = array(); $info = $this->do2vo($file); if ($link['password'] != "-1") { $info["is_set_password"] = true; } else { $info["is_set_password"] = false; } if (intval($link['expiry']) !== -1) { if (intval($link['expiry']) - intval(time()) > 0) { $info["is_in_expiry"] = true; } else { $info["is_in_expiry"] = false; } $info['in_expiry'] = $link['expiry']; } else { $info["is_in_expiry"] = true; } if (intval($link['user_id']) === intval($this->user['id'])) { $info["is_owner"] = true; } else { $info["is_owner"] = false; } $user = MiniUser::getInstance()->getById($file["user_id"]); $info["user_name"] = $user["user_name"]; $data["info"] = $info; return $data; } } throw new MiniException(1300); }
/** * 获得当前用户 * @return array|null */ public function getUser() { if (isset($this->user)) { return $this->user; } $user = MUserManager::getInstance()->getCurrentUser(); if (!empty($user)) { $user = MiniUser::getInstance()->getUser($user["id"]); $data = array(); $data['user_uuid'] = $user["user_uuid"]; $data['user_name'] = $user["user_name"]; $data['display_name'] = $user["nick"]; $data['space'] = (double) $user["space"]; $data['used_space'] = (double) $user["usedSpace"]; $data['email'] = $user["email"]; $data['phone'] = $user["phone"]; $data['avatar'] = $user["avatar"]; $data['is_admin'] = $user["is_admin"]; $data['code'] = MiniOption::getInstance()->getOptionValue("code"); $this->user = $data; return $data; } return NULL; }
/** * 获得拥有权限的用户列表 */ public function getPrivilegeList($filePath) { //获得绝对路径 $privileges = MiniUserPrivilege::getInstance()->getPrivilegeList($filePath); $groupPrivileges = MiniGroupPrivilege::getInstance()->getPrivilegeList($filePath); $data = array(); foreach ($privileges as $item) { $user = MiniUser::getInstance()->getUser($item['user_id']); $privilege = array(); $privilege['id'] = $user['user_id']; $privilege['name'] = $user['user_name']; $privilege['nick'] = $user['nick']; $privilege['avatar'] = $user['avatar']; $privilege['user_status'] = $user['user_status']; $permission = $item['permission']; $readValue = substr($permission, 0, 1); $modifyValue = substr($permission, 1); $dirCreateValue = substr($permission, 1, 1); $dirRenameValue = substr($permission, 2, 1); $dirDelValue = substr($permission, 3, 1); $fileUploadValue = substr($permission, 4, 1); $contentValue = substr($permission, 5, 1); $fileRenameValue = substr($permission, 6, 1); $fileDelValue = substr($permission, 7, 1); $previewValue = substr($permission, 8, 1); if ($readValue == '1') { //read权限 与js格式转化为一致 $privilege['view'] = true; } else { $privilege['view'] = false; } if ($dirCreateValue == '1') { //dir_create权限 与js格式转化为一致 $privilege['dir_create'] = true; } else { $privilege['dir_create'] = false; } if ($dirRenameValue == '1') { //dir_rename权限 与js格式转化为一致 $privilege['dir_rename'] = true; } else { $privilege['dir_rename'] = false; } if ($dirDelValue == '1') { //dir_del权限 与js格式转化为一致 $privilege['dir_delete'] = true; } else { $privilege['dir_delete'] = false; } if ($fileUploadValue == '1') { //file_upload权限 与js格式转化为一致 $privilege['file_upload'] = true; } else { $privilege['file_upload'] = false; } if ($fileRenameValue == '1') { //file_rename权限 与js格式转化为一致 $privilege['file_rename'] = true; } else { $privilege['file_rename'] = false; } if ($contentValue == '1') { //content权限 与js格式转化为一致 $privilege['file_edit'] = true; } else { $privilege['file_edit'] = false; } if ($fileDelValue == '1') { //file_del权限 与js格式转化为一致 $privilege['file_delete'] = true; } else { $privilege['file_delete'] = false; } if ($previewValue == '1') { //preview权限 与js格式转化为一致 $privilege['download'] = true; } else { $privilege['download'] = false; } if ($modifyValue == '11111111') { $privilege['modified'] = true; } else { $privilege['modified'] = false; } $privilege['type'] = "0"; array_push($data, $privilege); } foreach ($groupPrivileges as $item) { $group = MiniGroup::getInstance()->getById($item['group_id']); $privilege = array(); $privilege['id'] = $item['group_id']; $privilege['name'] = $group['group_name']; $privilege['nick'] = $group['group_name']; $privilege['avatar'] = MiniHttp::getMiniHost() . "static/images/icon_group.png"; $permission = $item['permission']; $readValue = substr($permission, 0, 1); $modifyValue = substr($permission, 1); $dirCreateValue = substr($permission, 1, 1); $dirRenameValue = substr($permission, 2, 1); $dirDelValue = substr($permission, 3, 1); $fileUploadValue = substr($permission, 4, 1); $contentValue = substr($permission, 5, 1); $fileRenameValue = substr($permission, 6, 1); $fileDelValue = substr($permission, 7, 1); $previewValue = substr($permission, 8, 1); if ($readValue == '1') { //read权限 与js格式转化为一致 $privilege['view'] = true; } else { $privilege['view'] = false; } if ($dirCreateValue == '1') { //dir_create权限 与js格式转化为一致 $privilege['dir_create'] = true; } else { $privilege['dir_create'] = false; } if ($dirRenameValue == '1') { //dir_rename权限 与js格式转化为一致 $privilege['dir_rename'] = true; } else { $privilege['dir_rename'] = false; } if ($dirDelValue == '1') { //dir_del权限 与js格式转化为一致 $privilege['dir_delete'] = true; } else { $privilege['dir_delete'] = false; } if ($fileUploadValue == '1') { //file_upload权限 与js格式转化为一致 $privilege['file_upload'] = true; } else { $privilege['file_upload'] = false; } if ($fileRenameValue == '1') { //file_rename权限 与js格式转化为一致 $privilege['file_rename'] = true; } else { $privilege['file_rename'] = false; } if ($contentValue == '1') { //content权限 与js格式转化为一致 $privilege['file_edit'] = true; } else { $privilege['file_edit'] = false; } if ($fileDelValue == '1') { //file_del权限 与js格式转化为一致 $privilege['file_delete'] = true; } else { $privilege['file_delete'] = false; } if ($previewValue == '1') { //preview权限 与js格式转化为一致 $privilege['download'] = true; } else { $privilege['download'] = false; } if ($modifyValue == '11111111') { $privilege['modified'] = true; } else { $privilege['modified'] = false; } $privilege['type'] = "1"; array_push($data, $privilege); } return $data; }
/** * * 删除用户相关信息 * @userIds 用户列表{1,2,3,4,5}这样的格式 */ public function deleteUsers($userIds) { if ($userIds != '' && strlen($userIds) > 0) { $ids = explode(',', $userIds); $userFile = new UserFile(); foreach ($ids as $id) { // 删除用户共享文件 $userFile->deleteSharedFolders($id); //删除所有标签信息 Tag::model()->deleteUserAllTag($id); //删除我的最爱文件 FileStar::model()->deleteUserAllStar($id); } //删除用户的文件信息 $userFile->deleteUserFile($userIds); //删除用户的群组部门关系 MiniUserGroupRelation::getInstance()->deleteUserRelation($userIds); //删除用户的事件信息 MiniEvent::getInstance()->deleteByIds($userIds); //删除用户Meta以及用户自己 foreach ($ids as $id) { //删除用户自身 MiniUser::getInstance()->deleteUser($id); } } }
/** * Grant or deny a requested access token. * * This would be called from the "/token" endpoint as defined in the spec. * Obviously, you can call your endpoint whatever you want. * * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4 * * @ingroup oauth2_section_4 */ public function grantAccessToken() { $filters = array("grant_type" => array("filter" => FILTER_VALIDATE_REGEXP, "options" => array("regexp" => OAUTH2_GRANT_TYPE_REGEXP), "flags" => FILTER_REQUIRE_SCALAR), "scope" => array("flags" => FILTER_REQUIRE_SCALAR), "code" => array("flags" => FILTER_REQUIRE_SCALAR), "redirect_uri" => array("filter" => FILTER_SANITIZE_URL), "username" => array("flags" => FILTER_REQUIRE_SCALAR), "password" => array("flags" => FILTER_REQUIRE_SCALAR), "assertion_type" => array("flags" => FILTER_REQUIRE_SCALAR), "assertion" => array("flags" => FILTER_REQUIRE_SCALAR), "refresh_token" => array("flags" => FILTER_REQUIRE_SCALAR)); if ($_SERVER["REQUEST_METHOD"] == "GET") { $input = filter_input_array(INPUT_GET, $filters); } else { $input = filter_input_array(INPUT_POST, $filters); } // Grant Type must be specified. if (!$input["grant_type"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Invalid grant_type parameter or parameter missing'); } // Make sure we've implemented the requested grant type if (!in_array($input["grant_type"], $this->getSupportedGrantTypes())) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE); } // Authorize the client $client = $this->getClientCredentials(); $result = $this->checkClientCredentials($client[0], $client[1]); if ($result === FALSE) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT); } // // judage app disable // if ($result['enabled'] == 0) { $this->errorJsonResponse(OAUTH2_HTTP_LOCKED, SYSTEM_ERROR_APP_DISABLED); } if (!$this->checkRestrictedGrantType($client[0], $input["grant_type"])) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_UNAUTHORIZED_CLIENT); } //custom lifttime $this->setVariable("access_token_lifetime", 2592000); // 30day $this->setVariable("refresh_token_lifetime", 31536000); // 365day // Do the granting switch ($input["grant_type"]) { //免登陆接口 case OAUTH2_GRANT_TYPE_FREE_LOGIN: $stored = $this->checkUserCredentials($client[0], "", ""); //store the device_id $this->setVariable('device_id', $stored["device_id"]); // 用户被禁用 if (CUserValid::$userDisabled == true) { $this->errorJsonResponse(OAUTH2_HTTP_DISABLED, SYSTEM_ERROR_USER_DISABLED); } if ($stored === FALSE) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT); } break; case OAUTH2_GRANT_TYPE_AUTH_CODE: if (!$input["code"] || !$input["redirect_uri"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST); } $stored = $this->getAuthCode($input["code"]); // 用户被禁用 if (CUserValid::$userDisabled == true) { $this->errorJsonResponse(OAUTH2_HTTP_DISABLED, SYSTEM_ERROR_USER_DISABLED); } // Ensure that the input uri starts with the stored uri if ($stored === NULL || strcasecmp(substr($input["redirect_uri"], 0, strlen($stored["redirect_uri"])), $stored["redirect_uri"]) !== 0 || $client[0] != $stored["client_id"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT); } if ($stored["expires"] < time()) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_EXPIRED_TOKEN); } break; case OAUTH2_GRANT_TYPE_USER_CREDENTIALS: if (!$input["username"] || !$input["password"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Missing parameters. "username" and "password" required'); } //客户端禁用,给出提示 $this->filterPClientEnabled(); $stored = $this->checkUserCredentials($client[0], $input["username"], $input["password"]); //store the device_id $this->setVariable('device_id', $stored["device_id"]); // 用户被禁用 if (CUserValid::$userDisabled == true) { $this->errorJsonResponse(OAUTH2_HTTP_DISABLED, SYSTEM_ERROR_USER_DISABLED); } if ($stored === FALSE) { //为密码锁定与错误提示提供数据 $userName = $_REQUEST['username']; if (empty($userName)) { $userName = $_POST['username']; } $name = urldecode($userName); $isEnabled = MiniUser::getInstance()->isEnabled($name); if (!$isEnabled) { $errorDescription = array("is_disabled" => 1); $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT, $errorDescription); } else { $isLock = MiniUser::getInstance()->isLock($name); $errorCount = MiniUser::getInstance()->getPasswordErrorCount($name); $errorDescription = array("is_lock" => $isLock, "error_count" => $errorCount); $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT, $errorDescription); } } break; case OAUTH2_GRANT_TYPE_ASSERTION: if (!$input["assertion_type"] || !$input["assertion"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST); } // 用户被禁用 if (CUserValid::$userDisabled == true) { $this->errorJsonResponse(OAUTH2_HTTP_DISABLED, SYSTEM_ERROR_USER_DISABLED); } $stored = $this->checkAssertion($client[0], $input["assertion_type"], $input["assertion"]); if ($stored === FALSE) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT); } break; case OAUTH2_GRANT_TYPE_REFRESH_TOKEN: if (!$input["refresh_token"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found'); } // 用户被禁用 if (CUserValid::$userDisabled == true) { $this->errorJsonResponse(OAUTH2_HTTP_DISABLED, SYSTEM_ERROR_USER_DISABLED); } $stored = $this->getRefreshToken($input["refresh_token"]); if ($stored === NULL || $client[0] != $stored["client_id"]) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT); } if ($stored["expires"] < time()) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_EXPIRED_TOKEN); } //获取device_id store the device_id $storedOauth = $this->getAccessToken($stored["token"]); $this->setVariable('device_id', $storedOauth["device_id"]); // store the refresh token locally so we can delete it when a new refresh token is generated $this->setVariable('_old_oauth_token', $stored["token"]); $this->setVariable('_old_refresh_token', $input["refresh_token"]); $this->setVariable('_old_scope', $storedOauth["scope"]); break; case OAUTH2_GRANT_TYPE_NONE: $stored = $this->checkNoneAccess($client[0]); // 用户被禁用 if (CUserValid::$userDisabled == true) { $this->errorJsonResponse(OAUTH2_HTTP_DISABLED, SYSTEM_ERROR_USER_DISABLED); } if ($stored === FALSE) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST); } } // Check scope, if provided if ($input["scope"] && (!is_array($stored) || !isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"]))) { $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_SCOPE); } if (!$input["scope"]) { $input["scope"] = NULL; } if ($input["grant_type"] == OAUTH2_GRANT_TYPE_REFRESH_TOKEN) { $token = $this->createAccessToken($client[0], $this->getVariable("_old_scope")); } else { $token = $this->getToken($client[0], $input["scope"], $this->getVariable('device_id')); if (!$token) { $token = $this->createAccessToken($client[0], $input["scope"]); } } $this->sendJsonHeaders(); return $token; }
/** * 修改密码 */ public function updatePassword($newPassword, $password) { $userId = $this->user['id']; $userName = $this->user['user_name']; $model = new CUserValid(); $success = $model->validUser($userName, $password); if ($success != false) { MiniUser::getInstance()->updatePassword($userId, $newPassword); $success = true; } return $success; }
/** * 后台创建用户 */ public function adminCreateUser($userData) { if ($this->validateName($userData["user_name"])) { //用户验证随机数 $salt = MiniUtil::genRandomString(6); //存储User数据 $user = new User(); $user["user_uuid"] = uniqid(); $user["user_name"] = trim($userData["user_name"]); $user["salt"] = $salt; $user["user_status"] = 1; $user["user_pass"] = MiniUtil::signPassword($userData["password"], $salt); $user->save(); //存储UserMeta数据 if (strlen($userData["email"])) { //email $userMeta = new UserMeta(); $userMeta["user_id"] = $user["id"]; $userMeta["meta_key"] = "email"; $userMeta["meta_value"] = $userData["email"]; $userMeta->save(); } if (strlen($userData["nick"])) { //nick $userMeta = new UserMeta(); $userMeta["user_id"] = $user["id"]; $userMeta["meta_key"] = "nick"; $userMeta["meta_value"] = $userData["nick"]; $userMeta->save(); } $userMeta = new UserMeta(); //管理员 $userMeta["user_id"] = $user["id"]; $userMeta["meta_key"] = "is_admin"; $userMeta["meta_value"] = $userData["is_admin"]; $userMeta->save(); $userMeta = new UserMeta(); //空间数 $userMeta["user_id"] = $user["id"]; $userMeta["meta_key"] = "space"; $userMeta["meta_value"] = $userData["space"]; $userMeta->save(); //更新用户的拼音信息 MiniUser::getInstance()->updateUserNamePinYin($user["id"]); return true; } return 'exist'; }
/** * 获取目录树 * @param $parentGroupId * @param bool $showUser * @return array */ public function getTreeNodes($parentGroupId, $showUser = true) { $relations = MiniGroupRelation::getInstance()->getByParentId($parentGroupId); $userRelations = MiniUserGroupRelation::getInstance()->getByGroupId($parentGroupId); if (isset($relations)) { foreach ($relations as $relation) { $group = $this->getById($relation['group_id']); $newGroup[] = $group['id']; $newGroup[] = $group['group_name']; $groups[] = $group; } } if (0 < count($groups)) { for ($i = 0; $i < count($groups); $i++) { $groups[$i]['nodes'] = $this->getTreeNodes($groups[$i]['id'], $showUser); if ($groups[$i]['nodes'] == NULL) { $groups[$i]['nodes'] = array(); } } } if ($showUser) { if ($userRelations) { foreach ($userRelations as $userRelation) { $user = array(); $userInfo = MiniUser::getInstance()->getById($userRelation['user_id']); $user['id'] = $userInfo['id']; $user['user_name'] = $userInfo['nick']; $user['group_id'] = $parentGroupId; $groups[] = $user; } } } return $groups; }
public function updateData() { MiniUser::getInstance()->updateAllUserNamePinyin(); }
public function getPermission($path, $userId) { $file = MiniFile::getInstance()->getByPath($path); if (empty($file)) { throw new MFilesException(Yii::t('api', MConst::PARAMS_ERROR), MConst::HTTP_CODE_400); } //查询公共目录 $pathArr = explode('/', $path); $masterId = $pathArr[1]; $master = MiniUser::getInstance()->getUser($masterId, false); $shareUserNick = $master['nick']; $privilegeLength = 9; $file = MiniFile::getInstance()->getByPath($path); $fileType = $file['file_type']; if ($fileType == 2) { //如果刚好是共享目录 if ((int) $masterId != $userId) { //该共享目录非当前用户目录时才会涉及权限 $userPrivilege = MiniUserPrivilege::getInstance()->getSpecifyPrivilege($userId, $path); if (empty($userPrivilege)) { //如果不存在user_privilege,则向上查找group_privilege和department_privilege $groupPermission = GroupPermissionBiz::getInstance()->getPermission($path, $userId); $departmentPrivilege = new DepartmentPermissionBiz(); $departmentPermission = $departmentPrivilege->getPermission($userId, $path); if (empty($groupPermission)) { $permission = $departmentPermission; } if (empty($departmentPermission)) { $permission = $groupPermission; } if (!empty($groupPermission) && !empty($departmentPermission)) { $permission = ''; $total = $groupPermission + $departmentPermission; for ($i = 0; $i < $privilegeLength; $i++) { $value = substr($total, $i, 1); if ($value == '1' || $value == '2') { $permission .= '1'; } else { $permission .= '0'; } } } if (empty($groupPermission) && empty($departmentPermission)) { $permission = null; } } else { $permission = $userPrivilege['permission']; } if ($permission == null) { return array('permission' => $permission); } return array("permission" => $permission, "share_root_path" => $path, "share_user_nick" => $shareUserNick, "is_share_folder" => true, 'can_set_share' => 0); } return array("permission" => MConst::SUPREME_PERMISSION, "share_root_path" => $path, "share_user_nick" => $shareUserNick, 'can_set_share' => 1); } if ($fileType == 1 || $fileType == 0) { //普通目录情况 $model = new GeneralFolderPermissionBiz($path); // if($model->permission == null){ if ($model->isChildrenShared($path)) { $permission = MConst::SUPREME_PERMISSION; return array("permission" => $permission, "share_user_nick" => $shareUserNick, 'children_shared' => true, 'can_set_share' => 0); } // } if ($model->isShared) { //如果该普通目录向上或者向下有共享 if ($model->isParentShared($path)) { //如果是父目录被共享 if ((int) $masterId != $userId) { //非共享者本人操作此文件 $permission = $model->permission; return array("permission" => $permission, "share_root_path" => $model->shareRootPath, "share_user_nick" => $shareUserNick, "is_share_folder" => true, 'can_set_share' => 0); } else { //本人操作文件 $permission = MConst::SUPREME_PERMISSION; return array("permission" => $permission, "share_root_path" => $model->shareRootPath, "share_user_nick" => $shareUserNick, "is_share_folder" => true, 'can_set_share' => 0); } } } else { //向上向下均没有共享 return null; } } if ($fileType == 4) { //公共目录情况 $model = new PublicFolderPermissionBiz(); $permission = $model->getPublicPermission($path); if ($permission == null) { return null; } if ((int) $masterId != $userId) { //非共享者本人操作此文件 return array("permission" => $permission, "share_user_nick" => $shareUserNick, "is_public_folder" => true, 'can_set_share' => 0); } else { $permission = MConst::SUPREME_PERMISSION; return array("permission" => $permission, "share_user_nick" => $shareUserNick, "is_public_folder" => true, 'can_set_share' => 0); } } }
/** * 同步所有域帐号 */ public function actionSyncUsers() { $ldapInfo = array(); $userSource = apply_filters('third_user_source', false); if ($userSource == false) { echo 'LDAP插件未启用'; exit; } $ldapInfo['ldap_host'] = MiniOption::getInstance()->getOptionValue('ldap_host'); $ldapInfo['ldap_port'] = MiniOption::getInstance()->getOptionValue('ldap_port'); $ldapInfo['ldap_base_cn'] = MiniOption::getInstance()->getOptionValue('ldap_base_cn'); $ldapInfo['ldap_primary_key'] = MiniOption::getInstance()->getOptionValue('ldap_primary_key'); $ldapInfo['ldap_nick'] = MiniOption::getInstance()->getOptionValue('ldap_nick'); $ldapInfo['department_alias'] = MiniOption::getInstance()->getOptionValue('ldap_department_name'); $ldapInfo['ldap_test_user_name'] = MiniOption::getInstance()->getOptionValue('ldap_test_user_name'); $ldapInfo['ldap_test_password'] = MiniOption::getInstance()->getOptionValue('ldap_test_password'); $ldapInfo['ldap_sync_department'] = MiniOption::getInstance()->getOptionValue('ldap_sync_department'); foreach ($ldapInfo as $info) { if (empty($info)) { echo 'LDAP插件未设置!'; exit; } } $ldapUsrDom = "@" . $this->getLdapHost($ldapInfo['ldap_base_cn']); $ldapConn = @ldap_connect($ldapInfo['ldap_host'], $ldapInfo['ldap_port']); @ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0); // @ldap_bind($ldapConn,iconv('utf-8', $ldapInfo['ldap_coding'],$ldapInfo['ldap_test_user_name'].$ldapUsrDom),$ldapInfo['ldap_test_password']); //验证账号与密码 @ldap_bind($ldapConn); $attrItems = array("ou", "dn", "mail", "telephoneNumber", $ldapInfo['ldap_nick'], "useraccountcontrol", $ldapInfo['department_alias']); $results = @ldap_search($ldapConn, $ldapInfo['ldap_base_cn'], "(|(sn=*)(givenname=*))", $attrItems); $entries = @ldap_get_entries($ldapConn, $results); $results2 = @ldap_search($ldapConn, $ldapInfo['ldap_base_cn'], "(ou=*)", $attrItems); $entries2 = @ldap_get_entries($ldapConn, $results2); foreach ($entries as $key => $entry) { $userData = array(); $extend = array(); if (!empty($entry['dn'])) { $userData['user_status'] = 1; $dn = $entry['dn']; $cn = explode(',', $dn)[0]; $department = $this->getDepartment($dn); $userName = explode('=', $cn)[1]; $userData['nick'] = $userName; $userData['name'] = $userName; if (!empty($entry['telephonenumber'])) { $extend['phone'] = $entry['telephonenumber'][0]; } if (!empty($entry[$ldapInfo['ldap_nick']])) { $extend['nick'] = $entry[$ldapInfo['ldap_nick']][0]; } if (!empty($entry['mail'])) { $extend['email'] = $entry['mail'][0]; } if (!empty($entry['dn'])) { $extend['dn'] = $entry['dn']; } if (!empty($extend)) { $userData['extend'] = $extend; } } if (!empty($userData)) { MiniUser::getInstance()->create($userData); echo '已导入:' . $userData['name'] . "\n"; if ($key + 1 == $entries['count']) { echo '共导入' . $entries['count'] . "位用户\n"; } if ($ldapInfo['ldap_sync_department'] != 'false' && !empty($department)) { $this->importDepartment($userName, $department, $entries2, $ldapInfo['department_alias']); } } } }
/** * 根据用户名+密码查询账号是否在AD服务器中 * @param string $userName * @param string $password * @return array|bool */ function getMember($userName, $password) { $adWhiteListOpen = MiniOption::getInstance()->getOptionValue('ad_white_list_open'); if ($adWhiteListOpen == 'true') { $user = MiniUser::getInstance()->getUserByName($userName); if (empty($user)) { $this->code = -2; return false; } } $ldapUsrDom = "@" . $this->getHost(); $userName = str_replace($ldapUsrDom, "", $userName); $ldapConn = @ldap_connect($this->host, $this->port); if (!$ldapConn) { $this->code = -1; #服务器无法连接 return false; } @ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0); $loginResult = @ldap_bind($ldapConn, iconv('utf-8', $this->coding, $userName . $ldapUsrDom), $password); //验证账号与密码 if (!$loginResult) { $this->code = -2; #测试帐号与密码错误 return false; } $dn = $this->filter; $attrItems = array("ou", "sn", "mail", "telephonenumber", "displayname", "department"); $query = "(&(userprincipalname=" . iconv('utf-8', $this->coding, $userName . $ldapUsrDom) . "))"; //验证账号是否在过滤条件中 $results = @ldap_search($ldapConn, $dn, $query, $attrItems); $entries = @ldap_get_entries($ldapConn, $results); if ($entries['count'] == 0) { $this->code = -2; #测试帐号与密码错误 return false; } $output = array(); $extend = array(); $extend["nick"] = $userName; $output["user_name"] = $userName; if ($entries['count'] != 0) { $entries = @ldap_get_entries($ldapConn, $results); array_shift($entries); if (count($entries) > 0) { //获得更加详细的信息 $entry = $entries[0]; $phoneInfo = $this->getValue("telephonenumber", $entry); //获得电话号码 if ($phoneInfo != null) { $extend["phone"] = $phoneInfo; } $displayNameInfo = $this->getValue("displayname", $entry); //获得昵称与全名 if ($displayNameInfo != null) { $extend["nick"] = $displayNameInfo; } else { $extend["nick"] = $userName; } $mailInfo = $this->getValue("mail", $entry); //获得电子邮件 if ($mailInfo != null) { $extend["email"] = $mailInfo; } if ($this->syncDepartment != 'false') { $department = $this->getValue("dn", $entry); //获得昵称与全名 if ($department != null) { $departmentInfo = $this->getDevelopment($department); if (!empty($departmentInfo)) { $output['departmentData'][0][] = $departmentInfo; $output['departmentData'][0][] = $userName; } } } } } $output["extend"] = $extend; ldap_close($ldapConn); return $output; }
/** * 更新用户属性 * @param int $userId * @param string $key * @param string $value * @return array */ public function updateMeta($userId, $key, $value) { //更新数据库 $userMeta = UserMeta::model()->findByAttributes(array('user_id' => $userId, 'meta_key' => $key)); if (empty($userMeta)) { $userMeta = new UserMeta(); $userMeta["user_id"] = $userId; $userMeta["meta_key"] = $key; } $userMeta["meta_value"] = $value; $userMeta->save(); if ($this->hasCache === true) { //清空缓存以用户Id为主键的cache $userCacheId = $this->getCacheKey($userId); $this->deleteCache($userCacheId); //清空缓存用户信息 MiniUser::getInstance()->cleanCache($userId); } if ($key === "nick") { //如修改昵称,则将用户的拼音信息一起更换 MiniUser::getInstance()->updateUserNamePinYin($userId); } return $userMeta; }
/** * 历史版本恢复 * @param int $deviceId * @param string $filePath * @param string $signature * @return bool */ public function recover($deviceId, $filePath, $signature) { $version = MiniVersion::getInstance()->getBySignature($signature); $file = $this->getModelByPath($filePath); if ($version["id"] == $file['version_id']) { return true; } $device = MiniUserDevice::getInstance()->getById($deviceId); $userId = $device["user_id"]; $user = MiniUser::getInstance()->getUser($userId); $userNick = $user["nick"]; // events表 相关操作 $userDeviceName = $device["user_device_name"]; $userDeviceId = $device["id"]; $signature = $version['file_signature']; $action = CConst::MODIFY_FILE; $file->file_update_time = time(); $context = array('hash' => $signature, 'rev' => (int) $version["id"], 'bytes' => (int) $version['file_size'], 'update_time' => (int) $file->file_update_time, 'create_time' => (int) $file['file_create_time']); $filePath = $file['file_path']; $eventUuid = MiniUtil::getEventRandomString(CConst::LEN_EVENT_UUID); MiniEvent::getInstance()->createEvent($file['user_id'], $userDeviceId, $action, $filePath, serialize($context), $eventUuid); //create event // files表相关操作 $file->version_id = $version["id"]; $file->event_uuid = $eventUuid; $file->file_size = $version['file_size']; $file->save(); // meta表相关操作 $fileMeta = FileMeta::model()->find('file_path = ?', array($filePath)); $versions = CUtils::getFileVersions($userDeviceName, $version['file_size'], $version["id"], CConst::WEB_RESTORE, $userId, $userNick, $fileMeta['meta_value']); $fileMeta->meta_value = $versions; $fileMeta->save(); //更新版本引用数 MiniVersion::getInstance()->updateRefCountByIds(array($version["id"]), TRUE); return true; }
/** * 同步所有域帐号 */ public function actionSyncUsers() { $adInfo = array(); $userSource = apply_filters('third_user_source', false); if ($userSource == false) { echo 'AD插件未启用'; exit; } $adInfo['ad_ldap_host'] = MiniOption::getInstance()->getOptionValue('ad_ldap_host'); $adInfo['ad_ldap_port'] = MiniOption::getInstance()->getOptionValue('ad_ldap_port'); $adInfo['ad_ldap_base_cn'] = MiniOption::getInstance()->getOptionValue('ad_ldap_base_cn'); $adInfo['ad_test_user_name'] = MiniOption::getInstance()->getOptionValue('ad_test_user_name'); $adInfo['ad_test_password'] = MiniOption::getInstance()->getOptionValue('ad_test_password'); $adInfo['ad_sync_department'] = MiniOption::getInstance()->getOptionValue('ad_sync_department'); foreach ($adInfo as $info) { if (empty($info)) { echo 'AD插件未设置!'; exit; } } $ldapUsrDom = "@" . $this->getAdHost($adInfo['ad_ldap_base_cn']); $ldapConn = @ldap_connect($adInfo['ad_ldap_host'], $adInfo['ad_ldap_port']); @ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0); @ldap_bind($ldapConn, iconv('utf-8', $adInfo['ad_coding'], $adInfo['ad_test_user_name'] . $ldapUsrDom), $adInfo['ad_test_password']); //验证账号与密码 $attrItems = array("ou", "dn", "mail", "telephonenumber", "displayname", "useraccountcontrol"); $results = @ldap_search($ldapConn, $adInfo['ad_ldap_base_cn'], "(|(sn=*)(givenname=*))", $attrItems); $entries = @ldap_get_entries($ldapConn, $results); foreach ($entries as $entry) { $userData = array(); $extend = array(); if (!empty($entry['dn'])) { $userStatusNum = $entry['useraccountcontrol'][0]; if ($userStatusNum == '66050') { $userData['user_status'] = 0; } else { $userData['user_status'] = 1; } $dn = $entry['dn']; $cn = explode(',', $dn)[0]; $department = $this->getDepartment($dn); $userName = explode('=', $cn)[1]; $userData['nick'] = $userName; $userData['name'] = $userName; if (!empty($entry['telephonenumber'])) { $extend['phone'] = $entry['telephonenumber'][0]; } if (!empty($entry['displayname'])) { $extend['nick'] = $entry['displayname'][0]; } if (!empty($entry['mail'])) { $extend['email'] = $entry['mail'][0]; } if (!empty($extend)) { $userData['extend'] = $extend; } } if (!empty($userData)) { MiniUser::getInstance()->create($userData); if ($adInfo['ad_sync_department'] != 'false' && !empty($department)) { $this->importDepartment($userName, $department); } } } }
/** * 执行查询用户设备信息 * * @return mixed $value 返回最终需要执行完的结果 * @throws * @since 1.0.7 */ private function judgeDevice() { $deviceType = $_REQUEST['device_type']; //这里对iPhone/iPad做了一个补偿操作,此前的绑定设备类型出了错误。因为类型是6而不是5 if (MiniHttp::isiPhone()) { $deviceType = 6; } $deviceName = urldecode($_REQUEST['device_name']); $deviceInfo = $_REQUEST['device_info']; if (!empty($deviceType) && !empty($deviceName) && !empty($deviceInfo)) { } else { # 当用户传递过来的设备信息都为空时,表示为三方开发者 if (empty($deviceType) && empty($deviceName) && empty($deviceInfo)) { $deviceType = 10; $deviceName = "第三方用户"; $deviceInfo = "第三方设备"; } else { throw new MAuthorizationException("param_is_null", MConst::HTTP_CODE_400); } } //如被锁定,且是网页端则不进行登录。 $userName = $_REQUEST['username']; if (empty($userName)) { $userName = $_POST['username']; } $name = urldecode($userName); $isLock = MiniUser::getInstance()->isLock($name); $user = false; if (!($isLock && MiniHttp::clientIsBrowser())) { $user = self::searchUser(); } if ($user === false) { //如果用户在非锁定状态,则错误数+1 if (!$isLock) { MiniUser::getInstance()->setPasswordError($name); } return false; } else { //如果用户登录正确,则把密码错误次数清空 MiniUser::getInstance()->cleanPasswordError($name); } if (!$user["user_status"]) { throw new MAuthorizationException("User has disabled.", MConst::HTTP_CODE_407); } //对设备进行检测 $device = DeviceManager::getDevice($user["id"], $deviceType, $deviceName, $deviceInfo); return $device; }