/**
* check if one of the roles the user is in has a given right for a given application
*
* we read all right for the given user at once and cache them in the internal class cache
*
* @param string|Tinebase_Model_Application $_application the application (one of: app name, id or record)
* @param int $_accountId the numeric id of a user account
* @param int $_right the right to check for
* @return bool
*/
public function hasRight($_application, $_accountId, $_right)
{
try {
$application = Tinebase_Application::getInstance()->getApplicationById($_application);
} catch (Tinebase_Exception_NotFound $tenf) {
return false;
}
if ($application->status !== Tinebase_Application::ENABLED) {
return false;
}
try {
$roleMemberships = $this->getRoleMemberships($_accountId);
} catch (Tinebase_Exception_NotFound $tenf) {
$roleMemberships = array();
}
if (empty($roleMemberships)) {
Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' ' . $_accountId . ' has no role/group memberships.');
if (is_object(Tinebase_Core::getUser()) && Tinebase_Core::getUser()->getId() === $_accountId) {
// @todo throw exception in this case?
Tinebase_Session::destroyAndRemoveCookie();
}
return false;
}
$classCacheId = Tinebase_Helper::convertCacheId(implode('', $roleMemberships));
if (!isset($this->_classCache[__FUNCTION__][$classCacheId])) {
$select = $this->_getDb()->select()->distinct()->from(array('role_rights' => SQL_TABLE_PREFIX . 'role_rights'), array('application_id', 'right'))->where($this->_getDb()->quoteIdentifier('role_id') . ' IN (?)', $roleMemberships);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . $select->__toString());
}
$stmt = $this->_getDb()->query($select);
$rows = $stmt->fetchAll(Zend_Db::FETCH_ASSOC);
$rights = array();
foreach ($rows as $row) {
$rights[$row['application_id']][$row['right']] = true;
}
$this->_classCache[__FUNCTION__][$classCacheId] = $rights;
} else {
$rights = $this->_classCache[__FUNCTION__][$classCacheId];
}
$applicationId = $application->getId();
return isset($rights[$applicationId]) && (isset($rights[$applicationId][$_right]) || isset($rights[$applicationId][Tinebase_Acl_Rights::ADMIN]));
}
/**
* login from HTTP post
*
* redirects the tine main screen if authentication is successful
* otherwise redirects back to login url
*/
public function loginFromPost($username, $password)
{
Tinebase_Core::startCoreSession();
if (!empty($username)) {
// try to login user
$success = Tinebase_Controller::getInstance()->login($username, $password, Tinebase_Core::get(Tinebase_Core::REQUEST), self::REQUEST_TYPE) === TRUE;
} else {
$success = FALSE;
}
if ($success === TRUE) {
$this->_setJsonKeyCookie();
$ccAdapter = Tinebase_Auth_CredentialCache::getInstance()->getCacheAdapter();
if (Tinebase_Core::isRegistered(Tinebase_Core::USERCREDENTIALCACHE)) {
$ccAdapter->setCache(Tinebase_Core::getUserCredentialCache());
} else {
Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Something went wrong with the CredentialCache / no CC registered.');
$success = FALSE;
$ccAdapter->resetCache();
}
}
$request = new Sabre\HTTP\Request();
$redirectUrl = str_replace('index.php', '', $request->getAbsoluteUri());
// authentication failed
if ($success !== TRUE) {
$_SESSION = array();
Tinebase_Session::destroyAndRemoveCookie();
// redirect back to loginurl if needed
$redirectUrl = Tinebase_Config::getInstance()->get(Tinebase_Config::REDIRECTURL, $redirectUrl);
}
// load the client with GET
header('Location: ' . $redirectUrl);
}
/**
* destroy session
*
* @return array
*/
public function logout()
{
Tinebase_Controller::getInstance()->logout($_SERVER['REMOTE_ADDR']);
Tinebase_Auth_CredentialCache::getInstance()->getCacheAdapter()->resetCache();
if (Tinebase_Session::isStarted()) {
Tinebase_Session::destroyAndRemoveCookie();
}
$result = array('success' => true);
return $result;
}
/**
* destroy session
*
* @return void
*/
public function logout()
{
$_SESSION = array();
Tinebase_Session::destroyAndRemoveCookie();
}