/** * Retrieve the name of the user * * @param <AbstractEventNotification> $event */ public static function retrieveContactName($userId) { $user = UMManager::getInstance()->getUserById($userId); $userMeta = MetaManager::getInstance()->retrieveMeta($user); $username = $userMeta->get('eyeos.user.firstname') . ' ' . $userMeta->get('eyeos.user.lastname'); return $username; }
/** * Returns the current user name. * * @return string */ public function getValue() { $UMinstance = UMManager::getInstance(); $user = $UMinstance->getNewUserInstance(); $UMinstance->getCurrentUser($user); return $user->getUserName(); }
protected function __construct() { $this->loadProviders(); $this->MetaDataConverter = MetaDataConverter::getInstance(); self::$Logger = Logger::getLogger('meta.MetaManager'); UMManager::getInstance()->addUMListener(MetaManagerUMListener::getInstance()); self::$Logger->debug("Registered MetaManagerUMListener to UMManager"); }
/** * Executed once before each test method. */ public function setUp() { if (self::$InitProcessToRestore === null) { self::$InitProcessToRestore = ProcManager::getInstance()->getCurrentProcess(); } $this->fixture_file1_path = USERS_PATH . '/john/' . USERS_FILES_DIR . '/myHomeFile.ext'; $this->fixture_metafile1_path = USERS_PATH . '/john/' . USERS_METAFILES_DIR . '/' . USERS_FILES_DIR . '/myHomeFile.ext.xml'; $this->fixture_file2_path = EYEOS_TESTS_TMP_PATH . '/mySysFile.ext'; $this->fixture_dir1_path = USERS_PATH . '/john/' . USERS_FILES_DIR . '/myHomeDir'; $this->fixture_dir2_path = EYEOS_TESTS_TMP_PATH . '/mySysDir'; $this->group = UMManager::getGroupByName(SERVICE_UM_DEFAULTUSERSGROUP); if (!self::$AliceCreated) { try { //create group "wonderland" $wonderland = UMManager::getInstance()->getNewGroupInstance(); $wonderland->setName('wonderland'); UMManager::getInstance()->createGroup($wonderland); } catch (EyeGroupAlreadyExistsException $e) { } try { //create user "alice" $alice = UMManager::getInstance()->getNewUserInstance(); $alice->setName('alice'); $alice->setPassword('alice', true); $alice->setPrimaryGroupId($wonderland->getId()); UMManager::getInstance()->createUser($alice); } catch (EyeUserAlreadyExistsException $e) { } self::$AliceCreated = true; } AdvancedPathLib::rmdirs(USERS_PATH . '/john/' . USERS_FILES_DIR, true); AdvancedPathLib::rmdirs(USERS_PATH . '/john/' . USERS_METAFILES_DIR, true); if (!is_dir(EYEOS_TESTS_TMP_PATH)) { mkdir(EYEOS_TESTS_TMP_PATH, 0777, true); } AdvancedPathLib::rmdirs(EYEOS_TESTS_TMP_PATH, true); $this->fixture_file1 = FSI::getFile('home://~john/myHomeFile.ext'); file_put_contents($this->fixture_file1_path, 'some content'); $this->fixture_file2 = FSI::getFile('sys:///tests/tmp/mySysFile.ext'); file_put_contents($this->fixture_file2_path, 'some other content'); $this->fixture_dir1 = FSI::getFile('home://~john/myHomeDir'); if (!is_dir($this->fixture_dir1_path)) { mkdir($this->fixture_dir1_path); } $this->fixture_dir2 = FSI::getFile('sys:///tests/tmp/mySysDir'); if (!is_dir($this->fixture_dir2_path)) { mkdir($this->fixture_dir2_path); } $proc = new Process('example'); $loginContext = new LoginContext('example', new Subject()); $loginContext->getSubject()->getPrivateCredentials()->append(new EyeosPasswordCredential('john', 'john')); $loginContext->login(); $proc->setLoginContext($loginContext); ProcManager::getInstance()->execute($proc); self::$MyProcPid = $proc->getPid(); }
public function tearDown() { try { ProcManager::getInstance()->kill(ProcManager::getInstance()->getProcessByPid(self::$MyProcPid)); } catch (EyeProcException $e) { } ProcManager::getInstance()->setCurrentProcess(self::$InitProcessToRestore); UMManager::getInstance()->deletePrincipal(UMManager::getInstance()->getUserById($this->idUser)); UMManager::getInstance()->deletePrincipal(UMManager::getInstance()->getGroupById($this->idGroup)); }
public function processRequest(MMapRequest $request, MMapResponse $response) { $oauth_verifier = null; $oauth_token = null; if ($request->issetGET('oauth_verifier')) { $oauth_verifier = $request->getGET('oauth_verifier'); } if ($request->issetGET('oauth_token')) { $oauth_token = $request->getGET('oauth_token'); } if ($oauth_verifier && $oauth_token) { $response->getHeaders()->append('Content-type: text/html'); $body = '<html> <div id="logo_eyeos" style="margin: 0 auto;width:350"> <img src="eyeos/extern/images/logo-eyeos.jpg"/></div> <div style="margin: 0 auto;width:350;text-align:center"><span style="font-family:Verdana;font-size:20px;">Successful authentication.<br>Back to Eyeos.</span></div> </html>'; $response->getHeaders()->append('Content-Length: ' . strlen($body)); $response->getHeaders()->append('Accept-Ranges: bytes'); $response->getHeaders()->append('X-Pad: avoid browser bug'); $response->getHeaders()->append('Cache-Control: '); $response->getHeaders()->append('pragma: '); $response->setBody($body); try { $userRoot = UMManager::getInstance()->getUserByName('root'); } catch (EyeNoSuchUserException $e) { throw new EyeFailedLoginException('Unknown user root"' . '". Cannot proceed to login.', 0, $e); } $subject = new Subject(); $loginContext = new LoginContext('eyeos-login', $subject); $cred = new EyeosPasswordCredential(); $cred->setUsername('root'); $cred->setPassword($userRoot->getPassword(), false); $subject->getPrivateCredentials()->append($cred); $loginContext->login(); Kernel::enterSystemMode(); $appProcess = new Process('stacksync'); $appProcess->setPid('31338'); $mem = MemoryManager::getInstance(); $processTable = $mem->get('processTable', array()); $processTable[31338] = $appProcess; $mem->set('processTable', $processTable); $appProcess->setLoginContext($loginContext); ProcManager::getInstance()->setCurrentProcess($appProcess); kernel::exitSystemMode(); $token = new stdClass(); $token->oauth_verifier = $oauth_verifier; $token->oauth_token = $oauth_token; $group = UMManager::getInstance()->getGroupByName('users'); $users = UMManager::getInstance()->getAllUsersFromGroup($group); foreach ($users as $user) { $NetSyncMessage = new NetSyncMessage('cloud', 'token', $user->getId(), $token); NetSyncController::getInstance()->send($NetSyncMessage); } } }
public function tearDown() { try { UMManager::getInstance()->deletePrincipal(UMManager::getUserByName('userLogin0')); } catch (EyeNoSuchPrincipalException $e) { } try { UMManager::getInstance()->deletePrincipal(UMManager::getGroupByName('group0')); } catch (EyeNoSuchPrincipalException $e) { } }
public function workgroupUpdated(UMEvent $e) { if ($e->getSource() instanceof AbstractEyeosWorkgroup && $e->getRelatedSource() instanceof AbstractEyeosWorkgroup) { $oldGroup = $e->getRelatedSource(); $newGroup = $e->getSource(); $workgroupId = $newGroup->getId(); if ($oldGroup->getName() !== $newGroup->getName()) { $filter = UMManager::getInstance()->getNewUserWorkgroupAssignationInstance(); $filter->setWorkgroupId($workgroupId); //We need to save the members of a wgroup before we remove it (for send notification Event later) $members = UMManager::getInstance()->getAllUserWorkgroupAssignations($filter); foreach ($members as $member) { $NetSyncMessage = new NetSyncMessage('NSGroup', 'nameChanged', $member, array('workgroupId' => $workgroupId, 'name' => $newGroup->getName())); NetSyncController::getInstance()->send($NetSyncMessage); } } } }
/** * TODO * * @param mixed $object * @param IPermission $permission * @param LoginContext $context * @return bool TRUE if the handler performed the permission check successfully, FALSE otherwise. * * @throws EyeInvalidArgumentException * @throws EyeUnexpectedValueException * @throws EyeAccessControlException */ public function checkPermission($object, IPermission $permission, LoginContext $context) { if (!$object instanceof EyeosPrincipalGroupAssignation) { throw new EyeInvalidArgumentException('$object must be a EyeosPrincipalGroupAssignation.'); } try { $eyeosUser = $context->getEyeosUser(); } catch (EyeNullPointerException $e) { $this->failureException = new EyeHandlerFailureException('No eyeos user found in login context.'); return false; } try { $principal = UMManager::getInstance()->getPrincipalById($object->getPrincipalId()); } catch (EyeNoSuchPrincipalException $e) { $actions = $permission->getActions(); if (in_array('removefromgroup', $actions)) { // The principal we want to remove from the group is not found // => we can delete assignation safely, whoever we are return true; } } $group = UMManager::getInstance()->getPrincipalById($object->getGroupId()); // Special processing for workgroup/master group assignations if ($principal instanceof IWorkgroup) { foreach ($permission->getActions() as $action) { switch ($action) { case 'addtogroup': if (!$context->getSubject()->getPrincipals()->contains($group)) { throw new EyeAccessControlException('Cannot add workgroup "' . $principal->getName() . '" to group ' . $group->getName() . ': insufficient permissions.)'); } break; case 'removefromgroup': if ($principal->getOwnerId() != $eyeosUser->getId()) { throw new EyeAccessControlException('Cannot remove workgroup "' . $principal->getName() . '" from group ' . $group->getName() . ': insufficient permissions.)'); } break; } } return true; } throw new EyeAccessControlException('Access denied to UM assignation (actions: ' . $permission->getActionsAsString() . ')'); }
/** * TODO: To remove, only used by eyeos.socialbar-ShareWindow. * use contact manager instead * * * @param <type> $params * @return <type> */ public static function getContacts($params) { $myProcManager = ProcManager::getInstance(); $peopleController = PeopleController::getInstance(); $currentUserId = $myProcManager->getCurrentProcess()->getLoginContext()->getEyeosUser()->getId(); $results = array(); foreach ($params as $userId) { $otherUser = UMManager::getInstance()->getUserById($userId); $settings = MetaManager::getInstance()->retrieveMeta($otherUser); $myRelation = $peopleController->getContact($currentUserId, $userId); $lists = array(); $listsName = array(); $tagsPerImpression = ImpressionsManager::getInstance()->getTagsPerImpression($myRelation->getImpression()); foreach ($tagsPerImpression as $tagPerImpression) { $lists[] = $tagPerImpression->getTagId(); $listsName[] = $peopleController->getTagName($tagPerImpression->getTagId()); } $result[] = array('id' => $userId, 'name' => $settings->get('eyeos.user.firstname') . ' ' . $settings->get('eyeos.user.lastname'), 'listsName' => $listsName); } return $result; }
public static function __run(AppExecutionContext $context, MMapResponse $response) { $currentUser = $context->getProcess()->getLoginContext()->getEyeosUser(); $groups = UMManager::getInstance()->getAllGroupsByPrincipal($currentUser); $isAdmin = 0; if ($currentUser->getPrimaryGroupId() == 'eyeID_EyeosGroup_root' || $currentUser->getPrimaryGroupId() == 'eyeID_EyeosGroup_admin') { $isAdmin = 1; } else { foreach ($groups as $group) { if ($group->getId() == 'eyeID_EyeosGroup_admin') { $isAdmin = 1; } } } $context->getArgs()->offsetSet(0, $isAdmin); $eventManager = new EventNotificationManager(); $from = 0; $to = 1000; $result = $eventManager->getAllQuestionEvents($from, $to); $result = self::toArray($result); $context->getArgs()->offsetSet(1, $result); }
/** * Handle the answer provided by the user and execute the relative action * * @param AbstractEventNotification $event */ public function handleAnswer(AbstractEventNotification $event) { if ($event->getAnswer() === null || !is_string($event->getAnswer())) { throw new EyeInvalidArgumentException('Missing or invalid answer property'); } $peopleController = PeopleController::getInstance(); switch ($event->getAnswer()) { case 'Confirm': try { //Action for add the contact $myProcManager = ProcManager::getInstance(); $currentUser = $myProcManager->getCurrentProcess()->getLoginContext()->getEyeosUser(); $peopleController = PeopleController::getInstance(); $peopleController->confirmContact($currentUser, $user = UMManager::getInstance()->getUserById($event->getSender())); //Send message to the BUS $message = new ClientBusMessage('events', 'confirmContact', $event->getSender()); ClientMessageBusController::getInstance()->queueMessage($message); } catch (Exception $e) { //FIXME There should be real control on exception } break; case 'Cancel': try { //Action for delete the contact $contact = $peopleController->getContact($event->getReceiver(), $event->getSender()); $peopleController->removeContact($contact); //Send message to the bus $message = new ClientBusMessage('events', 'deleteContact', $event->getSender()); ClientMessageBusController::getInstance()->queueMessage($message); } catch (Exception $e) { //FIXME There should be real control on exception } break; default: throw new EyeInvalidArgumentException('The answer to this events is not correct'); } }
/** * TODO * * @param mixed $object * @param IPermission $permission * @param LoginContext $context * @return bool TRUE if the handler performed the permission check successfully, FALSE otherwise. * * @throws EyeInvalidArgumentException * @throws EyeUnexpectedValueException * @throws EyeAccessControlException */ public function checkPermission($object, IPermission $permission, LoginContext $context) { if (!$object instanceof VirtualFileMetaData) { throw new EyeInvalidArgumentException('$object must be a VirtualFileMetaData.'); } // This handler is only for workgroup files, so check that we are dealing with metadata of that kind $fileObject = $permission->getRelatedObject(); if ($fileObject === null || !$fileObject instanceof EyeWorkgroupFile) { $this->failureException = new EyeHandlerFailureException('Can only work with metadata of workgroup files.'); return false; } try { $eyeosUser = $context->getEyeosUser(); } catch (EyeNullPointerException $e) { $this->failureException = new EyeHandlerFailureException('No eyeos user found in login context.'); return false; } $UM = UMManager::getInstance(); $workgroup = $fileObject->getWorkgroup(); // Retrieve current user / file's workgroup assignation $assignation = $UM->getNewUserWorkgroupAssignationInstance(); $assignation->setUserId($eyeosUser->getId()); $assignation->setWorkgroupId($workgroup->getId()); $assignation = current($UM->getAllUserWorkgroupAssignations($assignation)); // No assignation found => user is not member of the group if ($assignation === false) { throw new EyeAccessControlException('Only members of workgroup "' . $workgroup . '" can access workgroup files.'); } // Owner and admins have *all* permissions if ($assignation->getRole() === WorkgroupConstants::ROLE_OWNER || $assignation->getRole() === WorkgroupConstants::ROLE_ADMIN || $assignation->getRole() === WorkgroupConstants::ROLE_EDITOR) { return true; } // Don't perform further checks. Default behaviour will be handled by EyeosFileMetaDataSecurityHandler // using UNIX-like permissions of files. We just needed a special processing for owner and admins. $this->failureException = new EyeHandlerFailureException('User is not the owner nor an admin of workgroup "' . $workgroup . '".'); return false; }
public static function getRecentsContacts($params) { $myProcManager = ProcManager::getInstance(); $currentUserId = $myProcManager->getCurrentProcess()->getLoginContext()->getEyeosUser()->getId(); $myRelationManager = RelationsManager::getInstance(); $lastRelationIds = $myRelationManager->getLastRelationsId($currentUserId, $params); $results = array(); $peopleController = PeopleController::getInstance(); foreach ($lastRelationIds as $resultId) { $result = $peopleController->getContact($currentUserId, $resultId); if ($result->getRelation()->getSourceId() != $currentUserId) { $contactId = $result->getRelation()->getSourceId(); } else { $contactId = $result->getRelation()->getTargetId(); } $state = $result->getRelation()->getState(); $lists = array(); $listsName = array(); $tagsPerImpression = ImpressionsManager::getInstance()->getTagsPerImpression($result->getImpression()); foreach ($tagsPerImpression as $tagPerImpression) { $lists[] = $tagPerImpression->getTagId(); $listsName[] = $peopleController->getTagName($tagPerImpression->getTagId()); } $otherUser = UMManager::getInstance()->getUserById($contactId); $meta = MetaManager::getInstance()->retrieveMeta($otherUser)->getAll(); $results[] = array('id' => $contactId, 'nickname' => $otherUser->getName(), 'lists' => $lists, 'listsName' => $listsName, 'state' => $state, 'meta' => $meta); } return $results; }
public function testGetAllUsers() { $rootUser = UMManager::getInstance()->getUserByName('root'); $johnUser = UMManager::getInstance()->getUserByName('john'); $this->group1 = $this->fixture->getNewGroupInstance(); $this->group1->setName('group1'); $this->fixture->createGroup($this->group1); $ref = array($rootUser->getId() => $rootUser, $johnUser->getId() => $johnUser, $this->user0->getId() => $this->user0); $ref = array_merge($ref, self::$InitUsers); ksort($ref); $fixture = $this->fixture->getAllUsers(); ksort($fixture); $this->assertEquals($ref, $fixture); $this->user1 = $this->fixture->getNewUserInstance(); $this->user1->setName('user1'); $this->user1->setPrimaryGroupId($this->group1->getId()); $this->fixture->createUser($this->user1); $ref[$this->user1->getId()] = $this->user1; ksort($ref); $fixture = $this->fixture->getAllUsers(); ksort($fixture); $this->assertEquals($ref, $fixture); $this->tearDown(); $this->assertEquals(count(self::$InitUsers), count($this->fixture->getAllUsers())); }
public static function register($params) { /* verify permissions again */ $meta = MetaManager::getInstance()->retrieveMeta(kernel::getInstance('SecurityManager'))->getAll(); if (isset($meta['register']) && $meta['register'] == 'false') { return 'unable to register'; } $procManager = ProcManager::getInstance(); $savedLoginContext = $procManager->getCurrentProcess()->getLoginContext(); try { $name = $params[0]; $surname = $params[1]; $username = $params[2]; $password = $params[3]; $email = $params[4]; if (!$name || !$surname || !$username || !$password || !$email) { return 'incomplete'; } $myUManager = UMManager::getInstance(); // check existence $exists = false; try { $myUManager->getUserByName($username); $exists = true; } catch (EyeNoSuchUserException $e) { } if ($exists) { throw new EyeUserAlreadyExistsException('User with name "' . $username . '" already exists.'); } $meta = new BasicMetaData(); $meta->set('eyeos.user.email', $email); $userIds = MetaManager::getInstance()->searchMeta(new EyeosUser(), $meta); if (count($userIds) != 0) { throw new EyeUserAlreadyExistsException('User with email "' . $email . '" already exists.'); } //create the user $user = $myUManager->getNewUserInstance(); $user->setName($username); $user->setPassword($password, true); $user->setPrimaryGroupId($myUManager->getGroupByName(SERVICE_UM_DEFAULTUSERSGROUP)->getId()); $myUManager->createUser($user); //login in the system with new user, if this works, for sure the user exists, even with the //most complex and strange errors $myUManager = UMManager::getInstance(); $subject = new Subject(); $loginContext = new LoginContext('eyeos-login', $subject); $cred = new EyeosPasswordCredential(); $cred->setUsername($username); $cred->setPassword($password, true); $subject->getPrivateCredentials()->append($cred); $loginContext->login(); //we are logged in, so we are going to change the credentials of login $procManager = ProcManager::getInstance(); $procList = $procManager->getProcessesList(); $currentProcess = $procManager->getCurrentProcess(); $procManager->setProcessLoginContext($currentProcess->getPid(), $loginContext); foreach ($procList as $key => $value) { if (strtolower($value) == 'login') { //we are in another login in execution, this is a refresh, lets see //if the login was correct with the old login. $loginProcess = $procManager->getProcessByPid($key); $procManager->setProcessLoginContext($loginProcess->getPid(), $loginContext); } } // save basic metadata from form $userMeta = MetaManager::getInstance()->retrieveMeta($user); $userMeta->set('eyeos.user.firstname', strip_tags($name)); $userMeta->set('eyeos.user.lastname', strip_tags($surname)); $userMeta->set('eyeos.user.email', $email); $userMeta = MetaManager::getInstance()->storeMeta($user, $userMeta); return 'success'; } catch (Exception $e) { // ROLLBACK // restore login context (root probably) $procManager->setProcessLoginContext($procManager->getCurrentProcess()->getPid(), $savedLoginContext); //// delete invalid user created // if (isset($user) && $user instanceof IPrincipal) { // try { // UMManager::getInstance()->deletePrincipal($user); // } catch (Exception $e2) {} // } throw $e; } }
public function getShareOwner() { return UMManager::getInstance()->getUserById($this->getOwnerId()); }
function __shutdown_test() { try { // We need to be root to delete test principals $myUManager = UMManager::getInstance(); $subject = new Subject(); $loginContext = new LoginContext('init', $subject); $subject->getPrivateCredentials()->append(new EyeosPasswordCredential('root', 'root')); $loginContext->login(); // we need a fake shutdown process $procManager = ProcManager::getInstance(); $myProcess = new Process('shutdown'); $procManager->execute($myProcess); $procManager->setProcessLoginContext($myProcess->getPid(), $loginContext); // clean deletion of users foreach (UMManager::getInstance()->getAllUsers() as $user) { UMManager::getInstance()->deletePrincipal($user); } AdvancedPathLib::rmdirs(USERS_PATH, true); } catch (Exception $e) { echo 'Uncaught exception on shutdown!' . "\n"; ExceptionStackUtil::printStackTrace($e, false); } }
/** * TODO * * @param mixed $object * @param IPermission $permission * @param LoginContext $context * @return bool TRUE if the handler performed the permission check successfully, FALSE otherwise. * * @throws EyeInvalidArgumentException * @throws EyeUnexpectedValueException * @throws EyeAccessControlException */ public function checkPermission($object, IPermission $permission, LoginContext $context) { if (!$object instanceof EyeWorkgroupFile && !$object instanceof EyeWorkgroupConfFile) { throw new EyeInvalidArgumentException('$object must be an EyeWorkgroupFile or EyeWorkgroupConfFile.'); } try { $eyeosUser = $context->getEyeosUser(); } catch (EyeNullPointerException $e) { $this->failureException = new EyeHandlerFailureException('No eyeos user found in login context.'); return false; } $workgroup = $object->getWorkgroup(); // The current user is the owner of the workgroup => access granted if ($workgroup->getOwnerId() == $eyeosUser->getId()) { return true; } // Retrieve the role of the current user inside the workgroup (if member) $assignation = UMManager::getInstance()->getNewUserWorkgroupAssignationInstance(); $assignation->setUserId($eyeosUser->getId()); $assignation->setWorkgroupId($workgroup->getId()); $assignation = current(UMManager::getInstance()->getAllUserWorkgroupAssignations($assignation)); if ($assignation === false || $assignation->getStatus() == WorkgroupConstants::STATUS_INVITED) { throw new EyeAccessControlException('Access denied to user ' . $eyeosUser->getName() . ' for file ' . $object->getPath() . ' (not member of the workgroup).'); } $refPermissionActions = array(); // Check access to a workgroup:// file if ($object instanceof EyeWorkgroupFile) { // The workgroup has its activity locked => write access denied if (in_array('write', $permission->getActions()) && $workgroup->getStatus() & AbstractEyeosWorkgroup::STATUS_ACTIVITY_LOCKED) { throw new EyeAccessControlException('Access denied to the specified file: the activity of the workgroup ' . $workgroup->getName() . ' is currently locked.'); } switch ($assignation->getRole()) { case WorkgroupConstants::ROLE_ADMIN: return true; case WorkgroupConstants::ROLE_EDITOR: $refPermissionActions = array('read', 'write'); break; case WorkgroupConstants::ROLE_VIEWER: $refPermissionActions = array('read'); break; } } elseif ($object instanceof EyeWorkgroupConfFile) { switch ($assignation->getRole()) { case WorkgroupConstants::ROLE_ADMIN: return true; default: $refPermissionActions = array('read'); break; } } else { $this->failureException = new EyeHandlerFailureException('Unknown $object class.'); return false; } $refPermission = new VirtualFilePermission('', $refPermissionActions); if ($refPermission->implies($permission)) { return true; } throw new EyeAccessControlException('Access denied to user ' . $eyeosUser->getName() . ' for file ' . $object->getPath() . ' (insufficient permissions).'); }
/** * * @param array $params( * workgroupId: String * usersId: array( * id: String * ) * ) */ public static function assignUsersToWorkgroup($params) { if (!isset($params) || !is_array($params)) { throw new EyeInvalidArgumentException('Missing or invalid $params'); } if (!isset($params['workgroupId']) || !is_string($params['workgroupId'])) { throw new EyeInvalidArgumentException('Missing or invalid $params[\'id\']'); } if (!isset($params['usersId']) || !is_array($params['usersId'])) { throw new EyeInvalidArgumentException('Missing or invalid $params[\'usersId\']'); } foreach ($params['usersId'] as $userId) { $assignation = UMManager::getInstance()->getNewUserWorkgroupAssignationInstance(); $assignation->setWorkgroupId($params['workgroupId']); $assignation->setUserId($userId); $assignation->setRole(WorkgroupConstants::ROLE_VIEWER); $assignation->setStatus(WorkgroupConstants::STATUS_MEMBER); UMManager::getInstance()->registerUserWorkgroupAssignation($assignation); } }
public function getAllShareInfoFromOwner(AbstractEyeosUser $owner, $classType = null) { try { $handlerClassName = null; $shareableObjectsHandlers = self::getAllShareableObjectsHandlers(); if ($classType !== null) { foreach ($shareableObjectsHandlers as $handler) { if (is_object($classType)) { $classType = get_class($classType); } if ($handler->checkType($classType)) { $handlerClassName = get_class($handler); break; } } if ($handlerClassName === null) { throw new EyeHandlerNotFoundException('Unable to find a ShareableObjectHandler for ' . $classType . '.'); } } //prepare query array $shareInfoQuery = array(self::SHAREINFO_KEY_OWNERID => $owner->getId()); if ($handlerClassName !== null) { $shareInfoQuery[self::SHAREINFO_KEY_HANDLERCLASSNAME] = $handlerClassName; } $shareInfoList = $this->getProvider()->retrieveShareInfo($shareInfoQuery); $shareInfoObjectsList = array(); foreach ($shareInfoList as $shareInfo) { if (!isset($shareableObjectsHandlers[$shareInfo[self::SHAREINFO_KEY_HANDLERCLASSNAME]])) { throw new EyeHandlerNotFoundException('Cannot find handler ' . $shareInfo[self::SHAREINFO_KEY_HANDLERCLASSNAME] . '.'); } $shareableObjectHandler = $shareableObjectsHandlers[$shareInfo[self::SHAREINFO_KEY_HANDLERCLASSNAME]]; $shareableObject = $shareableObjectHandler->createShareableObject($shareInfo); $shareInfoObjectsList[] = new BasicShareInfo($owner, $shareableObject, UMManager::getInstance()->getPrincipalById($shareInfo[self::SHAREINFO_KEY_COLLABORATORID]), new SharePermission($shareInfo[self::SHAREINFO_KEY_PERMISSIONACTIONS]), $shareInfo[self::SHAREINFO_KEY_HANDLERCLASSNAME]); } return $shareInfoObjectsList; } catch (Exception $e) { self::$Logger->warn('Unable to retrieve all ShareInfo from owner ' . $owner->getName() . '.'); if (self::$Logger->isDebugEnabled()) { self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false)); } throw $e; } }
public function getAvatarPicture($params) { $userId = $params[0]; $user = UMManager::getInstance()->getUserById($params['userId']); $settings = MetaManager::getInstance()->retrieveMeta($user); $file = null; if ($settings->get('eyeos.user.picture.url') !== null) { $file = FSI::getFile($settings->get('eyeos.user.picture.url')); } if ($file === null || !$file->isReadable()) { $file = FSI::getFile('sys:///extern/images/empty_profile.png'); } $response = MMapManager::getCurrentResponse(); $bodyrenderer = new FileReaderBodyRenderer($file->getInputStream()); // Set headers $response->getHeaders()->append('Content-Type: ' . mime_content_type($file->getName())); $response->getHeaders()->append('Content-Length: ' . $file->getSize()); $response->getHeaders()->append('Accept-Ranges: bytes'); $response->getHeaders()->append('X-Pad: avoid browser bug'); $response->setBodyRenderer($bodyrenderer); }
private function startProcess(AppExecutionContext $appContext) { $appProcess = $appContext->getProcess(); // if no process is already present in the context, create a new one if ($appProcess === null) { $appMeta = $appContext->getApplicationDescriptor()->getMeta(); if ($appMeta === null) { throw new EyeNullPointerException('Missing metadata for application "' . $appContext->getApplicationDescriptor()->getName() . '"'); } $sysParams = $appMeta->get('eyeos.application.systemParameters'); if ($appContext->getParentProcess() === null) { // TODO should we also prevent anonymous execution to JS-only apps? if (!isset($sysParams['anonymous']) || $sysParams['anonymous'] != 'true') { self::$Logger->warn('Execution without checknum denied for application "' . $appContext->getApplicationDescriptor()->getName() . '".'); throw new EyeMMapException($appContext->getApplicationDescriptor()->getName() . ' application cannot be executed without a checknum.'); } } // execute new process $appProcess = new Process($appContext->getApplicationDescriptor()->getName()); ProcManager::getInstance()->execute($appProcess); $appContext->setProcess($appProcess); // SUID if (isset($sysParams['suid']) && $sysParams['suid'] == 'true' && !empty($sysParams['owner'])) { try { $owner = UMManager::getInstance()->getUserByName($sysParams['owner']); // force login with owner try { $subject = new Subject(); $subject->getPrivateCredentials()->append(new EyeosPasswordCredential($sysParams['owner'], $owner->getPassword(), false)); $loginContext = new LoginContext('eyeos-login', $subject); $loginContext->login(); } catch (Exception $e) { self::$Logger->error('Exception caught while trying to elevate privileges by SUID to owner ' . $sysParams['owner'] . ' in application "' . $appContext->getApplicationDescriptor()->getName() . '".'); // kill unfinished process ProcManager::getInstance()->kill($appContext->getProcess()); throw $e; } if (self::$Logger->isInfoEnabled()) { self::$Logger->info('Privileges elevation successful with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".'); } ProcManager::getInstance()->setProcessLoginContext($appProcess->getPid(), $loginContext); } catch (Exception $e) { self::$Logger->error('Cannot elevate privileges with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".'); throw $e; } } } }
/** * Returns the primary group of this login context, i.e. the primary group of the user retrieved * using getEyeosUser(). * * @see LoginContext::getEyeosUser() * * @return AbstractEyeosGroup The group object or NULL. * @throws EyeNullPointerException If no subject or no user can be found in this login context. */ public function getEyeosGroup() { if ($this->eyeosGroup === null) { $this->eyeosGroup = UMManager::getInstance()->getGroupById($this->getEyeosUser()->getPrimaryGroupId()); } return $this->eyeosGroup; }
/** * @param mixed $object * @param String $params * @return IMetaData * @throws EyeException * @throws EyeErrorException */ public function retrieveMeta($object, $params) { if (!$object instanceof EyeUserFile) { throw new EyeInvalidArgumentException('$object must be an EyeUserFile.'); } $urlParts = $object->getURLComponents(); if ($urlParts['path'] == '/') { $filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . USERS_METAFILES_EXTENSION; } else { $filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . $urlParts['path'] . USERS_METAFILES_EXTENSION; } $provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath)); $meta = null; try { $meta = $provider->retrieveMeta(null); } catch (EyeFileNotFoundException $e) { } if ($meta === null && $object->exists()) { $owner = UMManager::getInstance()->getUserByName($urlParts['principalname']); $primaryGroup = UMManager::getInstance()->getGroupById($owner->getPrimaryGroupId()); $meta = MetaManager::getInstance()->getNewMetaDataInstance($object); $meta->setAll(array(EyeosAbstractVirtualFile::METADATA_KEY_OWNER => $owner->getName(), EyeosAbstractVirtualFile::METADATA_KEY_GROUP => $primaryGroup->getName(), EyeosAbstractVirtualFile::METADATA_KEY_PERMISSIONS => '-rw-------', EyeosAbstractVirtualFile::METADATA_KEY_CREATIONTIME => null, EyeosAbstractVirtualFile::METADATA_KEY_MODIFICATIONTIME => null)); if ($object->isDirectory()) { $meta->set(EyeosAbstractVirtualFile::METADATA_KEY_PERMISSIONS, '-rwx------'); } } if ($meta !== null) { SecurityManager::getInstance()->checkPermission($meta, new MetaDataPermission('read', null, $object)); } return $meta; }
public function tearDown() { if (self::$ClassTearDownToRun) { $this->loginAsRoot(); try { UMManager::getInstance()->deletePrincipal(UMManager::getUserByName('alice')); } catch (EyeNoSuchPrincipalException $e) { } try { UMManager::getInstance()->deletePrincipal(UMManager::getUserByName('bob')); } catch (EyeNoSuchPrincipalException $e) { } try { UMManager::getInstance()->deletePrincipal(UMManager::getUserByName('charlie')); } catch (EyeNoSuchPrincipalException $e) { } try { UMManager::getInstance()->deletePrincipal(UMManager::getGroupByName('wonderland')); } catch (EyeNoSuchPrincipalException $e) { } $conf = SharingManager::getConfiguration('SharingManager'); $providerClassName = (string) $conf->providerClassName[0]; if ($providerClassName == 'DefaultSQLiteShareInfoProvider') { if (is_file(USERS_PATH . '/' . $this->owner->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db')) { unlink(USERS_PATH . '/' . $this->owner->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db'); } if (is_file(USERS_PATH . '/' . $this->collaborator1->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db')) { unlink(USERS_PATH . '/' . $this->collaborator1->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db'); } if (is_file(USERS_PATH . '/' . $this->collaborator2->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db')) { unlink(USERS_PATH . '/' . $this->collaborator2->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db'); } if (is_file(USERS_PATH . '/' . $this->collaborator3->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db')) { unlink(USERS_PATH . '/' . $this->collaborator3->getName() . '/' . USERS_CONF_DIR . '/' . USERS_SHARE_DIR . '/shares.db'); } } else { if ($providerClassName == 'DefaultMySQLShareInfoProvider') { require_once SERVICE_SHARING_SHARINGMANAGERS_PROVIDERS_PATH . '/DefaultMySQLShareInfoProvider.php'; $dao = StorageManager::getInstance()->getHandler(SQL_DAOHANDLER); $dao->send('TRUNCATE TABLE ' . DefaultMySQLShareInfoProvider::SHAREINFO_TABLE_NAME); $dao->send('TRUNCATE TABLE ShareableVirtualFilesHandler'); } } try { ProcManager::getInstance()->kill(ProcManager::getInstance()->getProcessByPid(self::$MyProcPid)); } catch (EyeProcException $e) { } ProcManager::getInstance()->setCurrentProcess(self::$InitProcessToRestore); } }
/** * @return string The group of the file */ public function getGroup() { if (!$this->exists()) { throw new EyeFileNotFoundException('File ' . $this->path . ' does not exist.'); } $meta = $this->getMeta(); if ($meta === null) { throw new EyeNullPointerException('No metadata found for ' . $this->path); } if ($meta->get(self::METADATA_KEY_GROUP !== null) || $meta->get(self::METADATA_KEY_GROUP) == '') { $ownerPrimaryGroupId = UMManager::getInstance()->getUserByName($this->getOwner())->getPrimaryGroupId(); return UMManager::getInstance()->getGroupById($ownerPrimaryGroupId)->getName(); } return $meta->get(self::METADATA_KEY_GROUP); }
public static function updateDb(AbstractEyeosUser $user) { if (AdvancedPathLib::getCurrentOS() == AdvancedPathLib::OS_WINDOWS) { return; } $userRecollDirPath = UMManager::getInstance()->getEyeosUserDirectory($user) . '/' . USERS_CONF_DIR . '/' . FRAMEWORK_SEARCH_RECOLL_DIR; shell_exec(realpath(FRAMEWORK_SEARCH_UTILS_PATH) . '/updateDB.pl ' . escapeshellarg(realpath($userRecollDirPath))); }
/** * Handle the answer provided by the user and execute the relative action * * @param AbstractEventNotification $event */ public function handleAnswer(AbstractEventNotification $event) { if ($event->getAnswer() === null || !is_string($event->getAnswer())) { throw new EyeInvalidArgumentException('Missing or invalid answer property'); } switch ($event->getAnswer()) { case 'Confirm': try { $eventData = $event->getEventData(); $assignation = UMManager::getInstance()->getNewUserWorkgroupAssignationInstance(); $assignation->setUserId($eventData['userId']); $assignation->setWorkgroupId($eventData['groupId']); $assignation->setRole(WorkgroupConstants::ROLE_VIEWER); $assignation->setStatus(WorkgroupConstants::STATUS_MEMBER); UMManager::getInstance()->updateUserWorkgroupAssignation($assignation); } catch (Exception $e) { //FIXME Need real control of error } break; case 'Cancel': try { $eventData = $event->getEventData(); $assignation = UMManager::getInstance()->getNewUserWorkgroupAssignationInstance(); $assignation->setUserId($eventData['userId']); $assignation->setWorkgroupId($eventData['groupId']); UMManager::getInstance()->unregisterUserWorkgroupAssignation($assignation); } catch (Exception $e) { //FIXME Need real control of error } break; default: throw new EyeInvalidArgumentException('The answer to this events is not correct'); } }
/** * TODO * * @param mixed $object * @param IPermission $permission * @param LoginContext $context * @return bool TRUE if the handler performed the permission check successfully, FALSE otherwise. * * @throws EyeInvalidArgumentException * @throws EyeUnexpectedValueException * @throws EyeAccessControlException */ public function checkPermission($object, IPermission $permission, LoginContext $context) { if (!$object instanceof IFile) { throw new EyeInvalidArgumentException('$object must be an IFile.'); } if ($object instanceof EyeUserFile) { $name = $object->getName(); if ($name == '.htaccess') { throw new EyeAccessControlException('You cannot access that kind of file (.HTACCESS).'); } if ('' == $name) { throw new EyeAccessControlException('Empty filename not allowed'); } if (strstr($name, '?')) { throw new EyeAccessControlException('Invalid character ? on filename'); } if (strstr($name, '#')) { throw new EyeAccessControlException('Invalid character # on filename'); } if (strstr($name, '&')) { throw new EyeAccessControlException('Invalid character & on filename'); } if (strstr($name, '<')) { throw new EyeAccessControlException('Invalid character < on filename'); } if (strstr($name, '>')) { throw new EyeAccessControlException('Invalid character > on filename'); } } // If the target file does not exist or we are requesting a deletion permission, // we must check write permissions on the parent folder, to know whether the current // user is allowed or not to manipulate files within it. if (!$object->exists() || in_array('delete', $permission->getActions())) { $parentFolder = $object->getParentFile(); if (!$parentFolder->equals($object)) { $parentFolder->checkWritePermission(); return true; } } try { $eyeosUser = $context->getEyeosUser(); } catch (EyeNullPointerException $e) { $this->failureException = new EyeHandlerFailureException('No eyeos user found in login context.'); return false; } $objectPermissions = $object->getPermissions(true); if (!is_int($objectPermissions)) { $this->failureException = new EyeHandlerFailureException('"' . $objectPermissions . '" is not a valid octal UNIX permission for file ' . $object->getPath() . '.'); return false; } try { $owner = UMManager::getInstance()->getUserByName($object->getOwner()); } catch (EyeNoSuchUserException $e) { //This is a workaround: when the owner of a workgroup file not longer exist //we have to set a new owner for that file, otherwise we have an exception //when we try to access to load owner informations. if (get_class($object) == 'EyeWorkgroupFile') { $object->fixOwner(); $owner = UMManager::getInstance()->getUserByName($object->getOwner()); } else { throw $e; } } $group = UMManager::getInstance()->getGroupByName($object->getGroup()); $accessGranted = false; $actionText = ''; foreach ($permission->getActions() as $action) { if ($action == 'admin') { if ($eyeosUser->getName() != $object->getOwner()) { throw new EyeAccessControlException('Only the owner ' . $object->getOwner() . ' has admin rights for file ' . $object->getPath() . '.'); } continue; } else { if ($action == 'read') { $ref = 0400; $actionText = 'Read'; } else { if ($action == 'write') { $ref = 0200; $actionText = 'Write'; } else { if ($action == 'execute') { $ref = 0100; $actionText = 'Execution'; } else { // the given action is not supported by this handler $this->failureException = new EyeHandlerFailureException('Unknown action received: ' . $action . '. Wrong configuration?'); return false; } } } } //owner if ($eyeosUser->getId() == $owner->getId()) { if ($ref & $objectPermissions) { $accessGranted = true; continue; } else { throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for file ' . $object->getPath() . ' (insufficient permissions).'); } } else { $ref = $ref >> 3; //group if ($context->getSubject()->getPrincipals()->contains($group)) { if ($ref & $objectPermissions) { $accessGranted = true; continue; } else { throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for file ' . $object->getPath() . ' (insufficient permissions).'); } } else { $ref = $ref >> 3; //others if ($ref & $objectPermissions) { $accessGranted = true; continue; } else { throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for file ' . $object->getPath() . ' (insufficient permissions).'); } } } } if (self::$Logger->isInfoEnabled()) { self::$Logger->info('Access granted to user ' . $eyeosUser->getName() . ' for actions "' . $permission->getActionsAsString() . '" on file ' . $object->getPath() . '.'); } return true; }