private function migratePluginEmailUpdateSetting()
{
$isEnabled = Option::get('enableUpdateCommunicationPlugins');
Access::doAsSuperUser(function () use($isEnabled) {
$settings = StaticContainer::get('Piwik\\Plugins\\CoreUpdater\\SystemSettings');
$settings->sendPluginUpdateEmail->setValue(!empty($isEnabled));
$settings->save();
});
}
function validateOwner()
{
try {
$timezone = $this->owner->getValue();
if (!empty($timezone)) {
Access::doAsSuperUser(function () use($timezone) {
API::getInstance()->setDefaultTimezone($timezone);
});
}
} catch (\Exception $e) {
return false;
}
return true;
}
/**
* Returns array containing data about the website: goals, URLs, etc.
*
* @param int $idSite
* @return array
*/
static function getCacheWebsiteAttributes($idSite)
{
if ('all' == $idSite) {
return array();
}
$idSite = (int) $idSite;
if ($idSite <= 0) {
return array();
}
$cache = self::getInstance();
$cacheContent = $cache->get($idSite);
if (false !== $cacheContent) {
return $cacheContent;
}
Tracker::initCorePiwikInTrackerMode();
$content = array();
Access::doAsSuperUser(function () use(&$content, $idSite) {
/**
* Triggered to get the attributes of a site entity that might be used by the
* Tracker.
*
* Plugins add new site attributes for use in other tracking events must
* use this event to put those attributes in the Tracker Cache.
*
* **Example**
*
* public function getSiteAttributes($content, $idSite)
* {
* $sql = "SELECT info FROM " . Common::prefixTable('myplugin_extra_site_info') . " WHERE idsite = ?";
* $content['myplugin_site_data'] = Db::fetchOne($sql, array($idSite));
* }
*
* @param array &$content Array mapping of site attribute names with values.
* @param int $idSite The site ID to get attributes for.
*/
Piwik::postEvent('Tracker.Cache.getSiteAttributes', array(&$content, $idSite));
Common::printDebug("Website {$idSite} tracker cache was re-created.");
});
// if nothing is returned from the plugins, we don't save the content
// this is not expected: all websites are expected to have at least one URL
if (!empty($content)) {
$cache->set($idSite, $content);
}
return $content;
}
public function doRun(InputInterface $input, OutputInterface $output)
{
$this->initPiwikHost($input);
$this->initConfig($output);
try {
self::initPlugins();
} catch (\Exception $e) {
// Piwik not installed yet, no config file?
}
Translate::reloadLanguage('en');
$commands = $this->getAvailableCommands();
foreach ($commands as $command) {
$this->addCommandIfExists($command);
}
$self = $this;
return Access::doAsSuperUser(function () use($input, $output, $self) {
return call_user_func(array($self, 'Symfony\\Component\\Console\\Application::doRun'), $input, $output);
});
}
public function doRun(InputInterface $input, OutputInterface $output)
{
if ($input->hasParameterOption('--xhprof')) {
Profiler::setupProfilerXHProf(true, true);
}
$this->initPiwikHost($input);
$this->initEnvironment($output);
$this->initLoggerOutput($output);
try {
self::initPlugins();
} catch (ConfigNotFoundException $e) {
// Piwik not installed yet, no config file?
Log::warning($e->getMessage());
}
$commands = $this->getAvailableCommands();
foreach ($commands as $command) {
$this->addCommandIfExists($command);
}
$self = $this;
return Access::doAsSuperUser(function () use($input, $output, $self) {
return call_user_func(array($self, 'Symfony\\Component\\Console\\Application::doRun'), $input, $output);
});
}
/**
* Password reset confirmation action. Finishes the password reset process.
* Users visit this action from a link supplied in an email.
*/
public function confirmResetPassword()
{
$errorMessage = null;
$login = Common::getRequestVar('login', '');
$resetToken = Common::getRequestVar('resetToken', '');
try {
$this->passwordResetter->confirmNewPassword($login, $resetToken);
} catch (Exception $ex) {
Log::debug($ex);
$errorMessage = $ex->getMessage();
}
if (is_null($errorMessage)) {
// if success, show login w/ success message
// have to do this as super user since redirectToIndex checks if there's a default website ID for
// the current user and if not, doesn't redirect to the requested action. TODO: this behavior is wrong. somehow.
$self = $this;
Access::doAsSuperUser(function () use($self) {
$self->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess');
});
return null;
} else {
// show login page w/ error. this will keep the token in the URL
return $this->login($errorMessage);
}
}
public function test_reloadAccess_DoesNotRemoveSuperUserAccess_IfUsedInDoAsSuperUser()
{
Access::getInstance()->setSuperUserAccess(false);
Access::doAsSuperUser(function () {
$access = Access::getInstance();
Core_AccessTest::assertTrue($access->hasSuperUserAccess());
$access->reloadAccess();
Core_AccessTest::assertTrue($access->hasSuperUserAccess());
});
}
/**
* @return array|bool
*/
protected function updateComponents()
{
Access::getInstance();
return Access::doAsSuperUser(function () {
$updater = new Updater();
$componentsWithUpdateFile = $updater->getComponentUpdates();
if (empty($componentsWithUpdateFile)) {
return false;
}
$result = $updater->updateComponents($componentsWithUpdateFile);
return $result;
});
}
private function getAccessFor($login)
{
return Access::doAsSuperUser(function () use($login) {
return UsersManagerAPI::getInstance()->getSitesAccessFromUser($login);
});
}
private function getSetOfAllSites()
{
if ($this->allSites === null) {
$this->allSites = array_flip(Access::doAsSuperUser(function () {
return SitesManagerAPI::getInstance()->getSitesIdWithAtLeastViewAccess();
}));
}
return $this->allSites;
}
/**
* Returns user information based on a login or email.
*
* Derived classes can override this method to provide custom user querying logic.
*
* @param string $loginMail user login or email address
* @return array `array("login" => '...', "email" => '...', "password" => '...')` or null, if user not found.
*/
protected function getUserInformation($loginOrMail)
{
$usersManager = $this->usersManagerApi;
return Access::doAsSuperUser(function () use($loginOrMail, $usersManager) {
$user = null;
if ($usersManager->userExists($loginOrMail)) {
$user = $usersManager->getUser($loginOrMail);
} else {
if ($usersManager->userEmailExists($loginOrMail)) {
$user = $usersManager->getUserByEmail($loginOrMail);
}
}
return $user;
});
}
private function isUserLdapUser($login)
{
$user = Access::doAsSuperUser(function () use($login) {
return UsersManagerAPI::getInstance()->getUser($login);
});
return UserMapper::isUserLdapUser($user);
}
/**
* Returns list of int site IDs from site list found in LDAP.
*
* @param string $sitesSpec eg, `"1,2,3"` or `"all"`
* @return int[]
*/
protected function getSitesFromSitesList($sitesSpec)
{
return Access::doAsSuperUser(function () use($sitesSpec) {
return Site::getIdSitesFromIdSitesString($sitesSpec);
});
}
/**
* Creates a UserSynchronizer using INI configuration.
*
* @return UserSynchronizer
*/
public static function makeConfigured()
{
$result = new UserSynchronizer();
$result->setUserMapper(UserMapper::makeConfigured());
$result->setUsersManagerApi(UsersManagerAPI::getInstance());
$result->setUserModel(new UserModel());
if (Config::isAccessSynchronizationEnabled()) {
$result->setUserAccessMapper(UserAccessMapper::makeConfigured());
Log::debug("UserSynchronizer::%s(): Using UserAccessMapper when synchronizing users.", __FUNCTION__);
} else {
Log::debug("UserSynchronizer::%s(): LDAP access synchronization not enabled.", __FUNCTION__);
}
$defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo();
if (!empty($defaultSitesWithViewAccess)) {
$siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) {
return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess);
});
if (empty($siteIds)) {
Log::warning("UserSynchronizer::%s(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", __FUNCTION__);
}
$result->setNewUserDefaultSitesWithViewAccess($siteIds);
}
Log::debug("UserSynchronizer::%s: configuring with defaultSitesWithViewAccess = %s", __FUNCTION__, $defaultSitesWithViewAccess);
return $result;
}
<?php
return array('AnonymousPiwikUsageMeasurement.piwikVersion' => '2.14.3', 'AnonymousPiwikUsageMeasurement.phpVersion' => '5.5.27', 'Piwik\\Plugins\\AnonymousPiwikUsageMeasurement\\SystemSettings' => DI\factory(function () {
// we cannot decorate here as we need to create an instance of settings as super user, the permissions
// for writing / reading are detected on settings creation, not each time it is executed
$settings = null;
\Piwik\Access::doAsSuperUser(function () use(&$settings) {
$settings = new Piwik\Plugins\AnonymousPiwikUsageMeasurement\SystemSettings();
// make sure no tracking is enabled when running tests, especially on travis and during ui tests
$settings->trackToPiwik->setValue(false);
$settings->ownPiwikSiteId->setValue(0);
$settings->customPiwikSiteId->setValue(0);
});
return $settings;
}));
/**
* Initializes and runs the cron archiver.
*/
public function main()
{
$self = $this;
Access::doAsSuperUser(function () use($self) {
$self->init();
$self->run();
$self->runScheduledTasks();
$self->end();
});
}
/**
* Creates a UserSynchronizer using INI configuration.
*
* @return UserSynchronizer
*/
public static function makeConfigured()
{
$result = new UserSynchronizer();
$result->setUserMapper(UserMapper::makeConfigured());
$result->setUsersManagerApi(UsersManagerAPI::getInstance());
$result->setUserModel(new UserModel());
/** @var LoggerInterface $logger */
$logger = StaticContainer::get('Psr\\Log\\LoggerInterface');
if (Config::isAccessSynchronizationEnabled()) {
$result->setUserAccessMapper(UserAccessMapper::makeConfigured());
$logger->debug("UserSynchronizer::{func}(): Using UserAccessMapper when synchronizing users.", array('func' => __FUNCTION__));
} else {
$logger->debug("UserSynchronizer::{func}(): LDAP access synchronization not enabled.", array('func' => __FUNCTION__));
}
$defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo();
if (!empty($defaultSitesWithViewAccess)) {
$siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) {
return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess);
});
if (empty($siteIds)) {
$logger->warning("UserSynchronizer::{func}(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", array('func' => __FUNCTION__));
}
$result->setNewUserDefaultSitesWithViewAccess($siteIds);
}
$logger->debug("UserSynchronizer::{func}: configuring with defaultSitesWithViewAccess = {sites}", array('func' => __FUNCTION__, 'sites' => $defaultSitesWithViewAccess));
return $result;
}
