/** * __invoke * * @param Request $request * @param Response $response * @param callable|null $out * * @return mixed */ public function __invoke(Request $request, Response $response, callable $out = null) { $isAllowed = $this->rcmUserService->isAllowed($this->getOption($request, 'resourceId', null), $this->getOption($request, 'privilege', null)); if ($isAllowed) { return $out($request, $response); } return $this->getResponseWithAclFailStatus($request, $response); }
/** * allowed * * @param User $adminUser * @param User $targetUser * * @return bool */ public function allowed(User $adminUser, User $targetUser) { $isAllowed = $this->rcmUserService->isUserAllowed($this->aclConfig['resourceId'], $this->aclConfig['privilege'], $this->aclConfig['providerId'], $targetUser); if ($isAllowed) { return new RestrictionResult(false, 'Cannot switch to this user'); } return new RestrictionResult(true); }
/** * @param UserMessage $userMessageRepo * @param RcmUserService $rcmUserService * @param TranslatorInterface $translator * @param \HTMLPurifier $htmlPurifier */ public function __construct(UserMessage $userMessageRepo, RcmUserService $rcmUserService, TranslatorInterface $translator, \HTMLPurifier $htmlPurifier) { $this->userMessageRepo = $userMessageRepo; $this->rcmUserService = $rcmUserService; $this->translator = $translator; $this->htmlPurifier = $htmlPurifier; $currentUser = $this->rcmUserService->getCurrentUser(null); if (!empty($currentUser)) { $this->currentUserId = $currentUser->getId(); } }
/** * switchBack * * @param User $impersonatorUser * @param array $options * * @return Result * @throws \Exception */ public function switchBack(User $impersonatorUser, $options = []) { // Get current user $currentUserId = $this->rcmUserService->getCurrentUser()->getId(); $impersonatorUserId = $impersonatorUser->getId(); $result = new Result(); // Force login as $suUser $this->rcmUserService->getUserAuthService()->setIdentity($impersonatorUser); // log action $this->logAction($impersonatorUserId, $currentUserId, 'SU switched back', true); $result->setSuccess(true, 'SU switch back was successful'); return $result; }
/** * Should link be shown in nav bar? * * @param $page * * @return bool */ protected function shouldShowInNavigation(&$page) { if (isset($page['rcmOnly']) && $page['rcmOnly'] && empty($this->page)) { return false; } if (isset($page['acl']) && is_array($page['acl']) && !empty($page['acl']['resource'])) { $providerId = null; if (!empty($page['acl']['providerId'])) { $providerId = $page['acl']['providerId']; } $privilege = null; if (!empty($page['acl']['privilege'])) { $privilege = $page['acl']['privilege']; } $resource = $page['acl']['resource']; $resource = str_replace([':siteId', ':pageName'], [$this->currentSite->getSiteId(), $this->page->getName()], $resource); if (!empty($this->page)) { $resource = str_replace([':siteId', ':pageName'], [$this->currentSite->getSiteId(), $this->page->getName()], $resource); } else { $resource = str_replace([':siteId'], [$this->currentSite->getSiteId()], $resource); } if (!$this->rcmUserService->isAllowed($resource, $privilege, $providerId)) { return false; } } return true; }
/** * Handle Post for Plugin * * @param ResetPasswordForm $form * @param $instanceConfig * * @return null|string */ protected function handlePost(ResetPasswordForm $form, $instanceConfig) { $resetPw = new ResetPassword(); $form->setInputFilter($resetPw->getInputFilter()); $form->setData($this->getRequest()->getPost()); if (!$form->isValid()) { return; } $formData = $form->getData(); $userId = $formData['userId']; $user = $this->rcmUserManager->buildNewUser(); $user->setUsername($userId); $result = $this->rcmUserManager->readUser($user); if (!$result->isSuccess()) { return; } $user = $result->getUser(); if (!$user->getEmail()) { return; } $resetPw->setUserId($user->getId()); $this->entityMgr->persist($resetPw); $this->entityMgr->flush(); $this->mailer->sendRestPasswordEmail($resetPw, $user, $instanceConfig['prospectEmail']); return; }
protected function handlePost(CreateNewPasswordForm $form, $instanceConfig, $userId) { $form->setInputFilter(new CreateNewPasswordInputFilter()); $form->setData($this->getRequest()->getPost()); if ($form->isValid()) { $formData = $form->getData(); $newPasswordOne = $formData['password']; $newPasswordTwo = $formData['passwordTwo']; if ($newPasswordOne != $newPasswordTwo) { return $instanceConfig['translate']['passwordsDoNotMatch']; } $user = $this->rcmUserService->buildNewUser(); $user->setUsername($userId); try { $result = $this->rcmUserService->readUser($user); } catch (DistributorNotFoundException $e) { return $instanceConfig['translate']['systemError']; } if (!$result->isSuccess()) { return $instanceConfig['translate']['invalidLink']; } $user = $result->getUser(); $user->setPassword($newPasswordTwo); $result = $this->rcmUserService->updateUser($user); if (!$result->isSuccess()) { throw new \Exception($result->getMessagesString()); } } return null; }
/** * @deprecated use SwitchUserAclService::currentUserIsSuAllowed * currentUserIsAllowed * * @return bool|mixed */ public function currentUserIsAllowed() { $adminUser = $this->getCurrentImpersonatorUser(); $targetUser = $this->rcmUserService->getCurrentUser(); if (empty($adminUser)) { $adminUser = $targetUser; } return $this->isAllowed($adminUser); }
/** * getUser * * @return null|\RcmUser\User\Entity\User */ protected function getUser() { $username = trim(filter_var($this->getRequest()->getPost('username'), FILTER_SANITIZE_STRING)); $password = filter_var($this->getRequest()->getPost('password'), FILTER_SANITIZE_STRING); if (empty($username) || empty($password)) { return null; } $user = $this->rcmUserService->buildNewUser(); $user->setUsername($username); $user->setPassword($password); return $user; }
/** * Process 401 Response Objects. This will redirect the visitor to the * sites configured login page. * * @return Response */ protected function processNotAuthorized() { $loginPage = $this->currentSite->getLoginPage(); $notAuthorized = $this->currentSite->getNotAuthorizedPage(); $returnToUrl = urlencode($this->request->getServer('REQUEST_URI')); $newResponse = new Response(); $newResponse->setStatusCode('302'); if (!$this->userService->hasIdentity()) { $newResponse->getHeaders()->addHeaderLine('Location: ' . $loginPage . '?redirect=' . $returnToUrl); } else { $newResponse->getHeaders()->addHeaderLine('Location: ' . $notAuthorized); } return $newResponse; }
/** * Check to make sure user can see revisions * * @return bool */ public function shouldShowRevisions($siteId, $pageType, $pageName) { $allowedRevisions = $this->rcmUserService->isAllowed($this->buildPageResourceId($siteId, $pageType, $pageName), 'edit', 'Rcm\\Acl\\ResourceProvider'); if ($allowedRevisions) { return true; } $allowedRevisions = $this->rcmUserService->isAllowed($this->buildPageResourceId($siteId, $pageType, $pageName), 'approve', 'Rcm\\Acl\\ResourceProvider'); if ($allowedRevisions) { return true; } $allowedRevisions = $this->rcmUserService->isAllowed($this->buildPageResourceId($siteId, $pageType, $pageName), 'revisions', 'Rcm\\Acl\\ResourceProvider'); if ($allowedRevisions) { return true; } $allowedRevisions = $this->rcmUserService->isAllowed($this->buildPagesResourceId($siteId), 'create', 'Rcm\\Acl\\ResourceProvider'); if ($allowedRevisions) { return true; } return false; }
/** * isCurrentImpersonatorUserAllowed * * @param $resourceId * @param $privilege * @param $providerId * * @return bool|mixed */ public function isCurrentImpersonatorUserAllowed($resourceId, $privilege, $providerId) { $user = $this->rcmUserService->getCurrentUser(); return $this->isImpersonatorUserAllowed($resourceId, $privilege, $providerId, $user); }
/** * has Access * * @return boolean */ public function hasAccess() { // no restrictions return $this->rcmUserService->isAllowed($this->resourceId, $this->privilege, $this->providerId); }
/** * @deprecated Use RcmUserService->getCurrentUser() * __invoke * * @param mixed $default default * * @return null|\RcmUser\User\Entity\User */ public function __invoke($default = null) { $user = $this->rcmUserService->getIdentity($default); return $user; }
/** * __invoke * * @param string $resourceId resourceId * @param string $privilege privilege * @param string $providerId providerId * * @return bool */ public function __invoke($resourceId, $privilege = null, $providerId = 'Rcm\\Acl\\ResourceProvider') { return $this->rcmUserService->isAllowed($resourceId, $privilege, $providerId); }
public function testSetGetAuthorizeService() { $rcmUserService = new RcmUserService(); $rcmUserService->setAuthorizeService($this->authorizeService); $service = $rcmUserService->getAuthorizeService(); $this->assertInstanceOf('\\RcmUser\\Acl\\Service\\AuthorizeService', $service, 'Getter or setter failed.'); }