/** * validates the access permission by getting the appropriate wfs_conf * to each feature requested and check the wfs_conf permission * * @param string owsproxy md5 * @param array array of requested featuretype names * @return array array with detailed information on reqested wfs */ function checkWfsPermission($wfsOws, $features) { global $con, $n; $myconfs = $n->getWfsConfByPermission($_SESSION["mb_user_id"]); //check if we know the features requested if (count($features) == 0) { throwE(array("No wfs_feature data available.")); die; } //get wfs $sql = "SELECT * FROM wfs WHERE wfs_owsproxy = \$1"; $v = array($wfsOws); $t = array("s"); $res = db_prep_query($sql, $v, $t); $service = array(); if ($row = db_fetch_array($res)) { $service["wfs_id"] = $row["wfs_id"]; $service["wfs_getcapabilities"] = $row["wfs_getcapabilities"]; $service["wfs_getfeature"] = $row["wfs_getfeature"]; $service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"]; $service["wfs_transaction"] = $row["wfs_transaction"]; $service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"]; } else { throwE(array("No wfs data available.")); die; } foreach ($features as $feature) { //get appropriate wfs_conf $sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf "; $sql .= "JOIN wfs_featuretype "; $sql .= "ON wfs_featuretype.featuretype_id = wfs_conf.fkey_featuretype_id "; $sql .= "WHERE wfs_featuretype.featuretype_name = \$2 "; $sql .= "AND wfs_featuretype.fkey_wfs_id = \$1"; $v = array($service["wfs_id"], $feature); $t = array("i", "s"); $res = db_prep_query($sql, $v, $t); if (!($row = db_fetch_array($res))) { $notice = new mb_notice("Permissioncheck failed no wfs conf for wfs " . $service["wfs_id"] . " with feturetype " . $feature); throwE(array("No wfs_conf data for featuretype " . $feature)); die; } $conf_id = $row["wfs_conf_id"]; //check permission if (!in_array($conf_id, $myconfs)) { $notice = new mb_notice("Permissioncheck failed:" . $conf_id . " not in " . implode(",", $myconfs)); throwE(array("Permission denied.", " -> " . $conf_id, implode(",", $myconfs))); die; } } return $service; }
$e = new mb_notice("portal search: " . $t . "!"); } isset($_SERVER["argv"][1]) ? $userId = $_SERVER["argv"][1] : throwE('userId lacks ...'); isset($_SERVER["argv"][2]) ? $searchId = $_SERVER["argv"][2] : throwE('searchId lacks ...'); isset($_SERVER["argv"][3]) ? $searchText = $_SERVER["argv"][3] : throwE('searchText lacks ...'); isset($_SERVER["argv"][4]) ? $searchEPSG = $_SERVER["argv"][4] : throwE('searchEPSG lacks ...'); isset($_SERVER["argv"][5]) ? $registratingDepartments = $_SERVER["argv"][5] : throwE('registratingDepartments lacks ...'); isset($_SERVER["argv"][6]) ? $isoCategories = $_SERVER["argv"][6] : throwE('isoCategories lacks ...'); isset($_SERVER["argv"][7]) ? $regTimeBegin = $_SERVER["argv"][7] : throwE('regTimeBegin lacks ...'); isset($_SERVER["argv"][8]) ? $regTimeEnd = $_SERVER["argv"][8] : throwE('regTimeEnd lacks ...'); isset($_SERVER["argv"][9]) ? $searchBbox = $_SERVER["argv"][9] : throwE('searchBbox lacks ...'); isset($_SERVER["argv"][10]) ? $searchTypeBbox = $_SERVER["argv"][10] : throwE('searchTypeBbox lacks ...'); isset($_SERVER["argv"][11]) ? $searchResources = $_SERVER["argv"][11] : throwE('searchResources lacks ...'); isset($_SERVER["argv"][12]) ? $timeBegin = $_SERVER["argv"][12] : throwE('timeBegin lacks ...'); isset($_SERVER["argv"][13]) ? $timeEnd = $_SERVER["argv"][13] : throwE('timeEnd lacks ...'); isset($_SERVER["argv"][14]) ? $orderBy = $_SERVER["argv"][14] : throwE('orderBy lacks ...'); //define standard searchEPSG if the client has not yet been initialized - therefor the needed EPSG is not known if (!isset($searchEPSG) || ($searchEPSG = '' || empty($searchEPSG))) { $searchEPSG = "EPSG:31466"; } else { $searchEPSG = $_SERVER["argv"][4]; } //if the searchText has more than one element the commas has to be exchanged by plus -> opensearch! $searchTextOS = str_replace(",", "+", $searchText); if ($searchTextOS === 'false' || $searchTextOS === '*') { $searchTextOS = '1'; } $openSearchFilter = ""; //generate portalu search filter: //needed filter criteria: //1. searchText - anyText Field
/** * validated access permission on requested wms * * @param wmsId integer, userId - integer * @return array array with detailed information about requested wms */ function checkWmsPermission($wmsId, $userId) { global $con, $n; $myguis = $n->getGuisByPermission($userId, true); $mywms = $n->getWmsByOwnGuis($myguis); $sql = "SELECT * FROM wms WHERE wms_id = \$1"; $v = array($wmsId); $t = array("s"); $res = db_prep_query($sql, $v, $t); $service = array(); if ($row = db_fetch_array($res)) { $service["wms_id"] = $row["wms_id"]; $service["wms_getcapabilities"] = $row["wms_getcapabilities"]; $service["wms_getmap"] = $row["wms_getmap"]; $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"]; $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"]; } if (!$row || count($mywms) == 0) { throwE(array("No wms data available.")); die; } if (!in_array($service["wms_id"], $mywms)) { throwE(array("Permission denied.", " -> " . $service["wms_id"], implode(",", $mywms))); die; } return $service; }