/**
* @return string The permissions of the file
*/
public function getPermissions($octal = true)
{
$meta = $this->getMeta();
if ($meta === null) {
throw new EyeNullPointerException('No metadata found for ' . $this->path);
}
$perm = $meta->get(self::METADATA_KEY_PERMISSIONS);
if ($perm === null) {
if ($this->isDirectory()) {
$perm = self::PERMISSIONS_MASK_DIR & ~$this->getUMask();
} else {
if ($this->isLink()) {
$perm = self::PERMISSIONS_VALUE_LINK;
} else {
$perm = self::PERMISSIONS_MASK_FILE & ~$this->getUMask();
}
}
if (!$octal) {
return AdvancedPathLib::permsToUnix($perm);
}
return $perm;
}
if ($octal) {
return AdvancedPathLib::permsToOctal($perm);
} else {
return $perm;
}
}
/**
* TODO
*
* @param mixed $object
* @param IPermission $permission
* @param LoginContext $context
* @return bool TRUE if the handler performed the permission check successfully, FALSE otherwise.
*
* @throws EyeInvalidArgumentException
* @throws EyeUnexpectedValueException
* @throws EyeAccessControlException
*/
public function checkPermission($object, IPermission $permission, LoginContext $context)
{
if (!$object instanceof EyeosApplicationDescriptor) {
throw new EyeInvalidArgumentException('$object must be an EyeosApplicationDescriptor.');
}
try {
$eyeosUser = $context->getEyeosUser();
} catch (EyeNullPointerException $e) {
$this->failureException = new EyeHandlerFailureException('No eyeos user found in login context.');
return false;
}
$meta = $object->getMeta();
if ($meta === null) {
throw new EyeNullPointerException('$meta cannot be null.');
}
$sysParams = $meta->get('eyeos.application.systemParameters');
// Extract owner, group and permissions from application's metadata
try {
$owner = UMManager::getInstance()->getUserByName($sysParams['owner']);
} catch (EyeNoSuchPrincipalException $e) {
$this->failureException = new EyeHandlerFailureException('Unknown owner "' . $owner . '".');
return false;
}
try {
$group = UMManager::getInstance()->getGroupByName($sysParams['group']);
} catch (EyeNoSuchPrincipalException $e) {
$this->failureException = new EyeHandlerFailureException('Unknown group "' . $group . '".');
return false;
}
try {
$perms = AdvancedPathLib::permsToOctal($sysParams['permissions']);
} catch (Exception $e) {
$this->failureException = new EyeHandlerFailureException('"' . $perms . '" is not a valid octal UNIX permission for application ' . $object->getName() . '.');
return false;
}
// Loop on actions (but here we currently know the action "execute" only)
$accessGranted = false;
$actionText = '';
foreach ($permission->getActions() as $action) {
if ($action == 'execute') {
$ref = 0100;
$actionText = 'Execution';
} else {
// the given action is not supported by this handler
$this->failureException = new EyeHandlerFailureException('Unknown action received: ' . $action . '.');
return false;
}
//owner
if ($eyeosUser->getId() == $owner->getId()) {
if ($ref & $perms) {
$accessGranted = true;
continue;
} else {
throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for application ' . $object->getName() . ' (insufficient permissions).');
}
} else {
$ref = $ref >> 3;
//group
if ($context->getSubject()->getPrincipals()->contains($group)) {
if ($ref & $perms) {
$accessGranted = true;
continue;
} else {
throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for application ' . $object->getName() . ' (insufficient permissions).');
}
} else {
$ref = $ref >> 3;
//others
if ($ref & $perms) {
$accessGranted = true;
continue;
} else {
throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for application ' . $object->getName() . ' (insufficient permissions).');
}
}
}
}
if (self::$Logger->isInfoEnabled()) {
self::$Logger->info('Access granted to user ' . $eyeosUser->getName() . ' for actions "' . $permission->getActionsAsString() . '" on application ' . $object->getName() . '.');
}
return true;
}
/**
* @param bool $octal TRUE to return permissions in octal form (755),
* FALSE to return them in Unix form (rwxr-xr-x)
* @return mixed The permissions of the file or FALSE if the file doesn't exist
*/
public function getPermissions($octal = true)
{
if ($this->statsCache['permissions'] === null) {
$this->fetchStats();
}
if (!$octal) {
return $this->statsCache['permissions'];
} else {
return AdvancedPathLib::permsToOctal($this->statsCache['permissions']);
}
}
public function testPermsToOctal()
{
$this->assertEquals('777', decoct(AdvancedPathLib::permsToOctal('-rwxrwxrwx')));
$this->assertEquals('777', decoct(AdvancedPathLib::permsToOctal('drwxrwxrwx')));
$this->assertEquals('777', decoct(AdvancedPathLib::permsToOctal('lrwxrwxrwx')));
$this->assertEquals('0', decoct(AdvancedPathLib::permsToOctal('----------')));
$this->assertEquals('755', decoct(AdvancedPathLib::permsToOctal('-rwxr-xr-x')));
$this->assertEquals('544', decoct(AdvancedPathLib::permsToOctal('-r-xr--r--')));
$this->assertEquals('411', decoct(AdvancedPathLib::permsToOctal('-r----x--x')));
}
