function __destruct() { global $user, $globalperms; $user = $this->previousUser; $perms = Perms::getInstance(); $perms->setGroups($this->previousGroupList); $globalperms = Perms::get(); }
public function authorize($user, $path, $access = self::ACCESS_READ) { global $tikilib; print_debug("authorize " . $user . " " . $path . " " . $access . "\n"); if ($path === '/') { return true; } $page = substr($path, 1); $groups = $tikilib->get_user_groups($user); $perms = Perms::getInstance(); $perms->setGroups($groups); $perms = $tikilib->page_exists($page) ? Perms::get(array('type' => 'wiki page', 'object' => substr($path, 1))) : Perms::get(); return $access === self::ACCESS_READ && $perms->view || $access === self::ACCESS_WRITE && $perms->edit; }
public function authorize($user, $path, $access = self::ACCESS_READ) { global $tikilib; $filegallib = TikiLib::lib('filegal'); print_debug("Authorize...PATH={$path} ACCESS=" . ($access == self::ACCESS_READ ? 'READ' : 'WRITE') . "\n"); $dir_path = dirname(urldecode($path)); if ($dir_path === '/' && $access === self::ACCESS_READ) { return true; } $fgal = $filegallib->get_objectid_from_virtual_path($dir_path); $id = $fgal['id']; if (!$id) { print_debug("Authorize...PATH={$dir_path} does not exist\n"); return false; } $groups = $tikilib->get_user_groups($user); $perms = Perms::getInstance(); $perms->setGroups($groups); $perms = Perms::get(array('type' => 'file gallery', 'object' => $id)); print_debug("Authorize...PERMS:" . print_r($perms, true) . "\n"); $ret = false; if ($access === self::ACCESS_READ) { print_debug("Authorize...READ " . ($perms->view_file_gallery ? 'OK' : 'PAS') . " " . ($perms->list_file_gallery ? 'OK' : 'PAS') . "\n"); if ($perms->view_file_gallery || $perms->list_file_gallery) { $ret = true; } } elseif ($access === self::ACCESS_WRITE) { print_debug("Authorize...WRITE " . ($perms->upload_files ? 'OK' : 'PAS') . " " . ($perms->admin_file_galleries ? 'OK' : 'PAS') . "\n"); if ($perms->upload_files || $perms->admin_file_galleries) { $ret = true; } } print_debug("Authorize...USER={$user} PATH={$path} " . ($ret ? 'OK' : 'PAS OK') . "\n"); return $ret; }
/** * @param $aggregator * @param string $mode */ private function addSources($aggregator, $mode = 'indexing') { global $prefs; $types = $this->getSupportedTypes(); // Content Sources if (isset($types['wiki page'])) { $aggregator->addContentSource('wiki page', new Search_ContentSource_WikiSource()); } if (isset($types['forum post'])) { $aggregator->addContentSource('forum post', new Search_ContentSource_ForumPostSource()); $aggregator->addContentSource('forum', new Search_ContentSource_ForumSource()); } if (isset($types['blog post'])) { $aggregator->addContentSource('blog post', new Search_ContentSource_BlogPostSource()); } if (isset($types['article'])) { $articleSource = new Search_ContentSource_ArticleSource(); $aggregator->addContentSource('article', $articleSource); $aggregator->addGlobalSource(new Search_GlobalSource_ArticleAttachmentSource($articleSource)); } if (isset($types['file'])) { $fileSource = new Search_ContentSource_FileSource(); $aggregator->addContentSource('file', $fileSource); $aggregator->addContentSource('file gallery', new Search_ContentSource_FileGallerySource()); $aggregator->addGlobalSource(new Search_GlobalSource_FileAttachmentSource($fileSource)); } if (isset($types['trackeritem'])) { $aggregator->addContentSource('trackeritem', new Search_ContentSource_TrackerItemSource()); $aggregator->addContentSource('tracker', new Search_ContentSource_TrackerSource()); $aggregator->addContentSource('trackerfield', new Search_ContentSource_TrackerFieldSource()); } if (isset($types['sheet'])) { $aggregator->addContentSource('sheet', new Search_ContentSource_SheetSource()); } if (isset($types['comment'])) { $commentTypes = array(); if ($prefs['feature_wiki_comments'] == 'y') { $commentTypes[] = 'wiki page'; } if ($prefs['feature_article_comments'] == 'y') { $commentTypes[] = 'article'; } if ($prefs['feature_poll_comments'] == 'y') { $commentTypes[] = 'poll'; } if ($prefs['feature_file_galleries_comments'] == 'y') { $commentTypes[] = 'file gallery'; } if ($prefs['feature_trackers'] == 'y') { $commentTypes[] = 'trackeritem'; } $aggregator->addContentSource('comment', new Search_ContentSource_CommentSource($commentTypes)); $aggregator->addGlobalSource(new Search_GlobalSource_CommentSource()); } if (isset($types['user'])) { $aggregator->addContentSource('user', new Search_ContentSource_UserSource($prefs['user_in_search_result'])); } if (isset($types['group'])) { $aggregator->addContentSource('group', new Search_ContentSource_GroupSource()); } if ($prefs['activity_custom_events'] == 'y' || $prefs['activity_basic_events'] == 'y' || $prefs['monitor_enabled'] == 'y') { $aggregator->addContentSource('activity', new Search_ContentSource_ActivityStreamSource($aggregator instanceof Search_Indexer ? $aggregator : null)); } if ($prefs['goal_enabled'] == 'y') { $aggregator->addContentSource('goalevent', new Search_ContentSource_GoalEventSource()); } // Global Sources if ($prefs['feature_categories'] == 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_CategorySource()); $aggregator->addContentSource('category', new Search_ContentSource_CategorySource()); } if ($prefs['feature_freetags'] == 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_FreeTagSource()); } if ($prefs['rating_advanced'] == 'y' && $mode == 'indexing') { $aggregator->addGlobalSource(new Search_GlobalSource_AdvancedRatingSource($prefs['rating_recalculation'] == 'indexing')); } $aggregator->addGlobalSource(new Search_GlobalSource_Geolocation()); if ($prefs['feature_search_show_visit_count'] === 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_VisitsSource()); } if ($prefs['feature_friends'] === 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_SocialSource()); } if ($mode == 'indexing') { $aggregator->addGlobalSource(new Search_GlobalSource_PermissionSource(Perms::getInstance())); $aggregator->addGlobalSource(new Search_GlobalSource_RelationSource()); } $aggregator->addGlobalSource(new Search_GlobalSource_TitleInitialSource()); $aggregator->addGlobalSource(new Search_GlobalSource_SearchableSource()); $aggregator->addGlobalSource(new Search_GlobalSource_UrlSource()); }
function getData($objectType, $objectId, Search_Type_Factory_Interface $typeFactory, array $data = array()) { global $prefs; if (isset($data['relations']) || isset($data['relation_types'])) { return array(); } $relations = array(); $relation_objects = array(); $types = array(); $relation_objects_to_index = array(); if ($prefs['unified_engine'] == 'elastic') { // only index full objects in elasticsearch $relation_objects_to_index = array_map('trim', explode(',', $prefs['unified_relation_object_indexing'])); } $from = $this->relationlib->get_relations_from($objectType, $objectId); foreach ($from as $rel) { $relations[] = Search_Query_Relation::token($rel['relation'], $rel['type'], $rel['itemId']); $types[] = $rel['relation']; if (in_array($rel['relation'], $relation_objects_to_index)) { $contentSource = $this->contentSources[$rel['type']]; //new Search_ContentSource_TrackerItemSource(); $data = $contentSource->getDocument($rel['itemId'], $typeFactory); $permissionSource = new Search_GlobalSource_PermissionSource(Perms::getInstance()); $data = array_merge($data, $permissionSource->getData($rel['type'], $rel['itemId'], $typeFactory, $data)); foreach ($data as &$item) { if ($item instanceof Search_Type_Interface) { $item = $item->getValue(); } } $data['relation'] = $rel['relation']; $relation_objects[] = $data; } } $to = $this->relationlib->get_relations_to($objectType, $objectId); foreach ($to as $rel) { $relations[] = Search_Query_Relation::token($rel['relation'] . '.invert', $rel['type'], $rel['itemId']); $rel_type = $rel['relation'] . '.invert'; $types[] = $rel_type; if (in_array($rel_type, $relation_objects_to_index)) { $contentSource = $this->contentSources[$rel['type']]; //new Search_ContentSource_TrackerItemSource(); $data = $contentSource->getDocument($rel['itemId'], $typeFactory); $permissionSource = new Search_GlobalSource_PermissionSource(Perms::getInstance()); $data = array_merge($data, $permissionSource->getData($rel['type'], $rel['itemId'], $typeFactory, $data)); foreach ($data as &$item) { if ($item instanceof Search_Type_Interface) { $item = $item->getValue(); } } $data['relation'] = $rel['relation']; $relation_objects[] = $data; } } //take the type array and get a count of each indiv. type $type_count = array_count_values($types); $rel_count = array(); foreach ($type_count as $key => $val) { //instead of returning an assoc. array, format to "relation:count" format for input in index $rel_count[] = $key . ":" . $val; } return array('relations' => $typeFactory->multivalue($relations), 'relation_objects' => $typeFactory->nested($relation_objects), 'relation_types' => $typeFactory->multivalue(array_unique($types)), 'relation_count' => $typeFactory->multivalue($rel_count)); }
/** * @param $aggregator * @param string $mode */ private function addSources($aggregator, $mode = 'indexing') { global $prefs; $types = $this->getSupportedTypes(); // Content Sources if (isset($types['wiki page'])) { $aggregator->addContentSource('wiki page', new Search_ContentSource_WikiSource()); } if (isset($types['forum post'])) { $aggregator->addContentSource('forum post', new Search_ContentSource_ForumPostSource()); } if (isset($types['blog post'])) { $aggregator->addContentSource('blog post', new Search_ContentSource_BlogPostSource()); } if (isset($types['article'])) { $aggregator->addContentSource('article', new Search_ContentSource_ArticleSource()); } if (isset($types['file'])) { $aggregator->addContentSource('file', new Search_ContentSource_FileSource()); $aggregator->addGlobalSource(new Search_GlobalSource_FileAttachmentSource()); } if (isset($types['trackeritem'])) { $aggregator->addContentSource('trackeritem', new Search_ContentSource_TrackerItemSource()); } if (isset($types['sheet'])) { $aggregator->addContentSource('sheet', new Search_ContentSource_SheetSource()); } if (isset($types['comment'])) { $commentTypes = array(); if ($prefs['feature_wiki_comments'] == 'y') { $commentTypes[] = 'wiki page'; } if ($prefs['feature_article_comments'] == 'y') { $commentTypes[] = 'article'; } if ($prefs['feature_poll_comments'] == 'y') { $commentTypes[] = 'poll'; } if ($prefs['feature_file_galleries_comments'] == 'y') { $commentTypes[] = 'file gallery'; } if ($prefs['feature_trackers'] == 'y') { $commentTypes[] = 'trackeritem'; } $aggregator->addContentSource('comment', new Search_ContentSource_CommentSource($commentTypes)); $aggregator->addGlobalSource(new Search_GlobalSource_CommentSource()); } if (isset($types['user'])) { $aggregator->addContentSource('user', new Search_ContentSource_UserSource($prefs['user_in_search_result'])); } // Global Sources if ($prefs['feature_categories'] == 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_CategorySource()); } if ($prefs['feature_freetags'] == 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_FreeTagSource()); } if ($prefs['rating_advanced'] == 'y' && $mode == 'indexing') { $aggregator->addGlobalSource(new Search_GlobalSource_AdvancedRatingSource($prefs['rating_recalculation'] == 'indexing')); } $aggregator->addGlobalSource(new Search_GlobalSource_Geolocation()); if ($prefs['feature_search_show_visit_count'] === 'y') { $aggregator->addGlobalSource(new Search_GlobalSource_VisitsSource()); } if ($mode == 'indexing') { $aggregator->addGlobalSource(new Search_GlobalSource_PermissionSource(Perms::getInstance())); $aggregator->addGlobalSource(new Search_GlobalSource_RelationSource()); } }
/** * @return bool */ function http_auth() { global $tikidomain, $userlib, $user, $smarty; if (!$tikidomain) { $tikidomain = "Default"; } if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="' . $tikidomain . '"'); header('HTTP/1.0 401 Unauthorized'); exit; } $attempt = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; list($res, $rest) = $userlib->validate_user_tiki($attempt, $pass, false, false); if ($res == USER_VALID) { global $permissionList; $user = $attempt; $groups = $userlib->get_user_groups($user); $perms = Perms::getInstance(); $perms->setGroups($groups); $perms = Perms::get(); $perms->globalize($permissionList, $smarty); return true; } else { header('WWW-Authenticate: Basic realm="' . $tikidomain . '"'); header('HTTP/1.0 401 Unauthorized'); return false; } }
protected function getCollectionMembers($path) { global $tikilib, $user; print_debug('getCollectionMembers ' . $path . "\n"); $contents = array(); $errors = array(); if ($path !== '/') { return $contents; } $groups = $tikilib->get_user_groups($user); $perms = Perms::getInstance(); $perms->setGroups($groups); $pages = $tikilib->list_pages(); foreach ($pages['data'] as $page) { $contents[] = new ezcWebdavResource($path . $page['pageName']); } return $contents; }