/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof EyeSysFile) {
throw new EyeInvalidArgumentException('$object must be an EyeSysFile.');
}
$urlParts = $object->getURLComponents();
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($metaData, new MetaDataPermission('write', $meta, $object));
//{
// TODO: store metadata into database
//}
}
public function updateCollaboratorPermission(IShareable $object, AbstractEyeosPrincipal $collaborator, IPermission $permission)
{
try {
if ($object->getId() === null) {
throw new EyeNullPointerException('$object ID cannot be null.');
}
$handlerClassName = null;
foreach (self::getAllShareableObjectsHandlers() as $handler) {
if ($handler->checkType($object)) {
$handlerClassName = get_class($handler);
break;
}
}
if ($handlerClassName === null) {
throw new EyeHandlerNotFoundException('Unable to find a ShareableObjectHandler for object of class ' . get_class($object) . '.');
}
$owner = $object->getShareOwner();
SecurityManager::getInstance()->checkPermission($object, new SharePermission(array('updatecollaborator'), $collaborator));
//prepare query array
$shareInfoQuery = array(self::SHAREINFO_KEY_OWNERID => $owner->getId(), self::SHAREINFO_KEY_SHAREABLEID => $object->getId(), self::SHAREINFO_KEY_COLLABORATORID => $collaborator->getId(), self::SHAREINFO_KEY_PERMISSIONACTIONS => $permission->getActionsAsString(), self::SHAREINFO_KEY_HANDLERCLASSNAME => $handlerClassName);
$this->getProvider()->updateShareInfo($owner, $shareInfoQuery);
// TODO: we could also add the ShareInfo object containing the old permission as a
// "related source" of the event
$event = new SharingEvent(new BasicShareInfo($owner, $object, $collaborator, $permission, $handlerClassName));
foreach ($this->listeners as $listener) {
$listener->collaboratorPermissionUpdated($event);
}
} catch (Exception $e) {
self::$Logger->warn('Unable to update collaborator ' . $collaborator->getName() . ' permissions for object of class ' . get_class($object) . '.');
if (self::$Logger->isDebugEnabled()) {
self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false));
}
throw $e;
}
}
public function checkWritePermission()
{
SecurityManager::getInstance()->checkWrite($this);
}
public function processRequest(MMapRequest $request, MMapResponse $response, AppExecutionContext $appContext = null)
{
$status = ob_get_status();
$response->getHeaders()->append('Content-type:text/javascript');
if (isset($status['name']) && $status['name'] != 'ob_gzhandler') {
ob_start("ob_gzhandler");
}
try {
MMapManager::startSession();
if (!$appContext instanceof AppExecutionContext) {
$appContext = new AppExecutionContext();
$appContext->initFromRequest($request);
}
$appDesc = $appContext->getApplicationDescriptor();
// Check if the session has expired only if the application we want to execute is not "init" nor "logout"
// FIXME: Not sure this way for checking session is the best here (maybe a flag in the metadata instead?)
if ($appDesc->getName() != 'init' && $appDesc->getName() != 'logout') {
MMapManager::checkSessionExpiration();
}
// Restore parent process if available
try {
$checknum = (int) $request->getGET('checknum');
$procFather = ProcManager::getInstance()->getProcessByChecknum($checknum);
ProcManager::getInstance()->setCurrentProcess($procFather);
// Access control is based on current user, contained in the login context of
// the current process, so we can only perform security checks when a process
// is active.
// In case no login context is defined, we can be sure that almost nothing unsafe
// will be done, because this element is required in most of the operations.
if ($procFather->getLoginContext() !== null) {
SecurityManager::getInstance()->checkExecute($appDesc);
}
} catch (EyeProcException $e) {
}
// Start process (PHP)
$this->startProcess($appContext);
// Append necessary scripts and execute JS code (actually, only append it to the $response body)
$appDesc->executeJavascript($appContext, $response);
} catch (Exception $e) {
self::$Logger->error('Uncaught exception while processing request: ' . $request);
self::$Logger->error('Exception message: ' . $e->getMessage());
if (self::$Logger->isDebugEnabled()) {
self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false));
}
// Special processing on session expiration
if ($e instanceof EyeSessionExpiredException) {
$controlMessageBodyRenderer = new ControlMessageBodyRenderer(ControlMessageBodyRenderer::TYPE_SESSION_EXPIRED);
} else {
// Remove incomplete process
$proc = $appContext->getProcess();
if ($proc instanceof Process) {
try {
ProcManager::getInstance()->kill($proc);
} catch (Exception $e) {
self::$Logger->error('Cannot kill incomplete process: ' . $proc);
self::$Logger->error('Exception message: ' . $e->getMessage());
}
}
$controlMessageBodyRenderer = new ControlMessageBodyRenderer(ControlMessageBodyRenderer::TYPE_EXCEPTION, $e);
}
// When using qx.io.ScriptLoader on the JS side, no callback proxy is available
// to intercept control messages, so we're using a little workaround here by
// calling directly eyeos._callbackProxyWithContent() with the exception summary
// in argument.
$responseContent = $controlMessageBodyRenderer->getRenderedBody();
$response->setBody('eyeos._callbackProxyWithContent(null, null, null, ' . $responseContent . ');');
}
$this->handleClientMessageQueue($response);
}
/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof EyeUserFile) {
throw new EyeInvalidArgumentException('$object must be an EyeUserFile.');
}
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($metaData, new MetaDataPermission('write', $meta, $object));
$urlParts = $object->getURLComponents();
if ($urlParts['path'] == '/') {
$filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . USERS_METAFILES_EXTENSION;
} else {
$filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . $urlParts['path'] . USERS_METAFILES_EXTENSION;
}
$dir = dirname($filepath);
if (!is_dir($dir)) {
if (!mkdir($dir, 0777, true)) {
throw new EyeIOException('Unable to create necessary directories for meta file ' . $filepath . '.');
}
}
$provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath));
$provider->storeMeta(null, $metaData);
}
/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof EyeosUser) {
throw new EyeInvalidArgumentException('$object must be an EyeosUser.');
}
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($meta, new MetaDataPermission('write', $metaData, $object));
$filepath = $this->getUserSettingsPath($object);
$dir = dirname($filepath);
if (!is_dir($dir)) {
if (!mkdir($dir, 0777, true)) {
throw new EyeIOException('Unable to create necessary directories for meta file ' . $filepath . '.');
}
}
$provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath, SimpleXMLMetaProvider::PARAM_FORMATOUTPUT => true));
$provider->storeMeta(null, $metaData);
}
private function updateUserWorkgroupAssignation_private(IUserWorkgroupAssignation $assignation)
{
SecurityManager::getInstance()->checkPermission($assignation, new SimplePermission('', array('update')));
try {
$this->eyeosDAO->update($assignation);
} catch (Exception $e) {
//{
//TODO: rollback
//}
throw new EyeUMException('Unable to update user/workgroup assignation between user ID "' . $assignation->getUserId() . '" and workgroup ID "' . $assignation->getWorkgroupId() . '".', 0, $e);
}
}
public function checkConnectPermission()
{
SecurityManager::getInstance()->checkConnect($this);
}
/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof SecurityManager) {
throw new EyeInvalidArgumentException('$object must be an SecurityManager');
}
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($meta, new MetaDataPermission('write', $metaData, $object));
$filepath = SYSTEM_META_CONFIGURATION_PATH . 'system.xml';
$provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath, SimpleXMLMetaProvider::PARAM_FORMATOUTPUT => true));
$meta = $provider->storeMeta(null, $metaData);
}
public function updateTag(ITag $tag, ITag $newTag)
{
SecurityManager::getInstance()->checkPermission($tag, new SimplePermission(null, array('update')));
try {
$this->getProvider()->updateTag($tag, $newTag);
} catch (Exception $e) {
self::$Logger->error('Unable to update tag "' . $tag . '": ' . $e->getMessage());
if (self::$Logger->isDebugEnabled()) {
self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false));
}
throw $e;
}
}
public function deleteAllGroupEvents($event, $groupId)
{
$this->setCalendarId($event->getCalendarId());
SecurityManager::getInstance()->checkDelete($event);
$this->getProvider()->deleteAllGroupEvents($groupId);
}
/**
* Kill a process, and remove it from the process table.
*
* @param Process $proc the process to be killed, the attribute <b>pid</b> should be filled with the process pid to kill
* @throws EyeInvalidArgumentException If the arguments are incorrect
* @throws EyeProcException If there is no such process with the given pid
*/
public function kill(Process $proc)
{
try {
$processTable = $this->getProcessesTable();
$pid = $proc->getPid();
if (!isset($processTable[$pid])) {
throw new EyeProcException('Process $proc with PID ' . $pid . ' not found.');
}
SecurityManager::getInstance()->checkPermission($proc, new SimplePermission('', array('kill')));
unset($processTable[$pid]);
Kernel::enterSystemMode();
$this->memoryManager->set('processTable', $processTable);
Kernel::exitSystemMode();
if ($this->currentProcess->getPid() == $pid) {
$this->currentProcess = null;
}
$this->logger->debug('Process killed: ' . $proc);
$this->fireEvent('processKilled', new ProcEvent($proc));
} catch (Exception $e) {
$this->logger->warn('Error killing process: ' . $proc . ' (' . $e->getMessage() . ')');
if ($this->logger->isDebugEnabled()) {
$this->logger->debug(ExceptionStackUtil::getStackTrace($e, false));
}
throw $e;
}
}
