/**
* Determines if the database is searchable by user
*
* @param Xerxes_Data_Database $db
* @param Xerxes_Framework_Request $objRequest Xerxes request object
* @param Xerxes_Framework_Registry $objRegistry Xerxes registry object
* @return unknown
*/
public static function dbSearchableForUser(Xerxes_Data_Database $db, $objRequest, $objRegistry)
{
$allowed = "";
if ($db->searchable != 1) {
//nobody can search it!
$allowed = false;
} elseif ($db->guest_access != "") {
//anyone can search it!
$allowed = true;
} elseif (count($db->group_restrictions) > 0) {
// they have to be authenticated, and in a group that is included
// in the restrictions, or in an ip address associated with a
// restricted group.
$allowed = Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) && array_intersect($_SESSION["user_groups"], $db->group_restrictions);
if (!$allowed) {
// not by virtue of a login, but now check for ip address
$ranges = array();
foreach ($db->get("group_restrictions") as $group) {
$ranges[] = $objRegistry->getGroupLocalIpRanges($group);
}
$allowed = Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), implode(",", $ranges));
}
} else {
// ordinary generally restricted resource. they need to be
// an authenticated user, or in the local ip range.
if (Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) || Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), $objRegistry->getConfig("LOCAL_IP_RANGE"))) {
$allowed = true;
}
}
return $allowed;
}
/**
* Do something with uncaught errors
*/
public static function handle($e, Xerxes_Framework_Request $objRequest, Xerxes_Framework_Registry $objRegistry)
{
if ($objRegistry->getConfig("DISPLAY_ERRORS", false, false)) {
throw $e;
}
// flag certain exception types for special handling in the xslt
$strErrorType = get_class($e);
// might be a sub-class, reset so view will catch.
if ($e instanceof PDOException) {
$strErrorType = "PDOException";
}
// if this is the command line, just rethrow the error so we can see it; might
// make this a little better formatted in the future
if ($objRequest->isCommandLine()) {
throw $e;
} else {
// translate heading and message
$labels = Xerxes_Framework_Labels::getInstance();
if ($e instanceof Xerxes_Exception) {
$heading = $e->heading();
} else {
$heading = "text_error";
}
$heading = $labels->getLabel($heading);
$message = $labels->getLabel($e->getMessage());
// first output to apache error log
error_log("Xerxes error: " . $message . ": " . $e->getTraceAsString());
//set proper http response code
$resultStatus = 500;
if ($e instanceof Xerxes_Exception_AccessDenied) {
$resultStatus = 403;
} else {
if ($e instanceof Xerxes_Exception_NotFound) {
$resultStatus = 404;
}
}
header(' ', true, $resultStatus);
// send back http status as internal server error or other specified status
// for the web, we'll convert the error message to xml along with the type
// of exception and hand display off to the error.xsl file
$objError = new DOMDocument();
$objError->loadXML("<error />");
$objMessage = $objError->createElement("message", $message);
$objMessage->setAttribute("type", $strErrorType);
$objError->documentElement->appendChild($objMessage);
$objHeading = $objError->createElement("heading", $heading);
$objError->documentElement->appendChild($objHeading);
// make sure we're showing the main error file
$objRegistry->setConfig("XSL_PARENT_DIRECTORY", null);
// set the base url for the error.xsl file's benefit; don't want to assume that
// the earlier code to this effect was executed before an exception, so this is redundant
$base_path = $objRegistry->getConfig('BASE_WEB_PATH', false, "");
$this_server_name = $objRequest->getServer('SERVER_NAME');
// check for a non-standard port
$port = $objRequest->getServer('SERVER_PORT');
if ($port == 80 || $port == 443) {
$port = "";
} else {
$port = ":" . $port;
}
$protocol = "http://";
if ($objRequest->getServer("HTTPS")) {
$protocol = "https://";
}
$web = $protocol . $this_server_name . $port . $base_path;
$objBaseURL = $objError->createElement("base_url", $web);
$objError->documentElement->appendChild($objBaseURL);
// if it's a db denied exception, include info on dbs.
if ($e instanceof Xerxes_Exception_DatabasesDenied) {
$excluded_xml = $objError->createElement("excluded_dbs");
$objError->documentElement->appendChild($excluded_xml);
foreach ($e->deniedDatabases() as $db) {
$element = Xerxes_Helper::databaseToNodeset($db, $objRequest, $objRegistry);
$element = $objError->importNode($element, true);
$excluded_xml->appendChild($element);
}
}
// add in the request object's stuff
$request_xml = $objRequest->toXML();
$imported = $objError->importNode($request_xml->documentElement, true);
foreach ($imported->childNodes as $childNode) {
$objError->documentElement->appendChild($childNode);
}
if ($objRequest->getProperty("format") == "xerxes") {
header('Content-type: text/xml');
echo $objError->saveXML();
} else {
// display it to the user. Transform will pick up local
// xsl for error page too, great.
echo Xerxes_Framework_Parser::transform($objError, "xsl/error.xsl");
}
}
// need to incorporate methods for doing additional actions based on the type
// of error -- probably a config option
}
