Esempio n. 1
0
  public function delete_user($id) {
    access::verify_csrf();

    if ($id == user::active()->id || $id == user::guest()->id) {
      access::forbidden();
    }

    $user = ORM::factory("user", $id);
    if (!$user->loaded) {
      kohana::show_404();
    }

    $form = user::get_delete_form_admin($user);
    if($form->validate()) {
      $name = $user->name;
      $user->delete();
    } else {
      print json_encode(array("result" => "error",
                              "form" => $form->__toString()));
    }

    $message = t("Deleted user %user_name", array("user_name" => p::clean($name)));
    log::success("user", $message);
    message::success($message);
    print json_encode(array("result" => "success"));
  }
Esempio n. 2
0
 public function create_comment_for_guest_test()
 {
     $rand = rand();
     $root = ORM::factory("item", 1);
     $comment = comment::create($root, user::guest(), "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}");
     $this->assert_equal("name_{$rand}", $comment->author_name());
     $this->assert_equal("email_{$rand}", $comment->author_email());
     $this->assert_equal("url_{$rand}", $comment->author_url());
     $this->assert_equal("text_{$rand}", $comment->text);
     $this->assert_equal(1, $comment->item_id);
     $this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr);
     $this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent);
     $this->assert_equal("HTTP_ACCEPT", $comment->server_http_accept);
     $this->assert_equal("HTTP_ACCEPT_CHARSET", $comment->server_http_accept_charset);
     $this->assert_equal("HTTP_ACCEPT_ENCODING", $comment->server_http_accept_encoding);
     $this->assert_equal("HTTP_ACCEPT_LANGUAGE", $comment->server_http_accept_language);
     $this->assert_equal("HTTP_CONNECTION", $comment->server_http_connection);
     $this->assert_equal("HTTP_HOST", $comment->server_http_host);
     $this->assert_equal("HTTP_REFERER", $comment->server_http_referer);
     $this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent);
     $this->assert_equal("QUERY_STRING", $comment->server_query_string);
     $this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr);
     $this->assert_equal("REMOTE_HOST", $comment->server_remote_host);
     $this->assert_equal("REMOTE_PORT", $comment->server_remote_port);
     $this->assert_true(!empty($comment->created));
 }
Esempio n. 3
0
 public function deleting_an_item_deletes_its_comments_too_test()
 {
     $rand = rand();
     $album = album::create(ORM::factory("item", 1), "test_{$rand}", "test_{$rand}");
     $comment = comment::create($album, user::guest(), "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}");
     $album->delete();
     $deleted_comment = ORM::factory("comment", $comment->id);
     $this->assert_false($deleted_comment->loaded);
 }
Esempio n. 4
0
 /**
  * Return the active user.  If there's no active user, return the guest user.
  *
  * @return User_Model
  */
 static function active()
 {
     // @todo (maybe) cache this object so we're not always doing session lookups.
     $user = Session::instance()->get("user", null);
     if (!isset($user)) {
         // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
         // work.
         $user = user::guest();
     }
     return $user;
 }
Esempio n. 5
0
 public function viewable_test()
 {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $item = self::_create_random_item($album);
     user::set_active(user::guest());
     // We can see the item when permissions are granted
     access::allow(group::everybody(), "view", $album);
     $this->assert_equal(1, ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
     // We can't see the item when permissions are denied
     access::deny(group::everybody(), "view", $album);
     $this->assert_equal(0, ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
 }
Esempio n. 6
0
 public function cant_view_comments_for_unviewable_items_test()
 {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $comment = comment::create($album, user::guest(), "text", "name", "email", "url");
     user::set_active(user::guest());
     // We can see the comment when permissions are granted on the album
     access::allow(group::everybody(), "view", $album);
     $this->assert_equal(1, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
     // We can't see the comment when permissions are denied on the album
     access::deny(group::everybody(), "view", $album);
     $this->assert_equal(0, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
 }
Esempio n. 7
0
 public function setup()
 {
     Input::instance()->ip_address = "1.1.1.1";
     Kohana::$user_agent = "Akismet_Helper_Test";
     $root = ORM::factory("item", 1);
     $this->_comment = comment::create($root, user::guest(), "This is a comment", "John Doe", "*****@*****.**", "http://gallery2.org");
     foreach ($this->_comment->list_fields("comments") as $name => $field) {
         if (strpos($name, "server_") === 0) {
             $this->_comment->{$name} = substr($name, strlen("server_"));
         }
     }
     $this->_comment->save();
     module::set_var("akismet", "api_key", "TEST_KEY");
 }
 public function delete_postage_band($id)
 {
     access::verify_csrf();
     if ($id == user::active()->id || $id == user::guest()->id) {
         access::forbidden();
     }
     $postage = ORM::factory("postage_band", $id);
     if (!$postage->loaded()) {
         throw new Kohana_404_Exception();
     }
     $form = postage_band::get_delete_form_admin($postage);
     if ($form->validate()) {
         $name = $postage->name;
         $postage->delete();
     } else {
         json::reply(array("result" => "error", "html" => (string) $form));
     }
     $message = t("Deleted user %postage_band", array("postage_band" => html::clean($name)));
     log::success("user", $message);
     message::success($message);
     json::reply(array("result" => "success"));
 }
 public function delete_product($id)
 {
     access::verify_csrf();
     if ($id == user::active()->id || $id == user::guest()->id) {
         access::forbidden();
     }
     $product = ORM::factory("product", $id);
     if (!$product->loaded()) {
         throw new Kohana_404_Exception();
     }
     $form = product::get_delete_form_admin($product);
     if ($form->validate()) {
         $name = $product->name;
         $product->delete();
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
     $message = t("Deleted user %product_name", array("product_name" => html::clean($name)));
     log::success("user", $message);
     message::success($message);
     print json_encode(array("result" => "success"));
 }
Esempio n. 10
0
 public function delete_user($id)
 {
     access::verify_csrf();
     if ($id == identity::active_user()->id || $id == user::guest()->id) {
         access::forbidden();
     }
     $user = user::lookup($id);
     if (empty($user)) {
         kohana::show_404();
     }
     $form = $this->_get_user_delete_form_admin($user);
     if ($form->validate()) {
         $name = $user->name;
         $user->delete();
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
     $message = t("Deleted user %user_name", array("user_name" => $name));
     log::success("user", $message);
     message::success($message);
     print json_encode(array("result" => "success"));
 }
Esempio n. 11
0
 /**
  * Import a single user.
  */
 static function import_user(&$queue)
 {
     $g2_user_id = array_shift($queue);
     if (self::map($g2_user_id)) {
         return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
     }
     if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
         self::set_map($g2_user_id, user::guest()->id);
         return t("Skipping Anonymous User");
     }
     $g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
     try {
         $g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
     } catch (Exception $e) {
         return t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => $e->__toString()));
     }
     $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
     try {
         $user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
         $message = t("Created user: '******'.", array("name" => $user->name));
     } catch (Exception $e) {
         // @todo For now we assume this is a "duplicate user" exception
         $user = user::lookup_by_name($g2_user->getUsername());
         $message = t("Loaded existing user: '******'.", array("name" => $user->name));
     }
     $user->hashed_password = $g2_user->getHashedPassword();
     $user->email = $g2_user->getEmail();
     $user->locale = $g2_user->getLanguage();
     foreach ($g2_groups as $g2_group_id => $g2_group_name) {
         if ($g2_group_id == $g2_admin_group_id) {
             $user->admin = true;
             $message .= t("\n\tAdded 'admin' flag to user");
         } else {
             $group = ORM::factory("group", self::map($g2_group_id));
             $user->add($group);
             $message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name));
         }
     }
     $user->save();
     self::set_map($g2_user->getId(), $user->id);
     return $message;
 }
Esempio n. 12
0
 /**
  * Import a single user.
  */
 static function import_user(&$queue)
 {
     $g2_user_id = array_shift($queue);
     if (self::map($g2_user_id)) {
         return;
     }
     if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
         self::set_map($g2_user_id, user::guest()->id);
         return;
     }
     $g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
     try {
         $g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
     } catch (Exception $e) {
         g2_import::log(t("Failed to import Gallery 2 user with id: %id", array("id" => $g2_user_id)));
         return;
     }
     $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
     try {
         $user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
     } catch (Exception $e) {
         // @todo For now we assume this is a "duplicate user" exception
         $user = user::lookup_by_name($g2_user->getUsername());
     }
     $user->hashed_password = $g2_user->getHashedPassword();
     $user->email = $g2_user->getEmail();
     $user->locale = $g2_user->getLanguage();
     foreach ($g2_groups as $g2_group_id => $g2_group_name) {
         if ($g2_group_id == $g2_admin_group_id) {
             $user->admin = true;
         } else {
             $user->add(ORM::factory("group", self::map($g2_group_id)));
         }
     }
     $user->save();
     self::set_map($g2_user->getId(), $user->id);
 }
Esempio n. 13
0
 public function setup()
 {
     user::set_active(user::guest());
 }
Esempio n. 14
0
 /**
  * @see IdentityProvider_Driver::guest.
  */
 public function guest()
 {
     return user::guest();
 }
Esempio n. 15
0
 /**
  * Make sure that we have a session and group_ids cached in the session.
  */
 static function load_user()
 {
     $session = Session::instance();
     if (!($user = $session->get("user"))) {
         $session->set("user", $user = user::guest());
     }
     // The installer cannot set a user into the session, so it just sets an id which we should
     // upconvert into a user.
     if ($user === 2) {
         $user = model_cache::get("user", 2);
         $session->set("user", $user);
     }
     if (!$session->get("group_ids")) {
         $ids = array();
         foreach ($user->groups as $group) {
             $ids[] = $group->id;
         }
         $session->set("group_ids", $ids);
     }
 }
Esempio n. 16
0
 public function delete_user($id)
 {
     access::verify_csrf();
     if ($id == identity::active_user()->id || $id == user::guest()->id) {
         access::forbidden();
     }
     $user = user::lookup($id);
     if (empty($user)) {
         throw new Kohana_404_Exception();
     }
     $form = $this->_get_user_delete_form_admin($user);
     if ($form->validate()) {
         $name = $user->name;
         $user->delete();
     } else {
         json::reply(array("result" => "error", "html" => (string) $form));
     }
     $message = t("Deleted user %user_name", array("user_name" => $name));
     log::success("user", $message);
     message::success($message);
     json::reply(array("result" => "success"));
 }
Esempio n. 17
0
 /**
  * Make sure that we have a session and group_ids cached in the session.
  */
 static function load_user()
 {
     // This is one of the first session operations that we'll do, so it may fail if there's no
     // install yet.  Try to handle this situation gracefully expecting that the scaffolding will
     // Do The Right Thing.
     //
     // @todo get rid of this extra error checking when we have an installer.
     try {
         $session = Session::instance();
     } catch (Exception $e) {
         return;
     }
     if (!($user = $session->get("user"))) {
         $session->set("user", $user = user::guest());
     }
     if (!$session->get("group_ids")) {
         $ids = array();
         foreach ($user->groups as $group) {
             $ids[] = $group->id;
         }
         $session->set("group_ids", $ids);
     }
 }