public function authenticate() { $container = \Innomatic\Core\InnomaticContainer::instance('\\Innomatic\\Core\\InnomaticContainer'); $session = \Innomatic\Desktop\Controller\DesktopFrontController::instance('\\Innomatic\\Desktop\\Controller\\DesktopFrontController')->session; if (isset(\Innomatic\Wui\Wui::instance('\\Innomatic\\Wui\\Wui')->parameters['wui']['login'])) { $loginDispatcher = new \Innomatic\Wui\Dispatch\WuiDispatcher('login'); $loginDispatcher->addEvent('logout', '\\Innomatic\\Desktop\\Auth\\tenant_login_logout'); $loginDispatcher->addEvent('login', '\\Innomatic\\Desktop\\Auth\\tenant_login_login'); $loginDispatcher->Dispatch(); } if ($container->getConfig()->value('SecurityOnlyHttpsDomainAccessAllowed') == '1') { if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { self::doAuth(true, 'only_https_allowed'); } } // Check if the session is valid if (!\Innomatic\Desktop\Controller\DesktopFrontController::instance('\\Innomatic\\Desktop\\Controller\\DesktopFrontController')->session->isValid('INNOMATIC_AUTH_USER')) { self::doAuth(); } $domainsquery = $container->getDataAccess()->execute('SELECT id FROM domains WHERE domainid=' . $container->getDataAccess()->formatText(\Innomatic\Domain\User\User::extractDomainID($session->get('INNOMATIC_AUTH_USER')))); if ($domainsquery->getNumberRows() == 0) { self::doAuth(); } else { $domainsquery->free(); $container->startDomain(\Innomatic\Domain\User\User::extractDomainID($session->get('INNOMATIC_AUTH_USER')), $session->get('INNOMATIC_AUTH_USER')); } // Check if the user still exists $user = new \Domain\User\User($container->getCurrentDomain()->domaindata['id'], \Domain\User\User::getUserIdByUsername($session->get('INNOMATIC_AUTH_USER'))); if (!$user->exists()) { // User no more exists; remove the session key and redo auth \Innomatic\Desktop\Controller\DesktopFrontController::instance('\\Innomatic\\Desktop\\Controller\\DesktopFrontController')->session->remove('INNOMATIC_AUTH_USER'); $container->stopDomain(); self::doAuth(); } // Check if the user is enabled if (!$user->isEnabled()) { $container->stopDomain(); self::doAuth(true, 'userdisabled'); } if ($session->isValid('domain_login_attempts')) { $session->remove('domain_login_attempts'); } // Check if the domain is enabled // if ($container->getCurrentDomain()->domaindata['domainactive'] != $container->getDataAccess()->fmttrue) { self::doAuth(true, 'domaindisabled'); } return true; }
/** * Unassigns a user to the role. * * @param int $user User identifier number. * @return boolean True if the user has been successfully unassigned to the role. */ public function unassignUser($user) { if (!is_int($this->id)) { return false; } $user = new User(InnomaticContainer::instance('\\Innomatic\\Core\\InnomaticContainer')->getCurrentDomain()->domainserial, $user); return $user->unassignRole($this->id); }
public function removeGroup($deleteuserstoo) { $result = false; $hook = new \Innomatic\Process\Hook($this->mrRootDb, 'innomatic', 'domain.group.remove'); if ($hook->callHooks('calltime', $this, array('domainserial' => $this->domainserial, 'groupid' => $this->groupid)) == \Innomatic\Process\Hook::RESULT_OK) { if ($this->groupid != 0) { if ($this->mrDomainDA->execute('DELETE FROM domain_users_groups WHERE id=' . (int) $this->groupid)) { // Check if we must delete users in this group if ($deleteuserstoo == true) { $usersquery = $this->mrDomainDA->execute('SELECT id FROM domain_users WHERE AND groupid=' . (int) $this->groupid); $numusers = $usersquery->getNumberRows(); if ($numusers > 0) { // Remove users in this group while (!$usersquery->eof) { $usdata = $usersquery->getFields(); $tmpuser = new User($this->domainserial, $usdata['id']); $tmpuser->remove(); $usersquery->moveNext(); //delete $tmpuser; } } } else { $this->mrDomainDA->execute("UPDATE domain_users SET groupid = '0' WHERE groupid=" . $this->groupid); } if ($hook->callHooks('groupremoved', $this, array('domainserial' => $this->domainserial, 'groupid' => $this->groupid)) != \Innomatic\Process\Hook::RESULT_OK) { $result = false; } $this->groupid = 0; } } else { $log = $this->container->getLogger(); $log->logEvent('innomatic.users.group.removegroup', "Attempted to call a member of an object that doesn't refer to any group", \Innomatic\Logging\Logger::ERROR); } } return $result; }
/** * Starts a tenant. * * @param string $tenantId Tenant identifier name. * @param string $userId User identifier name. * @access public * @return boolean True if the tenant has been started. */ public function startTenant($tenantId, $userId = '') { $result = false; $this->setMode(\Innomatic\Core\InnomaticContainer::MODE_DOMAIN); if (is_object($this->currentTenant) or $this->tenantStarted) { // A domain has been already started return false; } $this->currentTenant = new \Innomatic\Domain\Domain($this->rootDb, $tenantId, null); if ($this->currentTenant->isValid()) { // Check if domain is active // if ($this->getInterface() != \Innomatic\Core\InnomaticContainer::INTERFACE_WEB and $this->currentTenant->domaindata['domainactive'] == $this->rootDb->fmtfalse) { $this->abort('Domain disabled'); } if (!$this->currentTenant->getDataAccess()->isConnected()) { $adloc = new \Innomatic\Locale\LocaleCatalog('innomatic::authentication', $this->language); $this->abort($adloc->getStr('nodb')); } // Adds override classes folder to the include path. set_include_path($this->home . 'core/domains/' . $this->currentTenant->getDomainId() . '/overrides/classes/' . PATH_SEPARATOR . get_include_path()); // User // // TODO check in single tenant edition if the admin@domainid part is ok // $admin_username = '******' // .(\Innomatic\Core\InnomaticContainer::instance( // '\Innomatic\Core\InnomaticContainer' // )->getEdition() == \Innomatic\Core\InnomaticContainer::EDITION_MULTITENANT ? '@'.$domain // : ''); $this->currentUser = new \Innomatic\Domain\User\User($this->currentTenant->domainserial, \Innomatic\Domain\User\User::getUserIdByUsername(strlen($userId) ? $userId : 'admin@' . $tenantId)); $result = true; } $this->tenantStarted = $result; return $result; }
public function viewAccessDomain($eventData) { $innomaticCore = \Innomatic\Core\InnomaticContainer::instance('\\Innomatic\\Core\\InnomaticContainer'); $domainquery = $innomaticCore->getDataAccess()->execute('SELECT domainid FROM domains WHERE id=' . $eventData['domainid']); DesktopFrontController::instance('\\Innomatic\\Desktop\\Controller\\DesktopFrontController')->session->put('INNOMATIC_AUTH_USER', \Innomatic\Domain\User\User::getAdminUsername($domainquery->getFields('domainid'))); \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getProcessor()->getResponse()->addHeader('Location', $innomaticCore->getBaseUrl() . '/'); }
public function checkPermission($groupId = '', $userId = '') { $result = false; $type = $this->getType(); $summaries = $this->innoworkContainer->getSummaries(); switch ($type) { case InnoworkAcl::TYPE_PUBLIC: $result = InnoworkAcl::PERMS_ALL; break; case InnoworkAcl::TYPE_PRIVATE: if (!$userId) { return InnoworkAcl::PERMS_NONE; } $tmp_user = new \Innomatic\Domain\User\User($this->container->getCurrentDomain()->domaindata['id'], $userId); if (\Innomatic\Domain\User\User::isAdminUser($tmp_user->getUserName(), $this->container->getCurrentDomain()->getDomainId()) or $tmp_user->hasPermission('view_all_' . $summaries[$this->mItemType]['typeplural'])) { $result = InnoworkAcl::PERMS_ALL; } else { // Always NONE because the file owner should not issue the // checkPermission() method call. $result = InnoworkAcl::PERMS_NONE; } break; case InnoworkAcl::TYPE_ACL: if (strlen($groupId) xor strlen($userId)) { $result = InnoworkAcl::PERMS_NONE; $goon = true; if ($userId) { $tmp_user = new \Innomatic\Domain\User\User($this->container->getCurrentDomain()->domaindata['id'], $userId); if (\Innomatic\Domain\User\User::isAdminUser($tmp_user->getUserName(), $this->container->getCurrentDomain()->getDomainId()) or $tmp_user->hasPermission('view_all_' . $summaries[$this->mItemType]['typeplural'])) { return InnoworkAcl::PERMS_ALL; } if (!isset($GLOBALS['innowork-core']['acl-checkperm'][$userId]['groupid'])) { $groupId = $GLOBALS['innowork-core']['acl-checkperm'][$userId]['groupid'] = $tmp_user->GetGroup(); } else { $groupId = $GLOBALS['innowork-core']['acl-checkperm'][$userId]['groupid']; } if (isset($GLOBALS['innowork-core']['acl-checkperm'][$userId][$this->mItemType][$this->mItemId]['rights_rows'])) { $tmp_num_rows = $GLOBALS['innowork-core']['acl-checkperm'][$userId][$this->mItemType][$this->mItemId]['rights_rows']; $tmp_rights = $GLOBALS['innowork-core']['acl-checkperm'][$userId][$this->mItemType][$this->mItemId]['rights']; } else { $user_query = $this->domainDA->execute('SELECT rights' . ' FROM innowork_core_acls' . ' WHERE userid=' . $userId . ' AND itemid=' . $this->mItemId . ' AND itemtype=' . $this->domainDA->formatText($this->mItemType)); $tmp_num_rows = $user_query->getNumberRows(); $tmp_rights = $user_query->getFields('rights'); $GLOBALS['innowork-core']['acl-checkperm'][$userId][$this->mItemType][$this->mItemId]['rights_rows'] = $tmp_num_rows; $GLOBALS['innowork-core']['acl-checkperm'][$userId][$this->mItemType][$this->mItemId]['rights'] = $tmp_rights; } if ($tmp_num_rows) { $goon = false; $result = $tmp_rights; } else { if (isset($GLOBALS['innowork-core']['acl-checkperm'][$userId]['groupid'])) { $groupId = $GLOBALS['innowork-core']['acl-checkperm'][$userId]['groupid']; } else { // Check the user group rights // $group_query = $this->domainDA->execute('SELECT groupid' . ' FROM domain_users' . ' WHERE id=' . $userId); $groupId = $group_query->getFields('groupid'); $GLOBALS['innowork-core']['acl-checkperm'][$userId]['groupid'] = $groupId; $group_query->Free(); } } if (isset($user_query)) { $user_query->free(); } } if ($goon) { if ($groupId != '0') { $group_query = $this->domainDA->execute('SELECT rights' . ' FROM innowork_core_acls' . ' WHERE groupid=' . $groupId . ' AND itemid=' . $this->mItemId . ' AND itemtype=' . $this->domainDA->formatText($this->mItemType)); if ($group_query->getNumberRows()) { $result = $group_query->getFields('rights'); } $group_query->Free(); } else { $result = InnoworkAcl::PERMS_NONE; } } //$result = true; } } return $result; }