コード例 #1
0
ファイル: common.php プロジェクト: mweyamutsvene/testlink
/**
 *
 */
function setUpEnvForAnonymousAccess(&$dbHandler, $apikey, $rightsCheck = null, $opt = null)
{
    $my = array('opt' => array('setPaths' => false, 'clearSession' => false));
    $my['opt'] = array_merge($my['opt'], (array) $opt);
    if ($my['opt']['clearSession']) {
        $_SESSION = null;
    }
    doSessionStart($my['opt']['setPaths']);
    if (isset($_SESSION['locale']) && !is_null($_SESSION['locale'])) {
        setDateTimeFormats($_SESSION['locale']);
    }
    doDBConnect($dbHandler);
    // @since 1.9.14
    $checkMode = 'paranoic';
    if (property_exists($rightsCheck->args, 'envCheckMode')) {
        $checkMode = $rightsCheck->args->envCheckMode;
    }
    switch ($checkMode) {
        case 'hippie':
            $tk = array('testplan', 'testproject');
            break;
        default:
            $tk[] = intval($rightsCheck->args->tplan_id) != 0 ? 'testplan' : 'testproject';
            break;
    }
    foreach ($tk as $ak) {
        $item = getEntityByAPIKey($dbHandler, $apikey, $ak);
        if (!is_null($item)) {
            break;
        }
    }
    $status_ok = false;
    if (!is_null($item)) {
        $_SESSION['lastActivity'] = time();
        $userObj = new tlUser();
        $_SESSION['currentUser'] = $userObj;
        $_SESSION['userID'] = -1;
        $_SESSION['locale'] = config_get('default_language');
        // if user do this:
        // 1. login to test link
        // 2. get direct link and open in new tab or new window while still logged
        // 3. logout
        // If user refresh tab / window open on (2), because on (3) we destroyed
        // session we have loose basehref, and we are not able to recreate it.
        // Without basehref we are not able to get CSS, JS, etc.
        // In this situation we destroy session, this way user is forced to login
        // again in one of two ways
        // a. using the direct link
        // b. using traditional login
        // In both way we assure that behaivour will be OK.
        //
        if (!isset($_SESSION['basehref'])) {
            // echo $rightsCheck->redirect_target;
            session_unset();
            session_destroy();
            if (property_exists($rightsCheck, 'redirect_target') && !is_null($rightsCheck->redirect_target)) {
                redirect($rightsCheck->redirect_target);
            } else {
                // best guess for all features that live on ./lib/results/
                redirect("../../login.php?note=logout");
            }
            exit;
        }
        if (!is_null($rightsCheck->method)) {
            checkUserRightsFor($dbHandler, $rightsCheck->method, true);
        }
        $status_ok = true;
    }
    return $status_ok;
}
コード例 #2
0
     //   test specifications
     //
     // - test plan api key:
     //   is needed to get attacments for:
     //   test case executions
     //   test specifications  ( access to parent data - OK!)
     //
     // What kind of attachments I've got ?
     $doIt = false;
     $attContext = $attachmentInfo['fk_table'];
     switch ($attContext) {
         case 'executions':
             // check apikey
             // 1. has to be a test plan key
             // 2. execution must belong to the test plan.
             $item = getEntityByAPIKey($db, $args->apikey, 'testplan');
             if (!is_null($item)) {
                 $tables = tlObjectWithDB::getDBTables(array('executions'));
                 $sql = "SELECT testplan_id FROM {$tables['executions']} " . "WHERE id = " . intval($attachmentInfo['fk_id']);
                 $rs = $db->get_recordset($sql);
                 if (!is_null($rs)) {
                     if ($rs['0']['testplan_id'] == $item['id']) {
                         // GOOD !
                         $doIt = true;
                     }
                 }
             }
             break;
     }
     break;
 case 'GUI':