/**
* Resets admin rights on a collection.
*
* @param \ACL $acl
* @param \collection $collection
*/
private function doResetRightsOnCollection(\ACL $acl, \collection $collection)
{
$baseId = $collection->get_base_id();
$acl->set_limits($baseId, false);
$acl->remove_quotas_on_base($baseId);
$acl->set_masks_on_base($baseId, '0', '0', '0', '0');
$acl->update_rights_to_base($baseId, ['canputinalbum' => '1', 'candwnldhd' => '1', 'candwnldsubdef' => '1', 'nowatermark' => '1', 'candwnldpreview' => '1', 'cancmd' => '1', 'canadmin' => '1', 'canreport' => '1', 'canpush' => '1', 'creationdate' => '1', 'canaddrecord' => '1', 'canmodifrecord' => '1', 'candeleterecord' => '1', 'chgstatus' => '1', 'imgtools' => '1', 'manage' => '1', 'modify_struct' => '1', 'bas_modify_struct' => '1']);
}
protected function getACL()
{
$acl = new ACL();
$logger = new \Monolog\Logger('ACL');
$logger->pushHandler(new \Monolog\Handler\SyslogHandler('ACL Tests'));
$acl->setLogger($logger);
return $acl;
}
function test_join_test()
{
ACL::add('dummy', 'blog:posts', 'add');
$acl = new ACL();
$this->assertTrue($acl->grant('dummy', 'blog:posts', 'add'));
$this->assertFalse($acl->grant('dummy', 'blog:posts', 'edit'));
ACL::remove('dummy', 'blog:posts', 'add');
$this->assertFalse($acl->grant('dummy', 'blog:posts', 'add'));
}
function signup_form($data)
{
$user = new User();
if ($data) {
foreach ($data as $key => $value) {
$field_name = ucwords(str_replace('_', ' ', $key));
switch ($key) {
case 'first_name':
case 'last_name':
case 'username':
if (trim($value) == '') {
$error[] = 'Field ' . $field_name . ' is required!';
}
break;
case 'email':
if (!filter_var($value, FILTER_VALIDATE_EMAIL)) {
$error[] = 'Invalid format for ' . $field_name . ', please insert a valid email!';
}
break;
}
}
// Verify Username
$user->byUsername($data['username']);
if ($data['username'] = $user->username) {
$error[] = 'Username already taken. Please select another one.';
}
if ($data['password'] != $data['password2']) {
$error[] = 'Password does not match.';
}
// Adding values
if ($data['password']) {
$user->password = $data['password'];
$gen_pass = false;
} else {
$gen_pass = true;
}
if (!$error) {
$res = $user->create(false, $gen_pass, $data);
if ($res) {
session_start();
$ACL = new ACL();
$ACL->username = $res->username;
$ACL->password = $res->temp_password;
$ACL->login();
header("Location: /dashboard.php");
} else {
$error[] = 'Ops, We could not create the user at this time. Try again later.';
}
}
}
global $twig;
// Twig Base
$template = $twig->loadTemplate('signup-content.html');
$template->display(array('project_title' => TITLE, 'path_to_theme' => '../../' . THEME_PATH, 'company' => NATURAL_COMPANY, 'page' => 'signup', 'data' => $data, 'errors' => $error));
}
private function processAclRequest()
{
$dom = $this->xmlDom;
$headerNode = $dom->getElementsByTagName('SIF_Header')->item(0);
$originalMsgId = $headerNode->getElementsByTagName('SIF_MsgId')->item(0)->nodeValue;
$originalSourceId = $headerNode->getElementsByTagName('SIF_SourceId')->item(0)->nodeValue;
$acl = new ACL($dom);
$timestamp = Utility::createTimestamp();
$msgId = Utility::createMessageId();
XmlHelper::buildSuccessMessage($msgId, $timestamp, $originalSourceId, $originalMsgId, 0, $originalMsg = $acl->BuildACL(), $desc = null);
}
/**
* Returns all the feeds a user can access.
*
* @return \Doctrine\Common\Collections\Collection
*/
public function getAllForUser(\ACL $userACL)
{
$base_ids = array_keys($userACL->get_granted_base());
$qb = $this->createQueryBuilder('f');
$qb->where($qb->expr()->isNull('f.baseId'))->orWhere('f.public = true');
if (count($base_ids) > 0) {
$qb->orWhere($qb->expr()->in('f.baseId', $base_ids));
}
$qb->orderBy('f.updatedOn', 'DESC');
return $qb->getQuery()->getResult();
}
public function permissions()
{
$this->form_validation->set_rules('resource', 'resource', 'required');
return Validation::validate($this, 'user', 'read', function ($token, $output) {
$resource = $this->input->post('resource');
$acl = new ACL();
$permissions = $acl->userPermissions($token->id, $resource);
$output['status'] = true;
$output['resource'] = $resource;
$output['permissions'] = $permissions;
return $output;
});
}
/**
* @param MvcEvent $e
*/
public function checkAcl(MvcEvent $e)
{
$route = $e->getRouteMatch();
$controller = $route->getParam('controller');
$action = $route->getParam('action');
if (!$this->acl->isAllowed($controller, $action)) {
$url = $e->getRouter()->assemble(array('controller' => 'index', 'action' => 'non-autorise'), array('name' => 'accueil'));
/** @var Response $response */
$response = $e->getResponse();
$response->getHeaders()->addHeaderLine('Location', $url);
$response->setStatusCode(302);
$response->sendHeaders();
}
}
public function action_plugin_deactivation($file)
{
if ($file == str_replace('\\', '/', $this->get_file())) {
# delete default access token
ACL::destroy_token('manage_cronjobs');
}
}
protected function render_item(&$next_id, $name, $cfg, $parent)
{
$menu = '';
if ($parent == -1) {
$menu .= Ext::menu_begin($name);
}
if (is_array($cfg)) {
$cur_id = $next_id;
$cur_menu = '';
if ($parent != -1) {
$cur_menu .= Ext::menu_row($next_id, $name, NULL, $parent);
}
$next_id++;
$cur_menu_subitems = '';
foreach ($cfg as $subname => $subcfg) {
$cur_menu_subitems .= $this->render_item($next_id, $subname, $subcfg, $cur_id);
}
if (!empty($cur_menu_subitems)) {
$menu .= $cur_menu . $cur_menu_subitems;
}
} else {
if (ACL::is_route_allowed($cfg)) {
$menu .= Ext::menu_row($next_id, $name, $cfg, $parent);
if ($this->is_route_active($cfg)) {
$this->_active_id = $next_id;
}
}
$next_id++;
}
if ($parent == -1) {
$menu .= Ext::menu_end($this->_active_id);
}
return $menu;
}
public function action_user()
{
$id = (int) $this->request->param('id', 0);
$post = ORM::factory('user', $id);
if (!$post->loaded() or $id === 1) {
Message::error(__("User doesn't exists!"));
Log::error('Attempt to access non-existent user.');
$this->request->redirect(Route::get('admin/user')->uri(array('action' => 'list')), 404);
}
$this->title = __(':user Permissions', array(":user" => $post->name));
$action = Route::get('admin/permission')->uri(array('action' => 'user', 'id' => isset($post->id) ? $post->id : 0));
$view = View::factory('admin/permission/user')->set('post', $post)->set('oldperms', $post->perms())->set('permissions', ACL::all())->set('action', $action)->bind('errors', $this->_errors);
if ($this->valid_post('permissions')) {
$perms = array_filter($_POST['perms']);
$post->data = array('permissions' => $perms);
try {
$post->save();
Message::success(__('Permissions: saved successful!'));
$this->request->redirect(Route::get('admin/permission')->uri(array('action' => 'user', 'id' => $post->id)));
} catch (ORM_Validation_Exception $e) {
Message::error(__('Permissions save failed!'));
$this->_errors = $e->errors('models', TRUE);
} catch (Exception $e) {
Message::error(__('Permissions save failed!'));
$this->_errors = array($e->getMessage());
}
}
$this->response->body($view);
}
/**
* The before() method is called before controller action
*
* @uses ACL::required
*/
public function before()
{
ACL::required('access comment');
// Disable sidebars on comments page
$this->_sidebars = FALSE;
parent::before();
}
public function action_plugin_deactivation($file)
{
if (realpath($file) == __FILE__) {
CronTab::delete_cronjob('pbem_check_accounts');
ACL::destroy_token('PBEM');
}
}
public function setUp()
{
parent::setUp();
$model = new TestDocument();
$model->createDatabaseTable(true);
Helper::dbFixture(SITEMAP_TABLE, []);
\ACL::create(SitemapModel::PermissionName);
Configure::write('Sitemap', ['Menu' => ['title' => self::Title, 'depth' => 3]]);
Helper::setupUsers([['login' => self::AdminUser, 'rights' => [SitemapModel::PermissionName => true]], ['login' => self::GuestUser]]);
$documents = [['name' => 'first', 'sitemap' => ['count' => 1]], ['name' => 'second'], ['name' => 'third', 'sitemap' => ['parent' => 1]]];
foreach ($documents as $key => $row) {
$documents[$key] = new TestDocument($row);
$documents[$key]->insert();
$sitemapModel = new SitemapModel();
$sitemapModel->name = $row['name'];
$sitemapModel->full_url = $row['name'];
$sitemapModel->linkToModel($documents[$key]);
if (isset($row['sitemap'])) {
foreach ($row['sitemap'] as $key => $value) {
$sitemapModel->{$key} = $value;
}
}
$sitemapModel->insert();
}
}
/**
* @return ACL
*/
public static function instance()
{
if (is_null(self::$_instance)) {
self::$_instance = new self();
}
return self::$_instance;
}
/**
* Загрузка информации о правах пользователя.
*/
private function loadAccess()
{
if (null === $this->access) {
$this->access = ACL::getTypeAccess($this->getGroups());
}
return $this->access;
}
public static function validate($context, $class, $function, $callback)
{
$output = array();
$output['status'] = false;
$token = false;
if (!empty($class)) {
$token = ACL::authenticate($class, $function);
if ($token == false) {
if (defined('PHPUNIT_TEST')) {
return json_encode(array('output' => $output));
} else {
$context->load->view('json', array('output' => $output));
}
}
}
$context->form_validation->set_error_delimiters('', '');
$validated = $context->form_validation->run();
if ($validated) {
$output = $callback($token, $output);
} else {
$output['errors'] = validation_errors();
}
if (array_key_exists('errors', $output)) {
$errors = explode("\n", $output['errors']);
foreach ($errors as $key => $error) {
$errors[$key] = json_decode($error);
}
$output['errors'] = $errors;
}
if (defined('PHPUNIT_TEST')) {
return json_encode(array('output' => $output));
} else {
$context->load->view('json', array('output' => $output));
}
}
/**
* Returns all the feeds from a given array containing their id.
*
* @param \ACL $userACL
* @param array $feedIds Ids to restrict feeds, all accessible otherwise
*
* @return Feed[]
*/
public function filterUserAccessibleByIds(\ACL $userACL, array $feedIds = [])
{
$qb = $this->createQueryBuilder('f');
// is public feed?
$orx = $qb->expr()->orX($qb->expr()->isNull('f.baseId'), $qb->expr()->eq('f.public', $qb->expr()->literal(true)));
// is granted base?
$grantedBases = array_keys($userACL->get_granted_base());
if ($grantedBases) {
$orx->add($qb->expr()->in('f.baseId', $grantedBases));
}
if ($feedIds) {
$qb->where($qb->expr()->in('f.id', $feedIds), $orx);
}
$qb->orderBy('f.updatedOn', 'DESC');
return $qb->getQuery()->getResult();
}
/**
* The before() method is called before controller action
*
* @uses ACL::required
*/
public function before()
{
ACL::required('administer comment');
$this->_destination = '?destination=' . Route::get('admin/comment')->uri(array('action' => $this->request->action()));
$this->_form_action = Route::get('admin/comment')->uri(array('action' => 'process')) . $this->_destination;
parent::before();
}
/**
* Add page to section.
*
* @param Navigation_Abstract $page
* @param int $priority
* @return $this
*/
public function add_page(Navigation_Abstract &$page, $priority = 1)
{
$priority = (int) $priority;
// Check permissions
if (!ACL::check($page->permissions)) {
return $this;
}
// Priority
if (isset($page->priority)) {
$priority = (int) $page->priority;
}
// Typeof
if ($page instanceof Navigation_Section) {
$this->_sections[] = $page;
$page->set_section($this);
} else {
// Change priority
if (isset($this->_pages[$priority])) {
while (isset($this->_pages[$priority])) {
$priority++;
}
}
// Store page
$this->_pages[$priority] = $page;
}
// Add page buttons
if (isset($page->buttons)) {
$page->add_buttons($page->buttons);
}
//
$page->set_section($this);
return $this->update()->sort();
}
public function testget_limits()
{
$found = false;
foreach (self::$DI['app']['phraseanet.appbox']->get_databoxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
if (!self::$object->has_access_to_base($base_id)) {
continue;
}
$minusone = new DateTime('-1 day');
$plusone = new DateTime('+1 day');
self::$object->set_limits($base_id, true, $minusone, $plusone);
$limits = self::$object->get_limits($base_id);
$this->assertEquals($limits['dmin'], $minusone);
$this->assertEquals($limits['dmax'], $plusone);
$minustwo = new DateTime('-2 day');
$plustwo = new DateTime('-2 day');
self::$object->set_limits($base_id, true, $minustwo, $plustwo);
$limits = self::$object->get_limits($base_id);
$this->assertEquals($limits['dmin'], $minustwo);
$this->assertEquals($limits['dmax'], $plustwo);
self::$object->set_limits($base_id, false);
$this->assertNull(self::$object->get_limits($base_id));
$found = true;
}
}
if (!$found) {
$this->fail('Unable to test');
}
}
/**
* List of pages (blogs/posts/etc.) with a specific tag
*
* @throws HTTP_Exception_404
*
* @uses Log::add
* @uses Text::ucfirst
* @uses ACL::check
* @uses Meta::links
* @uses URL::canonical
* @uses Route::url
*/
public function action_view()
{
$id = (int) $this->request->param('id', 0);
$tag = ORM::factory('tag', $id);
if (!$tag->loaded()) {
throw HTTP_Exception::factory(404, 'Tag :tag not found!', array(':tag' => $id));
}
$this->title = __(':title', array(':title' => Text::ucfirst($tag->name)));
$view = View::factory('tag/view')->set('teaser', TRUE)->bind('pagination', $pagination)->bind('posts', $posts);
$posts = $tag->posts;
if (!ACL::check('administer tags') and !ACL::check('administer content')) {
$posts->where('status', '=', 'publish');
}
$total = $posts->reset(FALSE)->count_all();
if ($total == 0) {
Log::info('No posts found.');
$this->response->body(View::factory('page/none'));
return;
}
$pagination = Pagination::factory(array('current_page' => array('source' => 'cms', 'key' => 'page'), 'total_items' => $total, 'items_per_page' => 15, 'uri' => $tag->url));
$posts = $posts->order_by('created', 'DESC')->limit($pagination->items_per_page)->offset($pagination->offset)->find_all();
$this->response->body($view);
// Set the canonical and shortlink for search engines
if ($this->auto_render === TRUE) {
Meta::links(URL::canonical($tag->url, $pagination), array('rel' => 'canonical'));
Meta::links(Route::url('tag', array('action' => 'view', 'id' => $tag->id)), array('rel' => 'shortlink'));
}
}
function test_creategroup()
{
$user = User::create( array( 'username' => 'testcaseuser', 'email' => '*****@*****.**', 'password' => 'test') );
$this->assert_true(
$user instanceof User,
'Could not create test user.'
);
$group = UserGroup::create( array( 'name' => 'new test group' ) );
$this->assert_true(
$group instanceof UserGroup,
'Could not create a new group named "new test group".'
);
ACL::create_token( 'test permission', 'A permission for test cases', 'Administration' );
ACL::create_token( 'test deny permission', 'A permission for test cases', 'Administration' );
$this->assert_true(
ACL::token_exists('test permission'),
'The test permission was not created.'
);
$this->assert_true(
ACL::token_exists(' test PeRmission '),
'Permission names are not normalized.'
);
$group->add( 'testcaseuser' );
$group->grant( 'test permission' );
$group->deny( 'test deny permisSion' );
$group->update();
$newgroup = UserGroup::get( 'new test group' );
$this->assert_true(
in_array( $user->id, $newgroup->members ),
'The created user is not a member of the new group.'
);
$this->assert_true(
in_array( ACL::token_id( 'test permission' ), array_keys( $newgroup->permissions ) ),
'The group does not have the new permission.'
);
$this->assert_true(
ACL::group_can( 'new test group', 'test permission' ),
'The group does not have the new permission.'
);
$this->assert_false(
ACL::group_can( 'new test group', 'test deny permission' ),
'The group has a denied permission.'
);
$this->assert_true(
$user->can( 'test permission' ),
'The user does not have a permission his group has been granted.'
);
}
public function action_plugin_deactivation($file)
{
# delete default access tokens for: 'system', 'plugin', 'theme', 'class'
ACL::destroy_token('install_new_system');
ACL::destroy_token('install_new_plugin');
ACL::destroy_token('install_new_theme');
ACL::destroy_token('install_new_class');
}
public function testCreateWithCheckValues()
{
ACL::create('test/test2');
$result = DBSimple::get(ACL_TABLE, array('id' => 1));
$this->assertEquals('test', $result['name']);
$result = DBSimple::get(ACL_TABLE, array('id' => 2));
$this->assertEquals('test2', $result['name']);
}
public function testGrant()
{
ACL::create('test/test2');
ACL::grant('test/test2', 'e1');
$this->assertEquals(1, DBSimple::getRowsCount(ACL_GRANT_TABLE));
$found = DBSimple::get(ACL_GRANT_TABLE, array('actionId' => 2));
$this->assertEquals('e1', $found['entity']);
}
public function generate()
{
$fullGrantList = $this->getAllGrantsMap();
$grantList = ACL::selectAllGrantsForEntity($this->entity);
$tpl = __DIR__ . DIRECTORY_SEPARATOR . 'form.tpl';
$parseData = array('name' => $this->szName, 'grantList' => $grantList, 'fullGrantList' => $fullGrantList);
return UParser::parsePHPFile($tpl, $parseData);
}
protected function _field($obj)
{
$route_str = Extasy::obj_placeholders($obj, $this->_route_str);
if (!ACL::is_route_allowed($route_str)) {
return '<td></td>';
}
return $this->_draw_field($obj);
}
public function setup()
{
parent::setUp();
\ACL::create(\CMSAuth::AdministratorRoleName);
Helper::setupUsers(array(array('login' => self::login, 'password' => self::password, 'rights' => array(\CMSAuth::AdministratorRoleName => true))));
$user = \UserAccount::getByLogin(self::login);
\ACL::grant(\CMSAuth::AdministratorRoleName, $user->rights->getEntity());
}
public function before()
{
parent::before();
if (!ACL::is_action_allowed($this->request->directory(), $this->request->controller(), $this->request->action())) {
$this->on_auth_error();
}
$this->_user = Auth::instance()->get_user();
}
