/** * Publishes documents and adds the given Person as referee. * * @param array $docIds * @param mixed $userId * @param Opus_Person $person * * FIXME capture success or failure for display afterwards */ public function clear(array $docIds = null, $userId = null, $person = null) { $logger = Zend_Registry::get('Zend_Log'); foreach ($docIds as $docId) { $logger->debug('Change state to "published" for document: ' . $docId); $document = new Opus_Document($docId); $document->setServerState('published'); $date = new Opus_Date(); $date->setNow(); $document->setServerDatePublished($date); $document->setPublishedDate($date); $guest_role = Opus_UserRole::fetchByName('guest'); foreach ($document->getFile() as $file) { $guest_role->appendAccessFile($file->getId()); } if (isset($person)) { $document->addPersonReferee($person); } $enrichment = $document->addEnrichment(); $enrichment->setKeyName('review.accepted_by')->setValue($userId); // TODO: Put into same transaction... $document->store(); $guest_role->store(); } return; }
public function testRequestUnpublishedDoc() { $r = Opus_UserRole::fetchByName('guest'); $modules = $r->listAccessModules(); $addOaiModuleAccess = !in_array('oai', $modules); if ($addOaiModuleAccess) { $r->appendAccessModule('oai'); $r->store(); } // enable security $config = Zend_Registry::get('Zend_Config'); $security = $config->security; $config->security = '1'; Zend_Registry::set('Zend_Config', $config); $doc = $this->createTestDocument(); $doc->setServerState('unpublished'); $doc->store(); $this->dispatch('/oai/container/index/docId/' . $doc->getId()); if ($addOaiModuleAccess) { $r->removeAccessModule('oai'); $r->store(); } // restore security settings $config->security = $security; Zend_Registry::set('Zend_Config', $config); $this->assertResponseCode(500); $this->assertContains('access to requested document is forbidden', $this->getResponse()->getBody()); }
public function getRolePermissions($acl, $roleName) { $role = Opus_UserRole::fetchByName($roleName); if (is_null($role)) { Zend_Registry::get('Zend_Log')->err("Attempt to load unknown role '{$roleName}'."); return; } $resources = $role->listAccessModules(); $resourcesConfigured = false; $accessibleModules = array(); foreach ($resources as $resource) { if (!strncmp('resource_', $resource, 9)) { // resource (like languages); $resource = new Zend_Acl_Resource(substr($resource, 9)); $acl->allow($roleName, $resource); $resourcesConfigured = true; } else { if (!strncmp('workflow_', $resource, 9)) { // workflow permission $resource = new Zend_Acl_Resource($resource); $acl->allow($roleName, $resource); } else { // module access $accessibleModules[] = $resource; } } } if (!$resourcesConfigured) { foreach ($accessibleModules as $module) { if ($acl->has(new Zend_Acl_Resource($module))) { $acl->allow($roleName, $module); } } } }
/** * Post-store hook will be called right after the document has been stored * to the database. * * @see {Opus_Model_Plugin_Interface::postStore} */ public function postStore(Opus_Model_AbstractDb $model) { // only index Opus_File instances if (false === $model instanceof Opus_File) { $this->getLogger()->err(__METHOD__ . '#1 argument must be instance of Opus_File'); return; } // only new Opus_File instances if (true !== $model->isNewRecord()) { return; } $config = Zend_Registry::get('Zend_Config'); if (!is_null($config) && isset($config->securityPolicy->files->defaultAccessRole)) { $roleName = $config->securityPolicy->files->defaultAccessRole; // Empty name -> don't set any role for access if (strlen(trim($roleName)) > 0) { $accessRole = Opus_UserRole::fetchByName($roleName); if (is_null($accessRole)) { $this->getLogger()->err(__METHOD__ . ": Failed to add role '{$roleName}' to file " . $model->getId() . "; '{$roleName}' role does not exist!"); return; } $accessRole->appendAccessFile($model->getId()); $accessRole->store(); } } }
/** * Parses post data and returns array with Opus_UserRole instances. * @param array $postData * @return array of Opus_UserRole instances */ public static function parseSelectedRoles($postData) { $selectedRoles = array(); foreach (self::parseSelectedRoleNames($postData) as $roleName) { $selectedRoles[] = Opus_UserRole::fetchByName($roleName); } return $selectedRoles; }
public function tearDown() { $this->logoutUser(); $this->restoreSecuritySetting(); $user = Opus_Account::fetchAccountByLogin($this->userName); $user->delete(); $userRole = Opus_UserRole::fetchByName($this->roleName); $userRole->delete(); parent::tearDown(); }
/** * Test setting selected roles. */ public function testSetSelectedRoles() { $form = new Admin_Form_IpRange(); $roles = array(); $roles[] = Opus_UserRole::fetchByName('administrator'); $form->setSelectedRoles($roles); $this->assertEquals(1, $form->getElement('roleadministrator')->getValue()); // TODO 'guest' is always selected because of policy $this->assertEquals(1, $form->getElement('roleguest')->getValue()); }
/** * Checks if a login name already exists in database. * @param string $login * @return boolean */ protected function _isRoleUsed($role) { try { $role = Opus_UserRole::fetchByName($role); if (empty($role)) { return false; } } catch (Exception $ex) { return false; } return true; }
private function addTestAccountWithRoles() { // Make sure, the role exists. $role = Opus_UserRole::fetchByName("administrator"); $this->assertNotNull($role); // Prepare first request. $this->login = '******' . rand(); $this->password = '******'; $this->roles = array("reviewer", "administrator"); $this->requestData = array('login' => $this->login, 'password' => $this->password, 'user-roles' => implode(",", $this->roles)); /* Creating first collection to work with. */ $this->request->setMethod('POST')->setPost($this->requestData); $this->dispatch('/remotecontrol/account/add'); // Make sure, this request returned successfully. $this->assertResponseCode(200); $this->assertController('account'); $this->assertAction('add'); $body = $this->getResponse()->getBody(); $this->checkForBadStringsInHtml($body); $this->assertContains('SUCCESS', $body); }
public function addAction() { $this->_helper->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); $request = $this->getRequest(); $login = $request->getParam('login'); $password = $request->getParam('password'); $userRoles = $request->getParam('user-roles'); $testAccount = Opus_Account::fetchAccountByLogin($login); if (!is_null($testAccount)) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Account '{$login}' already exists."); return; } $account = new Opus_Account(); $account->setLogin($login); $account->setPassword($password); foreach (explode(",", $userRoles) as $roleName) { $roleName = trim($roleName); $role = Opus_UserRole::fetchByName($roleName); if ($role instanceof Opus_UserRole) { $account->addRole($role); } else { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist."); return; } } try { $account->store(); } catch (Opus_Security_Exception $e) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: " . $e->getMessage()); return; } $this->getResponse()->setBody('SUCCESS'); }
/** * Action for showing list of modules and permissions. * * @throws Exception */ public function listmoduleAction() { $id = $this->getRequest()->getParam('roleid'); if ($id == null) { throw new Exception('Role ID missing'); } $role = new Opus_UserRole($id); $roleModules = $role->listAccessModules(); if ($role->getName() !== 'guest') { $guest = Opus_UserRole::fetchByName('guest'); $guestModules = $guest->listAccessModules(); // Role 'guest' has always access to 'default' module if (!in_array('default', $guestModules)) { $guestModules[] = 'default'; } $this->view->guestModules = $guestModules; } else { // Role 'guest' has alreays access to 'default' module if (!in_array('default', $roleModules)) { $roleModules[] = 'default'; } } $moduleDirectory = dirname($this->getFrontController()->getModuleDirectory()); $modulesModel = new Application_Util_Modules($moduleDirectory); $transitions = Application_Controller_Action_Helper_Workflow::getWorkflowResources(); $this->view->loginNames = $role->getAllAccountNames(); $this->view->roleId = $role->getId(); $this->view->roleName = $role->getName(); $this->view->modules = $roleModules; $this->view->allModules = $modulesModel->getAll(); $this->view->allResources = $this->getAllResources(); $this->view->allWorkflow = $transitions; }
protected function _isRoleNameExists($name) { $role = Opus_UserRole::fetchByName($name); if (empty($role)) { return false; } else { return true; } }
public function testFormWithValidDocumentIdSubmitSetsReviewerRole() { $this->loginUser('referee', 'refereereferee'); $loggedUserModel = new Publish_Model_LoggedUser(); $loggedUserId = $loggedUserModel->getUserId(); $docId = $this->createValidDocument($loggedUserId); $session = new Zend_Session_Namespace('Publish'); $session->depositConfirmDocumentId = $docId; $this->request->setMethod('POST')->setPost(array('reviewerid' => $loggedUserId, 'submit' => 'Send')); $this->dispatch('/matheon/select-reviewer/form'); $this->assertResponseCode(200); // Check, that right privilege has been set. $reviewer = Opus_UserRole::fetchByName('reviewer'); $this->assertContains($docId, $reviewer->listAccessDocuments()); }
/** * Regression test for OPUSVIER-2337 */ public function testUnavailableSolrServerReturns503() { $this->requireSolrConfig(); // role guest needs privilege to access module export $r = Opus_UserRole::fetchByName('guest'); $modules = $r->listAccessModules(); $addOaiModuleAccess = !in_array('export', $modules); if ($addOaiModuleAccess) { $r->appendAccessModule('export'); $r->store(); } // manipulate solr configuration $config = Zend_Registry::get('Zend_Config'); $host = $config->searchengine->index->host; $port = $config->searchengine->index->port; $oldValue = $config->searchengine->index->app; $this->disableSolr(); $security = $config->security; $config->security = '1'; Zend_Registry::set('Zend_Config', $config); $this->dispatch('/export/index/index/searchtype/all/export/xml/stylesheet/example'); $body = $this->getResponse()->getBody(); // restore security settings if ($addOaiModuleAccess) { $r->removeAccessModule('export'); $r->store(); } // restore configuration $config = Zend_Registry::get('Zend_Config'); $config->searchengine->index->app = $oldValue; $config->security = $security; Zend_Registry::set('Zend_Config', $config); $this->assertNotContains("http://{$host}:{$port}/solr/corethatdoesnotexist", $body); $this->assertContains("exception 'Application_SearchException' with message 'search server is not responding -- try again later'", $body); $this->assertResponseCode(503); }
private function resetSecurity() { $r = Opus_UserRole::fetchByName('guest'); if ($this->_addOaiModuleAccess) { $r->removeAccessModule('oai'); $r->store(); } // restore security settings $config = Zend_Registry::get('Zend_Config'); $config->security = $this->_security; Zend_Registry::set('Zend_Config', $config); }
public function testFileAccess() { $guest = Opus_UserRole::fetchByName('guest'); $this->assertContains($this->doc->getFile(0)->getId(), $guest->listAccessFiles()); $this->assertContains($this->doc->getFile(1)->getId(), $guest->listAccessFiles()); $this->assertContains($this->doc->getFile(2)->getId(), $guest->listAccessFiles()); }
public function testPopulateFromRole() { $role = Opus_UserRole::fetchByName('guest'); $form = new Admin_Form_Role($role->getId()); $this->assertEquals('guest', $form->getElement('name')->getValue()); }
/** * @depends testUpdateActionInvalidInput */ public function testDeleteAction() { $role = Opus_UserRole::fetchByName('testrole2'); $this->assertNotNull($role); $this->dispatch('/admin/role/delete/id/' . $role->getId()); $this->assertModule('admin'); $this->assertController('role'); $this->assertAction('delete'); $this->assertRedirect(); }
/** * Updates account information. */ public function updateAction() { if ($this->getRequest()->isPost()) { $button = $this->getRequest()->getParam('cancel'); if (isset($button)) { $this->_helper->redirector('index'); return; } $id = $this->getRequest()->getParam('id'); $accountForm = new Admin_Form_Account($id); $postData = $this->getRequest()->getPost(); $passwordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution (validation context?) $postData['password'] = '******'; $postData['confirmPassword'] = '******'; $passwordChanged = false; } $account = new Opus_Account($id); $postData['oldLogin'] = strtolower($account->getLogin()); if ($accountForm->isValid($postData)) { $account->setFirstName($postData['firstname']); $account->setLastName($postData['lastname']); $account->setEmail($postData['email']); $oldLogin = strtolower($account->getLogin()); // update login name $newLogin = $postData['username']; if ($newLogin !== $oldLogin) { $account->setLogin($newLogin); $loginChanged = true; } else { $loginChanged = false; } // update password if ($passwordChanged) { $password = $postData['password']; $account->setPassword($password); } // update roles $newRoles = Admin_Form_Account::parseSelectedRoles($postData); // TODO optimize code $hasAdministratorRole = false; foreach ($newRoles as $role) { if (strtolower($role->getDisplayName()) === 'administrator') { $hasAdministratorRole = true; break; } } $currentUser = Zend_Auth::getInstance()->getIdentity(); $isCurrentUser = $currentUser === $oldLogin ? true : false; if (!$hasAdministratorRole && $isCurrentUser) { $newRoles[] = Opus_UserRole::fetchByName('administrator'); } $account->setRole($newRoles); $account->store(); if ($isCurrentUser && ($loginChanged || $passwordChanged)) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'update', 'id' => $id)); $accountForm->setAction($actionUrl); $this->view->form = $accountForm; $this->view->title = 'admin_account_edit'; return $this->renderScript('account/edit.phtml'); } } $this->_helper->redirector('index'); }
public function updateFileRoles($file, $selectedRoles) { $selectedRoles = is_array($selectedRoles) ? $selectedRoles : array($selectedRoles); $fileId = $file->getId(); $currentRoleNames = $this->getRolesForFile($fileId); // remove roles that are not selected foreach ($currentRoleNames as $index => $roleName) { if (!in_array($roleName, $selectedRoles)) { $role = Opus_UserRole::fetchByName($roleName); $role->removeAccessFile($fileId); $role->store(); $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' removed."); } } if (count($selectedRoles) == 1 && is_null($selectedRoles[0])) { return; } // add selected roles foreach ($selectedRoles as $roleName) { $role = Opus_UserRole::fetchByName($roleName); if (!is_null($role)) { if (!in_array($roleName, $currentRoleNames)) { $role->appendAccessFile($fileId); $role->store(); $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' added."); } else { $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' already permitted."); } } else { $this->getLogger()->err(__METHOD__ . " Unknown role '{$roleName}'.'"); } } }
public function run($argv) { if (count($argv) < 2) { echo "missing file name\n"; return; } $ignoreHeader = true; if (count($argv) > 3 && $argv[3] == 'noheader') { $ignoreHeader = false; } if (count($argv) > 2) { if (!is_readable($argv[2])) { echo "fulltext directory '" . $argv[2] . "' is not readable -- check path or permissions\n"; } else { $this->_fulltextDir = $argv[2]; $this->_guestRole = Opus_UserRole::fetchByName('guest'); } } $filename = $argv[1]; if (!is_readable($filename)) { echo "import file does not exist or is not readable\n"; } $file = fopen($filename, 'r'); if (!$file) { echo "Error while opening import file\n"; } $rowCounter = 0; $docCounter = 0; $errorCounter = 0; // TODO Feldtrenner und Feldbegrenzer konfigurierbar machen while (($row = fgetcsv($file, 0, "\t", '"', '\\')) != false) { $rowCounter++; $numOfCols = count($row); if ($numOfCols != self::NUM_OF_COLUMNS) { echo "unexpected number of columns ({$numOfCols}) in row {$rowCounter}: row is skipped\n"; // TODO add to reject.log continue; } if ($ignoreHeader && $rowCounter == 1) { continue; } if ($this->processRow($row)) { $docCounter++; } else { $errorCounter++; } } echo "number of rows: {$rowCounter}\n"; echo "number of created docs: {$docCounter}\n"; echo "number of skipped docs: {$errorCounter}\n"; // Informationen zu den vergebenen Bandnummern foreach ($this->_seriesIdsMap as $seriesId => $number) { echo "series # {$seriesId} : max. number is {$number}\n"; } fclose($file); }
/** * Add readFile privilege to all files of this document. * * @param string $roleName * @return Matheon_Model_Document Fluent interface. */ public function addReadFilePrivilege($roleName = 'guest') { $role = Opus_UserRole::fetchByName($roleName); if (is_null($role)) { $this->_log->err("Cannot add readFile privilege for non-existent role '{$role->getName()}' to document " . $this->getId() . "."); return $this; } $this->_log->warn("Warning: Setting all files readable for role '{$role->getName()}' (document " . $this->getId() . ")"); $role->appendAccessDocument($this->getId()); foreach ($this->_document->getFile() as $file) { $role->appendAccessFile($file->getId()); } $role->store(); return $this; }
public function testRemoveGuestAccess() { $document = $this->createTestDocument(); $file = $document->addFile(); $file->setPathName('testdatei.txt'); $this->documentId = $document->store(); $document = new Opus_Document($this->documentId); $fileId = $document->getFile(0)->getId(); $roleGuest = Opus_UserRole::fetchByName('guest'); $files = $roleGuest->listAccessFiles(); $this->assertContains($fileId, $files); $this->getRequest()->setMethod('POST')->setPost(array('FileManager' => array('Files' => array('File0' => array('Id' => $fileId, 'FileLink' => $fileId, 'Language' => 'deu', 'Comment' => 'Testkommentar', 'Roles' => array('administrator'))), 'Save' => 'Speichern'))); $this->dispatch('/admin/filemanager/index/id/' . $this->documentId); $this->assertRedirectTo('/admin/document/index/id/' . $this->documentId); $roleGuest = Opus_UserRole::fetchByName('guest'); $files = $roleGuest->listAccessFiles(); $this->assertNotContains($fileId, $files); }
public function testConstructorWithUnublishedDocument() { $r = Opus_UserRole::fetchByName('guest'); $modules = $r->listAccessModules(); $addOaiModuleAccess = !in_array('oai', $modules); if ($addOaiModuleAccess) { $r->appendAccessModule('oai'); $r->store(); } // enable security $config = Zend_Registry::get('Zend_Config'); $security = $config->security; $config->security = '1'; Zend_Registry::set('Zend_Config', $config); $doc = $this->createTestDocument(); $doc->setServerState('unpublished'); $doc->store(); $model = new Oai_Model_Container($doc->getId()); $tarball = null; try { $tarball = $model->getFileHandle(); } catch (Oai_Model_Exception $e) { $this->assertEquals('access to requested document is forbidden', $e->getMessage()); } $this->assertTrue(is_null($tarball)); if ($addOaiModuleAccess) { $r->removeAccessModule('oai'); $r->store(); } // restore security settings $config->security = $security; Zend_Registry::set('Zend_Config', $config); }
/** * Get a list of all accounts with reviewer role. * * @return array */ private function __fetchReviewers() { $role = Opus_UserRole::fetchByName('reviewer'); $reviewerSelect = array('' => '-- please choose --'); foreach ($role->getAllAccountIds() as $id) { $user = new Opus_Account($id); $login = strtolower($user->getLogin()); if (is_null($user)) { $this->getLogger()->warn("-- skipping name: " . $login . " (user does not exist)"); continue; } $key = $user->getId(); $firstname = trim($user->getFirstName()); $lastname = trim($user->getLastName()); $displayValue = "--- user-id: " . $key . ' ---'; if (!empty($firstname) or !empty($lastname)) { $displayValue = $lastname . ", " . $firstname; } else { $this->getLogger()->warn("-- incomplete name: " . $login . " (missing first/last name)"); } $reviewerSelect[$key] = $displayValue; } asort($reviewerSelect); return $reviewerSelect; }