public function edit() { $request = $this->getPageRequest(); $view = $this->getView(); $manager = \Core\user()->checkAccess('p:/package_repository/licenses/manager'); if (!$manager) { return View::ERROR_ACCESSDENIED; } $model = PackageRepositoryLicenseModel::Construct($request->getParameter(0)); if (!$model->exists()) { return View::ERROR_NOTFOUND; } $form = new Form(); $form->set('callsmethod', 'PackageRepositoryLicenseController::_SaveLicense'); $form->addModel($model); $form->addElement('submit', ['value' => 'Update License']); $view->title = 'Edit License'; $view->assign('form', $form); }
/** * Check permissions on the user and system and return either blank or a string containing the error. * * @param string $step * * @return array|null */ private function _checkPermissions($step) { $error = null; if (!\ConfigHandler::Get('/package_repository/base_directory')) { // Check if the config is even set, can't proceed if it's not. trigger_error('The package repository does not appear to be setup yet. Please browse to Configuration and the appropriate options.'); return ['status' => View::ERROR_SERVERERROR, 'message' => 'The package repository is not setup on this server.']; } $dir = Factory::Directory(\ConfigHandler::Get('/package_repository/base_directory')); if (!$dir->exists()) { trigger_error($dir->getPath() . ' does not appear to exist! Unable to browse repo.xml without it.'); return ['status' => View::ERROR_SERVERERROR, 'message' => $dir->getPath() . ' does not seem to exist!']; } elseif (!$dir->isReadable()) { trigger_error($dir->getPath() . ' does not appear to be readable! Unable to browse repo.xml without it.'); return ['status' => View::ERROR_SERVERERROR, 'message' => $dir->getPath() . ' does not seem to be readable!']; } if (ConfigHandler::Get('/package_repository/is_private')) { // Lookup this license key, (or request one if not present). $valid = false; $autherror = 'Access to ' . SITENAME . ' (Package Repository) requires a license key and password.'; if (isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER'])) { $user = $_SERVER['PHP_AUTH_USER']; $pw = $_SERVER['PHP_AUTH_PW']; } else { $user = $pw = null; } if ($user && $pw) { /** @var PackageRepositoryLicenseModel $license */ $license = PackageRepositoryLicenseModel::Construct($user); $licvalid = $license->isValid($pw); if ($licvalid == 0) { // Lock this license to the remote IP, if requested by the admin. if (ConfigHandler::Get('/package_repository/auto_ip_restrict') && !$license->get('ip_restriction')) { $license->set('ip_restriction', REMOTE_IP); $license->save(); } SystemLogModel::LogInfoEvent('/packagerepository/' . $step, '[' . $user . '] accessed repository successfully'); return null; } else { if (($licvalid & PackageRepositoryLicenseModel::VALID_PASSWORD) == PackageRepositoryLicenseModel::VALID_PASSWORD) { $autherror = '[' . $user . '] Invalid license password'; $status = View::ERROR_ACCESSDENIED; SystemLogModel::LogSecurityEvent('/packagerepository/password_failure', $autherror); } if (($licvalid & PackageRepositoryLicenseModel::VALID_ACCESS) == PackageRepositoryLicenseModel::VALID_ACCESS) { $autherror = '[' . $user . '] IP address not authorized'; $status = View::ERROR_ACCESSDENIED; SystemLogModel::LogSecurityEvent('/packagerepository/ip_restriction', $autherror); } if (($licvalid & PackageRepositoryLicenseModel::VALID_EXPIRED) == PackageRepositoryLicenseModel::VALID_EXPIRED) { $autherror = '[' . $user . '] License provided has expired, please request a new one.'; $status = View::ERROR_GONE; SystemLogModel::LogSecurityEvent('/packagerepository/expired_license', $autherror); } if (($licvalid & PackageRepositoryLicenseModel::VALID_INVALID) == PackageRepositoryLicenseModel::VALID_INVALID) { $autherror = '[' . $user . '] License does not exist'; $status = View::ERROR_EXPECTATIONFAILED; SystemLogModel::LogSecurityEvent('/packagerepository/invalid_license', $autherror); } return ['status' => $status, 'message' => $autherror]; } } if (!$valid) { header('WWW-Authenticate: Basic realm="' . SITENAME . ' (Package Repository)"'); header('HTTP/1.0 401 Unauthorized'); echo $autherror; exit; } } else { SystemLogModel::LogInfoEvent('/packagerepository/' . $step, '[anonymous connection] accessed repository successfully'); return null; } }