function render() { $result = new Dto_FormResult('notsubmitted'); # Check users' permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, ''); # Instanatiate the spotweb user system $svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings); # make sure the logout isn't cached $this->sendExpireHeaders(true); # send the appropriate content-type header $this->sendContentTypeHeader('json'); # and remove the users' session if the user isn't the anonymous one if ($svcUserAuth->removeSession($this->_currentSession)) { $result->setResult('success'); } else { $result->addError(_('Unable to remove session')); } # else $this->template('jsonresult', array('result' => $result)); }
* Initialize the Spotweb base classes */ $bootstrap = new Bootstrap(); list($settings, $daoFactory, $req) = $bootstrap->boot(); /* * Enable debug logging mechanism if timing is enabled */ if ($settings->get('enable_timing')) { SpotDebug::enable(SpotDebug::TRACE, $daoFactory->getDebugLogDao()); } # if # helper functions for passed variables $page = $req->getDef('page', 'index'); # Retrieve the users object of the user which is logged on SpotTiming::start('auth'); $svcUserAuth = new Services_User_Authentication($daoFactory, $settings); if ($req->doesExist('apikey')) { $currentSession = $svcUserAuth->verifyApi($req->getDef('apikey', '')); } else { $currentSession = $svcUserAuth->useOrStartSession(false); } # if /* * If three is no user object, we don't have a security system * either. Without a security system we cannot boot, so fatal */ if ($currentSession === false) { if ($req->doesExist('apikey')) { $currentSession = $svcUserAuth->useOrStartSession(true); throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key'); } else {
# Initialize translation to english SpotTranslation::initialize('en_US'); /* * When PHP is running in safe mode, max execution time cannot be set, * which is necessary on slow systems for retrieval and statistics generation */ if (ini_get('safe_mode')) { echo "WARNING: PHP safemode is enabled, maximum execution cannot be reset! Turn off safemode if this causes problems" . PHP_EOL . PHP_EOL; } # if /* * When retrieval is run from the webinterface, we want to make * sure this user is actually allowed to run retrieval. */ $svcUserRecord = new Services_User_Record($daoFactory, $settings); $svcUserAuth = new Services_User_Authentication($daoFactory, $settings); if (!SpotCommandline::isCommandline()) { /* * An API key is required, so request it and try to * create a session with it which we can use to validate * the user with */ $apiKey = $req->getDef('apikey', ''); $userSession = $svcUserAuth->verifyApi($apiKey); /* * If the session failed or the the user doesn't have access * to retrieve spots, let the user know */ if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) { throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, ''); }
function render() { $result = new Dto_FormResult('notsubmitted'); # check the users' permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the service userrecord object $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # and create a nice and shiny page title $this->_pageTitle = "spot: edit user"; # get the users' group membership $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); $groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction)) { switch ($formAction) { case 'delete': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $result->addError('Cannot delete your own user'); } else { $result = $svcUserRecord->removeUser($this->_userIdToEdit); } // removeUser break; # case delete # case delete case 'edit': # Mangle the grouplisting we get from the form to an usable format for the system $groupList = array(); if (isset($this->_editUserForm['grouplist'])) { foreach ($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # foreach } # if $this->_editUserForm['userid'] = $this->_userIdToEdit; $result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')); break; # case 'edit' # case 'edit' case 'removeallsessions': $svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings); $result = $svcUserAuth->removeAllUserSessions($spotUser['userid']); break; # case 'removeallsessions' # case 'removeallsessions' case 'resetuserapi': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); $result = $svcUserRecord->resetUserApi($spotUser); break; # case resetuserapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership)); }