function render()
{
$result = new Dto_FormResult('notsubmitted');
# Check users' permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, '');
# Instanatiate the spotweb user system
$svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings);
# make sure the logout isn't cached
$this->sendExpireHeaders(true);
# send the appropriate content-type header
$this->sendContentTypeHeader('json');
# and remove the users' session if the user isn't the anonymous one
if ($svcUserAuth->removeSession($this->_currentSession)) {
$result->setResult('success');
} else {
$result->addError(_('Unable to remove session'));
}
# else
$this->template('jsonresult', array('result' => $result));
}
* Initialize the Spotweb base classes
*/
$bootstrap = new Bootstrap();
list($settings, $daoFactory, $req) = $bootstrap->boot();
/*
* Enable debug logging mechanism if timing is enabled
*/
if ($settings->get('enable_timing')) {
SpotDebug::enable(SpotDebug::TRACE, $daoFactory->getDebugLogDao());
}
# if
# helper functions for passed variables
$page = $req->getDef('page', 'index');
# Retrieve the users object of the user which is logged on
SpotTiming::start('auth');
$svcUserAuth = new Services_User_Authentication($daoFactory, $settings);
if ($req->doesExist('apikey')) {
$currentSession = $svcUserAuth->verifyApi($req->getDef('apikey', ''));
} else {
$currentSession = $svcUserAuth->useOrStartSession(false);
}
# if
/*
* If three is no user object, we don't have a security system
* either. Without a security system we cannot boot, so fatal
*/
if ($currentSession === false) {
if ($req->doesExist('apikey')) {
$currentSession = $svcUserAuth->useOrStartSession(true);
throw new PermissionDeniedException(SpotSecurity::spotsec_consume_api, 'invalid API key');
} else {
# Initialize translation to english
SpotTranslation::initialize('en_US');
/*
* When PHP is running in safe mode, max execution time cannot be set,
* which is necessary on slow systems for retrieval and statistics generation
*/
if (ini_get('safe_mode')) {
echo "WARNING: PHP safemode is enabled, maximum execution cannot be reset! Turn off safemode if this causes problems" . PHP_EOL . PHP_EOL;
}
# if
/*
* When retrieval is run from the webinterface, we want to make
* sure this user is actually allowed to run retrieval.
*/
$svcUserRecord = new Services_User_Record($daoFactory, $settings);
$svcUserAuth = new Services_User_Authentication($daoFactory, $settings);
if (!SpotCommandline::isCommandline()) {
/*
* An API key is required, so request it and try to
* create a session with it which we can use to validate
* the user with
*/
$apiKey = $req->getDef('apikey', '');
$userSession = $svcUserAuth->verifyApi($apiKey);
/*
* If the session failed or the the user doesn't have access
* to retrieve spots, let the user know
*/
if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, '');
}
function render()
{
$result = new Dto_FormResult('notsubmitted');
# check the users' permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the service userrecord object
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# and create a nice and shiny page title
$this->_pageTitle = "spot: edit user";
# get the users' group membership
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
$groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit);
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction)) {
switch ($formAction) {
case 'delete':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$result->addError('Cannot delete your own user');
} else {
$result = $svcUserRecord->removeUser($this->_userIdToEdit);
}
// removeUser
break;
# case delete
# case delete
case 'edit':
# Mangle the grouplisting we get from the form to an usable format for the system
$groupList = array();
if (isset($this->_editUserForm['grouplist'])) {
foreach ($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val, 'prio' => count($groupList));
}
# if
}
# foreach
}
# if
$this->_editUserForm['userid'] = $this->_userIdToEdit;
$result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, ''));
break;
# case 'edit'
# case 'edit'
case 'removeallsessions':
$svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings);
$result = $svcUserAuth->removeAllUserSessions($spotUser['userid']);
break;
# case 'removeallsessions'
# case 'removeallsessions'
case 'resetuserapi':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
$result = $svcUserRecord->resetUserApi($spotUser);
break;
# case resetuserapi
}
# switch
}
# if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership));
}
