static function isAllowed($resource, $module = "default", $username = null) { $users_roles_table = new UsersRoles(); $user_roles = array(); $roles_table = new Roles(); if (!is_null($username)) { $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $username)); $user_roles = array(); if (count($users_roles_db) > 0) { foreach ($users_roles_db as $role) { $user_roles[] = $role->role_id; } } } else { $user_roles = array($roles_table->getIdByShortname("guest")); } $resource_name = $module . "-@@EXTRA-" . $resource; $out = false; if (Zend_Registry::isRegistered('acl')) { $acl = Zend_Registry::get('acl'); if ($acl->has($resource_name)) { foreach ($user_roles as $role) { if ($acl->isAllowed($role, $resource_name)) { $out = true; } } } } return $out; }
static function isAllowed($resource,$module = "default",$username = null,$controller = null){ $users_roles_table = new UsersRoles(); $roles_table = new Roles(); if(!is_null($username)){ $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?",$username)); if(count($users_roles_db) > 0){ $user_roles = array(); $users_roles_db = $users_roles_db->toArray(); foreach($users_roles_db as $role){ $ancs = $roles_table->getAllAncestors($role['role_id']); foreach ($ancs as $anc => $value) { $user_roles[] = $value; } array_push($user_roles, $role['role_id']); } $user_roles = array_unique($user_roles); } } else { $user_roles = array($roles_table->getIdByShortname("guest")); } if (is_null($controller)) { $controller = "@@EXTRA"; } $resource_name = $module ."-". $controller ."-". $resource; $out = array(); if(Zend_Registry::isRegistered('acl')){ $acl = Zend_Registry::get('acl'); if($acl->has($resource_name)){ foreach($user_roles as $role){ if($acl->isAllowed($role, $resource_name)){ $out[] = $role; } } } } return $out; }
function editAction() { $errors = array(); $users_table = new Users(); $users_roles_table = new UsersRoles(); $request = new Bolts_Request($this->getRequest()); $countries_table = new Countries(); $this->view->countries = $countries_table->getCountriesArray('Choose a country...'); $roles_table = new Roles(); $roles = $roles_table->fetchAll(NULL, "shortname ASC"); $arRoles = array(); foreach ($roles as $role) { if (!strpos($role->shortname, "-base")) { $arRoles[$role->id] = $role->description; } } $this->view->roles = $arRoles; $is_new = true; $user = array(); if ($request->has('username')) { $obUser = $users_table->fetchByUsername($request->username); if (!is_null($obUser)) { $is_new = false; $user_roles = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $obUser->username)); if (count($user_roles) > 0) { $tmp_selected = array(); foreach ($user_roles as $user_role) { $tmp_selected[] = $user_role->role_id; } $this->view->selected_roles = $tmp_selected; } $user = $obUser->toArray(); } } $this->view->is_new = $is_new; if ($is_new) { // defaults for form fields $user['username'] = ""; $user['full_name'] = ""; $user['aboutme'] = ""; } $pre_render = $this->_Bolts_plugin->doFilter($this->_mca . "_pre_render", array('user' => $user, 'request' => $this->_request)); // FILTER HOOK $user = $pre_render['user']; foreach ($pre_render as $key => $value) { if ($key != "user") { $this->view->{$key} = $value; } } // $tags = unserialize($user['tags']); if ($this->getRequest()->isPost()) { $errors = array(); $request->stripTags(array('full_name', 'email', 'newpassword', 'confirm')); // $request->stripTags(array('full_name', 'email', 'newpassword', 'confirm', 'aboutme')); $user['username'] = $request->username; $user['email'] = $request->email; $user['password'] = $request->newpassword; $user['confirm'] = $request->confirm; $user['full_name'] = $request->full_name; $user['birthday'] = $birthday = strtotime($request->Birthday_Day . $request->Birthday_Month . $request->Birthday_Year); $user['gender'] = $request->gender; $user['country_code'] = $request->country_code; $user['aboutme'] = $request->aboutme; // validate username $username_validator = new Zend_Validate(); $username_validator->addValidator(new Zend_Validate_StringLength(1, Bolts_Registry::get('username_length'))); $username_validator->addValidator(new Zend_Validate_Alnum()); if (!$username_validator->isValid($user['username'])) { $show_username = "******" . $user['username'] . "'"; if (trim($user['username']) == "") { $show_username = "******" . $this->_T("empty") . "]"; } $errors[] = $this->_T("%s isn't a valid username. (Between %d and %d characters, only letters and numbers)", array($show_username, 1, Bolts_Registry::get('username_length'))); } if ($is_new) { $user_where = $users_table->getAdapter()->quoteInto('username = ?', $user['username']); if ($users_table->getCountByWhereClause($user_where) > 0) { $errors[] = $this->_T("The username '%s' is already in use", $user['username']); } } // validate email if (!Bolts_Validate::checkEmail($user['email'])) { $errors[] = $this->_T("Email is not valid"); } // check to see if email is in use already by someone else if ($users_table->isEmailInUse($user['email'], $user['username'])) { $errors[] = $this->_T("Email already in use"); } // if password isn't blank, validate it if ($user['password'] != "") { if (!Bolts_Validate::checkLength($user['password'], 6, Bolts_Registry::get('password_length'))) { $errors[] = $this->_T("Password must be between 6 and 32 characters"); } // if password is set, make sure it matches confirm if ($user['password'] != $user['confirm']) { $errors[] = $this->_T("Passwords don't match"); } } // convert birthday_ts to mysql date $birthday = date("Y-m-d H:i:s", $user['birthday']); $params = array('request' => $request, 'user' => $user, 'errors' => $errors); // upload new avatar image if present if (array_key_exists('filedata', $_FILES)) { if ($_FILES['filedata']['tmp_name'] != '') { $destination_path = Bolts_Registry::get('upload_path') . "/" . $user['username'] . "/original"; if (!is_dir($destination_path)) { mkdir($destination_path, 0777, true); Bolts_Log::report("Creating user folder at " . $destination_path, null, Zend_Log::DEBUG); } if (file_exists($destination_path . "/avatar")) { unlink($destination_path . "/avatar"); Bolts_Log::report("Deleted existing user avatar from " . $destination_path, null, Zend_Log::DEBUG); } else { Bolts_Log::report("User avatar did not exist in " . $destination_path, null, Zend_Log::DEBUG); } move_uploaded_file($_FILES['filedata']['tmp_name'], $destination_path . "/avatar"); Users::clearUserCache($user['username']); Bolts_Log::report("User avatar uploaded to " . $destination_path, null, Zend_Log::DEBUG); $params['user']['hasnewfile'] = true; } else { $params['user']['hasnewfile'] = false; } } $additional = $this->_Bolts_plugin->doFilter($this->_mca . "_pre_save", $params); // FILTER HOOK $errors = $additional['errors']; $user = $additional['user']; $users_roles_table->delete($users_roles_table->getAdapter()->quoteInto("username = ?", $user['username'])); foreach ($request->role_ids as $role_id) { $role_data = array("username" => $user['username'], "role_id" => $role_id); $users_roles_table->insert($role_data); } if (count($errors) == 0) { /********** Commented out due to Plug-in compatibility issues. $data = array( 'email' => $user['email'], 'birthday' => $birthday, 'aboutme' => nl2br($user['aboutme']), 'gender' => $user['gender'], 'full_name' => $user['full_name'], 'country_code' => $user['country_code'], 'last_modified_on' => date(DB_DATETIME_FORMAT), ); **********/ $user['birthday'] = $birthday; $user['aboutme'] = nl2br($user['aboutme']); $user['last_modified_on'] = date(DB_DATETIME_FORMAT); // This is a hold-over value from the form. unset($user['confirm']); if ($user['password'] != "") { #$data['password'] = $user['password']; } else { unset($user['password']); } if ($is_new) { // TODO - stuff? really? $stuff = array('request' => $request, 'user' => $user, 'errors' => $errors); $additional1 = $this->_Bolts_plugin->doFilter($this->_mca, $stuff); // FILTER HOOK $errors = $additional1['errors']; $user = $additional1['user']; $data['username'] = $user['username']; #$data['created_on'] = date(DB_DATETIME_FORMAT); $user['created_on'] = date(DB_DATETIME_FORMAT); $users_table->insert($user); $this->view->success = "Profile created."; } else { $where = $users_table->getAdapter()->quoteInto('username = ?', $user['username']); #$users_table->update($data, $where); $users_table->update($user, $where); $this->view->success = "Profile updated."; } } else { $this->view->errors = $errors; } } $this->view->end_year = -Bolts_Registry::get('minimum_registration_age'); $this->view->genders = Bolts_Common::getGenderArray(); $user['aboutme'] = Bolts_Common::br2nl($user['aboutme']); $this->view->user = $user; }
function fetchRolesByUsername($username){ $users_roles_table = new UsersRoles(); $roles_for_user = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?",$username)); $select = $this->select(); if(count($roles_for_user) > 0){ foreach($roles_for_user as $role_for_user){ $select->orWhere("id = ?",$role_for_user->role_id); } } return $this->fetchAll($select); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $frontController = Zend_Controller_Front :: getInstance(); $auth = Zend_Auth :: getInstance(); $roles_table = new Roles(); $appNamespace = new Zend_Session_Namespace('RivetyCore_Temp'); if (Zend_Registry :: isRegistered('acl')) { $acl = Zend_Registry :: get('acl'); } else { $acl = new RivetyCore_Acl($auth); Zend_Registry::set('acl', $acl); } // determine role if ($auth->hasIdentity()) { $user = Zend_Auth :: getInstance()->getIdentity(); $users_roles_table = new UsersRoles(); $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username)); $user_roles = array(); if (count($users_roles_db) > 0) { foreach ($users_roles_db as $role) { $user_roles[] = $role->role_id; $user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id)); } } $user_roles = array_unique($user_roles); $user_is_guest = false; $defaultNamespace = new Zend_Session_Namespace('Zend_Auth'); // REFRESH THE SESSION EXPIRATION $defaultNamespace->setExpirationSeconds((int)RivetyCore_Registry::get('session_timeout')); } else { $user_roles = array($roles_table->getIdByShortname("guest")); $user_is_guest = true; } $requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName(); $url = $frontController->getBaseUrl() . "/"; if (!$acl->has($requested)) { // this doesn't exist, throw to 404 $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('missing'); } else { $isAllowed = array(); foreach ($user_roles as $user_role) { $isAllowed[$user_role] = $acl->isAllowed($user_role, $requested); // if ($acl->isAllowed($user_role, $requested)) // { // $isAllowed[$user_role] = true; // } // else // { // $isAllowed[$user_role] = false; // } } if (!in_array(true, $isAllowed)) { if ($user_is_guest) { $url .= $request->getModuleName() . "/"; $url .= $request->getControllerName() . "/"; $url .= $request->getActionName() . "/"; $params = $request->getParams(); while ($param = current($params)) { if (key($params) != "module" && key($params) != "controller" && key($params) != "action") $url .= key($params) . '/' . $param . "/"; next($params); } if (substr($url,strlen($url) - 1, 1) == "/") { $url = substr($url, 0, strlen($url) - 1); } // place requested url in the session, unless this is the login controller if ($request->getControllerName() != "auth") { $request->setParam('ourl', base64_encode($url)); // $appNamespace->requestedUrl = $url; } $blockedActions = RivetyCore_Registry::get('disable_login_redirect'); if (!empty($blockedActions)) $blockedActions = explode(',', $blockedActions); $mca = $request->getModuleName() . "_" . $request->getControllerName() . "_" . $request->getActionName(); if (is_array($blockedActions) && in_array($mca, $blockedActions)) { // forward to the 401 Unauthorized page $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('unauthorized'); } else { // forward to the login script $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('login'); } } else { $admin = "default-Admin-index"; $isAdmin = array(); foreach($user_roles as $user_role) { $isAdmin[$user_role] = $acl->isAllowed($user_role, $admin); // if ($acl->isAllowed($user_role, $admin)) // { // $isAdmin[$user_role] = true; // } // else // { // $isAdmin[$user_role] = false; // } } if (!in_array(true, $isAdmin)) { $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('denied'); } else { $request->setModuleName('default'); $request->setControllerName('admin'); $request->setActionName('index'); } } } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $frontController = Zend_Controller_Front::getInstance(); $auth = Zend_Auth::getInstance(); $roles_table = new Roles(); $appNamespace = new Zend_Session_Namespace('Bolts_Temp'); if (Zend_Registry::isRegistered('acl')) { $acl = Zend_Registry::get('acl'); } else { $acl = new Bolts_Acl($auth); Zend_Registry::set('acl', $acl); } // determine role if ($auth->hasIdentity()) { $user = Zend_Auth::getInstance()->getIdentity(); $users_roles_table = new UsersRoles(); $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username)); $user_roles = array(); if (count($users_roles_db) > 0) { foreach ($users_roles_db as $role) { $user_roles[] = $role->role_id; $user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id)); } } $user_roles = array_unique($user_roles); $user_is_guest = false; $defaultNamespace = new Zend_Session_Namespace('Zend_Auth'); $defaultNamespace->setExpirationSeconds(86400); } else { $user_roles = array($roles_table->getIdByShortname("guest")); $user_is_guest = true; } $requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName(); $url = $frontController->getBaseUrl() . "/"; if (!$acl->has($requested)) { // this doesn't exist, throw to 404 $request->setModuleName('bolts'); $request->setControllerName('auth'); $request->setActionName('missing'); } else { $isAllowed = array(); foreach ($user_roles as $user_role) { if ($acl->isAllowed($user_role, $requested)) { $isAllowed[$user_role] = true; } else { $isAllowed[$user_role] = false; } } if (!in_array(true, $isAllowed)) { if ($user_is_guest) { $url .= $request->getModuleName() . "/"; $url .= $request->getControllerName() . "/"; $url .= $request->getActionName() . "/"; $params = $request->getParams(); while ($param = current($params)) { if (key($params) != "module" and key($params) != "controller" and key($params) != "action") { $url .= key($params) . '/' . $param . "/"; } next($params); } if (substr($url, strlen($url) - 1, 1) == "/") { $url = substr($url, 0, strlen($url) - 1); } //Zend_debug::dump($params); //Zend_debug::dump($url); // place requested url in the sesson, // unless this is the login controller if ($request->getControllerName() != "auth") { $request->setParam('url', base64_encode($url)); //$appNamespace->requestedUrl = $url; } // send on to the login scipt $request->setModuleName('bolts'); $request->setControllerName('auth'); $request->setActionName('login'); } else { $admin = "bolts-Admin-index"; $isAdmin = array(); foreach ($user_roles as $user_role) { if ($acl->isAllowed($user_role, $admin)) { $isAdmin[$user_role] = true; } else { $isAdmin[$user_role] = false; } } if (!in_array(true, $isAdmin)) { $request->setModuleName('bolts'); $request->setControllerName('auth'); $request->setActionName('denied'); } else { $request->setModuleName('bolts'); $request->setControllerName('admin'); $request->setActionName('index'); } } } } }