function install() { if ($this->firstDbExec()) { $this->useDbProfile('jauth'); jAcl2DbManager::addSubject("lizmap.tools.layer.export", "admin~jacl2.lizmap.tools.layer.export", "lizmap.grp"); } }
function install() { if ($this->firstExec('acl2')) { $this->useDbProfile('auth'); // create rights jAcl2DbManager::addSubjectGroup("lizmap.admin.grp", "admin~jacl2.lizmap.admin.grp"); jAcl2DbManager::addSubjectGroup("lizmap.grp", "admin~jacl2.lizmap.grp"); jAcl2DbManager::addSubject("lizmap.admin.access", "admin~jacl2.lizmap.admin.access", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.services.update", "admin~jacl2.lizmap.admin.services.update", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.create", "admin~jacl2.lizmap.admin.repositories.create", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.update", "admin~jacl2.lizmap.admin.repositories.update", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.delete", "admin~jacl2.lizmap.admin.repositories.delete", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.repositories.view", "admin~jacl2.lizmap.repositories.view", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.view", "admin~jacl2.lizmap.admin.repositories.view", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.services.view", "admin~jacl2.lizmap.admin.services.view", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.tools.edition.use", "admin~jacl2.lizmap.tools.edition.use", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.tools.loginFilteredLayers.override", "admin~jacl2.lizmap.tools.loginFilteredLayers.override", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.tools.displayGetCapabilitiesLinks", "admin~jacl2.lizmap.tools.displayGetCapabilitiesLinks", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.tools.layer.export", "admin~jacl2.lizmap.tools.layer.export", "lizmap.grp"); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.view'); jAcl2DbManager::addRight('admins', 'lizmap.admin.services.view'); jAcl2DbManager::addRight('admins', 'lizmap.admin.access'); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.create'); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.delete'); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.update'); jAcl2DbManager::addRight('admins', 'lizmap.admin.services.update'); } }
public function testCheckRight() { jAcl2DbManager::addSubject('super.cms.list', 'cms~rights.super.cms'); jAcl2DbManager::addSubject('super.cms.update', 'cms~rights.super.cms'); jAcl2DbManager::addSubject('super.cms.delete', 'cms~rights.super.cms'); jAcl2DbManager::addSubject('admin.access', 'admin~rights.access'); jAcl2DbManager::addRight('group1', 'super.cms.list'); jAcl2DbManager::addRight('group1', 'super.cms.update'); jAcl2DbManager::addRight('group1', 'super.cms.delete', 154); $this->assertTrue(jAcl2::check('super.cms.list')); $this->assertTrue(jAcl2::check('super.cms.update')); $this->assertFalse(jAcl2::check('super.cms.create')); // doesn't exist $this->assertFalse(jAcl2::check('super.cms.read')); // doesn't exist $this->assertFalse(jAcl2::check('super.cms.delete')); // doesn't exist $this->assertFalse(jAcl2::check('admin.access')); $this->assertTrue(jAcl2::check('super.cms.list', 154)); // droit sur une ressource $this->assertTrue(jAcl2::check('super.cms.update', 154)); // droit sur une ressource $this->assertTrue(jAcl2::check('super.cms.delete', 154)); // droit sur une ressource $this->assertTrue(jAcl2::check('super.cms.list', 122)); // ressource non repertoriée $this->assertTrue(jAcl2::check('super.cms.update', 122)); // ressource non repertoriée $this->assertFalse(jAcl2::check('super.cms.delete', 122)); // ressource non repertoriée jAcl2DbManager::addRight('group1', 'admin.access'); $this->assertTrue(jAcl2::check('admin.access')); }
function postInstall() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('servinfo.access', 'servinfo~servinfo.acl.access'); jAcl2DbManager::addRight('admins', 'servinfo.access'); // for admin group } }
function install() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('modulesinfo.access', 'modulesinfo~modulesinfo.acl.access'); jAcl2DbManager::addRight('admins', 'modulesinfo.access'); // for admin group } }
function install() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubjectGroup('jprefs.prefs.management', 'jpref_admin~admin.acl.grp.prefs.management'); jAcl2DbManager::addSubject('jprefs.prefs.list', 'jpref_admin~admin.acl.prefs.list', 'jprefs.prefs.management'); jAcl2DbManager::addRight('admins', 'jprefs.prefs.list'); // for admin group } }
function install() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('jelixcache.access', 'jelixcache~jelixcache.acl.access'); jAcl2DbManager::addRight('admins', 'jelixcache.access'); // for admin group //jAcl2DbManager::addRight('moderators', 'jelixcache.access'); } }
function install() { //if ($this->firstDbExec()) // $this->execSQLScript('sql/install'); if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('activeusers.configuration', 'activeusers_admin~main.acl.subject'); jAcl2DbManager::addRight('admins', 'activeusers.configuration'); // for admin group } }
function install() { if ($this->getParameter('masteradmin')) { $this->config->setValue('loginResponse', 'htmlauth', 'jcommunity'); } if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) { jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity'); jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management'); jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change'); // for admin group } if ($this->firstExec('preferences')) { $prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini'); $prefFile = jApp::configPath('preferences.ini.php'); if (file_exists($prefFile)) { $mainPref = new jIniFileModifier($prefFile); //import this way to not erase changed value. $prefIni->import($mainPref); } $prefIni->saveAs($prefFile); } }
public function testSetNewRightsOnGroup() { $this->emptyTable('jacl2_user_group'); $this->emptyTable('jacl2_rights'); $this->emptyTable('jacl2_subject'); $groups = array(array('id_aclgrp' => 'group1', 'name' => 'group1', 'grouptype' => 0, 'ownerlogin' => null), array('id_aclgrp' => 'group2', 'name' => 'group2', 'grouptype' => 0, 'ownerlogin' => null)); $this->insertRecordsIntoTable('jacl2_group', array('id_aclgrp', 'name', 'grouptype', 'ownerlogin'), $groups, true); jAcl2DbManager::addSubject('super.cms.list', 'cms~rights.super.cms.list'); jAcl2DbManager::addSubject('super.cms.update', 'cms~rights.super.cms.update'); jAcl2DbManager::addSubject('super.cms.create', 'cms~rights.super.cms.update'); jAcl2DbManager::addSubject('super.cms.view', 'cms~rights.super.cms.update'); jAcl2DbManager::addSubject('super.cms.delete', 'cms~rights.super.cms.delete'); $rights = array(); $this->assertTableContainsRecords('jacl2_rights', $rights); // rights for group 1 $newRights = array('super.cms.list' => 'y', 'super.cms.create' => 'y'); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // rights for group 2 (we won't modify them, we add them to verify that changes on rights of group1 // won't changed rights of group 2) $newRights = array('super.cms.list' => 'y', 'super.cms.view' => 'y'); jAcl2DbManager::setRightsOnGroup('group2', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // add a right for group 1 $newRights = array('super.cms.list' => 'y', 'super.cms.create' => 'y', 'super.cms.delete' => 'y'); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.delete', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // remove rights for group 1 $newRights = array('super.cms.list' => 'y', 'super.cms.create' => ''); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // new rights for group 1, by deleting existing one and adding new ones $newRights = array('super.cms.create' => 'y', 'super.cms.update' => 'y'); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // cancel a right for group 1 $newRights = array('super.cms.create' => 'y', 'super.cms.update' => 'n'); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '1'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // changed a canceled right to an approuve right for group 1 $newRights = array('super.cms.create' => 'y', 'super.cms.update' => 'y'); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.create', 'id_aclgrp' => 'group1', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); // remove all rights for group 1 $newRights = array(); jAcl2DbManager::setRightsOnGroup('group1', $newRights); $rights = array(array('id_aclsbj' => 'super.cms.list', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0'), array('id_aclsbj' => 'super.cms.view', 'id_aclgrp' => 'group2', 'id_aclres' => null, 'canceled' => '0')); $this->assertTableContainsRecords('jacl2_rights', $rights); }
function install() { $authconfig = $this->config->getValue('auth', 'coordplugins'); $authconfigMaster = $this->config->getValue('auth', 'coordplugins', null, true); $forWS = in_array($this->entryPoint->type, array('json', 'jsonrpc', 'soap', 'xmlrpc')); $createdConfFile = false; if (!$authconfig || $forWS && $authconfig == $authconfigMaster) { //if ($this->entryPoint->type == 'cmdline') { // return; //} if ($forWS) { $pluginIni = 'authsw.coord.ini.php'; } else { $pluginIni = 'auth.coord.ini.php'; } $authconfig = dirname($this->entryPoint->configFile) . '/' . $pluginIni; if ($this->firstExec($authconfig)) { // no configuration, let's install the plugin for the entry point $this->config->setValue('auth', $authconfig, 'coordplugins'); $this->copyFile('var/config/' . $pluginIni, 'epconfig:' . $pluginIni); $createdConfFile = true; } } $conf = new jIniFileModifier(jApp::configPath($authconfig)); $usedStandardDao = $conf->getValue('dao', 'Db') == 'jauthdb~jelixuser'; $this->useDbProfile($conf->getValue('profile', 'Db')); if ($createdConfFile) { mt_srand(); $conf->setValue('persistant_crypt_key', sha1("jelix" . time() . mt_rand())); $conf->save(); } if ($this->firstExec($authconfig) && $this->getParameter('rewriteconfig')) { $conf->setValue('driver', 'Db'); $conf->setValue('dao', 'jcommunity~user', 'Db'); $conf->setValue('form', 'jcommunity~account_admin', 'Db'); $conf->setValue('error_message', 'jcommunity~login.error.notlogged'); $conf->setValue('on_error_action', 'jcommunity~login:out'); $conf->setValue('bad_ip_action', 'jcommunity~login:out'); $conf->setValue('after_logout', 'jcommunity~login:index'); $conf->setValue('enable_after_login_override', 'on'); $conf->setValue('enable_after_logout_override', 'on'); $conf->setValue('after_login', 'jcommunity~account:show'); $conf->save(); } if ($this->getParameter('masteradmin')) { $conf->setValue('after_login', 'master_admin~default:index'); $conf->save(); $this->config->setValue('loginResponse', 'htmlauth', 'jcommunity'); } if ($this->firstDbExec() && !$this->getParameter('notjcommunitytable')) { $conf->setValue('dao', 'jcommunity~user', 'Db'); $conf->setValue('form', 'jcommunity~account_admin', 'Db'); $conf->save(); $this->execSQLScript('sql/install'); $cn = $this->dbConnection(); if ($usedStandardDao && $this->getParameter('migratejauthdbusers')) { $cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . "\n (login, password, email, nickname, status, create_date)\n SELECT usr_login, usr_password, usr_email, usr_login, 1, '" . date('Y-m-d H:i:s') . "'\n FROM " . $cn->prefixTable('jlx_user')); } else { if ($this->getParameter('defaultuser')) { require_once JELIX_LIB_PATH . 'auth/jAuth.class.php'; require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php'; $confIni = parse_ini_file(jApp::configPath($authconfig), true); $authConfig = jAuth::loadConfig($confIni); $driver = new dbAuthDriver($authConfig['Db']); $passwordHash = $driver->cryptPassword('admin'); $cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . " (login, password, email, nickname, status, create_date) VALUES\n ('admin', " . $cn->quote($passwordHash) . ", '*****@*****.**', 'admin', 1, '" . date('Y-m-d H:i:s') . "')"); } } } if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) { jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity'); jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management'); jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change'); // for admin group } if ($this->firstExec('preferences')) { $prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini'); $prefFile = jApp::configPath('preferences.ini.php'); if (file_exists($prefFile)) { $mainPref = new jIniFileModifier($prefFile); //import this way to not erase changed value. $prefIni->import($mainPref); } $prefIni->saveAs($prefFile); } }