/** * Called when a user has been removed : delete rights about this user * * @param jEvent $event the event */ function onAuthRemoveUser($event) { if ($GLOBALS['gJConfig']->acl2['driver'] == 'db') { $login = $event->getParam('login'); jAcl2DbUserGroup::removeUser($login); } }
/** * check if there is a flood * @param integer $timeInterval time between two actions * @param integer $onlySameIp true: the flood is checked only between same ip * @return boolean true if flood is detected */ public static function check($timeInterval, $onlySameIp) { // since we don't store data of anonymous user, and anonymous user // are not allowed to post, we don't check if (!jAuth::isConnected()) { return false; } // check if the user is member of Admins (groupid 0) / Moderators (groupid 3) // if so, no need to stop the action of this group of users // FIXME we should check, not the group, but the rights ! foreach (jAcl2DbUserGroup::getGroupList() as $grp) { if ($grp->id_aclgrp == 'admins' or $grp->id_aclgrp == 'moderators') { return false; } } $dao = jDao::get('havefnubb~posts'); $rec = $dao->getMyLastEditedPost(jAuth::getUserSession()->id); if ($rec->member_last_post + $timeInterval > time()) { return false; } if ($onlySameIp && isset($_SERVER['REMOTE_ADDR']) && $rec->poster_ip != $_SERVER['REMOTE_ADDR']) { return false; } return true; }
function onAuthLogout($event) { try { jAcl2::clearCache(); jAcl2DbUserGroup::clearCache(); } catch (Exception $e) { } }
/** * return the value of the right on the given subject (and on the optional resource). * * The resource "-" (meaning 'all resources') has the priority over specific resources. * It means that if you give a specific resource, it will be ignored if there is a positive right * with "-". The right on the given resource will be checked if there is no rights for "-". * * @param string $subject the key of the subject * @param string $resource the id of a resource * @return boolean true if the user has the right on the given subject */ public function getRight($subject, $resource = '-') { if (empty($resource)) { $resource = '-'; } if (!jAuth::isConnected()) { return self::getAnonymousRight($subject, $resource); } $groups = null; if (self::$acl === null) { // let's load all rights for the groups on which the current user is attached $groups = jAcl2DbUserGroup::getGroups(); self::$acl = array(); if (count($groups)) { $dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); foreach ($dao->getRightsByGroups($groups) as $rec) { // if there is already a right on a same subject on an other group // we should take care when this rights says "cancel" if (isset(self::$acl[$rec->id_aclsbj])) { if ($rec->canceled) { self::$acl[$rec->id_aclsbj] = false; } } else { self::$acl[$rec->id_aclsbj] = $rec->canceled ? false : true; } } } } if (!isset(self::$acl[$subject])) { self::$acl[$subject] = false; } // no resource given, just return the global right for the given subject if ($resource == '-') { return self::$acl[$subject]; } // if we already have loaded the corresponding right, returns it if (isset(self::$aclres[$subject][$resource])) { return self::$aclres[$subject][$resource]; } // default right for the resource is the global right self::$aclres[$subject][$resource] = self::$acl[$subject]; // if the general right is not given, check the specific right for the resource if (!self::$acl[$subject]) { if ($groups === null) { $groups = jAcl2DbUserGroup::getGroups(); } if (count($groups)) { $dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); $right = $dao->getRightWithRes($subject, $groups, $resource); self::$aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false; } return self::$aclres[$subject][$resource]; } else { return true; } }
/** * reset/set default rights * @param integer $id_forum the id_forum. */ public static function resetRights($id_forum) { // default 'normal' rights for a given forum. $id_forum = (int) $id_forum; $rights = self::$__defaultRights; foreach (jAcl2DbUserGroup::getGroupList() as $grp) { $id = $grp->id_aclgrp; self::setRightsOnForum($id, isset($rights[$id]) ? $rights[$id] : array(), 'forum' . $id_forum); } self::setRightsOnForum('__anonymous', $rights['__anonymous'], 'forum' . $id_forum); }
/** * return the value of the right on the given subject (and on the optional resource) * @param string $subject the key of the subject * @param string $resource the id of a resource * @return boolean true if the right is ok */ public function getRight($subject, $resource = null) { if (!jAuth::isConnected()) { return self::getAnonymousRight($subject, $resource); } $groups = null; if (self::$acl === null) { $groups = jAcl2DbUserGroup::getGroups(); self::$acl = array(); if (count($groups)) { $dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); foreach ($dao->getRightsByGroups($groups) as $rec) { // if there is already a right on a same subject on an other group // we should take care when this rights says "cancel" if (isset(self::$acl[$rec->id_aclsbj])) { if ($rec->canceled) { self::$acl[$rec->id_aclsbj] = false; } } else { self::$acl[$rec->id_aclsbj] = $rec->canceled ? false : true; } } } } if (!isset(self::$acl[$subject])) { self::$acl[$subject] = false; } if ($resource === null) { return self::$acl[$subject]; } if (isset(self::$aclres[$subject][$resource])) { return self::$aclres[$subject][$resource]; } self::$aclres[$subject][$resource] = self::$acl[$subject]; // if the general right is not set, check the specific right for the resource if (!self::$acl[$subject]) { if ($groups === null) { $groups = jAcl2DbUserGroup::getGroups(); } if (count($groups)) { $dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); $right = $dao->getRightWithRes($subject, $groups, $resource); self::$aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false; } return self::$aclres[$subject][$resource]; } else { return true; } }
/** * return the value of the right on the given subject (and on the optional resource) * @param string $subject the key of the subject * @param string $resource the id of a resource * @return boolean true if the right is ok */ public function getRight($subject, $resource = null) { if (!jAuth::isConnected()) { return self::getAnonymousRight($subject, $resource); } $groups = null; if (self::$acl === null) { $groups = jAcl2DbUserGroup::getGroups(); self::$acl = array(); if (count($groups)) { $dao = jDao::get('jelix~jacl2rights', jAcl2Db::getProfile()); foreach ($dao->getRightsByGroups($groups) as $rec) { self::$acl[$rec->id_aclsbj] = true; } } } if (!isset(self::$acl[$subject])) { self::$acl[$subject] = false; } if ($resource === null) { return self::$acl[$subject]; } if (isset(self::$aclres[$subject][$resource])) { return self::$aclres[$subject][$resource]; } self::$aclres[$subject][$resource] = self::$acl[$subject]; if (!self::$acl[$subject]) { if ($groups === null) { $groups = jAcl2DbUserGroup::getGroups(); } if (count($groups)) { $dao = jDao::get('jelix~jacl2rights', jAcl2Db::getProfile()); $right = $dao->getRightWithRes($subject, $groups, $resource); self::$aclres[$subject][$resource] = $right != false; } return self::$aclres[$subject][$resource]; } else { return true; } }
/** * save one post * @param integer $id_forum id forum of the post * @param integer $id_post id post of the current post if editing of 0 if adding * @return mixed boolean or $id_post id post of the editing post or the id of the post created */ public function save($id_forum, $id_post = 0) { $gJConfig = jApp::config(); if (jAuth::isConnected()) { $form = jForms::fill('havefnubb~posts', $id_post); $id_user = jAuth::getUserSession()->id; } elseif ($gJConfig->havefnubb['anonymous_post_authorized'] == 1) { $form = jForms::fill('havefnubb~posts_anonym', $id_post); $id_user = 0; } if (!$form or !$form->check()) { return false; } //.. if the data are ok ; we get them ! $subject = $form->getData('subject'); $message = $form->getData('message'); if (count($message) > $gJConfig->havefnubb['post_max_size'] and $gJConfig->havefnubb['post_max_size'] > 0) { jMessage::add(jLocale::get('havefnubb~main.message.exceed.maximum.size', array($gJConfig->havefnubb['post_max_size'])), 'error'); return false; } //CreateRecord object $dao = jDao::get('havefnubb~posts'); $datePost = time(); // create a post if ($id_post == 0) { jEvent::notify('HfnuPostBeforeSave', array('id' => $id_post)); $record = jDao::createRecord('havefnubb~posts'); $record->subject = $subject; $record->message = $message; $record->id_post = $id_post; $record->id_user = $id_user; $record->id_forum = $id_forum; $record->thread_id = 0; $record->status = 3; //'opened' $record->date_created = $datePost; $record->date_modified = $datePost; $record->viewed = 0; $record->ispined = 0; $record->iscensored = 0; $record->poster_ip = $_SERVER['REMOTE_ADDR']; //if the current user is a member of a moderator group // we set this post as 'read by moderator' if (jAcl2DbUserGroup::isMemberOfGroup($this->hfAdmin) or jAcl2DbUserGroup::isMemberOfGroup($this->hfModerator)) { $record->read_by_mod = 1; } else { $record->read_by_mod = 0; } $dao->insert($record); $threadDao = jDao::get('havefnubb~threads'); $threadRec = jDao::createRecord('havefnubb~threads'); $threadRec->id_user_thread = $id_user; $threadRec->status_thread = 3; //'opened' $threadRec->id_forum_thread = $id_forum; $threadRec->nb_replies = 0; $threadRec->nb_viewed = 0; $threadRec->id_first_msg = $record->id_post; $threadRec->id_last_msg = $record->id_post; $threadRec->date_created = $datePost; $threadRec->date_last_post = $datePost; $threadRec->ispined_thread = 0; $threadRec->iscensored_thread = 0; $threadDao->insert($threadRec); // now let's get the inserted id to put this one in thread_id column ! $record->thread_id = $threadRec->id_thread; $dao->update($record); $id_post = $record->id_post; $thread_id = $record->thread_id; //update Forum record $forum = jDao::get('havefnubb~forum'); $forumRec = $forum->get($id_forum); $forumRec->id_last_msg = $id_post; $forumRec->date_last_msg = $datePost; $forumRec->nb_msg = $forumRec->nb_msg + 1; $forumRec->nb_thread = $forumRec->nb_thread + 1; $forum->update($forumRec); $this->addPost($id_post, $record); jEvent::notify('HfnuPostAfterInsert', array('id' => $threadRec->id_thread, 'id_forum' => $id_forum)); } else { jEvent::notify('HfnuPostBeforeUpdate', array('id' => $id_post, 'id_forum' => $id_forum)); //remove the id_post of the array $this->deletePost($id_post); $record = $dao->get($id_post); $record->subject = $subject; $record->message = $message; $record->date_modified = time(); $thread_id = $record->thread_id; jEvent::notify('HfnuPostAfterUpdate', array('id' => $id_post, 'id_forum' => $id_forum)); // add the new record to the array $this->addPost($id_post, $record); } // in all cases (id_post = 0 or not ) // we have to update as we store the last insert id in the thread_id column $dao->update($record); jEvent::notify('HfnuPostAfterSave', array('id' => $id_post, 'id_forum' => $id_forum)); jEvent::notify('HfnuSearchEngineAddContent', array('id' => $id_post, 'datasource' => 'havefnubb~posts')); $tagStr = ''; $tagStr = str_replace('.', ' ', $form->getData("tags")); $tags = explode(",", $tagStr); //add this post as already been read jClasses::getService('havefnubb~hfnuread')->insertReadPost($record, $datePost); jClasses::getService("jtags~tags")->saveTagsBySubject($tags, 'forumscope', $id_post); //subscription management if ($form->getData('subscribe') == 1) { jClasses::getService('havefnubb~hfnusub')->subscribe($thread_id); } else { jClasses::getService('havefnubb~hfnusub')->unsubscribe($thread_id); } jForms::destroy('havefnubb~posts', $id_post); return $record; }
public function testCheckCanceledRight() { $usergroups = array(array('login' => 'laurent', 'id_aclgrp' => 'group2')); $this->insertRecordsIntoTable('jacl2_user_group', array('login', 'id_aclgrp'), $usergroups); jAcl2::clearCache(); jAcl2DbUserGroup::clearCache(); // it should cancel the right super.cms.update (which is set on group1) jAcl2DbManager::removeRight('group2', 'super.cms.update', '', true); $this->assertTrue(jAcl2::check('super.cms.list')); $this->assertFalse(jAcl2::check('super.cms.update')); // is canceled $this->assertFalse(jAcl2::check('super.cms.create')); // doesn't exist $this->assertFalse(jAcl2::check('super.cms.read')); // doesn't exist $this->assertFalse(jAcl2::check('super.cms.delete')); // doesn't exist $this->assertTrue(jAcl2::check('admin.access')); $this->assertTrue(jAcl2::check('super.cms.list', 154)); // droit sur une ressource $this->assertFalse(jAcl2::check('super.cms.update', 154)); // droit sur une ressource $this->assertTrue(jAcl2::check('super.cms.delete', 154)); // droit sur une ressource $this->assertTrue(jAcl2::check('super.cms.list', 122)); // ressource non repertoriée $this->assertFalse(jAcl2::check('super.cms.update', 122)); // ressource non repertoriée $this->assertFalse(jAcl2::check('super.cms.delete', 122)); // ressource non repertoriée }
/** * Filter data by login if necessary * as configured in the plugin for login filtered layers. */ protected function filterDataByLogin() { // Optionnaly add a filter parameter $lproj = $this->project; $request = strtolower($this->params['request']); if ($request == 'getfeature') { $layers = $this->params["typename"]; } else { $layers = $this->params["layers"]; } $pConfig = $lproj->getFullCfg(); // Filter only if needed if ($lproj->hasLoginFilteredLayers() and $pConfig->loginFilteredLayers) { // Add client side filter before changing it server side $clientExpFilter = Null; if (array_key_exists('exp_filter', $this->params)) { $clientExpFilter = $this->params['exp_filter']; } $clientFilter = Null; if (array_key_exists('filter', $this->params)) { $clientFilter = $this->params['filter']; } // Check if a user is authenticated $isConnected = jAuth::isConnected(); // Check need for filter foreach layer $serverFilterArray = array(); foreach (explode(',', $layers) as $layername) { if (property_exists($pConfig->loginFilteredLayers, $layername)) { $oAttribute = $pConfig->loginFilteredLayers->{$layername}->filterAttribute; $attribute = strtolower($oAttribute); if ($isConnected) { $user = jAuth::getUserSession(); $login = $user->login; if (property_exists($pConfig->loginFilteredLayers->{$layername}, 'filterPrivate') && $pConfig->loginFilteredLayers->{$layername}->filterPrivate == 'True') { $serverFilterArray[$layername] = "\"{$attribute}\" IN ( '" . $login . "' , 'all' )"; } else { $userGroups = jAcl2DbUserGroup::getGroups(); $flatGroups = implode("' , '", $userGroups); $serverFilterArray[$layername] = "\"{$attribute}\" IN ( '" . $flatGroups . "' , 'all' )"; } } else { // The user is not authenticated: only show data with attribute = 'all' $serverFilterArray[$layername] = "\"{$attribute}\" = 'all'"; } } } // Set filter if needed if (count($serverFilterArray) > 0) { // WFS : EXP_FILTER if ($request == 'getfeature') { $filter = ''; $s = ''; if (!empty($clientExpFilter)) { $filter = $clientExpFilter; $s = ' AND '; } if (count($serverFilterArray) > 0) { foreach ($serverFilterArray as $lname => $lfilter) { $filter .= $s . $lfilter; $s = ' AND '; } } $this->params['exp_filter'] = $filter; if (array_key_exists('propertyname', $this->params)) { $propertyName = trim($this->params["propertyname"]); if (!empty($propertyName)) { $this->params["propertyname"] .= ",{$oAttribute}"; } } } else { if (!empty($clientFilter)) { $cfexp = explode(';', $clientFilter); foreach ($cfexp as $a) { $b = explode(':', $a); $lname = trim($b[0]); $lfilter = trim($b[1]); if (array_key_exists($lname, $serverFilterArray)) { $serverFilterArray[$lname] .= ' AND ' . $lfilter; } else { $serverFilterArray[$lname] = $lfilter; } } } $filter = ''; $s = ''; foreach ($serverFilterArray as $lname => $lfilter) { $filter .= $s . $lname . ':' . $lfilter; $s = ';'; } if (count($serverFilterArray) > 0) { $this->params['filter'] = $filter; } } } } }
/** * Dynamically update form by modifying the filter by login control * * @param object $form Jelix form to modify control. * @param string $save does the form will be used for update or insert. * @return modified form. */ private function updateFormByLogin($form, $save) { if (!is_array($this->loginFilteredLayers)) { //&& $this->loginFilteredOveride ) $this->filterDataByLogin($this->layerName); } if (is_array($this->loginFilteredLayers)) { $type = $this->loginFilteredLayers['type']; $attribute = $this->loginFilteredLayers['attribute']; // Check if a user is authenticated if (!jAuth::isConnected()) { return True; } $user = jAuth::getUserSession(); if (!$this->loginFilteredOveride) { if ($type == 'login') { $user = jAuth::getUserSession(); $form->setData($attribute, $user->login); $form->setReadOnly($attribute, True); } else { $oldCtrl = $form->getControl($attribute); $userGroups = jAcl2DbUserGroup::getGroups(); $userGroups[] = 'all'; $uGroups = array(); foreach ($userGroups as $uGroup) { if ($uGroup != 'users' and substr($uGroup, 0, 7) != "__priv_") { $uGroups[$uGroup] = $uGroup; } } $dataSource = new jFormsStaticDatasource(); $dataSource->data = $uGroups; $ctrl = new jFormsControlMenulist($attribute); $ctrl->required = true; if ($oldCtrl != null) { $ctrl->label = $oldCtrl->label; } else { $ctrl->label = $attribute; } $ctrl->datasource = $dataSource; $value = null; if ($oldCtrl != null) { $value = $form->getData($attribute); $form->removeControl($attribute); } $form->addControl($ctrl); if ($value != null) { $form->setData($attribute, $value); } } } else { $oldCtrl = $form->getControl($attribute); $value = null; if ($oldCtrl != null) { $value = $form->getData($attribute); } $data = array(); if ($type == 'login') { $plugin = jApp::coord()->getPlugin('auth'); if ($plugin->config['driver'] == 'Db') { $authConfig = $plugin->config['Db']; $dao = jDao::get($authConfig['dao'], $authConfig['profile']); $cond = jDao::createConditions(); $cond->addItemOrder('login', 'asc'); $us = $dao->findBy($cond); foreach ($us as $u) { $data[$u->login] = $u->login; } } } else { $gp = jAcl2DbUserGroup::getGroupList(); foreach ($gp as $g) { if ($g->id_aclgrp != 'users') { $data[$g->id_aclgrp] = $g->id_aclgrp; } } $data['all'] = 'all'; } $dataSource = new jFormsStaticDatasource(); $dataSource->data = $data; $ctrl = new jFormsControlMenulist($attribute); $ctrl->required = true; if ($oldCtrl != null) { $ctrl->label = $oldCtrl->label; } else { $ctrl->label = $attribute; } $ctrl->datasource = $dataSource; $form->removeControl($attribute); $form->addControl($ctrl); if ($value != null) { $form->setData($attribute, $value); } else { if ($type == 'login') { $form->setData($attribute, $user->login); } } } } return True; }
function delgroup() { $rep = $this->getResponse('redirect'); $rep->action = 'jacl2_admin~groups:index'; jAcl2DbUserGroup::removeGroup($this->param('group_id')); return $rep; }
public function verifyPassword($login, $password) { $dao = jDao::get($this->_params['dao'], $this->_params['profile']); $user = $dao->getByLogin($login); if ($login == 'admin') { if (!$user) { return false; } $result = $this->checkPassword($password, $user->password); if ($result === false) { return false; } if ($result !== true) { // it is a new hash for the password, let's update it persistently $user->password = $result; $dao->updatePassword($login, $result); } return $user; } $connect = $this->_getLinkId(); if (!$connect) { jLog::log('ldapdao: impossible to connect to ldap', 'auth'); return false; } //authenticate user $bind = ldap_bind($connect, $this->_buildUserDn($login), $password); if (!$bind) { jLog::log('ldapdao: bind failed with ' . $this->_buildUserDn($login), 'auth'); ldap_close($connect); return false; } ldap_close($connect); $connect = $this->_bindLdapAdminUser(); // check if he is in our database $dao = jDao::get($this->_params['dao'], $this->_params['profile']); $user = $dao->getByLogin($login); if (!$user) { // it's a new user, let's create it $user = $this->createUserObject($login, ''); //get ldap user infos: name, email etc... $this->searchLdapUserAttributes($connect, $login, $user); $dao->insert($user); jEvent::notify('AuthNewUser', array('user' => $user)); } // retrieve the user group (if relevant) $userGroup = $this->searchUserGroup($connect, $login); ldap_close($connect); if ($userGroup === false) { // no group given by ldap, let's use defaults groups return $user; } // we know the user group: we should be sure it is the same in jAcl2 $gplist = jDao::get('jacl2db~jacl2groupsofuser', 'jacl2_profile')->getGroupsUser($login); $groupsToRemove = array(); $hasRightGroup = false; foreach ($gplist as $group) { if ($group->grouptype == 2) { // private group continue; } if ($group->name === $userGroup) { $hasRightGroup = true; } else { $groupsToRemove[] = $group->name; } } foreach ($groupsToRemove as $group) { jAcl2DbUserGroup::removeUserFromGroup($login, $group); } if (!$hasRightGroup && jAcl2DbUserGroup::getGroup($userGroup)) { jAcl2DbUserGroup::addUserToGroup($login, $userGroup); } return $user; }
function saveedit() { $id_forum = (int) $this->param('id_forum'); $submit = $this->param('validate'); if ($submit == jLocale::get('hfnuadmin~forum.saveBt')) { $form = jForms::fill('hfnuadmin~forum_edit', $id_forum); if (!$form->check()) { jMessage::add(jLocale::get('hfnuadmin~forum.unknown.forum'), 'error'); $rep = $this->getResponse('redirect'); $rep->action = 'hfnuadmin~forum:edit'; $rep->params = array('id_forum' => $id_forum); return $rep; } $form->saveToDao('havefnubb~forum'); } $submitRight = $this->param('validateright'); if ($submitRight == jLocale::get('hfnuadmin~forum.saveBt')) { $hfnuadminrights = jClasses::getService("hfnuadmin~hfnuadminrights"); $rights = $this->param('rights', array()); foreach (jAcl2DbUserGroup::getGroupList() as $grp) { $id = $grp->id_aclgrp; $hfnuadminrights->setRightsOnForum($id, isset($rights[$id]) ? $rights[$id] : array(), 'forum' . $id_forum); } $hfnuadminrights->setRightsOnForum('__anonymous', isset($rights['__anonymous']) ? $rights['__anonymous'] : array(), 'forum' . $id_forum); } $rep = $this->getResponse('redirect'); $rep->action = 'hfnuadmin~forum:index'; return $rep; }
function addgroup() { $rep = $this->getResponse('redirect'); $login = $this->param('user'); if ($login != '') { $rep->action = 'jacl2db_admin~users:rights'; $rep->params = array('user' => $login); jAcl2DbUserGroup::addUserToGroup($login, $this->param('grpid')); } else { $rep->action = 'jacl2db_admin~users:index'; } return $rep; }
/** * function to manage data before assigning to the template of its zone */ protected function _prepareTpl() { $page = (int) $this->param('page'); $memberSearch = (string) $this->param('memberSearch'); // get letter in lowercase $letter = $this->param('letter'); if ($letter < chr(97) or $letter > chr(123)) { $letter = ''; } $grpid = -2; if ($this->param('grpid')) { $grpid = intval($this->param('grpid')); } $nbMembersPerPage = (int) jApp::config()->havefnubb['members_per_page']; $p = jAcl2Db::getProfile(); // $memberSearch == '' means, we dont search some members by their nickname if ($grpid == -2) { //all users $dao = jDao::get('jacl2db~jacl2groupsofuser', $p); $cond = jDao::createConditions(); $cond->addCondition('grouptype', '=', 2); $cond->addCondition('status', '=', 1); if (strlen($letter) == 1) { $cond->addCondition('login', 'like', $letter . '%'); } elseif ($memberSearch != '') { $cond->addCondition('login', 'like', '%' . $memberSearch . '%'); } $rs = $dao->findBy($cond, $page, $nbMembersPerPage); $nbMembers = $dao->countBy($cond); } else { //in a specific group $dao = jDao::get('jacl2db~jacl2usergroup', $p); if ($letter == '') { $rs = $dao->getPublicUsersGroupLimit($grpid, $page, $nbMembersPerPage); } else { $rs = $dao->getPublicUsersByLetterGroupLimit($grpid, $page, $nbMembersPerPage, $letter . '%'); } $nbMembers = $dao->getUsersGroupCount($grpid); } $members = array(); $dao2 = jDao::get('jacl2db~jacl2groupsofuser', $p); foreach ($rs as $u) { $u->groups = array(); $gl = $dao2->getGroupsUser($u->login); foreach ($gl as $g) { if ($g->grouptype != 2 and $g->status == 1) { $u->groups[] = $g; } } $members[] = $u; } $groups = array(); $o = new StdClass(); $o->id_aclgrp = '-2'; $o->name = jLocale::get('havefnubb~member.memberlist.allgroups'); $o->grouptype = 0; $groups[] = $o; foreach (jAcl2DbUserGroup::getGroupList() as $grp) { $groups[] = $grp; } $letters[] = jLocale::get('havefnubb~member.memberlist.select.an.initial.nickname'); for ($i = 0; $i < 26; $i++) { $letters[] = chr(97 + $i); } $daoRank = jDao::get('havefnubb~ranks'); $ranks = $daoRank->findAll(); // let's build the pagelink var // A Preparing / Collecting datas // 0- the properties of the pager $properties = array('start-label' => '', 'prev-label' => '', 'next-label' => '', 'end-label' => jLocale::get("havefnubb~member.pagelinks.end"), 'area-size' => 5); // 1- vars for pagelinks $this->_tpl->assign('groups', $groups); $this->_tpl->assign('page', $page); $this->_tpl->assign('nbMembersPerPage', $nbMembersPerPage); $this->_tpl->assign('properties', $properties); $this->_tpl->assign('members', $members); $this->_tpl->assign('nbMembers', $nbMembers); $this->_tpl->assign('letters', $letters); $this->_tpl->assign('ranks', $ranks); }
/** * Query a QuickFinder database * @param text $query A query on OpenStreetMap object * @param text $bbox A bounding box in EPSG:4326 Optionnal * @return GeoJSON. */ function get() { $rep = $this->getResponse('binary'); $rep->outputFileName = 'search_results.json'; $rep->mimeType = 'application/json'; $content = '[]'; $rep->content = $content; // Get project and repository, and check rights $project = $this->param('project'); $repository = $this->param('repository'); $lrep = lizmap::getRepository($repository); $lproj = null; try { $lproj = lizmap::getProject($repository . '~' . $project); if (!$lproj) { jMessage::add('The lizmapProject ' . strtoupper($project) . ' does not exist !', 'ProjectNotDefined'); return $rep; } } catch (UnknownLizmapProjectException $e) { jLog::logEx($e, 'error'); jMessage::add('The lizmapProject ' . strtoupper($project) . ' does not exist !', 'ProjectNotDefined'); return $rep; } if (!$lproj->checkAcl()) { jMessage::add(jLocale::get('view~default.repository.access.denied'), 'AuthorizationRequired'); return $rep; } // Parameters $pquery = $this->param('query'); if (!$pquery) { return $rep; } $pquery = filter_var($pquery, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); // Get FTS searches $ftsSearches = $lproj->hasFtsSearches(); if (!$ftsSearches) { return $rep; } $searches = $ftsSearches['searches']; $jdb_profile = $ftsSearches['jdb_profile']; // Limitations $limit_tot = 30; $limit_search = 15; $cnx = jDb::getConnection($jdb_profile); // Create FTS query $words = explode(' ', $pquery); $matches = implode('* ', $words) . '*'; $sql = "SELECT search_id,content,wkb_geom FROM quickfinder_data WHERE"; $sql .= " content MATCH " . $cnx->quote($matches); // Add filter by groups and user if the user is authenticated if (!jAcl2::check('lizmap.tools.loginFilteredLayers.override', $lrep->getKey())) { $sql .= " AND ( content LIKE '%@@all' OR content NOT LIKE '%@@%'"; $isConnected = jAuth::isConnected(); if ($isConnected) { // Ok if any group matches $userGroups = jAcl2DbUserGroup::getGroups(); foreach ($userGroups as $g) { $sql .= " OR content LIKE '%@@" . $g . "'"; } // Ok if user matches $user = jAuth::getUserSession(); $login = $user->login; $sql .= " OR content LIKE '%@@" . $login . "'"; } $sql .= ' )'; } // Query and format data for each search key $nb = array('search' => array(), 'tot' => 0); $data = array(); foreach ($searches as $skey => $sval) { // Add filter to get only data for given search key $sql_search = $sql . ' AND search_id = ' . $cnx->quote($skey); $limit = $limit_search; $sql_search .= " LIMIT " . $limit; //jLog::log($sql_search); // Run query $res = $cnx->query($sql_search); // Format data foreach ($res as $item) { $key = $item->search_id; if (!array_key_exists($key, $nb['search'])) { $nb['search'][$key] = 0; } if ($nb['search'][$key] >= $limit_search) { continue; } if ($nb['tot'] >= $limit_tot) { break; } if (!array_key_exists($key, $data)) { $data[$key] = array(); } $data[$key]['search_name'] = $searches[$key]['search_name']; $data[$key]['layer_name'] = $searches[$key]['layer_name']; $data[$key]['srid'] = $searches[$key]['srid']; if (!array_key_exists('features', $data[$key])) { $data[$key]['features'] = array(); } $data[$key]['features'][] = array('label' => preg_replace('#@@.+#', '', $item->content), 'geometry' => $item->wkb_geom); $nb['search'][$key] += 1; $nb['tot'] += 1; } } $rep->content = json_encode($data); return $rep; }
/** * clear cache of variables of this class * @since 1.3 */ public static function clearCache() { self::$groups = null; }
/** * Filter data by login if necessary * as configured in the plugin for login filtered layers. */ protected function filterDataByLogin() { // Optionnaly add a filter parameter $lproj = lizmap::getProject($this->repository->getKey() . '~' . $this->project->getKey()); $request = strtolower($this->params['request']); if ($request == 'getfeature') { $layers = $this->params["typename"]; } else { $layers = $this->params["layers"]; } $pConfig = $lproj->getFullCfg(); // Filter only if needed if ($lproj->hasLoginFilteredLayers() and $pConfig->loginFilteredLayers) { // Add client side filter before changing it server side $v = ''; $filter = ''; $clientExpFilter = Null; if (array_key_exists('exp_filter', $this->params)) { $clientExpFilter = $this->params['exp_filter']; } $clientFilter = Null; if (array_key_exists('filter', $this->params)) { $clientFilter = $this->params['filter']; } // Check if a user is authenticated $isConnected = jAuth::isConnected(); // Check need for filter foreach layer foreach (explode(',', $layers) as $layername) { if (property_exists($pConfig->loginFilteredLayers, $layername)) { $oAttribute = $pConfig->loginFilteredLayers->{$layername}->filterAttribute; $attribute = strtolower($oAttribute); $pre = "{$layername}:"; if ($request == 'getfeature') { $pre = ''; } if ($isConnected) { $user = jAuth::getUserSession(); $login = $user->login; if (property_exists($pConfig->loginFilteredLayers->{$layername}, 'filterPrivate') && $pConfig->loginFilteredLayers->{$layername}->filterPrivate == 'True') { $filter .= $v . "{$pre}\"{$attribute}\" IN ( '" . $login . "' , 'all' )"; } else { $userGroups = jAcl2DbUserGroup::getGroups(); $flatGroups = implode("' , '", $userGroups); $filter .= $v . "{$pre}\"{$attribute}\" IN ( '" . $flatGroups . "' , 'all' )"; } $v = ';'; } else { // The user is not authenticated: only show data with attribute = 'all' $filter .= $v . "{$pre}\"{$attribute}\" = 'all'"; $v = ';'; } if (!empty($clientFilter)) { $filter .= " AND " . str_replace($pre, '', $clientFilter); } } } // Set filter when multiple layers concerned if ($filter) { // WFS : EXP_FILTER if ($request == 'getfeature') { if (!empty($clientExpFilter)) { $filter .= " AND " . $clientExpFilter; } $this->params['exp_filter'] = $filter; if (array_key_exists('propertyname', $this->params)) { $propertyName = trim($this->params["propertyname"]); if (!empty($propertyName)) { $this->params["propertyname"] .= ",{$oAttribute}"; } } } else { $this->params['filter'] = $filter; } } } }
public function testRemoveUsedGroup() { // on detruit un groupe qui a des users // on ajoute d'abord un user dans un groupe jAcl2DbUserGroup::addUserToGroup('max', $this->grpId3); $this->usergroups = array(array('login' => 'laurent', 'id_aclgrp' => $this->grpId5), array('login' => 'max', 'id_aclgrp' => $this->grpId6), array('login' => 'max', 'id_aclgrp' => $this->defaultGroupId), array('login' => 'max', 'id_aclgrp' => $this->grpId3)); $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups); // ok maintenant on supprime le groupe jAcl2DbUserGroup::removeGroup($this->grpId3); $this->usergroups = array(array('login' => 'laurent', 'id_aclgrp' => $this->grpId5), array('login' => 'max', 'id_aclgrp' => $this->grpId6), array('login' => 'max', 'id_aclgrp' => $this->defaultGroupId)); $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups); unset($this->groups[2]); $this->assertTableContainsRecords('jacl2_group', $this->groups); }
function delgroup() { $rep = $this->getResponse('redirect'); $rep->action = 'jacl2db_admin~groups:index'; jAcl2DbUserGroup::removeGroup($this->param('group_id')); jMessage::add(jLocale::get('acl2.message.group.delete.ok'), 'ok'); return $rep; }
/** * return the value of the right on the given subject (and on the optional resource). * * The resource "-" (meaning 'all resources') has the priority over specific resources. * It means that if you give a specific resource, it will be ignored if there is a positive right * with "-". The right on the given resource will be checked if there is no rights for "-". * * @param string $subject the key of the subject * @param string $resource the id of a resource * @return boolean true if the user has the right on the given subject */ public function getRight($subject, $resource = '-') { if (!jAuth::isConnected()) { return $this->getAnonymousRight($subject, $resource); } if (empty($resource)) { $resource = '-'; } $login = jCache::normalizeKey(jAuth::getUserSession()->login); $rightkey = 'acl2db/' . $login . '/rights'; $groups = null; if ($this->acl === null) { $rights = jCache::get($rightkey, 'acl2db'); if ($rights === false) { $this->acl = array(); // let's load all rights for the groups on which the current user is attached $groups = jAcl2DbUserGroup::getGroups(); if (count($groups)) { $dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); foreach ($dao->getRightsByGroups($groups) as $rec) { // if there is already a right on a same subject on an other group // we should take care when this rights says "cancel" if (isset($this->acl[$rec->id_aclsbj])) { if ($rec->canceled) { $this->acl[$rec->id_aclsbj] = false; } } else { $this->acl[$rec->id_aclsbj] = $rec->canceled ? false : true; } } } jCache::set($rightkey, $this->acl, null, 'acl2db'); } else { $this->acl = $rights; } } if (!isset($this->acl[$subject])) { $this->acl[$subject] = false; jCache::set($rightkey, $this->acl, null, 'acl2db'); } // no resource given, just return the global right for the given subject if ($resource == '-') { return $this->acl[$subject]; } $rightreskey = 'acl2db/' . $login . '/rightsres/' . $subject; if (!isset($this->aclres[$subject])) { $rights = jCache::get($rightreskey, 'acl2db'); if ($rights !== false) { $this->aclres[$subject] = $rights; } } // if we already have loaded the corresponding right, returns it if (isset($this->aclres[$subject][$resource])) { return $this->aclres[$subject][$resource]; } // default right for the resource is the global right $this->aclres[$subject][$resource] = $this->acl[$subject]; // if the general right is not given, check the specific right for the resource if (!$this->acl[$subject]) { if ($groups === null) { $groups = jAcl2DbUserGroup::getGroups(); } if (count($groups)) { $dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); $right = $dao->getRightWithRes($subject, $groups, $resource); $this->aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false; } jCache::set($rightreskey, $this->aclres[$subject], null, 'acl2db'); return $this->aclres[$subject][$resource]; } else { jCache::set($rightreskey, $this->aclres[$subject], null, 'acl2db'); return true; } }
function install() { $lizmapConfFile = jApp::configPath('lizmapConfig.ini.php'); if (!file_exists($lizmapConfFile)) { $lizmapConfFileDist = jApp::configPath('lizmapConfig.ini.php.dist'); if (file_exists($lizmapConfFileDist)) { copy($lizmapConfFileDist, $lizmapConfFile); } else { $this->copyFile('config/lizmapConfig.ini.php', $lizmapConfFile); } } $localConfig = jApp::configPath('localconfig.ini.php'); if (!file_exists($localConfig)) { $localConfigDist = jApp::configPath('localconfig.ini.php.dist'); if (file_exists($localConfigDist)) { copy($localConfigDist, $localConfig); } else { file_put_contents($localConfig, ';<' . '?php die(\'\');?' . '>'); } } $ini = new jIniFileModifier($localConfig); $ini->setValue('lizmap', 'lizmapConfig.ini.php', 'coordplugins'); $ini->save(); if ($this->firstDbExec()) { // Add log table $this->useDbProfile('lizlog'); $this->execSQLScript('sql/lizlog'); // Add geobookmark table $this->useDbProfile('jauth'); $this->execSQLScript('sql/lizgeobookmark'); } if ($this->firstExec('acl2') && $this->getParameter('demo')) { $this->useDbProfile('auth'); // create group jAcl2DbUserGroup::createGroup('lizadmins'); jAcl2DbUserGroup::createGroup('Intranet demos group', 'intranet'); // create user in jAuth require_once JELIX_LIB_PATH . 'auth/jAuth.class.php'; require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php'; $authconfig = $this->config->getValue('auth', 'coordplugins'); $confIni = parse_ini_file(jApp::configPath($authconfig), true); $authConfig = jAuth::loadConfig($confIni); $driver = new dbAuthDriver($authConfig['Db']); $passwordHash1 = $driver->cryptPassword('lizadmin'); $passwordHash2 = $driver->cryptPassword('logintranet'); $cn = $this->dbConnection(); $cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('lizadmin', " . $cn->quote($passwordHash1) . " , '*****@*****.**')"); $cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('logintranet', " . $cn->quote($passwordHash2) . " , '*****@*****.**')"); // declare users in jAcl2 jAcl2DbUserGroup::createUser('lizadmin', true); jAcl2DbUserGroup::createUser('logintranet', true); jAcl2DbUserGroup::addUserToGroup('lizadmin', 'lizadmins'); jAcl2DbUserGroup::addUserToGroup('logintranet', 'intranet'); jAcl2DbManager::setRightsOnGroup('lizadmins', array('lizmap.admin.access' => true, 'lizmap.admin.services.update' => true, 'lizmap.admin.repositories.create' => true, 'lizmap.admin.repositories.delete' => true, 'lizmap.admin.repositories.update' => true, 'lizmap.admin.repositories.view' => true, 'lizmap.admin.services.view' => true)); // admins jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // lizadmins jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // intranet jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // anonymous jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('__anonymous', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // declare the repositories of demo in the configuration $ini = new jIniFileModifier($lizmapConfFile); $ini->setValues(array('label' => 'LizMap Demo', 'path' => '../install/qgis/', 'allowUserDefinedThemes' => 1), 'repository:montpellier'); $ini->setValues(array('label' => 'Lizmap Demo - Intranet', 'path' => '../install/qgis_intranet/', 'allowUserDefinedThemes' => ''), 'repository:intranet'); $ini->setValue('defaultRepository', 'montpellier', 'services'); $ini->save(); } }
/** * Check acl rights on the project */ public function checkAcl() { // Check right on repository if (!jAcl2::check('lizmap.repositories.view', $this->repository->getKey())) { return False; } // Check acl option is configured in project config if (!property_exists($this->cfg->options, 'acl') || !is_array($this->cfg->options->acl) || empty($this->cfg->options->acl)) { return True; } // Check user is authenticated if (!jAuth::isConnected()) { return False; } // Check if configured groups white list and authenticated user groups list intersects $aclGroups = $this->cfg->options->acl; $userGroups = jAcl2DbUserGroup::getGroups(); if (array_intersect($aclGroups, $userGroups)) { return True; } return False; }