/** * Does not respect params * * @param string $url * @return boolean */ public static function hasAccessUrl($url) { $user = common_session_SessionManager::getSession()->getUser(); try { $resolver = new ActionResolver($url); return AclProxy::hasAccess($user, $resolver->getController(), $resolver->getAction(), array()); $className = $resolver->getController(); } catch (ResolverException $e) { return false; } }
protected function verifyAuthorization() { $user = common_session_SessionManager::getSession()->getUser(); if (!AclProxy::hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters())) { $func = new FuncProxy(); $data = new DataAccessControl(); //now go into details to see which kind of permissions are not correct if ($func->hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters()) && !$data->hasAccess($user, $this->getControllerClass(), $this->getAction(), $this->getParameters())) { throw new PermissionException($user->getIdentifier(), $this->getAction(), $this->getControllerClass(), $this->getExtensionId()); } throw new tao_models_classes_AccessDeniedException($user->getIdentifier(), $this->getAction(), $this->getControllerClass(), $this->getExtensionId()); } }
/** * actions that get prevented by a lock are forwareded to this action * parameter view is currently ignored */ public function locked() { $resource = new core_kernel_classes_Resource($this->getRequestParameter('id')); $lockData = LockManager::getImplementation()->getLockData($resource); $this->setData('topclass-label', $this->hasRequestParameter('topclass-label') ? $this->getRequestParameter('topclass-label') : __('Resource')); if (AclProxy::hasAccess(common_session_SessionManager::getSession()->getUser(), __CLASS__, 'forceRelease', array('uri' => $resource->getUri()))) { $this->setData('id', $resource->getUri()); $this->setData('forceRelease', true); } $this->setData('lockDate', $lockData->getCreationTime()); $this->setData('ownerHtml', UserHelper::renderHtmlUser($lockData->getOwnerId())); if ($this->hasRequestParameter('view') && $this->hasRequestParameter('ext')) { $this->setView($this->getRequestParameter('view'), $this->getRequestParameter('ext')); } else { $this->setView('Lock/locked.tpl', 'tao'); } }
/** * get all result delivery execution to display */ public function getResults() { $page = $this->getRequestParameter('page'); $limit = $this->getRequestParameter('rows'); $order = $this->getRequestParameter('sortby'); $sord = $this->getRequestParameter('sortorder'); $start = $limit * $page - $limit; $gau = array('order' => $order, 'orderdir' => strtoupper($sord), 'offset' => $start, 'limit' => $limit, 'recursive' => true); $delivery = new \core_kernel_classes_Resource(tao_helpers_Uri::decode($this->getRequestParameter('classUri'))); try { $implementation = $this->getResultStorage($delivery); $this->getClassService()->setImplementation($implementation); $data = array(); $readOnly = array(); $user = \common_session_SessionManager::getSession()->getUser(); $rights = array('view' => !AclProxy::hasAccess($user, 'oat\\taoOutcomeUi\\controller\\Results', 'viewResult', array()), 'delete' => !AclProxy::hasAccess($user, 'oat\\taoOutcomeUi\\controller\\Results', 'delete', array())); $results = $this->getClassService()->getImplementation()->getResultByDelivery(array($delivery->getUri()), $gau); $counti = $this->getClassService()->getImplementation()->countResultByDelivery(array($delivery->getUri())); foreach ($results as $res) { $deliveryExecution = \taoDelivery_models_classes_execution_ServiceProxy::singleton()->getDeliveryExecution($res['deliveryResultIdentifier']); $testTaker = new core_kernel_classes_Resource($res['testTakerIdentifier']); try { $startTime = \tao_helpers_Date::displayeDate($deliveryExecution->getStartTime()); } catch (\common_exception_NotFound $e) { \common_Logger::w($e->getMessage()); $startTime = ''; } $data[] = array('id' => $deliveryExecution->getIdentifier(), 'ttaker' => _dh($testTaker->getLabel()), 'time' => $startTime); $readOnly[$deliveryExecution->getIdentifier()] = $rights; } $this->returnJson(array('data' => $data, 'page' => floor($start / $limit) + 1, 'total' => ceil($counti / $limit), 'records' => count($data), 'readonly' => $readOnly)); } catch (\common_exception_Error $e) { $this->returnJson(array('error' => $e->getMessage())); } }
/** * compulte permissions for a node against actions * @param array[] $actions the actions data with context, name and the resolver * @param User $user the user * @param array $node a tree node * @return array the node augmented with permissions */ private function computePermissions($actions, $user, $node) { if (isset($node['attributes']['data-uri'])) { foreach ($actions as $action) { if ($node['type'] == $action['context'] || $action['context'] == 'resource') { $resolver = $action['resolver']; try { if ($node['type'] == 'class') { $params = array('classUri' => $node['attributes']['data-uri']); } else { $params = array(); foreach ($node['attributes'] as $key => $value) { if (substr($key, 0, strlen('data-')) == 'data-') { $params[substr($key, strlen('data-'))] = $value; } } } $params['id'] = $node['attributes']['data-uri']; $required = array_keys(ControllerHelper::getRequiredRights($resolver->getController(), $resolver->getAction())); if (count(array_diff($required, array_keys($params))) == 0) { $node['permissions'][$action['id']] = AclProxy::hasAccess($user, $resolver->getController(), $resolver->getAction(), $params); } else { common_Logger::d('Unable to determine access to ' . $action['id'], 'ACL'); } //@todo should be a checked exception! } catch (Exception $e) { common_Logger::w('Unable to resolve permission for action ' . $action['id'] . ' : ' . $e->getMessage()); } } } } if (isset($node['children'])) { foreach ($node['children'] as $index => $child) { $node['children'][$index] = $this->computePermissions($actions, $user, $child); } } return $node; }