/**
* creates a new access group controller
* @return AccessGroupController AccessGroupController instance
*/
public static function create()
{
//check, if an AccessGroupController instance already exists
if (AccessGroupController::$accessGroupController == null) {
AccessGroupController::$accessGroupController = new AccessGroupController();
}
return AccessGroupController::$accessGroupController;
}
/**
* Ask for authorisation
* @param $accessgroup accessgroup of the user
* @param $applicationpart part of the application the user wants access
* @return access permissions for the application part
* 0 = no access, 1 = readonly, 2 = read/write
*/
public function authorise($accessgroup, $applicationpart)
{
$accessGroupController = AccessGroupController::create();
/*
* setup array with possible application parts.
* Example: objects/router => objects/router, objects, default
*/
$applicationparts = array();
$applicationparts[] = "default";
$applicationparts[] = $applicationpart;
while (strrpos($applicationpart, '/') !== FALSE) {
$newlength = strrpos($applicationpart, '/');
$applicationpart = substr($applicationpart, 0, $newlength);
$applicationparts[] = $applicationpart;
}
//get permissions from database
$permissionDefault = -1;
$permissionBestMatch = -1;
$matchLevel = 0;
try {
$accessGroupObject = $accessGroupController->getAccessGroup($accessgroup);
$accessRules = $accessGroupObject->getAccessRules();
foreach ($accessRules as $accessRule) {
$accessRuleAppPart = $accessRule->getApplicationPart();
$accessRuleAccess = $accessRule->getAccess();
if (array_search($accessRuleAppPart, $applicationparts) !== FALSE) {
$accessRuleMatchLevel = substr_count($accessRuleAppPart, '/');
if ($accessRuleAppPart == "default") {
$permissionDefault = $accessRuleAccess;
} elseif ($accessRuleMatchLevel >= $matchLevel) {
$permissionBestMatch = $accessRuleAccess;
$matchLevel = $accessRuleMatchLevel;
}
}
}
} catch (Exception $e) {
//doing nothing
}
//calculate permission
$permission = 0;
if ($permissionDefault > -1) {
$permission = $permissionDefault;
}
if ($permissionBestMatch > -1) {
$permission = $permissionBestMatch;
}
return $permission;
}
/**
* creates the default access groups in datastore
* @return boolean true, if access groups were created
* false, if there were errors
*/
public function createDefaultAccessGroups()
{
try {
$accessGroupController = AccessGroupController::create();
//add access group
$accessGroupController->addAccessGroup("admin");
$accessGroupController->addAccessGroup("user");
//add access rights
$accessGroupController->addAccessRule("admin", "default", 2);
$accessGroupController->addAccessRule("admin", "admin", 2);
$accessGroupController->addAccessRule("admin", "rest", 2);
$accessGroupController->addAccessRule("user", "default", 2);
$accessGroupController->addAccessRule("user", "admin", 0);
$accessGroupController->addAccessRule("user", "rest", 0);
return true;
} catch (Exception $e) {
return false;
}
}
use yourCMDB\controller\ObjectController;
use yourCMDB\controller\ObjectLinkController;
use yourCMDB\controller\ObjectLogController;
use yourCMDB\security\AuthorisationProviderLocal;
use yourCMDB\taskscheduler\EventProcessor;
use yourCMDB\info\InfoController;
//define base directories
$webScriptBaseDir = dirname(__FILE__);
$coreBaseDir = realpath("{$webScriptBaseDir}/../../core");
//include yourCMDB bootstrap
include "{$coreBaseDir}/bootstrap.php";
//include function definitions
include "functions.inc.php";
//define variables
$config = CmdbConfig::create();
$accessGroupController = AccessGroupController::create();
$objectController = ObjectController::create();
$objectLinkController = ObjectLinkController::create();
$objectLogController = ObjectLogController::create();
$authorisationProvider = new AuthorisationProviderLocal();
$eventProcessor = new EventProcessor();
$infoController = new InfoController();
//set default values of some variables
$authUser = "";
//get configuration
$installTitle = $config->getViewConfig()->getInstallTitle();
//setup i18n with gettext
$i18nLocale = $config->getViewConfig()->getLocale();
$i18nDomain = "web";
$i18nCodeset = "utf-8";
$i18nBaseDir = realpath("{$webScriptBaseDir}/../../i18n");
