/** * Prepares the taskbar by adding the user switch panel to it if allowed * @return null */ public function prepareTaskbar($taskbar) { if (!SecurityManager::getInstance()->isRouteAllowed(self::ROUTE_USER_SWITCH)) { return; } $taskbar->addNotificationPanel(new UserSwitchPanelView()); }
/** * Action to view and change the profile * @return null */ public function indexAction() { $user = SecurityManager::getInstance()->getUser(); if (!$user) { throw new UnauthorizedException(); } $form = new ProfileForm($this->request->getBasePath(), $user); $form->addHook(new AccountProfileHook()); Zibo::getInstance()->runEvent(self::EVENT_PREPARE_FORM, $form); if ($form->isSubmitted()) { try { $form->validate(); $form->processSubmit($this); if (!$this->response->getView() && !$this->response->willRedirect()) { $this->response->setRedirect($this->request->getBasePath()); } return; } catch (ValidationException $exception) { $form->setValidationException($exception); } } $translator = $this->getTranslator(); $view = new ProfileView($form); $view->setPageTitle($translator->translate(self::TRANSLATION_TITLE)); $this->response->setView($view); }
/** * Authenticate a user and get his/her session id * @param string username of the user * @param string password of the user * @return string id of the user's session */ public function authenticateUser($username, $password) { $securityManager = SecurityManager::getInstance(); $securityManager->login($username, $password); $session = Session::getInstance(); $session->set(self::SESSION_AUTHENTICATED, true); return $session->getId(); }
/** * Initializes this module * @return null */ public function initialize() { $zibo = Zibo::getInstance(); $zibo->registerEventListener(FileBrowserController::EVENT_PRE_ACTION, array($this, 'initializeFileBrowser')); $zibo->registerEventListener(TinyMCEController::EVENT_PRE_IMAGE_LIST, array($this, 'addImagesToTinyMCE')); $zibo->registerEventListener(TinyMCEController::EVENT_PRE_LINK_LIST, array($this, 'addLinksToTinyMCE')); $this->path = $zibo->getConfigValue(self::CONFIG_PATH, self::DEFAULT_PATH); $this->securityManager = SecurityManager::getInstance(); }
/** * Constructs a new security table * @param string $formAction URL where the form of the table will point to * @return null */ public function __construct($formAction) { $manager = SecurityManager::getInstance(); $permissions = $manager->getPermissions(); $roles = $manager->getRoles(); $deniedRoutes = $manager->getDeniedRoutes(); parent::__construct($permissions, $formAction, self::FORM_NAME); $this->addDecorators($roles); $this->addFields($deniedRoutes); }
function smarty_block_isAuthenticated($params, $content, &$smarty, &$repeat) { if ($repeat) { return; } $user = SecurityManager::getInstance()->getUser(); if ($user) { return $content; } return; }
/** * Action to auto complete a username * @return null */ public function autocompleteAction() { $environment = $this->getEnvironment(); $term = $environment->getArgument('term'); if (!$term) { return; } $securityModel = $this->securityManager->getSecurityModel(); $users = $securityModel->findUsersByUsername($term); $view = new JsonView($users); $this->response->setView($view); }
/** * Constructs a new authentication status panel * @return null */ public function __construct() { parent::__construct(self::TEMPLATE); $user = SecurityManager::getInstance()->getUser(); $request = Zibo::getInstance()->getRequest(); $baseUrl = $request->getBaseUrl() . Request::QUERY_SEPARATOR; $basePath = $baseUrl . Module::ROUTE_AUTHENTICATION . Request::QUERY_SEPARATOR; $this->set('user', $user); $this->set('urlLogin', $basePath . AuthenticationController::ACTION_LOGIN); $this->set('urlLogout', $basePath . AuthenticationController::ACTION_LOGOUT); $this->set('urlProfile', $baseUrl . Module::ROUTE_PROFILE); }
/** * Checks if the current user uses the user directory * @return boolean */ public function isUserDirectoryEnabled() { $isAllowed = $this->securityManager->isPermissionAllowed(self::PERMISSION_USERDIR); if (!$isAllowed) { return false; } $user = $this->securityManager->getUser(); // skip anonymous users and super users from the ORM security model if (!$user || method_exists($user, 'isSuperUser') && $user->isSuperUser()) { return false; } return true; }
/** * Action to show an overview of the system information * @return null */ public function indexAction() { $zibo = Zibo::getInstance(); $configuration = $this->getConfiguration($zibo); $routes = $this->getRoutes($zibo); $softwareDetector = new SoftwareDetector(); $sm = SecurityManager::getInstance(); $numVisitors = $sm->getNumVisitors(); $numUsers = $sm->getNumUsers(); $numGuests = $numVisitors - $numUsers; $currentUsers = $sm->getCurrentUsers(); $view = new SystemView($configuration, $this->request->getBaseUrl(), $routes, $softwareDetector, $numVisitors, $numUsers, $numGuests, $currentUsers); $actions = array($this->request->getBasePath() . '/phpInfo' => self::TRANSLATION_PHP_INFO); $this->setView($view, $actions); }
/** * Validate the permissions configuration value * @param string $permissions permissions configuration setting * @param zibo\library\validation\exception\ValidationException $validationException when a ValidationError occures, it will be added to this exception and null will be returned * @return string valid permissions configuration value */ private function validatePermissions($permissions, ValidationException $validationException) { if ($permissions == NodeSettingModel::AUTHENTICATION_STATUS_ANONYMOUS || $permissions == NodeSettingModel::AUTHENTICATION_STATUS_AUTHENTICATED || $permissions == NodeSettingModel::AUTHENTICATION_STATUS_EVERYBODY) { return $permissions; } $configurationString = ''; $securityManager = SecurityManager::getInstance(); $permissions = explode(',', $permissions); foreach ($permissions as $permission) { $permission = trim($permission); if ($securityManager->hasPermission($permission)) { $configurationString .= ($configurationString ? ',' : '') . $permission; continue; } $error = new ValidationError('joppa.error.permission', 'permission \'%permission%\' does not exist', array('permission' => $permission)); $validationException->addErrors(NodeSettingModel::SETTING_PERMISSIONS, array($error)); return null; } return $configurationString; }
function smarty_block_isNotAllowed($params, $content, &$smarty, &$repeat) { if ($repeat) { return; } if (!isset($params['route']) && !isset($params['permission'])) { throw new Exception('No route or permission provided'); } if (isset($params['route']) && isset($params['permission'])) { throw new Exception('Route and permissions provided'); } $manager = SecurityManager::getInstance(); if (isset($params['route'])) { if (!$manager->isRouteAllowed($params['route'])) { return $content; } } elseif (!$manager->isPermissionAllowed($params['permission'])) { return $content; } return; }
/** * Gets a display array of the provided managers * @param array $managers the managers * @param string $currentManager name of the current manager * @return array Array with the name of the manager as key and a manager array as value. * * A manager array is an array with the following keys: * <ul> * <li>action: string</li> * <li>name: string</li> * <li>current: boolean</li> * <li>icon: string</li> * </ul> */ private function getViewManagers(array $managers, $currentManager = null) { $basePath = Module::getManagerBasePath(); $viewManagers = array(); $securityManager = SecurityManager::getInstance(); foreach ($managers as $name => $manager) { $viewManager = array(); $actions = $manager->getActions(); if ($actions) { $viewManager['actions'] = array(); foreach ($actions as $route => $label) { $route = $basePath . $name . '/' . $route; if ($securityManager->isRouteAllowed($route)) { $viewManager['actions'][$route] = $label; } } if (empty($viewManager['actions'])) { continue; } } $route = $basePath . $name; if (!$securityManager->isRouteAllowed($route) && empty($viewManager['actions'])) { continue; } $viewManager['action'] = $route; $viewManager['name'] = $manager->getName(); $viewManager['current'] = $currentManager == $name; $viewManager['icon'] = $manager->getIcon(); if (!$viewManager['icon']) { $viewManager['icon'] = 'web/images/manager.png'; } $viewManagers[$viewManager['name']] = $viewManager; } ksort($viewManagers); return $viewManagers; }
/** * Saves the submitted security table to the security model * @param zibo\admin\table\SecurityTable $table * @return null */ private function processForm(SecurityTable $table) { $zibo = Zibo::getInstance(); $securityManager = SecurityManager::getInstance(); $errorsOccured = false; $roles = $table->getRoles(); foreach ($roles as $role) { try { $permissions = $table->getPermissions($role->getRoleName()); $securityManager->setAllowedPermissionsToRole($role, $permissions); } catch (Exception $exception) { $errorsOccured = true; $zibo->runEvent(Zibo::EVENT_LOG, $exception->getMessage(), $exception->getTraceAsString()); $this->addError(self::TRANSLATION_ERROR_PERMISSIONS_ROLE, array('role' => $role->getRoleName())); } try { $routes = $table->getAllowedRoutes($role->getRoleName()); $securityManager->setAllowedRoutesToRole($role, $routes); } catch (Exception $exception) { $errorsOccured = true; $zibo->runEvent(Zibo::EVENT_LOG, $exception->getMessage(), $exception->getTraceAsString()); $this->addError(self::TRANSLATION_ERROR_ROUTES_ROLE, array('role' => $role->getRoleName())); } } try { $routes = $table->getDeniedRoutes(); $securityManager->setDeniedRoutes($routes); } catch (Exception $exception) { $errorsOccured = true; $zibo->runEvent(Zibo::EVENT_LOG, $exception->getMessage(), $exception->getTraceAsString()); $this->addError(self::TRANSLATION_ERROR_ROUTES_DENIED); } if (!$errorsOccured) { $this->addInformation(self::TRANSLATION_SAVED); } }
/** * Action to activate the user * @param string $email The email address of the user * @param string $key The secure key of the user * @return null */ public function activateAction($email = null, $key = null) { $basePath = $this->request->getBasePath(); if (!$email || !$key) { $this->response->setRedirect($basePath); return; } $securityModel = SecurityManager::getInstance()->getSecurityModel(); $user = $securityModel->getUserByEmail($email); if (!$user) { $this->addError(self::TRANSLATION_ERROR_USER_NOT_FOUND_EMAIL, array('email' => $email)); $this->response->setRedirect($basePath); return; } $userKey = $this->getUserKey($user); if ($userKey != $key) { $this->addError(self::TRANSLATION_ERROR_INCORRECT_KEY); $this->response->setRedirect($basePath); return; } try { $user->setIsUserActive(true); $securityModel->setUser($user); $this->setRedirectToLogin(); return; } catch (ValidationException $exception) { } $this->response->setRedirect($basePath); }
/** * Sets the main view of the builder to the response * @param zibo\orm\builder\table\ModelTable $table * @return null */ private function setBuilderView(ModelTable $table, ModelFilterForm $filterForm, ModelImportForm $importForm) { if ($this->downloadFile) { $this->setDownloadView($this->downloadFile); return; } $view = new BuilderView($table); $view->setPageTitle(self::TRANSLATION_TITLE, true); $sidebar = $view->getSidebar(); $sidebar->addPanel(new ModelFilterView($filterForm)); $basePath = $this->request->getBasePath() . '/'; if (!$this->isReadOnly) { $addAction = $this->request->getBaseUrl() . '/' . Module::ROUTE_WIZARD . '/' . WizardController::ACTION_RESET; $defineAction = $basePath . self::ACTION_DEFINE; $scaffoldAction = $basePath . self::ACTION_SCAFFOLD . '/'; $table->addDecorator(new ModelActionDecorator($scaffoldAction, self::TRANSLATION_SCAFFOLD)); $sidebar->addPanel(new ModelImportView($importForm)); $sidebar->addAction($addAction, self::TRANSLATION_ADD, true); $sidebar->addAction($defineAction, self::TRANSLATION_DEFINE, true); } if (class_exists(self::CLASS_ERD)) { $sidebar->addAction($basePath . self::ACTION_ERD, self::TRANSLATION_ERD, true); } $databaseExportAction = $this->getDatabaseExportAction(); if (SecurityManager::getInstance()->isPermissionAllowed(Module::PERMISSION_EXPORT) && $databaseExportAction) { $sidebar->addAction($databaseExportAction, self::TRANSLATION_EXPORT_DATABASE, true); } $sidebar->setInformation(self::TRANSLATION_INFORMATION_BUILDER, true); $this->response->setView($view); }
/** * Sets the security manager to this controller * @return null */ public function preAction() { $this->securityManager = SecurityManager::getInstance(); }
/** * Prepares the taskbar and adds it to the view * @return null */ protected function addTaskbar() { $securityModel = SecurityManager::getInstance()->getSecurityModel(); $translator = $this->getTranslator(); $systemMenu = new Menu($translator->translate(self::TRANSLATION_TASKBAR_SYSTEM)); $systemMenu->addMenuItem(new MenuItem($translator->translate(LocalesController::TRANSLATION_TITLE), Module::ROUTE_LOCALES)); $systemMenu->addMenuItem(new MenuItem($translator->translate(ModulesController::TRANSLATION_TITLE), Module::ROUTE_MODULES)); if ($securityModel) { $systemMenu->addMenuItem(new MenuItem($translator->translate(SecurityController::TRANSLATION_TITLE), Module::ROUTE_SECURITY)); } $systemMenu->addMenuItem(new MenuItem($translator->translate(SystemController::TRANSLATION_TITLE), Module::ROUTE_SYSTEM)); $settingsMenu = $this->taskbar->getSettingsMenu(); $settingsMenu->addMenu($systemMenu); Zibo::getInstance()->runEvent(self::EVENT_TASKBAR, $this->taskbar); if ($securityModel) { $this->taskbar->addNotificationPanel(new UserPanelView()); } $view = new TaskbarView($this->taskbar); $this->setSubview('taskbar', $view); }
/** * Sets an unauthorized status code to the response and dispatch to the authentication form * @return null */ private function showAuthenticationForm() { $zibo = Zibo::getInstance(); $request = $zibo->getRequest(); $response = $zibo->getResponse(); $securityManager = SecurityManager::getInstance(); $user = $securityManager->getUser(); if ($user) { // already logged in, show blank page with error message $response->addMessage(new Message(self::TRANSLATION_ERROR_FORBIDDEN, Message::TYPE_ERROR)); $response->setStatusCode(Response::STATUS_CODE_FORBIDDEN); $response->setView(new BaseView()); return; } // not logged in, show authentication form $response->addMessage(new Message(self::TRANSLATION_ERROR_UNAUTHORIZED, Message::TYPE_ERROR)); $authenticator = $securityManager->getAuthenticator(); if ($authenticator instanceof HttpAuthenticator) { $response->addHeader(Response::HEADER_AUTHENTICATE, $authenticator->getAuthenticateHeader()); $response->setStatusCode(Response::STATUS_CODE_UNAUTHORIZED); } else { $response->setStatusCode(Response::STATUS_CODE_FORBIDDEN); } $dispatcher = $zibo->getDispatcher(); if (!$dispatcher) { $dispatcher = new Dispatcher(new ObjectFactory()); } $baseUrl = $request->getBaseUrl(); $basePath = $baseUrl . Request::QUERY_SEPARATOR . self::ROUTE_AUTHENTICATION; $controller = self::CONTROLLER_AUTHENTICATION; $request = new Request($baseUrl, $basePath, $controller, Dispatcher::ACTION_ASTERIX); $dispatcher->dispatch($request, $response); }
/** * Gets the user from the security manager to use in this controller * @return null */ public function preAction() { $this->user = SecurityManager::getInstance()->getUser(); }
/** * Add a sub menu item to this menu * @param MenuItem $menuItem * @return null */ public function addMenuItem(MenuItem $menuItem) { if (!SecurityManager::getInstance()->isRouteAllowed($menuItem->getRoute())) { return; } $this->items[] = $menuItem; }
/** * Saves the user * @param zibo\library\security\model\User * @return null */ protected function saveUser(User $user) { SecurityManager::getInstance()->setUser($user); }
/** * Checks whether the node of these settings is allowed for the current user * @return boolean true if this node is allowed for the current user, false if not * @throws zibo\ZiboException when the NodeSettings are not set to this node */ public function isAllowed() { $securityManager = SecurityManager::getInstance(); $user = $securityManager->getUser(); $permissions = $this->get(NodeSettingModel::SETTING_PERMISSIONS); if (!$permissions || $permissions === NodeSettingModel::AUTHENTICATION_STATUS_EVERYBODY) { return true; } if ($permissions === NodeSettingModel::AUTHENTICATION_STATUS_ANONYMOUS) { if ($user === null) { return true; } return false; } if ($permissions === NodeSettingModel::AUTHENTICATION_STATUS_AUTHENTICATED) { if ($user === null) { return false; } return true; } $permissions = explode(',', $permissions); $isAllowed = true; foreach ($permissions as $permission) { if (!$securityManager->isPermissionAllowed($permission)) { $isAllowed = false; break; } } return $isAllowed; }
/** * Action to logout the current user and redirect to the home page * @return null */ public function indexAction() { $securityManager = SecurityManager::getInstance(); $securityManager->logout(); $this->response->setRedirect($this->request->getBaseUrl()); }
/** * Protect the taskbar with the joppa.taskbar permission * @return null */ protected function addTaskbar() { if (SecurityManager::getInstance()->isPermissionAllowed(Module::PERMISSION_TASKBAR)) { parent::addTaskbar(); } }
/** * Action to show the authentication form and to process authentication * @return null */ public function indexAction() { $securityManager = SecurityManager::getInstance(); $session = $this->getSession(); $redirect = $this->getRedirect(); $user = $securityManager->getUser(); if ($user) { // user is already logged in $redirectUrl = null; switch ($redirect) { case self::REDIRECT_HOME: $redirectUrl = $this->request->getBaseUrl(); break; case self::REDIRECT_REFERER: $redirectUrl = $this->getReferer(); break; } if ($redirectUrl) { $this->response->setRedirect($redirectUrl); } return; } // gets the general referer $referer = $session->get(AdminModule::SESSION_REFERER); if (!$referer || substr_compare($referer, $this->request->getBasePath(), 0, strlen($this->request->getBasePath())) == 1) { $referer = $this->request->getBaseUrl(); } $form = new AuthenticationForm($this->request->getBasePath()); if (!$form->isSubmitted()) { // the form is not submitted, store the general referer as the login referer $session->set(self::SESSION_REFERER, $referer); $this->setLoginView($form); return; } // gets the login referer $redirectUrl = $session->get(self::SESSION_REFERER, $referer); if ($form->isCancelled()) { // the form is cancelled, redirect to the login referer $this->response->setRedirect($redirectUrl); return; } try { // try to authenticate the user $form->validate(); $username = $form->getValue(SecurityManager::USERNAME); $password = $form->getValue(SecurityManager::PASSWORD); $securityManager->login($username, $password); // get the redirect url $redirect = $this->getRedirect(); switch ($redirect) { case self::REDIRECT_NO: $redirectUrl = $this->request->getBasePath(); break; case self::REDIRECT_HOME: $redirectUrl = $this->request->getBaseUrl(); break; } $this->response->setRedirect($redirectUrl); return; } catch (AuthenticationException $e) { // authentication error if ($e->getField() == null) { throw $e; } $error = new ValidationError($e->getTranslationKey(), $e->getMessage()); $exception = new ValidationException(); $exception->addErrors($e->getField(), array($error)); $form->setValidationException($exception); } catch (ValidationException $exception) { // no username or password filled in, exception already set to the form } $this->setLoginView($form); }
/** * Processes the next action of this step * return string Name of the next step */ public function next() { try { $this->wizard->validate(); } catch (ValidationException $validationException) { return null; } try { $username = $this->wizard->getValue(self::FIELD_USERNAME); $password = $this->wizard->getValue(self::FIELD_PASSWORD); $email = $this->wizard->getValue(self::FIELD_EMAIL); $modelManager = ModelManager::getInstance(); $roleModel = $modelManager->getModel(RoleModel::NAME); $role = $roleModel->findById(1); if (!$role) { $role = $roleModel->createData(); $role->name = 'Developer'; $role->isSuperRole = true; $roleModel->save($role); } $userModel = $modelManager->getModel(UserModel::NAME); $user = $userModel->findById(1); if (!$user) { $user = $userModel->createData(); } $user->setUserName($username); $user->setUserPassword($password); $user->setIsUserActive(true); $user->roles = array($role->id => $role->id); $userModel->save($user); $this->wizard->setVariable(self::VAR_USER, $user); $deniedRoutes = array('admin/*'); $sm = SecurityManager::getInstance(); $sm->setDeniedRoutes($deniedRoutes); } catch (ValidationException $validationException) { $this->wizard->setValidationException($validationException); return null; } return $this->wizard->getNextStep(); }
/** * Login a user * @param string $username * @param string $password * @return zibo\library\security\model\User User instance if login succeeded * @throws zibo\library\security\exception\AuthenticationException when the login failed */ public function login($username, $password) { if (!$this->securityModel) { throw new SecurityException('Could not login a user: no security model set'); } $user = $this->securityModel->getUserByUsername($username); if ($user === null) { $this->clearAuthentification(); throw new UsernameAuthenticationException(); } if (!$user->isUserActive()) { $this->clearAuthentification(); throw new InactiveAuthenticationException(); } $securityManager = SecurityManager::getInstance(); if ($securityManager->hashPassword($password) != $user->getUserPassword()) { $this->clearAuthentification(); throw new PasswordAuthenticationException(); } return $this->setUser($user); }
/** * Get a error report of an exception * @param Exception $exception * @param zibo\core\Request $request * @return string */ private function getReport(Exception $exception, Request $request = null) { $report = 'Date: ' . date('d/m/Y H:i:s', time()) . "\n"; if ($request) { $url = $request->getBasePath() . '/'; $url .= implode('/', $request->getParameters()); $report .= 'Request: ' . $url . "\n"; } $user = SecurityManager::getInstance()->getUser(); if ($user) { $report .= 'User: '******'User: anonymous'; } $report .= "\n\nTrace:\n" . $this->getTrace($exception); return $report; }
/** * Get the permissions from the SecurityManager for the permissions field * @return array Array with the permission codes as key and value */ private function getPermissionOptions() { $options = array(); $permissions = SecurityManager::getInstance()->getPermissions(); foreach ($permissions as $permission) { $code = $permission->getPermissionCode(); $options[$code] = $code; } return $options; }