function load() { $serialDir = $this->storage->getOption("USERS_DIRPATH"); $this->rights = AJXP_Utils::loadSerialFile($serialDir . "/" . $this->getId() . "/rights.ser"); $this->prefs = AJXP_Utils::loadSerialFile($serialDir . "/" . $this->getId() . "/prefs.ser"); $this->bookmarks = AJXP_Utils::loadSerialFile($serialDir . "/" . $this->getId() . "/bookmarks.ser"); if (isset($this->rights["ajxp.admin"]) && $this->rights["ajxp.admin"] === true) { $this->setAdmin(true); } if (isset($this->rights["ajxp.parent_user"])) { $this->setParent($this->rights["ajxp.parent_user"]); } // Load roles if (isset($this->rights["ajxp.roles"])) { //$allRoles = $this->storage->listRoles(); $allRoles = AuthService::getRolesList(); // Maintained as instance variable foreach (array_keys($this->rights["ajxp.roles"]) as $roleId) { if (isset($allRoles[$roleId])) { $this->roles[$roleId] = $allRoles[$roleId]; } else { unset($this->rights["ajxp.roles"][$roleId]); } } } }
/** * Load initial user data (Rights, Preferences and Bookmarks). * * @see AbstractAjxpUser#load() */ public function load() { $this->log('Loading all user data..'); // update group $res = dibi::query('SELECT [groupPath] FROM [ajxp_users] WHERE [login] = %s', $this->getId()); $this->groupPath = $res->fetchSingle(); if (empty($this->groupPath)) { // Auto migrate from old version $this->setGroupPath("/"); } $result_rights = dibi::query('SELECT [repo_uuid], [rights] FROM [ajxp_user_rights] WHERE [login] = %s', $this->getId()); $this->rights = $result_rights->fetchPairs('repo_uuid', 'rights'); // Db field returns integer or string so we are required to cast it in order to make the comparison if (isset($this->rights["ajxp.admin"]) && (bool) $this->rights["ajxp.admin"] === true) { $this->setAdmin(true); } if (isset($this->rights["ajxp.parent_user"])) { $this->setParent($this->rights["ajxp.parent_user"]); } if (isset($this->rights["ajxp.hidden"])) { $this->setHidden(true); } if ("postgre" == $this->storage->sqlDriver["driver"]) { dibi::nativeQuery('SET bytea_output = escape'); } $result_prefs = dibi::query('SELECT [name], [val] FROM [ajxp_user_prefs] WHERE [login] = %s', $this->getId()); $this->prefs = $result_prefs->fetchPairs('name', 'val'); $result_bookmarks = dibi::query('SELECT [repo_uuid], [path], [title] FROM [ajxp_user_bookmarks] WHERE [login] = %s', $this->getId()); $all_bookmarks = $result_bookmarks->fetchAll(); if (!is_array($this->bookmarks)) { $this->bookmarks = array(); } $this->bookmarks = array(); foreach ($all_bookmarks as $b) { if (!is_array($this->bookmarks[$b['repo_uuid']])) { $this->bookmarks[$b['repo_uuid']] = array(); } $this->bookmarks[$b['repo_uuid']][] = array('PATH' => $b['path'], 'TITLE' => $b['title']); } // COLLECT ROLES TO LOAD $rolesToLoad = array(); if (isset($this->rights["ajxp.roles"])) { if (is_string($this->rights["ajxp.roles"])) { if (strpos($this->rights["ajxp.roles"], '$phpserial$') === 0) { $this->rights["ajxp.roles"] = unserialize(str_replace('$phpserial$', '', $this->rights["ajxp.roles"])); } else { if (strpos($this->rights["ajxp.roles"], '$json$') === 0) { $this->rights["ajxp.roles"] = json_decode(str_replace('$json$', '', $this->rights["ajxp.roles"]), true); } else { $this->rights["ajxp.roles"] = unserialize($this->rights["ajxp.roles"]); } } } if (is_array($this->rights["ajxp.roles"])) { $rolesToLoad = array_keys($this->rights["ajxp.roles"]); } } $rolesToLoad[] = "AJXP_GRP_/"; if ($this->groupPath != null) { $base = ""; $exp = explode("/", $this->groupPath); foreach ($exp as $pathPart) { if (empty($pathPart)) { continue; } $base = $base . "/" . $pathPart; $rolesToLoad[] = "AJXP_GRP_" . $base; } } $rolesToLoad[] = "AJXP_USR_/" . $this->id; // NOW LOAD THEM if (count($rolesToLoad)) { $allRoles = AuthService::getRolesList($rolesToLoad); foreach ($rolesToLoad as $roleId) { if (isset($allRoles[$roleId])) { $this->roles[$roleId] = $allRoles[$roleId]; $this->rights["ajxp.roles"][$roleId] = true; $roleObject = $allRoles[$roleId]; if ($roleObject->alwaysOverrides()) { if (!isset($this->rights["ajxp.roles.sticky"]) || !is_array($this->rights["ajxp.roles.sticky"])) { $this->rights["ajxp.roles.sticky"] = array(); } $this->rights["ajxp.roles.sticky"][$roleId] = true; } } else { if (is_array($this->rights["ajxp.roles"]) && isset($this->rights["ajxp.roles"][$roleId])) { unset($this->rights["ajxp.roles"][$roleId]); } } } } if (!isset($this->rights["ajxp.roles.order"]) && is_array($this->rights["ajxp.roles"])) { // Create sample order $this->rights["ajxp.roles.order"] = array(); $index = 0; foreach ($this->rights["ajxp.roles"] as $id => $rBool) { $this->rights["ajxp.roles.order"][$id] = $index; $index++; } } else { $this->rights["ajxp.roles.order"] = unserialize(str_replace('$phpserial$', '', $this->rights["ajxp.roles.order"])); } // CHECK USER PERSONAL ROLE if (isset($this->roles["AJXP_USR_" . "/" . $this->id]) && is_a($this->roles["AJXP_USR_" . "/" . $this->id], "AJXP_Role")) { $this->personalRole = $this->roles["AJXP_USR_" . "/" . $this->id]; } else { // MIGRATE NOW ! $originalRights = $this->rights; $changes = $this->migrateRightsToPersonalRole(); // SAVE RIGHT AND ROLE if ($changes > 0) { // There was an actual migration, let's save the changes now. $removedRights = array_keys(array_diff($originalRights, $this->rights)); if (count($removedRights)) { // We use (%s) instead of %in to pass everything as string ('1' instead of 1) dibi::query("DELETE FROM [ajxp_user_rights] WHERE [login] = %s AND [repo_uuid] IN (%s)", $this->getId(), $removedRights); } AuthService::updateRole($this->personalRole); } else { $this->personalRole = new AJXP_Role("AJXP_USR_" . "/" . $this->id); } $this->roles["AJXP_USR_" . "/" . $this->id] = $this->personalRole; } $this->recomputeMergedRole(); }
public function reloadRolesIfRequired() { if ($this->lastSessionSerialization && count($this->roles) && $this->storage->rolesLastUpdated(array_keys($this->roles)) > $this->lastSessionSerialization) { $newRoles = AuthService::getRolesList(array_keys($this->roles)); foreach ($newRoles as $rId => $newRole) { $this->roles[$rId] = $newRoles[$rId]; } $this->recomputeMergedRole(); return true; } return false; }
/** * @param $userObject AbstractAjxpUser * @param $rolePrefix get all roles with prefix * @param $includeString get roles in this string * @param $excludeString eliminate roles in this string * @param bool $byUserRoles * @return array */ public function getUserRoleList($userObject, $rolePrefix, $includeString, $excludeString, $byUserRoles = false) { if ($userObject) { if ($byUserRoles) { $allUserRoles = $userObject->getRoles(); } else { $allUserRoles = AuthService::getRolesList(array(), true); } $allRoles = array(); if (isset($allUserRoles)) { // Exclude if ($excludeString) { if (strpos($excludeString, "preg:") !== false) { $matchFilterExclude = "/" . str_replace("preg:", "", $excludeString) . "/i"; } else { $valueFiltersExclude = array_map("trim", explode(",", $excludeString)); $valueFiltersExclude = array_map("strtolower", $valueFiltersExclude); } } // Include if ($includeString) { if (strpos($includeString, "preg:") !== false) { $matchFilterInclude = "/" . str_replace("preg:", "", $includeString) . "/i"; } else { $valueFiltersInclude = array_map("trim", explode(",", $includeString)); $valueFiltersInclude = array_map("strtolower", $valueFiltersInclude); } } foreach ($allUserRoles as $roleId => $role) { if (!empty($rolePrefix) && strpos($roleId, $rolePrefix) === false) { continue; } if (isset($matchFilterExclude) && preg_match($matchFilterExclude, substr($roleId, strlen($rolePrefix)))) { continue; } if (isset($valueFiltersExclude) && in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersExclude)) { continue; } if (isset($matchFilterInclude) && !preg_match($matchFilterInclude, substr($roleId, strlen($rolePrefix)))) { continue; } if (isset($valueFiltersInclude) && !in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersInclude)) { continue; } if (is_a($role, "AJXP_Role")) { $roleObject = $role; } else { $roleObject = AuthService::getRole($roleId); } $label = $roleObject->getLabel(); $label = !empty($label) ? $label : substr($roleId, strlen($rolePrefix)); $allRoles[$roleId] = $label; } } return $allRoles; } }
/** * Update a user object with the default repositories rights * * @param AbstractAjxpUser $userObject */ static function updateDefaultRights(&$userObject) { if (!$userObject->hasParent()) { foreach (ConfService::getRepositoriesList() as $repositoryId => $repoObject) { if ($repoObject->isTemplate) { continue; } if ($repoObject->getDefaultRight() != "") { $userObject->setRight($repositoryId, $repoObject->getDefaultRight()); } } foreach (AuthService::getRolesList() as $roleId => $roleObject) { if ($roleObject->isDefault()) { $userObject->addRole($roleId); } } } }
public function listRoles($root, $child, $hashValue = null, $returnNodes = false) { $allNodes = array(); if (!$returnNodes) { AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist" template_name="ajxp_conf.roles"> <column messageId="ajxp_conf.6" attributeName="ajxp_label" sortType="String"/> <column messageId="ajxp_conf.114" attributeName="is_default" sortType="String"/> <column messageId="ajxp_conf.62" attributeName="rights_summary" sortType="String"/> </columns>'); } if (!AuthService::usersEnabled()) { return array(); } $roles = AuthService::getRolesList(array(), !$this->listSpecialRoles); ksort($roles); foreach ($roles as $roleId => $roleObject) { //if(strpos($roleId, "AJXP_GRP_") === 0 && !$this->listSpecialRoles) continue; $r = array(); if (!AuthService::canAdministrate($roleObject)) { continue; } $count = 0; $repos = ConfService::listRepositoriesWithCriteria(array("role" => $roleObject), $count); foreach ($repos as $repoId => $repository) { if ($repository->getAccessType() == "ajxp_shared") { continue; } if (!$roleObject->canRead($repoId) && !$roleObject->canWrite($repoId)) { continue; } $rs = $roleObject->canRead($repoId) ? "r" : ""; $rs .= $roleObject->canWrite($repoId) ? "w" : ""; $r[] = $repository->getDisplay() . " (" . $rs . ")"; } $rightsString = implode(", ", $r); $nodeKey = "/data/roles/" . $roleId; $meta = array("icon" => "user-acl.png", "rights_summary" => $rightsString, "is_default" => implode(",", $roleObject->listAutoApplies()), "ajxp_mime" => "role", "text" => $roleObject->getLabel()); if (in_array($nodeKey, $this->currentBookmarks)) { $meta = array_merge($meta, array("ajxp_bookmarked" => "true", "overlay_icon" => "bookmark.png")); } $xml = AJXP_XMLWriter::renderNode($nodeKey, $roleId, true, $meta, true, false); if (!$returnNodes) { echo $xml; } else { $allNodes[$nodeKey] = $xml; } } return $allNodes; }
/** * @static * @param AbstractAjxpUser $userObject */ public static function updateAutoApplyRole(&$userObject) { foreach (AuthService::getRolesList(array(), true) as $roleId => $roleObject) { if (!self::allowedForCurrentGroup($roleObject, $userObject)) { continue; } if ($roleObject->autoAppliesTo($userObject->getProfile()) || $roleObject->autoAppliesTo("all")) { $userObject->addRole($roleObject); } } }
/** * Load initial user data (Rights, Preferences and Bookmarks). * * @see AbstractAjxpUser#load() */ function load() { $this->log('Loading all user data..'); $result_rights = dibi::query('SELECT [repo_uuid], [rights] FROM [ajxp_user_rights] WHERE [login] = %s', $this->getId()); $this->rights = $result_rights->fetchPairs('repo_uuid', 'rights'); // Db field returns integer or string so we are required to cast it in order to make the comparison if (isset($this->rights["ajxp.admin"]) && (bool) $this->rights["ajxp.admin"] === true) { $this->setAdmin(true); } if (isset($this->rights["ajxp.parent_user"])) { $this->setParent($this->rights["ajxp.parent_user"]); } $result_prefs = dibi::query('SELECT [name], [val] FROM [ajxp_user_prefs] WHERE [login] = %s', $this->getId()); $this->prefs = $result_prefs->fetchPairs('name', 'val'); $result_bookmarks = dibi::query('SELECT [repo_uuid], [path], [title] FROM [ajxp_user_bookmarks] WHERE [login] = %s', $this->getId()); $all_bookmarks = $result_bookmarks->fetchAll(); if (!is_array($this->bookmarks)) { $this->bookmarks = array(); } $this->bookmarks = array(); foreach ($all_bookmarks as $b) { if (!is_array($this->bookmarks[$b['repo_uuid']])) { $this->bookmarks[$b['repo_uuid']] = array(); } $this->bookmarks[$b['repo_uuid']][] = array('PATH' => $b['path'], 'TITLE' => $b['title']); } // Load roles if (isset($this->rights["ajxp.roles"])) { $object = unserialize($this->rights["ajxp.roles"]); if (is_array($object)) { $this->rights["ajxp.roles"] = $object; $allRoles = AuthService::getRolesList(); // Maintained as instance variable foreach (array_keys($this->rights["ajxp.roles"]) as $roleId) { if (isset($allRoles[$roleId])) { $this->roles[$roleId] = $allRoles[$roleId]; } else { unset($this->rights["ajxp.roles"][$roleId]); } } } else { $this->rights["ajxp.roles"] = array(); } } if (isset($this->rights["ajxp.actions"])) { $object = unserialize($this->rights["ajxp.actions"]); if (is_array($object)) { $this->rights["ajxp.actions"] = $object; } else { unset($this->rights["ajxp.actions"]); } } }
public function load() { $groups = AJXP_Utils::loadSerialFile(AJXP_VarsFilter::filter($this->storage->getOption("USERS_DIRPATH")) . "/groups.ser"); if (isset($groups[$this->getId()])) { $this->groupPath = $groups[$this->getId()]; } $this->create = false; $this->rights = AJXP_Utils::loadSerialFile($this->getStoragePath() . "/rights.ser"); if (count($this->rights) == 0) { $this->create = true; } $this->prefs = AJXP_Utils::loadSerialFile($this->getStoragePath() . "/prefs.ser"); $this->bookmarks = AJXP_Utils::loadSerialFile($this->getStoragePath() . "/bookmarks.ser"); if (isset($this->rights["ajxp.admin"]) && $this->rights["ajxp.admin"] === true) { $this->setAdmin(true); } if (isset($this->rights["ajxp.parent_user"])) { //$this->setParent($this->rights["ajxp.parent_user"]); parent::setParent($this->rights["ajxp.parent_user"]); } if (isset($this->rights["ajxp.group_path"])) { $this->setGroupPath($this->rights["ajxp.group_path"]); } if (isset($this->rights["ajxp.children_pointer"])) { $this->childrenPointer = $this->rights["ajxp.children_pointer"]; } // LOAD ROLES $rolesToLoad = array(); if (isset($this->rights["ajxp.roles"])) { $rolesToLoad = array_keys($this->rights["ajxp.roles"]); } if ($this->groupPath != null) { $base = ""; $exp = explode("/", $this->groupPath); foreach ($exp as $pathPart) { if (empty($pathPart)) { continue; } $base = $base . "/" . $pathPart; $rolesToLoad[] = "AJXP_GRP_" . $base; } } // Load roles if (count($rolesToLoad)) { $allRoles = AuthService::getRolesList($rolesToLoad); foreach ($rolesToLoad as $roleId) { if (isset($allRoles[$roleId])) { $this->roles[$roleId] = $allRoles[$roleId]; $this->rights["ajxp.roles"][$roleId] = true; } else { if (is_array($this->rights["ajxp.roles"]) && isset($this->rights["ajxp.roles"][$roleId])) { unset($this->rights["ajxp.roles"][$roleId]); } } } } // LOAD USR ROLE LOCALLY $personalRole = AJXP_Utils::loadSerialFile($this->getStoragePath() . "/role.ser"); if (is_a($personalRole, "AJXP_Role")) { $this->personalRole = $personalRole; $this->roles["AJXP_USR_" . "/" . $this->id] = $personalRole; } else { // MIGRATE NOW ! $changes = $this->migrateRightsToPersonalRole(); if ($changes) { AJXP_Utils::saveSerialFile($this->getStoragePath() . "/role.ser", $this->personalRole, true); AJXP_Utils::saveSerialFile($this->getStoragePath() . "/rights.ser", $this->rights, true); } } $this->recomputeMergedRole(); }
function listRoles() { AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist" template_name="ajxp_conf.roles"> <column messageId="ajxp_conf.6" attributeName="ajxp_label" sortType="String"/> <column messageId="ajxp_conf.114" attributeName="is_default" sortType="String"/> <column messageId="ajxp_conf.62" attributeName="rights_summary" sortType="String"/> </columns>'); if (!AuthService::usersEnabled()) { return; } $roles = AuthService::getRolesList(); $mess = ConfService::getMessages(); $repos = ConfService::getRepositoriesList(); ksort($roles); foreach ($roles as $roleId => $roleObject) { $r = array(); foreach ($repos as $repoId => $repository) { if ($repository->getAccessType() == "ajxp_shared") { continue; } if (!$roleObject->canRead($repoId) && !$roleObject->canWrite($repoId)) { continue; } $rs = $roleObject->canRead($repoId) ? "r" : ""; $rs .= $roleObject->canWrite($repoId) ? "w" : ""; $r[] = $repository->getDisplay() . " (" . $rs . ")"; } $rightsString = implode(", ", $r); AJXP_XMLWriter::renderNode("/roles/" . $roleId, $roleId, true, array("icon" => "user_group_new.png", "rights_summary" => $rightsString, "is_default" => $roleObject->isDefault() ? $mess[440] : $mess[441], "ajxp_mime" => "role")); } }
function listRoles() { AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"> <column messageId="ajxp_conf.6" attributeName="ajxp_label" sortType="String"/> <column messageId="ajxp_conf.62" attributeName="rights_summary" sortType="String"/> </columns>'); if (!ENABLE_USERS) { return; } $roles = AuthService::getRolesList(); $mess = ConfService::getMessages(); $repos = ConfService::getRepositoriesList(); ksort($roles); foreach ($roles as $roleId => $roleObject) { $icon = "user"; $rightsString = ""; $r = array(); foreach ($repos as $repoId => $repository) { if ($repository->getAccessType() == "ajxp_shared") { continue; } if ($roleObject->canWrite($repoId)) { $r[] = $repository->getDisplay() . " (rw)"; } else { if ($roleObject->canRead($repoId)) { $r[] = $repository->getDisplay() . " (r)"; } } } $rightsString = implode(", ", $r); AJXP_XMLWriter::renderNode("/roles/" . $roleId, $roleId, true, array("icon" => "user_group_new.png", "rights_summary" => AJXP_Utils::xmlEntities($rightsString, true), "ajxp_mime" => "role")); } }