/** * Get the access level for this user and tool * * @param string $tool Tool name * @param string $login Username * @return boolean True if the user has access */ private function _getToolAccess($tool, $login = '') { include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'tool.php'; include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'group.php'; include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php'; // Ensure we have a tool if (!$tool) { $this->setError(Lang::txt('COM_TOOLS_ERROR_TOOL_NOT_FOUND')); Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return false; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return false; } } $tv = new \Components\Tools\Tables\Version($this->database); $tv->loadFromInstance($tool); if (empty($tv->id)) { Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return false; } $tg = new \Components\Tools\Tables\Group($this->database); $this->database->setQuery("SELECT * FROM " . $tg->getTableName() . " WHERE toolid=" . $tv->toolid); $toolgroups = $this->database->loadObjectList(); if (empty($toolgroups)) { //Log::debug("mw::_getToolAccess($tool,$login) WARNING: no tool member groups"); } $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); if (empty($xgroups)) { //Log::debug("mw::_getToolAccess($tool,$login) WARNING: user not in any groups"); } // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } $exportAllowed = $this->_getToolExportControl($tv->exportControl); $tisPublished = $tv->state == 1; $tisDev = $tv->state == 3; $tisGroupControlled = $tv->toolaccess == '@GROUP'; if ($tisDev) { if ($indevgroup) { //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)"); return true; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_DEV_GROUP')); return false; } } } else { if ($tisPublished) { if ($tisGroupControlled) { if ($ingroup) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ACCESS GROUP)"); return true; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_ACCESS_GROUP')); return false; } } } else { if (!$exportAllowed) { Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); return false; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { if ($indevgroup) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)"); return true; } else { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED"); return true; } } } } } else { Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_VERSION_UNPUBLISHED')); return false; } } return false; }
/** * Method to view tool session * * @apiMethod GET * @apiUri /tools/{session} * @return void */ public function readTask() { //get the userid and attempt to load user profile $userid = App::get('authn')['user_id']; $result = User::getInstance($userid); //make sure we have a user if (!$result->get('id')) { throw new Exception(Lang::txt('Unable to find user.'), 404); } //include needed tool libs include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php'; require_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'session.php'; require_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'viewperm.php'; //instantiate db objects $database = \App::get('db'); $mwdb = \Components\Tools\Helpers\Utils::getMWDBO(); //get request vars $sessionid = Request::getVar('sessionid', ''); $ip = Request::ip(); //make sure we have the session if (!$sessionid) { throw new Exception(Lang::txt('Session ID Needed'), 400); } //create app object $app = new stdClass(); $app->sess = $sessionid; $app->ip = $ip; //load the session $ms = new \Components\Tools\Models\Middleware\Session($mwdb); $row = $ms->loadSession($app->sess); //if we didnt find a session if (!is_object($row) || !$row->appname) { throw new Exception(Lang::txt('Session Doesn\'t Exist.'), 404); } //get the version if (strstr($row->appname, '_')) { $v = substr(strrchr($row->appname, '_'), 1); $v = str_replace('r', '', $v); Request::setVar('version', $v); } //load tool version $tv = new \Components\Tools\Tables\Version($database); $parent_toolname = $tv->getToolname($row->appname); $toolname = $parent_toolname ? $parent_toolname : $row->appname; $tv->loadFromInstance($row->appname); //command to run on middleware $command = "view user="******" ip=" . $app->ip . " sess=" . $app->sess; //app vars $app->caption = $row->sessname; $app->name = $row->appname; $app->username = $row->username; // Get plugins Plugin::import('mw', $app->name); // Trigger any events that need to be called before session start Event::trigger('mw.onBeforeSessionStart', array($toolname, $tv->revision)); // Call the view command $status = \Components\Tools\Helpers\Utils::middleware($command, $output); // Trigger any events that need to be called after session start Event::trigger('mw.onAfterSessionStart', array($toolname, $tv->revision)); //add the session id to the result $output->session = $sessionid; //add tool title to result $output->tool = $tv->title; $output->session_title = $app->caption; $output->owner = $row->viewuser == $row->username ? 1 : 0; $output->readonly = $row->readonly == 'Yes' ? 1 : 0; //return result if ($status) { $this->send($output); } }
/** * Return tool access * * @param $tool Tool name we are getting access rights to * @param $login User Login name * * @return BOOL */ public static function getToolAccess($tool, $login = '') { //include tool models include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php'; //instantiate objects $access = new stdClass(); $access->error = new stdClass(); $database = \App::get('db'); // Ensure we have a tool if (!$tool) { $access->valid = 0; $access->error->message = 'No tool provided.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return $access; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { $access->valid = 0; $access->error->message = 'Unable to grant tool access to user, no user was found.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return $access; } } //load tool version $toolVersion = new \Components\Tools\Tables\Version($database); $toolVersion->loadFromInstance($tool); if (empty($toolVersion)) { $access->valid = 0; $access->error->message = 'Unable to load the tool'; $xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return $access; } //load the tool groups $toolGroup = new \Components\Tools\Tables\Group($database); $query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid; $database->setQuery($query); $toolgroups = $database->loadObjectList(); //get users groups $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } //check to see if we are an admin $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } //get access settings $exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl); $isToolPublished = $toolVersion->state == 1; $isToolDev = $toolVersion->state == 3; $isGroupControlled = $toolVersion->toolaccess == '@GROUP'; //check for dev tools if ($isToolDev) { //if were not in the dev group or an admin we must deny if (!$indevgroup && !$admin) { $access->valid = 0; $access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if ($isToolPublished) { //are we checking for a group controlled tool if ($isGroupControlled) { //if were not in the group that controls it and not admin we must deny if (!$ingroup && !$admin) { $access->valid = 0; $access->error->message = 'This tool may only be accessed by members of it\'s access control groups.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if (!$exportAllowed->valid) { $access->valid = 0; $access->error->message = 'Export Access Denied'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); } else { $access->valid = 1; } } } else { $access->valid = 0; $access->error->message = 'This tool version is not published.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); } } //return access return $access; }
/** * Display a license for a resource * * @return void */ public function licenseTask() { // Get tool instance $resource = Request::getInt('resource', 0); $tool = Request::getVar('tool', ''); // Ensure we have a tool to work with if (!$tool && !$resource) { App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND')); return; } if ($tool) { // Load the tool version $row = new \Components\Tools\Tables\Version($this->database); $row->loadFromInstance($tool); } else { $row = new Resource($this->database); $row->load($resource); include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'license.php'; $rt = new License($this->database); $rt->load('custom' . $resource); $row->license = stripslashes($rt->text); } // Output HTML if (!$row) { App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND')); return; } // Set the page title $this->view->title = stripslashes($row->title) . ': ' . Lang::txt('COM_RESOURCES_LICENSE'); // Write title Document::setTitle($this->view->title); // Instantiate a new view $this->view->config = $this->config; $this->view->row = $row; $this->view->tool = $tool; $this->view->no_html = Request::getVar('no_html', 0); // Output HTML foreach ($this->getErrors() as $error) { $this->view->setError($error); } $this->view->setName('license')->setLayout('default')->display(); }