예제 #1
0
 /**
  * Check $action rights returning user
  * 
  * @param string $action
  * @param RestoUser $user
  * @param string $token
  * @param RestoCollection $collection
  * @param RestoFeature $feature
  * 
  */
 private function checkRights($action, $user, $token, $collection, $feature)
 {
     /*
      * Get token inititiator - bypass user rights
      */
     if (!empty($token)) {
         $initiatorEmail = $this->context->dbDriver->check(RestoDatabaseDriver::SHARED_LINK, array('resourceUrl' => $this->context->baseUrl . '/' . $this->context->path, 'token' => $token));
         /*
          * Non existing Token => exit
          */
         if (!$initiatorEmail) {
             RestoLogUtil::httpError(403);
         }
         if ($user->profile['email'] !== $initiatorEmail) {
             $user = new RestoUser($this->context->dbDriver->get(RestoDatabaseDriver::USER_PROFILE, array('email' => strtolower($initiatorEmail))), $this->context);
         }
     } else {
         if ($action === 'download' && !$user->hasRightsTo(RestoUser::DOWNLOAD, array('collectionName' => $collection->name, 'featureIdentifier' => $feature->identifier))) {
             RestoLogUtil::httpError(403);
         }
         if ($action === 'visualize' && !$user->hasRightsTo(RestoUser::VISUALIZE, array('collectionName' => $collection->name, 'featureIdentifier' => $feature->identifier))) {
             RestoLogUtil::httpError(403);
         }
     }
     return $user;
 }
예제 #2
0
 /**
  * @depends testGetCollection
  */
 public function testRegisteredUser()
 {
     $this->initContext();
     $profile = array('userid' => 2, 'groups' => 'default', 'email' => 'test_email', 'password' => 'test_password', 'username' => 'test_username', 'givenname' => 'test_givenname', 'lastname' => 'test_lastname', 'country' => 'FR', 'organization' => 'test_organization', 'flags' => null, 'topics' => null, 'validatedby' => 'admin', 'validationdate' => 'now()', 'activated' => 1);
     $user = new RestoUser($profile, $this->context);
     $this->assertEquals(false, $user->isAdmin());
     $this->assertEquals(true, $user->isValidated());
     $this->assertEquals(false, $user->hasRightsTo('create'));
     $this->assertEquals(true, $user->hasRightsTo('download', array('collectionName' => 'Landsat')));
     $this->assertEquals(false, $user->hasRightsTo('update', array('collectionName' => 'Landsat')));
     $this->assertEquals(true, $user->hasRightsTo('visualize', array('collectionName' => 'Landsat')));
     $license = new RestoLicense($this->context, 'Example', true);
     $this->assertEquals(true, $license->isApplicableToUser($user));
     /*
      * Test when user has not signed license
      */
     $this->assertEquals(true, $license->hasToBeSignedByUser($user));
     /*
      * Sign license
      */
     $user->signLicense($license);
     $signatures = $user->getSignatures();
     $this->assertEquals(false, empty($signatures));
     /*
      * Test when user has signed license
      */
     $this->assertEquals(false, $license->hasToBeSignedByUser($user));
     $this->assertEquals(false, $user->activate());
     $this->assertEquals(true, array_key_exists('token', $user->connect()));
     $this->assertEquals(true, $user->disconnect());
     $_aa = $this->admin->addGroups('toto');
     $_rr = $this->admin->removeGroups('toto');
     $this->assertEquals('success', $_aa['status']);
     $this->assertEquals('success', $_rr['status']);
 }
예제 #3
0
파일: Admin.php 프로젝트: rmourembles/resto
 /**
  * Return formated rights
  * 
  * @param RestoUser $user
  * @param string $collectionName
  * @param string $featureIdentifier
  */
 private function getRights($user, $collectionName, $featureIdentifier)
 {
     return RestoLogUtil::success('Rights for ' . $user->profile['email'], array('email' => $user->profile['email'], 'userid' => $user->profile['userid'], 'groups' => $user->profile['groups'], 'rights' => $user->getRights($collectionName, $featureIdentifier)));
 }
예제 #4
0
 /**
  * Filter search result on group attribute using
  * the groups list from user profile
  * 
  * @param RestoUser $user
  * @param RestoModel $model
  * @return string
  */
 private function prepareFilterQuery_contextualSearch($user, $model)
 {
     /*
      * Admin user has no restriction on search
      */
     if ($user->isAdmin()) {
         return null;
     }
     /*
      * Merge user groups with 'public' visibility
      * Note: feature with 'public' visibility can be seen by every user
      * (even unregistered)
      */
     $visibilities = array();
     $groups = explode(',', (isset($user->profile['groups']) ? $user->profile['groups'] . ',' : '') . 'public');
     for ($i = count($groups); $i--;) {
         $visibilities[] = '\'' . pg_escape_string($groups[$i]) . '\'';
     }
     return $model->properties['visibility']['name'] . ' IN (' . join(',', $visibilities) . ')';
 }