function install() { if ($this->firstExec('acl2')) { $this->useDbProfile('auth'); // create rights jAcl2DbManager::addSubjectGroup("lizmap.admin.grp", "admin~jacl2.lizmap.admin.grp"); jAcl2DbManager::addSubjectGroup("lizmap.grp", "admin~jacl2.lizmap.grp"); jAcl2DbManager::addSubject("lizmap.admin.access", "admin~jacl2.lizmap.admin.access", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.services.update", "admin~jacl2.lizmap.admin.services.update", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.create", "admin~jacl2.lizmap.admin.repositories.create", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.update", "admin~jacl2.lizmap.admin.repositories.update", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.delete", "admin~jacl2.lizmap.admin.repositories.delete", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.repositories.view", "admin~jacl2.lizmap.repositories.view", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.admin.repositories.view", "admin~jacl2.lizmap.admin.repositories.view", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.admin.services.view", "admin~jacl2.lizmap.admin.services.view", "lizmap.admin.grp"); jAcl2DbManager::addSubject("lizmap.tools.edition.use", "admin~jacl2.lizmap.tools.edition.use", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.tools.loginFilteredLayers.override", "admin~jacl2.lizmap.tools.loginFilteredLayers.override", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.tools.displayGetCapabilitiesLinks", "admin~jacl2.lizmap.tools.displayGetCapabilitiesLinks", "lizmap.grp"); jAcl2DbManager::addSubject("lizmap.tools.layer.export", "admin~jacl2.lizmap.tools.layer.export", "lizmap.grp"); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.view'); jAcl2DbManager::addRight('admins', 'lizmap.admin.services.view'); jAcl2DbManager::addRight('admins', 'lizmap.admin.access'); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.create'); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.delete'); jAcl2DbManager::addRight('admins', 'lizmap.admin.repositories.update'); jAcl2DbManager::addRight('admins', 'lizmap.admin.services.update'); } }
function postInstall() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('servinfo.access', 'servinfo~servinfo.acl.access'); jAcl2DbManager::addRight('admins', 'servinfo.access'); // for admin group } }
function install() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('modulesinfo.access', 'modulesinfo~modulesinfo.acl.access'); jAcl2DbManager::addRight('admins', 'modulesinfo.access'); // for admin group } }
function install() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubjectGroup('jprefs.prefs.management', 'jpref_admin~admin.acl.grp.prefs.management'); jAcl2DbManager::addSubject('jprefs.prefs.list', 'jpref_admin~admin.acl.prefs.list', 'jprefs.prefs.management'); jAcl2DbManager::addRight('admins', 'jprefs.prefs.list'); // for admin group } }
function install() { if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('jelixcache.access', 'jelixcache~jelixcache.acl.access'); jAcl2DbManager::addRight('admins', 'jelixcache.access'); // for admin group //jAcl2DbManager::addRight('moderators', 'jelixcache.access'); } }
function install() { //if ($this->firstDbExec()) // $this->execSQLScript('sql/install'); if ($this->firstExec('acl2')) { jAcl2DbManager::addSubject('activeusers.configuration', 'activeusers_admin~main.acl.subject'); jAcl2DbManager::addRight('admins', 'activeusers.configuration'); // for admin group } }
/** * set rights on the given forum * @param integer $group the group id. * @param array $rights list of rights key = subject, value = true * @param string $resource the resource corresponding to the "forum" string + id_forum */ public static function setRightsOnForum($group, $rights, $resource) { $dao = jDao::get('jacl2db~jacl2rights', jAcl2Db::getProfile()); $dao->deleteHfnuByGroup($group, $resource); foreach ($rights as $sbj => $val) { if ($val != '') { jAcl2DbManager::addRight($group, $sbj, $resource); } } jAcl2::clearCache(); }
function install() { if ($this->firstDbExec() && $this->getParameter('demo')) { $this->useDbProfile('jauth'); // admins jAcl2DbManager::addRight('admins', 'lizmap.tools.layer.export', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.layer.export', 'montpellier'); // lizadmins jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.layer.export', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.layer.export', 'montpellier'); // intranet jAcl2DbManager::addRight('intranet', 'lizmap.tools.layer.export', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.layer.export', 'montpellier'); } }
function install() { if ($this->getParameter('masteradmin')) { $this->config->setValue('loginResponse', 'htmlauth', 'jcommunity'); } if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) { jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity'); jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management'); jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change'); // for admin group } if ($this->firstExec('preferences')) { $prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini'); $prefFile = jApp::configPath('preferences.ini.php'); if (file_exists($prefFile)) { $mainPref = new jIniFileModifier($prefFile); //import this way to not erase changed value. $prefIni->import($mainPref); } $prefIni->saveAs($prefFile); } }
function install() { $lizmapConfFile = jApp::configPath('lizmapConfig.ini.php'); if (!file_exists($lizmapConfFile)) { $lizmapConfFileDist = jApp::configPath('lizmapConfig.ini.php.dist'); if (file_exists($lizmapConfFileDist)) { copy($lizmapConfFileDist, $lizmapConfFile); } else { $this->copyFile('config/lizmapConfig.ini.php', $lizmapConfFile); } } $localConfig = jApp::configPath('localconfig.ini.php'); if (!file_exists($localConfig)) { $localConfigDist = jApp::configPath('localconfig.ini.php.dist'); if (file_exists($localConfigDist)) { copy($localConfigDist, $localConfig); } else { file_put_contents($localConfig, ';<' . '?php die(\'\');?' . '>'); } } $ini = new jIniFileModifier($localConfig); $ini->setValue('lizmap', 'lizmapConfig.ini.php', 'coordplugins'); $ini->save(); if ($this->firstDbExec()) { // Add log table $this->useDbProfile('lizlog'); $this->execSQLScript('sql/lizlog'); // Add geobookmark table $this->useDbProfile('jauth'); $this->execSQLScript('sql/lizgeobookmark'); } if ($this->firstExec('acl2') && $this->getParameter('demo')) { $this->useDbProfile('auth'); // create group jAcl2DbUserGroup::createGroup('lizadmins'); jAcl2DbUserGroup::createGroup('Intranet demos group', 'intranet'); // create user in jAuth require_once JELIX_LIB_PATH . 'auth/jAuth.class.php'; require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php'; $authconfig = $this->config->getValue('auth', 'coordplugins'); $confIni = parse_ini_file(jApp::configPath($authconfig), true); $authConfig = jAuth::loadConfig($confIni); $driver = new dbAuthDriver($authConfig['Db']); $passwordHash1 = $driver->cryptPassword('lizadmin'); $passwordHash2 = $driver->cryptPassword('logintranet'); $cn = $this->dbConnection(); $cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('lizadmin', " . $cn->quote($passwordHash1) . " , '*****@*****.**')"); $cn->exec("INSERT INTO " . $cn->prefixTable('jlx_user') . " (usr_login, usr_password, usr_email ) VALUES\n ('logintranet', " . $cn->quote($passwordHash2) . " , '*****@*****.**')"); // declare users in jAcl2 jAcl2DbUserGroup::createUser('lizadmin', true); jAcl2DbUserGroup::createUser('logintranet', true); jAcl2DbUserGroup::addUserToGroup('lizadmin', 'lizadmins'); jAcl2DbUserGroup::addUserToGroup('logintranet', 'intranet'); jAcl2DbManager::setRightsOnGroup('lizadmins', array('lizmap.admin.access' => true, 'lizmap.admin.services.update' => true, 'lizmap.admin.repositories.create' => true, 'lizmap.admin.repositories.delete' => true, 'lizmap.admin.repositories.update' => true, 'lizmap.admin.repositories.view' => true, 'lizmap.admin.services.view' => true)); // admins jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet'); jAcl2DbManager::addRight('admins', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('admins', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('admins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('admins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // lizadmins jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('lizadmins', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('lizadmins', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // intranet jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'intranet'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('intranet', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('intranet', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // anonymous jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.edition.use', 'montpellier'); jAcl2DbManager::addRight('__anonymous', 'lizmap.repositories.view', 'montpellier'); jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.loginFilteredLayers.override', 'montpellier'); jAcl2DbManager::addRight('__anonymous', 'lizmap.tools.displayGetCapabilitiesLinks', 'montpellier'); // declare the repositories of demo in the configuration $ini = new jIniFileModifier($lizmapConfFile); $ini->setValues(array('label' => 'LizMap Demo', 'path' => '../install/qgis/', 'allowUserDefinedThemes' => 1), 'repository:montpellier'); $ini->setValues(array('label' => 'Lizmap Demo - Intranet', 'path' => '../install/qgis_intranet/', 'allowUserDefinedThemes' => ''), 'repository:intranet'); $ini->setValue('defaultRepository', 'montpellier', 'services'); $ini->save(); } }
/** * Save rights for a repository. * Used to save rights for each subject and for each group of one repository. * @param object $form Jform object concerned. * @param object $repository Repository key. * @return boolean Success or failure of the saving. */ protected function saveRepositoryRightsFromRequest($form, $repository) { // Daos to use $daoright = jDao::get('jacl2db~jacl2rights', 'jacl2_profile'); $daogroup = jDao::get('jacl2db~jacl2group', 'jacl2_profile'); // Loop through the form controls foreach ($form->getControls() as $ctrl) { // Filter controls corresponding to lizmap subjects if (preg_match('#^' . $this->lizmapClientPrefix . '#', $ctrl->ref) && $ctrl->isContainer()) { $id_aclsbj = $ctrl->ref; // Edit control ref to get request params $param = str_replace('.', '_', $id_aclsbj); // Get values for the selected subject if (isset(jApp::coord()->request->params[$param])) { $values = array_values(jApp::coord()->request->params[$param]); } else { // the list in the form may be empty, so no parameters $values = array(); } // Loop through the groups foreach ($daogroup->findAll() as $group) { // Retrieve only normal groups which are not blacklisted if (!in_array($group->id_aclgrp, $this->groupBlacklist) && $group->grouptype == 0) { // Add the right if needed else remove it if (in_array($group->id_aclgrp, $values)) { jAcl2DbManager::addRight($group->id_aclgrp, $id_aclsbj, $repository); } else { $daoright->delete($id_aclsbj, $group->id_aclgrp, $repository); } } } } } }
public function testAddResourceRight() { $this->assertTrue(jAcl2DbManager::addRight('group1', 'super.cms.update', 154)); $this->assertTrue(jAcl2DbManager::addRight('group1', 'super.cms.update', 92)); $this->rights[] = array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => '154'); $this->rights[] = array('id_aclsbj' => 'super.cms.update', 'id_aclgrp' => 'group1', 'id_aclres' => '92'); $this->assertTableContainsRecords('jacl2_rights', $this->rights); }
function install() { $authconfig = $this->config->getValue('auth', 'coordplugins'); $authconfigMaster = $this->config->getValue('auth', 'coordplugins', null, true); $forWS = in_array($this->entryPoint->type, array('json', 'jsonrpc', 'soap', 'xmlrpc')); $createdConfFile = false; if (!$authconfig || $forWS && $authconfig == $authconfigMaster) { //if ($this->entryPoint->type == 'cmdline') { // return; //} if ($forWS) { $pluginIni = 'authsw.coord.ini.php'; } else { $pluginIni = 'auth.coord.ini.php'; } $authconfig = dirname($this->entryPoint->configFile) . '/' . $pluginIni; if ($this->firstExec($authconfig)) { // no configuration, let's install the plugin for the entry point $this->config->setValue('auth', $authconfig, 'coordplugins'); $this->copyFile('var/config/' . $pluginIni, 'epconfig:' . $pluginIni); $createdConfFile = true; } } $conf = new jIniFileModifier(jApp::configPath($authconfig)); $usedStandardDao = $conf->getValue('dao', 'Db') == 'jauthdb~jelixuser'; $this->useDbProfile($conf->getValue('profile', 'Db')); if ($createdConfFile) { mt_srand(); $conf->setValue('persistant_crypt_key', sha1("jelix" . time() . mt_rand())); $conf->save(); } if ($this->firstExec($authconfig) && $this->getParameter('rewriteconfig')) { $conf->setValue('driver', 'Db'); $conf->setValue('dao', 'jcommunity~user', 'Db'); $conf->setValue('form', 'jcommunity~account_admin', 'Db'); $conf->setValue('error_message', 'jcommunity~login.error.notlogged'); $conf->setValue('on_error_action', 'jcommunity~login:out'); $conf->setValue('bad_ip_action', 'jcommunity~login:out'); $conf->setValue('after_logout', 'jcommunity~login:index'); $conf->setValue('enable_after_login_override', 'on'); $conf->setValue('enable_after_logout_override', 'on'); $conf->setValue('after_login', 'jcommunity~account:show'); $conf->save(); } if ($this->getParameter('masteradmin')) { $conf->setValue('after_login', 'master_admin~default:index'); $conf->save(); $this->config->setValue('loginResponse', 'htmlauth', 'jcommunity'); } if ($this->firstDbExec() && !$this->getParameter('notjcommunitytable')) { $conf->setValue('dao', 'jcommunity~user', 'Db'); $conf->setValue('form', 'jcommunity~account_admin', 'Db'); $conf->save(); $this->execSQLScript('sql/install'); $cn = $this->dbConnection(); if ($usedStandardDao && $this->getParameter('migratejauthdbusers')) { $cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . "\n (login, password, email, nickname, status, create_date)\n SELECT usr_login, usr_password, usr_email, usr_login, 1, '" . date('Y-m-d H:i:s') . "'\n FROM " . $cn->prefixTable('jlx_user')); } else { if ($this->getParameter('defaultuser')) { require_once JELIX_LIB_PATH . 'auth/jAuth.class.php'; require_once JELIX_LIB_PATH . 'plugins/auth/db/db.auth.php'; $confIni = parse_ini_file(jApp::configPath($authconfig), true); $authConfig = jAuth::loadConfig($confIni); $driver = new dbAuthDriver($authConfig['Db']); $passwordHash = $driver->cryptPassword('admin'); $cn->exec("INSERT INTO " . $cn->prefixTable('community_users') . " (login, password, email, nickname, status, create_date) VALUES\n ('admin', " . $cn->quote($passwordHash) . ", '*****@*****.**', 'admin', 1, '" . date('Y-m-d H:i:s') . "')"); } } } if ($this->firstExec('acl2') && class_exists('jAcl2DbManager')) { jAcl2DbManager::addSubjectGroup('jcommunity.admin', 'jcommunity~prefs.admin.jcommunity'); jAcl2DbManager::addSubject('jcommunity.prefs.change', 'jcommunity~prefs.admin.prefs.change', 'jprefs.prefs.management'); jAcl2DbManager::addRight('admins', 'jcommunity.prefs.change'); // for admin group } if ($this->firstExec('preferences')) { $prefIni = new jIniFileModifier(__DIR__ . '/prefs.ini'); $prefFile = jApp::configPath('preferences.ini.php'); if (file_exists($prefFile)) { $mainPref = new jIniFileModifier($prefFile); //import this way to not erase changed value. $prefIni->import($mainPref); } $prefIni->saveAs($prefFile); } }
public function testGetRightDisconnect() { jAuth::logout(); jAcl2::clearCache(); $this->assertFalse(jAcl2::check('super.cms.list')); $this->assertFalse(jAcl2::check('admin.access')); jAcl2::clearCache(); jAcl2DbManager::addRight('__anonymous', 'super.cms.list'); $this->assertTrue(jAcl2::check('super.cms.list')); $this->assertFalse(jAcl2::check('admin.access')); jAcl2::clearCache(); }