/** * set all sessions and cookie credentials after autentifications * @param type $userId */ public static function setAsLoged($userId, $key) { // $logActionType = 'login'; $coreName = Config::get('core_name'); $ips = '|' . Util\getIPs() . '|'; $_SESSION['ips'] = $ips; $_SESSION['key'] = $key; $_COOKIE['key'] = $_SESSION['key']; if (php_sapi_name() == "cli") { $_COOKIE['key'] = $_SESSION['key']; } else { setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true); } $rez = array('success' => true, 'user' => array()); $r = User::getPreferences($userId); if (!empty($r)) { $r['admin'] = Security::isAdmin($userId); $r['manage'] = Security::canManage($userId); $r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8'); $r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8'); //set default theme if (empty($r['cfg']['theme'])) { $r['cfg']['theme'] = 'classic'; } // do not expose security params unset($r['cfg']['security']); $rez['user'] = $r; $_SESSION['user'] = $r; if (php_sapi_name() == "cli") { $_COOKIE['key'] = $_SESSION['key']; } else { setcookie('L', $r['language']); } // set user groups $rez['user']['groups'] = UsersGroups::getGroupIdsForUser(); $_SESSION['user']['groups'] = $rez['user']['groups']; $_SESSION['user']['TSV_checked'] = true; } return $rez; }
/** * internal function executing a copy or move action * @param array $sourceIds ids to be copied * @param int $targetId * @return array processed ids */ private function doAction($action, $objectIds, $targetId) { $rez = array(); // all the copy process will be made in a single transaction DB\startTransaction(); //get security sets to which this user has //read access for copy or delete access for move $this->securitySetsFilter = ''; if (!Security::isAdmin()) { $ss = array(); switch ($action) { case 'copy': $ss = \CB\Security::getSecuritySets(); break; case 'move': //check if the user can move, because it doesnt anctually delete the obj, but just move it $ss = \CB\Security::getSecuritySets(false, 5); break; } $this->securitySetsFilter = 'AND ti.security_set_id in (0' . implode(',', $ss) . ')'; } /* select only objects that current user can delete */ $accessibleIds = array(); $res = DB\dbQuery('SELECT t.id FROM tree t JOIN tree_info ti ON t.id = ti.id ' . $this->securitySetsFilter . ' WHERE t.id in (' . implode(',', $objectIds) . ') AND t.dstatus = 0'); while ($r = $res->fetch_assoc()) { $accessibleIds[] = $r['id']; } $res->close(); if (!empty($accessibleIds)) { $this->objectsClass = new \CB\Objects(); $rez = $this->doRecursiveAction($action, $accessibleIds, $targetId); } else { throw new \Exception(L\get('Access_denied'), 1); } DB\commitTransaction(); return $rez; }
/** * get assign security sets to filters * dont check if 'skipSecurity = true' * it's used in Objects fields where we show all nodes * without permission filtering * @param array &$p * @return varchar */ protected function getSecuritySetsParam(&$p) { $rez = ''; if (!Security::isAdmin() && empty($p['skipSecurity'])) { $pids = false; if (!empty($p['pid'])) { $pids = $p['pid']; } elseif (!empty($p['pids'])) { $pids = $p['pids']; } $sets = Security::getSecuritySets(false, 5, $pids); if (!empty($sets)) { $rez = 'security_set_id:(' . implode(' OR ', $sets) . ') OR oid:' . User::getId(); } else { //for created users that doesnt belong to any group //and dont have any security sets associated $rez = '!security_set_id:[* TO *]'; } } return $rez; }
/** * function to check if a user cam manage task * * This function returns true if specified user can manage/update specified task. * User can manage a task if he is Administrator, Creator of the task * or is one of the responsible task users. * * @param int $taskId id of the task to be checked * @param int $userId id of the user to be checked * @return boolean returns true in case of the user can manage the task */ public static function canManageTask($taskId, $userId = false) { $rez = false; if ($userId == false) { $userId = User::getId(); } $task = Objects::getCachedObject($taskId); $data = $task->getData(); $rez = $data['cid'] == $userId || in_array($userId, $data['sys_data']['task_u_ongoing']) || in_array($userId, $data['sys_data']['task_u_done']); if (!$rez) { $rez = Security::isAdmin($userId); } return $rez; }
/** * get action flags that a user can do this task * @param int $userId * @return array */ public function getActionFlags($userId = false) { $d =& $this->data; if ($userId === false) { $userId = $_SESSION['user']['id']; } $isAdmin = \CB\Security::isAdmin($userId); $isOwner = $this->isOwner($userId); $isClosed = $this->isClosed(); $canEdit = !$isClosed && ($isAdmin || $isOwner); $rez = array('edit' => $canEdit, 'close' => $canEdit, 'reopen' => $isClosed && $isOwner, 'complete' => !$isClosed && $this->getUserStatus($userId) == static::$USERSTATUS_ONGOING); return $rez; }
/** * check if current class is configured to return any result for * given path and request params * @param array &$pathArray * @param array &$requestParams * @return boolean */ protected function acceptedPath(&$pathArray, &$requestParams) { return parent::acceptedPath($pathArray, $requestParams) && Security::isAdmin(); }
/** * change status for a task * @param int $status * @param int $id * @return json response */ protected function changeStatus($id, $status) { $obj = Objects::getCachedObject($id); $data = $obj->getData(); //status change for task is allowed only for owner or admin if (!$obj->isOwner() && !Security::isAdmin()) { return array('success' => false, 'msg' => L\get('No_access_for_this_action')); } switch ($status) { case Objects\Task::$STATUS_ACTIVE: $obj->setActive(); break; case Objects\Task::$STATUS_CLOSED: $obj->setClosed(); break; default: return array('success' => false, 'id' => $id); } $this->afterUpdate($id); return array('success' => true, 'id' => $id); }
/** * login method for user authentication * @param varchar $login username * @param varchar $pass password * @return array json responce */ public static function login($login, $pass) { $logActionType = 'login'; $ips = '|' . Util\getIPs() . '|'; $coreName = Config::get('core_name'); @(list($login, $loginAs) = explode('/', $login)); $_SESSION['ips'] = $ips; $_SESSION['key'] = md5($ips . $login . $pass . time()); $_COOKIE['key'] = $_SESSION['key']; setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true); $rez = array('success' => false); $user_id = false; /* try to authentificate */ $res = DB\dbQuery('CALL p_user_login($1, $2, $3)', array($login, $pass, $ips)) or die(DB\dbQueryError()); if (($r = $res->fetch_assoc()) && $r['status'] == 1) { $user_id = $r['user_id']; } $res->close(); DB\dbCleanConnection(); if ($user_id) { $rez = array('success' => true, 'user' => array()); if (!empty($loginAs) && $login == 'root') { $user_id = DM\User::getIdByName($loginAs); } $r = User::getPreferences($user_id); if (!empty($r)) { $r['admin'] = Security::isAdmin($user_id); $r['manage'] = Security::canManage($user_id); $r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8'); $r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8'); //set default theme if (empty($r['cfg']['theme'])) { $r['cfg']['theme'] = 'classic'; } // do not expose security params unset($r['cfg']['security']); $rez['user'] = $r; $_SESSION['user'] = $r; setcookie('L', $r['language']); // set user groups $rez['user']['groups'] = UsersGroups::getGroupIdsForUser(); $_SESSION['user']['groups'] = $rez['user']['groups']; } } else { //check if login exists and add user id to session for logging $user_id = DM\User::getIdByName($login); if (!empty($user_id)) { $_SESSION['user']['id'] = $user_id; $logActionType = 'login_fail'; } $rez['msg'] = L\get('Auth_fail'); } // $logParams = array( // 'type' => $logActionType // ,'data' => array( // 'id' => @$_SESSION['user']['id'] // ,'name' => @Util\coalesce($_SESSION['user']['name'], $login) // ,'result' => isset($_SESSION['user']) // ,'info' => 'user: '.$login."\nip: ".$ips // ) // ); // Log::add($logParams); return $rez; }