/** * Set admin as current user */ public function auth() { $userService = $this->apiRepository->getUserService(); $user = $userService->loadUserByLogin('admin'); // login user for API $this->apiRepository->setCurrentUser($user); }
/** * If user is logged-in in legacy_mode (e.g. legacy admin interface), * will inject currently logged-in user in the repository. * * @param GetResponseEvent $event */ public function onKernelRequest(GetResponseEvent $event) { /** @var \eZ\Publish\Core\MVC\ConfigResolverInterface $configResolver */ $request = $event->getRequest(); $session = $request->getSession(); if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST || !$this->configResolver->getParameter('legacy_mode') || !($session->isStarted() && $session->has('eZUserLoggedInID'))) { return; } try { $apiUser = $this->repository->getUserService()->loadUser($session->get('eZUserLoggedInID')); $this->repository->setCurrentUser($apiUser); $token = $this->tokenStorage->getToken(); if ($token instanceof TokenInterface) { $token->setUser(new User($apiUser)); // Don't embed if we already have a LegacyToken, to avoid nested session storage. if (!$token instanceof LegacyToken) { $this->tokenStorage->setToken(new LegacyToken($token)); } } } catch (NotFoundException $e) { // Invalid user ID, the user may have been removed => invalidate the token and the session. $this->tokenStorage->setToken(null); $session->invalidate(); } }
/** * Initializes eZ Publish related service shortcuts. * * @param Schema $schema */ protected function pre(Schema $schema) { $this->repository = $this->container->get('ezpublish.api.repository'); $this->userService = $this->repository->getUserService(); $this->defaultMigrationUser = $this->container->getParameter('ezpublish_migrations.ez_user'); $this->currentMigrationUser = $this->defaultMigrationUser; $this->setDefaultMigrationUser(); }
/** * @param \eZ\Publish\API\Repository\Repository $repository * @param ConfigResolverInterface|\Psr\Log\LoggerInterface $resolver */ public function __construct(Repository $repository, ConfigResolverInterface $resolver) { $this->repository = $repository; $this->searchService = $this->repository->getSearchService(); $this->locationService = $this->repository->getLocationService(); $this->contentService = $this->repository->getContentService(); $this->languageService = $this->repository->getContentLanguageService(); $this->userService = $this->repository->getUserService(); $this->contentTypeService = $this->repository->getContentTypeService(); $this->configResolver = $resolver; }
/** * @param $login * @param $email * @param $firstName * @param $lastName * @return User */ public function createNewUser($login, $email, $firstName, $lastName) { $userService = $this->repository->getUserService(); $userCreateStruct = $userService->newUserCreateStruct($login, $email, md5($email . $login . time() . rand(1, 10000)), 'eng-GB', $this->repository->getContentTypeService()->loadContentTypeByIdentifier('user')); $userCreateStruct->setField('first_name', $firstName); $userCreateStruct->setField('last_name', $lastName); $user = $this->repository->sudo(function () use($userService, $userCreateStruct) { $userGroup = $userService->loadUserGroup('11'); // guest accounts return $userService->createUser($userCreateStruct, array($userGroup)); }); return $user; }
/** * Refreshes the user for the account interface. * * It is up to the implementation to decide if the user data should be * totally reloaded (e.g. from the database), or if the UserInterface * object can just be merged into some internal array of users / identity * map. * * @param \Symfony\Component\Security\Core\User\UserInterface $user * * @throws \Symfony\Component\Security\Core\Exception\UnsupportedUserException * * @return \Symfony\Component\Security\Core\User\UserInterface */ public function refreshUser(CoreUserInterface $user) { if (!$user instanceof UserInterface) { throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); } try { $refreshedAPIUser = $this->repository->getUserService()->loadUser($user->getAPIUser()->id); $user->setAPIUser($refreshedAPIUser); $this->repository->setCurrentUser($refreshedAPIUser); return $user; } catch (NotFoundException $e) { throw new UsernameNotFoundException($e->getMessage(), 0, $e); } }
/** * Loads the user for the given user ID. * $user can be either the user ID or an instance of \eZ\Publish\Core\MVC\Symfony\Security\User * (anonymous user we try to check access via SecurityContext::isGranted()) * * @param string|\eZ\Publish\Core\MVC\Symfony\Security\User $user Either the user ID to load an instance of User object. A value of -1 represents an anonymous user. * * @return \eZ\Publish\Core\MVC\Symfony\Security\UserInterface * * @throws \Symfony\Component\Security\Core\Exception\UsernameNotFoundException if the user is not found */ public function loadUserByUsername($user) { try { // SecurityContext always tries to authenticate anonymous users when checking granted access. // In that case $user is an instance of \eZ\Publish\Core\MVC\Symfony\Security\User. // We don't need to reload the user here. if ($user instanceof UserInterface) { return $user; } return new User($this->repository->getUserService()->loadUserByLogin($user), array('ROLE_USER')); } catch (NotFoundException $e) { throw new UsernameNotFoundException($e->getMessage(), 0, $e); } }
/** * If user is logged-in in legacy_mode (e.g. legacy admin interface), * will inject currently logged-in user in the repository. * * @param GetResponseEvent $event */ public function onKernelRequest(GetResponseEvent $event) { /** @var \eZ\Publish\Core\MVC\ConfigResolverInterface $configResolver */ $request = $event->getRequest(); if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST || !$this->configResolver->getParameter('legacy_mode') || !$request->getSession()->has('eZUserLoggedInID')) { return; } $apiUser = $this->repository->getUserService()->loadUser($request->getSession()->get('eZUserLoggedInID')); $this->repository->setCurrentUser($apiUser); $token = $this->securityContext->getToken(); if ($token instanceof TokenInterface) { $token->setUser(new User($apiUser)); $token->setAuthenticated(true); } }
/** * Tries to retrieve a valid eZ user if authenticated user doesn't come from the repository (foreign user provider). * Will dispatch an event allowing listeners to return a valid eZ user for current authenticated user. * Will by default let the repository load the anonymous user. * * @param \Symfony\Component\Security\Http\Event\InteractiveLoginEvent $event */ public function onInteractiveLogin(BaseInteractiveLoginEvent $event) { $token = $event->getAuthenticationToken(); $originalUser = $token->getUser(); if ($originalUser instanceof eZUser || !$originalUser instanceof UserInterface) { return; } /* * 1. Send the event. * 2. If no eZ user is returned, load Anonymous user. * 3. Inject eZ user in repository. * 4. Create the UserWrapped user object (implementing eZ UserInterface) with loaded eZ user. * 5. Create new token with UserWrapped user * 6. Inject the new token in security context */ $subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token); $this->eventDispatcher->dispatch(MVCEvents::INTERACTIVE_LOGIN, $subLoginEvent); if ($subLoginEvent->hasAPIUser()) { $apiUser = $subLoginEvent->getAPIUser(); } else { $apiUser = $this->repository->getUserService()->loadUser($this->configResolver->getParameter("anonymous_user_id")); } $this->repository->setCurrentUser($apiUser); $providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__; $interactiveToken = new InteractiveLoginToken($this->getUser($originalUser, $apiUser), get_class($token), $token->getCredentials(), $providerKey, $token->getRoles()); $interactiveToken->setAttributes($token->getAttributes()); $this->securityContext->setToken($interactiveToken); }
private function mapContentCreateToUserCreate(RestContentCreateStruct $restContentCreateStruct) { $contentCreateStruct = $restContentCreateStruct->contentCreateStruct; $userCreateStruct = new UserCreateStruct(); $fields = array(); foreach ($contentCreateStruct->fields as $field) { // @todo fix hardcode user_account if ($field->value instanceof UserFieldValue) { $userCreateStruct->login = $field->value->login; $userCreateStruct->email = $field->value->email; $userCreateStruct->password = $field->value->passwordHash; $field->value->passwordHash = null; $foundUserField = true; } $userCreateStruct->fields[] = $field; } if (!isset($foundUserField)) { return false; } $properties = ['contentType', 'sectionId', 'ownerId', 'alwaysAvailable', 'remoteId', 'mainLanguageCode', 'modificationDate']; foreach ($properties as $property) { if (isset($contentCreateStruct->{$property})) { $userCreateStruct->{$property} = $contentCreateStruct->{$property}; } } $userGroup = $this->repository->getUserService()->loadUserGroup($restContentCreateStruct->locationCreateStruct->parentLocationId); return [$userCreateStruct, $userGroup]; }
/** * Get User Service * * Get service object to perform operations on Users and UserGroup * * @return \eZ\Publish\API\Repository\UserService */ public function getUserService() { if ($this->userService !== null) { return $this->userService; } $this->userService = new UserService($this->repository->getUserService(), $this->signalDispatcher); return $this->userService; }
/** * {@inheritdoc} */ protected function initialize(InputInterface $input, OutputInterface $output) { $input; // phpmd trick $output; // phpmd trick $this->eZPublishRepository = $this->getContainer()->get("ezpublish.api.repository"); $this->eZPublishRepository->setCurrentUser($this->eZPublishRepository->getUserService()->loadUser(14)); }
/** * Builds the API UserGroupRoleAssignment object from provided SPI RoleAssignment object * * @param \eZ\Publish\SPI\Persistence\User\RoleAssignment $spiRoleAssignment * @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup * @param \eZ\Publish\API\Repository\Values\User\Role $role * * @return \eZ\Publish\API\Repository\Values\User\UserGroupRoleAssignment */ public function buildDomainUserGroupRoleAssignmentObject(SPIRoleAssignment $spiRoleAssignment, UserGroup $userGroup = null, APIRole $role = null) { $limitation = null; if (!empty($spiRoleAssignment->limitationIdentifier)) { $limitation = $this->getLimitationType($spiRoleAssignment->limitationIdentifier)->buildValue($spiRoleAssignment->values); } $userGroup = $userGroup ?: $this->repository->getUserService()->loadUserGroup($spiRoleAssignment->contentId); $role = $role ?: $this->loadRole($spiRoleAssignment->roleId); return new UserGroupRoleAssignment(array('limitation' => $limitation, 'role' => $role, 'userGroup' => $userGroup)); }
public function __construct(Repository $repository, CategoryServiceInterface $categoryService, PostServiceInterface $postService) { $this->repository = $repository; $this->categoryService = $categoryService; $this->postService = $postService; $this->searchService = $repository->getSearchService(); $this->contentService = $repository->getContentService(); $this->locationService = $repository->getLocationService(); $this->contentTypeService = $repository->getContentTypeService(); $this->userService = $repository->getUserService(); }
/** * @param UserEvent $event */ public function onImplicitLogin(UserEvent $event) { $originalUser = $event->getUser(); if ($originalUser instanceof eZUser || !$originalUser instanceof UserInterface) { return; } // Already Authenticated Token ( we are in ImplicitLogin of FOS) $token = $this->tokenStorage->getToken(); $subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token); $this->eventDispatcher->dispatch(MVCEvents::INTERACTIVE_LOGIN, $subLoginEvent); if ($subLoginEvent->hasAPIUser()) { $apiUser = $subLoginEvent->getAPIUser(); } else { $apiUser = $this->repository->getUserService()->loadUser($this->configResolver->getParameter('anonymous_user_id')); } $this->repository->setCurrentUser($apiUser); $providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__; $interactiveToken = new InteractiveLoginToken(new UserWrapped($originalUser, $apiUser), get_class($token), $token->getCredentials(), $providerKey, $token->getRoles()); $interactiveToken->setAttributes($token->getAttributes()); $this->tokenStorage->setToken($interactiveToken); }
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { if (!$user instanceof EzUserInterface) { return parent::checkAuthentication($user, $token); } // $currentUser can either be an instance of UserInterface or just the username (e.g. during form login). /** @var EzUserInterface|string $currentUser */ $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getAPIUser()->passwordHash !== $user->getAPIUser()->passwordHash) { throw new BadCredentialsException('The credentials were changed from another session.'); } $apiUser = $currentUser->getAPIUser(); } else { try { $apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials()); } catch (NotFoundException $e) { throw new BadCredentialsException('Invalid credentials', 0, $e); } } // Finally inject current user in the Repository $this->repository->setCurrentUser($apiUser); }
/** * @see \eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUser() */ public function getRoleAssignmentsForUser(User $user, $inherited = false) { if ($this->repository->hasAccess('role', 'read') !== true) { throw new UnauthorizedException('role', 'read'); } $roleAssignments = array(); $spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($user->id, $inherited); foreach ($spiRoleAssignments as $spiRoleAssignment) { $role = $this->loadRole($spiRoleAssignment->roleId); if (!$inherited || $spiRoleAssignment->contentId == $user->id) { $roleAssignments[] = $this->roleDomainMapper->buildDomainUserRoleAssignmentObject($spiRoleAssignment, $user, $role); } else { $userGroup = $this->repository->getUserService()->loadUserGroup($spiRoleAssignment->contentId); $roleAssignments[] = $this->roleDomainMapper->buildDomainUserGroupRoleAssignmentObject($spiRoleAssignment, $userGroup, $role); } } return $roleAssignments; }
/** * Validates input ContentType create struct. * * @throws \eZ\Publish\Core\Base\Exceptions\InvalidArgumentException * @throws \eZ\Publish\Core\Base\Exceptions\InvalidArgumentType * @throws \eZ\Publish\Core\Base\Exceptions\InvalidArgumentValue * * @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeCreateStruct $contentTypeCreateStruct * * @return void */ protected function validateInputContentTypeCreateStruct(APIContentTypeCreateStruct $contentTypeCreateStruct) { // Required properties if ($contentTypeCreateStruct->identifier === null) { throw new InvalidArgumentException("\$contentTypeCreateStruct", "Property 'identifier' is required"); } if (!is_string($contentTypeCreateStruct->identifier)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->identifier", "string", $contentTypeCreateStruct->identifier); } if ($contentTypeCreateStruct->identifier === "") { throw new InvalidArgumentValue("\$contentTypeCreateStruct->identifier", $contentTypeCreateStruct->identifier); } if ($contentTypeCreateStruct->mainLanguageCode === null) { throw new InvalidArgumentException("\$contentTypeCreateStruct", "Property 'mainLanguageCode' is required"); } if (!is_string($contentTypeCreateStruct->mainLanguageCode)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->mainLanguageCode", "string", $contentTypeCreateStruct->mainLanguageCode); } if ($contentTypeCreateStruct->mainLanguageCode === "") { throw new InvalidArgumentValue("\$contentTypeCreateStruct->mainLanguageCode", $contentTypeCreateStruct->mainLanguageCode); } if ($contentTypeCreateStruct->names !== null) { $this->domainMapper->validateTranslatedList($contentTypeCreateStruct->names, "\$contentTypeCreateStruct->names"); } if (!isset($contentTypeCreateStruct->names[$contentTypeCreateStruct->mainLanguageCode]) || $contentTypeCreateStruct->names[$contentTypeCreateStruct->mainLanguageCode] === "") { throw new InvalidArgumentException("\$contentTypeCreateStruct->names", "At least one name in the main language is required"); } // Optional properties if ($contentTypeCreateStruct->descriptions !== null) { $this->domainMapper->validateTranslatedList($contentTypeCreateStruct->descriptions, "\$contentTypeCreateStruct->descriptions"); } if ($contentTypeCreateStruct->defaultSortField !== null && !$this->domainMapper->isValidLocationSortField($contentTypeCreateStruct->defaultSortField)) { throw new InvalidArgumentValue("\$contentTypeCreateStruct->defaultSortField", $contentTypeCreateStruct->defaultSortField); } if ($contentTypeCreateStruct->defaultSortOrder !== null && !$this->domainMapper->isValidLocationSortOrder($contentTypeCreateStruct->defaultSortOrder)) { throw new InvalidArgumentValue("\$contentTypeCreateStruct->defaultSortOrder", $contentTypeCreateStruct->defaultSortOrder); } if ($contentTypeCreateStruct->creatorId !== null) { $this->repository->getUserService()->loadUser($contentTypeCreateStruct->creatorId); } if ($contentTypeCreateStruct->creationDate !== null && !$contentTypeCreateStruct->creationDate instanceof DateTime) { throw new InvalidArgumentType("\$contentTypeCreateStruct->creationDate", "DateTime", $contentTypeCreateStruct->creationDate); } if ($contentTypeCreateStruct->defaultAlwaysAvailable !== null && !is_bool($contentTypeCreateStruct->defaultAlwaysAvailable)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->defaultAlwaysAvailable", "boolean", $contentTypeCreateStruct->defaultAlwaysAvailable); } if ($contentTypeCreateStruct->isContainer !== null && !is_bool($contentTypeCreateStruct->isContainer)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->isContainer", "boolean", $contentTypeCreateStruct->isContainer); } if ($contentTypeCreateStruct->remoteId !== null && !is_string($contentTypeCreateStruct->remoteId)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->remoteId", "string", $contentTypeCreateStruct->remoteId); } if ($contentTypeCreateStruct->nameSchema !== null && !is_string($contentTypeCreateStruct->nameSchema)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->nameSchema", "string", $contentTypeCreateStruct->nameSchema); } if ($contentTypeCreateStruct->urlAliasSchema !== null && !is_string($contentTypeCreateStruct->urlAliasSchema)) { throw new InvalidArgumentType("\$contentTypeCreateStruct->urlAliasSchema", "string", $contentTypeCreateStruct->urlAliasSchema); } if (empty($contentTypeCreateStruct->fieldDefinitions)) { throw new InvalidArgumentException("\$contentTypeCreateStruct", "Argument must contain at least one FieldDefinitionCreateStruct"); } foreach ($contentTypeCreateStruct->fieldDefinitions as $key => $fieldDefinitionCreateStruct) { if (!$fieldDefinitionCreateStruct instanceof FieldDefinitionCreateStruct) { throw new InvalidArgumentType("\$contentTypeCreateStruct->fieldDefinitions[{$key}]", "eZ\\Publish\\API\\Repository\\Values\\ContentType\\FieldDefinitionCreateStruct", $fieldDefinitionCreateStruct); } $this->validateInputFieldDefinitionCreateStruct($fieldDefinitionCreateStruct, "\$contentTypeCreateStruct->fieldDefinitions[{$key}]"); } }
/** * Sets the current ez user to the user with the given user name. * * @param string $username */ private function setMigrationUser($username) { $this->repository->setCurrentUser($this->repository->getUserService()->loadUserByLogin($username)); }
public function login($username, $password) { $this->repository->setCurrentUser($this->repository->getUserService()->loadUserByCredentials($username, $password)); }
public function authenticate(TokenInterface $token) { $token = parent::authenticate($token); $this->repository->setCurrentUser($this->repository->getUserService()->loadUser($this->configResolver->getParameter('anonymous_user_id'))); return $token; }