public function setupDatabaseContent() { $this->createIdentification('Student', 'Schüler / Eltern'); $this->createIdentification('Teacher', 'Lehrer'); $this->createIdentification('Management', 'Verwaltung'); $this->createIdentification('System', 'System'); $tblConsumer = Consumer::useService()->getConsumerById(1); $tblIdentification = $this->getIdentificationByName('System'); $tblRole = Access::useService()->getRoleByName('Administrator'); // System (Gerd) $tblToken = Token::useService()->getTokenByIdentifier('ccccccdilkui'); $tblAccount = $this->createAccount('System', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); // System (Jens) $tblToken = Token::useService()->getTokenByIdentifier('ccccccectjge'); $tblAccount = $this->createAccount('Kmiezik', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); // System (Sidney) $tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgt'); $tblAccount = $this->createAccount('Rackel', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); // System (Johannes) $tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgr'); $tblAccount = $this->createAccount('Kauschke', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); }
public static function registerModule() { Consumer::registerModule(); Token::registerModule(); Access::registerModule(); Account::registerModule(); }
/** * @return string */ public function getContent() { if (Access::useService()->hasAuthorization($this->Path)) { return $this->Template->getContent(); } else { return ''; } }
/** * @return bool|TblRight */ public function getTblRight() { if (null === $this->tblRight) { return false; } else { return Access::useService()->getRightById($this->tblRight); } }
/** * @return bool|\SPHERE\Application\Platform\Gatekeeper\Authorization\Access\Service\Entity\TblRole */ public function getServiceTblRole() { if (null === $this->serviceTblRole) { return false; } else { return Access::useService()->getRoleById($this->serviceTblRole); } }
/** * @return bool|TblLevel */ public function getTblLevel() { if (null === $this->tblLevel) { return false; } else { return Access::useService()->getLevelById($this->tblLevel); } }
/** * @param RouteParameter $Route * * @throws \Exception */ public static function registerRoute(RouteParameter $Route) { if (Access::useService()->hasAuthorization($Route->getPath())) { if (in_array($Route->getPath(), self::$Router->getRouteList())) { throw new \Exception(__CLASS__ . ' > Route already available! (' . $Route->getPath() . ')'); } else { self::$Router->addRoute($Route); } } }
/** * @return Stage */ public static function frontendAccount() { $Stage = new Stage('Benutzerkonnten'); $tblAccount = Account::useService()->getAccountBySession(); if ($tblAccount) { $isSystem = Account::useService()->hasAuthorization($tblAccount, Access::useService()->getRoleByName('Administrator')); } else { $isSystem = false; } $tblConsumer = Consumer::useService()->getConsumerBySession(); // Token $tblTokenAll = Token::useService()->getTokenAll(); array_walk($tblTokenAll, function (TblToken &$tblToken) { if (Account::useService()->getAccountAllByToken($tblToken)) { $tblToken = false; } else { $tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId()); } }); $tblTokenAll = array_filter($tblTokenAll); array_unshift($tblTokenAll, new RadioBox('Account[Token]', new \SPHERE\Common\Frontend\Text\Repository\Danger('KEIN Hardware-Token'), null)); // Identification $tblIdentificationAll = Account::useService()->getIdentificationAll(); /** @noinspection PhpUnusedParameterInspection */ array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification, $Index, $isSystem) { if ($tblIdentification->getName() == 'System' && !$isSystem) { $tblIdentification = false; } else { $tblIdentification = new RadioBox('Account[Identification]', $tblIdentification->getDescription(), $tblIdentification->getId()); } }, $isSystem); $tblIdentificationAll = array_filter($tblIdentificationAll); // Role $tblRoleAll = Access::useService()->getRoleAll(); /** @noinspection PhpUnusedParameterInspection */ array_walk($tblRoleAll, function (TblRole &$tblRole, $Index, $isSystem) { if ($tblRole->getName() == 'Administrator' && !$isSystem) { $tblRole = false; } else { $tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId()); } }, $isSystem); $tblRoleAll = array_filter($tblRoleAll); // Account $tblAccountAll = Account::useService()->getAccountAll(); array_walk($tblAccountAll, function (TblAccount &$tblAccount) { /** @noinspection PhpUndefinedFieldInspection */ $tblAccount->Option = new Danger('Löschen', '/Platform/Gatekeeper/Authorization/Account/Destroy', new Remove(), array('Id' => $tblAccount->getId()), 'Löschen'); }); $Stage->setContent(($tblAccountAll ? new TableData($tblAccountAll, new Title('Bestehende Benutzerkonnten'), array('Username' => 'Benutzername')) : new Warning('Keine Benutzerkonnten vorhanden')) . new Form(array(new FormGroup(array(new FormRow(array(new FormColumn((new TextField('Account[Name]', 'Benutzername', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), 4), new FormColumn(new PasswordField('Account[Password]', 'Passwort', 'Passwort', new Lock()), 4), new FormColumn(new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat()), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Benutzerkonnto anlegen')), new FormGroup(array(new FormRow(array(new FormColumn(array(new Panel('Authentifizierungstyp', $tblIdentificationAll)), 4), new FormColumn(array(new Panel('Berechtigungsstufe', $tblRoleAll)), 4), new FormColumn(array(new Panel('Hardware-Token', $tblTokenAll)), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Berechtigungen zuweisen'))), new Primary('Hinzufügen'))); return $Stage; }
/** * @param RouteParameter $Route * * @throws \Exception */ public static function registerRoute(RouteParameter $Route) { try { if (Access::useService()->hasAuthorization($Route->getPath())) { if (in_array($Route->getPath(), self::$Router->getRouteList())) { throw new \Exception(__CLASS__ . ' > Route already available! (' . $Route->getPath() . ')'); } else { self::$Router->addRoute($Route); } } if (!Access::useService()->getRightByName('/' . $Route->getPath())) { if (!in_array($Route->getPath(), self::$PublicRoutes)) { array_push(self::$PublicRoutes, '/' . $Route->getPath()); } } } catch (\Exception $Exception) { Main::runSelfHeal($Exception); } }
/** * @param integer $Id * @param null|integer $tblRight * @param null|bool $Remove * * @return Stage */ public function frontendPrivilegeGrantRight($Id, $tblRight, $Remove = null) { $Stage = new Stage('Berechtigungen', 'Privileg'); $this->menuButton($Stage); $tblPrivilege = Access::useService()->getPrivilegeById($Id); if ($tblPrivilege && null !== $tblRight && ($tblRight = Access::useService()->getRightById($tblRight))) { if ($Remove) { Access::useService()->removePrivilegeRight($tblPrivilege, $tblRight); $Stage->setContent(new Redirect('/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', 0, array('Id' => $Id))); return $Stage; } else { Access::useService()->addPrivilegeRight($tblPrivilege, $tblRight); $Stage->setContent(new Redirect('/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', 0, array('Id' => $Id))); return $Stage; } } $tblAccessList = Access::useService()->getRightAllByPrivilege($tblPrivilege); if (!$tblAccessList) { $tblAccessList = array(); } $tblAccessListAvailable = array_udiff(Access::useService()->getRightAll(), $tblAccessList, function (TblRight $ObjectA, TblRight $ObjectB) { return $ObjectA->getId() - $ObjectB->getId(); }); /** @noinspection PhpUnusedParameterInspection */ array_walk($tblAccessListAvailable, function (TblRight &$Entity, $Index, $Id) { /** @noinspection PhpUndefinedFieldInspection */ $Entity->Option = new PullRight(new Success('Hinzufügen', '/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', new Plus(), array('Id' => $Id, 'tblRight' => $Entity->getId()))); }, $Id); /** @noinspection PhpUnusedParameterInspection */ array_walk($tblAccessList, function (TblRight &$Entity, $Index, $Id) { /** @noinspection PhpUndefinedFieldInspection */ $Entity->Option = new PullRight(new Danger('Entfernen', '/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', new Minus(), array('Id' => $Id, 'tblRight' => $Entity->getId(), 'Remove' => true))); }, $Id); $Stage->setContent(new Info($tblPrivilege->getName()) . new Layout(new LayoutGroup(new LayoutRow(array(new LayoutColumn(array(new \SPHERE\Common\Frontend\Layout\Repository\Title('Rechte', 'Zugewiesen'), empty($tblAccessList) ? new Warning('Keine Rechte vergeben') : new TableData($tblAccessList, null, array('Route' => 'Route', 'Option' => 'Optionen'))), 6), new LayoutColumn(array(new \SPHERE\Common\Frontend\Layout\Repository\Title('Rechte', 'Verfügbar'), empty($tblAccessListAvailable) ? new Info('Keine weiteren Rechte verfügbar') : new TableData($tblAccessListAvailable, null, array('Route' => 'Route', 'Option' => 'Optionen'))), 6)))))); return $Stage; }
/** * @param IFormInterface $Form * @param array $Account * * @return IFormInterface */ public function createAccount(IFormInterface $Form, $Account) { if (null === $Account) { return $Form; } $Error = false; $Username = trim($Account['Name']); $Password = trim($Account['Password']); $PasswordSafety = trim($Account['PasswordSafety']); $tblConsumer = GatekeeperConsumer::useService()->getConsumerBySession(); if (!($tblToken = GatekeeperToken::useService()->getTokenById((int) $Account['Token']))) { $tblToken = null; } if (empty($Username)) { $Form->setError('Account[Name]', 'Bitte geben Sie einen Benutzernamen an'); $Error = true; } else { if (preg_match('!^[a-z0-9]{5,}$!is', $Username)) { $Username = $tblConsumer->getAcronym() . '-' . $Username; if (!GatekeeperAccount::useService()->getAccountByUsername($Username)) { $Form->setSuccess('Account[Name]', ''); } else { $Form->setError('Account[Name]', 'Der angegebene Benutzername ist bereits vergeben'); $Error = true; } } else { $Form->setError('Account[Name]', 'Der Benutzername darf nur Buchstaben und Zahlen enthalten und muss mindestens 5 Zeichen lang sein'); $Error = true; } } if (empty($Password)) { $Form->setError('Account[Password]', 'Bitte geben Sie ein Passwort an'); $Error = true; } else { if (strlen($Password) >= 8) { $Form->setSuccess('Account[Password]', ''); } else { $Form->setError('Account[Password]', 'Das Passwort muss mindestens 8 Zeichen lang sein'); $Error = true; } } if (empty($PasswordSafety)) { $Form->setError('Account[PasswordSafety]', 'Bitte geben Sie das Passwort erneut an'); $Error = true; } if ($Password != $PasswordSafety) { $Form->setError('Account[Password]', ''); $Form->setError('Account[PasswordSafety]', 'Die beiden Passworte stimmen nicht überein'); $Error = true; } else { if (!empty($Password) && !empty($PasswordSafety)) { $Form->setSuccess('Account[PasswordSafety]', ''); } else { $Form->setError('Account[PasswordSafety]', ''); } } if (!$Error) { $tblAccount = GatekeeperAccount::useService()->insertAccount($Username, $Password, $tblToken, $tblConsumer); if ($tblAccount) { $tblIdentification = GatekeeperAccount::useService()->getIdentificationById($Account['Identification']); GatekeeperAccount::useService()->addAccountAuthentication($tblAccount, $tblIdentification); if (isset($Account['Role'])) { foreach ((array) $Account['Role'] as $Role) { $tblRole = GatekeeperAccess::useService()->getRoleById($Role); GatekeeperAccount::useService()->addAccountAuthorization($tblAccount, $tblRole); } } if (isset($Account['User'])) { $tblPerson = Person::useService()->getPersonById($Account['User']); GatekeeperAccount::useService()->addAccountPerson($tblAccount, $tblPerson); } return new Success('Das Benutzerkonnto wurde erstellt') . new Redirect('/Setting/Authorization/Account', 3); } else { return new Danger('Das Benutzerkonnto konnte nicht erstellt werden') . new Redirect('/Setting/Authorization/Account', 3); } } return $Form; }
/** * @return bool|TblRight[] */ public function getTblRightAll() { return Access::useService()->getRightAllByPrivilege($this); }
/** * @param Link $Link * * @return Display */ public function addServiceNavigation(Link $Link) { if (Access::useService()->hasAuthorization($Link->getRoute()->getValue())) { if ($Link->isActive()) { $this->ClusterBreadcrumb = $Link->getName()->getValue(); } array_push($this->ServiceNavigation, $Link); } return $this; }
/** * @return bool|TblLevel[] */ public function getTblLevelAll() { return Access::useService()->getLevelAllByRole($this); }
/** * @return Form */ private function formAccount() { $tblConsumer = Consumer::useService()->getConsumerBySession(); // Identification $tblIdentificationAll = Account::useService()->getIdentificationAll(); array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification) { if ($tblIdentification->getName() == 'System') { $tblIdentification = false; } else { switch (strtoupper($tblIdentification->getName())) { case 'STUDENT': $Global = $this->getGlobal(); if (!isset($Global->POST['Account']['Identification'])) { $Global->POST['Account']['Identification'] = $tblIdentification->getId(); $Global->savePost(); } $Label = $tblIdentification->getDescription(); break; default: $Label = $tblIdentification->getDescription() . ' (' . new Key() . ')'; } $tblIdentification = new RadioBox('Account[Identification]', $Label, $tblIdentification->getId()); } }); $tblIdentificationAll = array_filter($tblIdentificationAll); // Role $tblRoleAll = Access::useService()->getRoleAll(); array_walk($tblRoleAll, function (TblRole &$tblRole) { if ($tblRole->getName() == 'Administrator') { $tblRole = false; } else { $tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId()); } }); $tblRoleAll = array_filter($tblRoleAll); // Token $Global = $this->getGlobal(); if (!isset($Global->POST['Account']['Token'])) { $Global->POST['Account']['Token'] = 0; $Global->savePost(); } $tblTokenAll = Token::useService()->getTokenAllByConsumer(Consumer::useService()->getConsumerBySession()); array_walk($tblTokenAll, function (TblToken &$tblToken) { if (Account::useService()->getAccountAllByToken($tblToken)) { $tblToken = false; } else { $tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId()); } }); $tblTokenAll = array_filter($tblTokenAll); array_unshift($tblTokenAll, new RadioBox('Account[Token]', new Danger('KEIN Hardware-Schlüssel'), 0)); // Person $tblPersonAll = Account::useService()->getPersonAllHavingNoAccount(); if ($tblPersonAll) { array_walk($tblPersonAll, function (TblPerson &$tblPerson) { $tblPerson = new RadioBox('Account[User]', $tblPerson->getFullName(), $tblPerson->getId()); }); $tblPersonAll = array_filter($tblPersonAll); } return new Form(array(new FormGroup(array(new FormRow(array(new FormColumn(new Panel(new PersonKey() . ' Benutzerkonto hinzufügen', array((new TextField('Account[Name]', 'Benutzername (min. 5 Zeichen)', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), new PasswordField('Account[Password]', 'Passwort (min. 8 Zeichen)', 'Passwort', new Lock()), new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat())), Panel::PANEL_TYPE_INFO), 4), new FormColumn(array(new Panel(new Nameplate() . ' Berechtigungsstufe zuweisen', $tblRoleAll, Panel::PANEL_TYPE_INFO), new Panel(new Person() . ' Person zuweisen', $tblPersonAll, Panel::PANEL_TYPE_INFO, null, true)), 4), new FormColumn(array(new Panel(new Lock() . ' Authentifizierungstyp wählen', $tblIdentificationAll, Panel::PANEL_TYPE_INFO), new Panel(new Key() . ' Hardware-Schlüssel zuweisen', $tblTokenAll, Panel::PANEL_TYPE_INFO)), 4))))))); }
/** * @return bool|TblPrivilege[] */ public function getTblPrivilegeAll() { return Access::useService()->getPrivilegeAllByLevel($this); }