Exemplo n.º 1
0
 /**
  * Short description for 'validToolReg'
  *
  * Long description (if any) ...
  *
  * @param      array &$tool Parameter description (if any) ...
  * @param      array &$err Parameter description (if any) ...
  * @param      string $id Parameter description (if any) ...
  * @param      object $config Parameter description (if any) ...
  * @param      integer $checker Parameter description (if any) ...
  * @param      integer $result Parameter description (if any) ...
  * @return     integer Return description (if any) ...
  */
 public function validToolReg(&$tool, &$err, $id, $config, $checker = 0, $result = 1)
 {
     $tgObj = new \Components\Tools\Tables\Group($this->_db);
     //  check if toolname exists in tool table
     $query = "SELECT t.id ";
     $query .= "FROM #__tool as t ";
     $query .= "WHERE t.toolname LIKE " . $this->_db->quote($tool['toolname']) . " ";
     if ($id) {
         $query .= "AND t.id!=" . $this->_db->quote($id) . " ";
     }
     $this->_db->setQuery($query);
     $checker = $this->_db->loadResult();
     if ($checker or in_array($tool['toolname'], array('test', 'shortname', 'hub', 'tool')) && !$id) {
         $err['toolname'] = Lang::txt('ERR_TOOLNAME_EXISTS');
     } else {
         if (preg_match('#^[a-zA-Z0-9]{3,15}$#', $tool['toolname']) == '' && !$id) {
             $err['toolname'] = Lang::txt('ERR_TOOLNAME');
         }
     }
     // check if title can be used - tool table
     $query = "SELECT title, toolname ";
     $query .= "FROM #__tool ";
     if ($id) {
         $query .= "WHERE id!=" . $this->_db->quote($id) . " ";
     }
     $this->_db->setQuery($query);
     $rows = $this->_db->loadObjectList();
     if ($rows) {
         for ($i = 0, $n = count($rows); $i < $n; $i++) {
             if (strtolower($rows[$i]->title) == strtolower($tool['title']) && $rows[$i]->toolname != $tool['toolname']) {
                 $checker = 1;
             }
         }
     }
     $tool['toolname'] = strtolower($tool['toolname']);
     // make toolname lower case by default
     if ($checker) {
         // check if title exists for other tools
         $err['title'] = Lang::txt('ERR_TITLE_EXISTS');
     } else {
         if ($tool['title'] == '') {
             $err['title'] = Lang::txt('ERR_TITLE');
         }
     }
     if ($tool['description'] == '') {
         $err['description'] = Lang::txt('ERR_DESC');
     }
     if ($tool['version']) {
         $this->validVersion($tool['toolname'], $tool['version'], $error_v, 0);
         if ($error_v) {
             $err['version'] = $error_v;
         }
     }
     if ($tool['exec'] == '') {
         $err['exec'] = Lang::txt('ERR_EXEC');
     }
     if ($tool['exec'] == '@GROUP' && $tool['membergroups'] == '') {
         $err['membergroups'] = Lang::txt('ERR_GROUPS_EMPTY');
         $tool['membergroups'] = array();
     } else {
         if ($tool['membergroups'] == '' or $tool['exec'] != '@GROUP') {
             $tool['membergroups'] = array();
         } else {
             if ($tool['exec'] == '@GROUP') {
                 $tool['membergroups'] = $tgObj->writeMemberGroups($tool['membergroups'], $id, $this->_db, $error_g);
                 if ($error_g) {
                     $err['membergroups'] = $error_g;
                 }
             }
         }
     }
     if ($tool['code'] == '') {
         $err['code'] = Lang::txt('ERR_CODE');
     }
     if ($tool['wiki'] == '') {
         $err['wiki'] = Lang::txt('ERR_WIKI');
     }
     if ($tool['developers'] == '') {
         $tool['developers'] = array();
         $err['developers'] = Lang::txt('ERR_TEAM_EMPTY');
     } else {
         $tool['developers'] = $tgObj->writeTeam($tool['developers'], $id, $this->_db, $error_t);
         if ($error_t) {
             $err['developers'] = $error_t;
         }
     }
     // format some data
     $vnc = isset($config->parameters['default_vnc']) ? $config->parameters['default_vnc'] : '780x600';
     if ($tool['vncGeometryX'] && $tool['vncGeometryY'] && !preg_match('#[^0-9]#', $tool['vncGeometryX']) && !preg_match('#[^0-9]#', $tool['vncGeometryY'])) {
         $tool['vncGeometry'] = $tool['vncGeometryX'] . 'x' . $tool['vncGeometryY'];
     } else {
         $tool['vncGeometry'] = $vnc;
     }
     // return result and errors
     if (count($err) > 0) {
         $result = 0;
     }
     return $result;
 }
Exemplo n.º 2
0
 /**
  * Get the access level for this user and tool
  *
  * @param      string $tool  Tool name
  * @param      string $login Username
  * @return     boolean True if the user has access
  */
 private function _getToolAccess($tool, $login = '')
 {
     include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'tool.php';
     include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'group.php';
     include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php';
     // Ensure we have a tool
     if (!$tool) {
         $this->setError(Lang::txt('COM_TOOLS_ERROR_TOOL_NOT_FOUND'));
         Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
         return false;
     }
     // Ensure we have a login
     if ($login == '') {
         $login = User::get('username');
         if ($login == '') {
             Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
             return false;
         }
     }
     $tv = new \Components\Tools\Tables\Version($this->database);
     $tv->loadFromInstance($tool);
     if (empty($tv->id)) {
         Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
         return false;
     }
     $tg = new \Components\Tools\Tables\Group($this->database);
     $this->database->setQuery("SELECT * FROM " . $tg->getTableName() . " WHERE toolid=" . $tv->toolid);
     $toolgroups = $this->database->loadObjectList();
     if (empty($toolgroups)) {
         //Log::debug("mw::_getToolAccess($tool,$login) WARNING: no tool member groups");
     }
     $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
     if (empty($xgroups)) {
         //Log::debug("mw::_getToolAccess($tool,$login) WARNING: user not in any groups");
     }
     // Check if the user is in any groups for this app
     $ingroup = false;
     $groups = array();
     $indevgroup = false;
     if ($xgroups) {
         foreach ($xgroups as $xgroup) {
             $groups[] = $xgroup->cn;
         }
         if ($toolgroups) {
             foreach ($toolgroups as $toolgroup) {
                 if (in_array($toolgroup->cn, $groups)) {
                     $ingroup = true;
                     if ($toolgroup->role == 1) {
                         $indevgroup = true;
                     }
                 }
             }
         }
     }
     $admin = false;
     $ctconfig = Component::params('com_tools');
     if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
         $admin = true;
     }
     $exportAllowed = $this->_getToolExportControl($tv->exportControl);
     $tisPublished = $tv->state == 1;
     $tisDev = $tv->state == 3;
     $tisGroupControlled = $tv->toolaccess == '@GROUP';
     if ($tisDev) {
         if ($indevgroup) {
             //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)");
             return true;
         } else {
             if ($admin) {
                 //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
                 return true;
             } else {
                 Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
                 $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_DEV_GROUP'));
                 return false;
             }
         }
     } else {
         if ($tisPublished) {
             if ($tisGroupControlled) {
                 if ($ingroup) {
                     //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ACCESS GROUP)");
                     return true;
                 } else {
                     if ($admin) {
                         //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
                         return true;
                     } else {
                         Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
                         $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_ACCESS_GROUP'));
                         return false;
                     }
                 }
             } else {
                 if (!$exportAllowed) {
                     Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
                     return false;
                 } else {
                     if ($admin) {
                         //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
                         return true;
                     } else {
                         if ($indevgroup) {
                             //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)");
                             return true;
                         } else {
                             //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED");
                             return true;
                         }
                     }
                 }
             }
         } else {
             Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
             $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_VERSION_UNPUBLISHED'));
             return false;
         }
     }
     return false;
 }
Exemplo n.º 3
0
 /**
  * Return tool access
  *
  * @param	$tool	Tool name we are getting access rights to
  * @param	$login	User Login name
  *
  * @return     BOOL
  */
 public static function getToolAccess($tool, $login = '')
 {
     //include tool models
     include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php';
     include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php';
     include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php';
     //instantiate objects
     $access = new stdClass();
     $access->error = new stdClass();
     $database = \App::get('db');
     // Ensure we have a tool
     if (!$tool) {
         $access->valid = 0;
         $access->error->message = 'No tool provided.';
         \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
         return $access;
     }
     // Ensure we have a login
     if ($login == '') {
         $login = User::get('username');
         if ($login == '') {
             $access->valid = 0;
             $access->error->message = 'Unable to grant tool access to user, no user was found.';
             \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
             return $access;
         }
     }
     //load tool version
     $toolVersion = new \Components\Tools\Tables\Version($database);
     $toolVersion->loadFromInstance($tool);
     if (empty($toolVersion)) {
         $access->valid = 0;
         $access->error->message = 'Unable to load the tool';
         $xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
         return $access;
     }
     //load the tool groups
     $toolGroup = new \Components\Tools\Tables\Group($database);
     $query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid;
     $database->setQuery($query);
     $toolgroups = $database->loadObjectList();
     //get users groups
     $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
     // Check if the user is in any groups for this app
     $ingroup = false;
     $groups = array();
     $indevgroup = false;
     if ($xgroups) {
         foreach ($xgroups as $xgroup) {
             $groups[] = $xgroup->cn;
         }
         if ($toolgroups) {
             foreach ($toolgroups as $toolgroup) {
                 if (in_array($toolgroup->cn, $groups)) {
                     $ingroup = true;
                     if ($toolgroup->role == 1) {
                         $indevgroup = true;
                     }
                 }
             }
         }
     }
     //check to see if we are an admin
     $admin = false;
     $ctconfig = Component::params('com_tools');
     if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
         $admin = true;
     }
     //get access settings
     $exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl);
     $isToolPublished = $toolVersion->state == 1;
     $isToolDev = $toolVersion->state == 3;
     $isGroupControlled = $toolVersion->toolaccess == '@GROUP';
     //check for dev tools
     if ($isToolDev) {
         //if were not in the dev group or an admin we must deny
         if (!$indevgroup && !$admin) {
             $access->valid = 0;
             $access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.';
             \Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
         } else {
             $access->valid = 1;
         }
     } else {
         if ($isToolPublished) {
             //are we checking for a group controlled tool
             if ($isGroupControlled) {
                 //if were not in the group that controls it and not admin we must deny
                 if (!$ingroup && !$admin) {
                     $access->valid = 0;
                     $access->error->message = 'This tool may only be accessed by members of it\'s access control groups.';
                     \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
                 } else {
                     $access->valid = 1;
                 }
             } else {
                 if (!$exportAllowed->valid) {
                     $access->valid = 0;
                     $access->error->message = 'Export Access Denied';
                     \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
                 } else {
                     $access->valid = 1;
                 }
             }
         } else {
             $access->valid = 0;
             $access->error->message = 'This tool version is not published.';
             \Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
         }
     }
     //return access
     return $access;
 }