/**
* Get the access level for this user and tool
*
* @param string $tool Tool name
* @param string $login Username
* @return boolean True if the user has access
*/
private function _getToolAccess($tool, $login = '')
{
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'tool.php';
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'group.php';
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php';
// Ensure we have a tool
if (!$tool) {
$this->setError(Lang::txt('COM_TOOLS_ERROR_TOOL_NOT_FOUND'));
Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
return false;
}
// Ensure we have a login
if ($login == '') {
$login = User::get('username');
if ($login == '') {
Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
return false;
}
}
$tv = new \Components\Tools\Tables\Version($this->database);
$tv->loadFromInstance($tool);
if (empty($tv->id)) {
Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
return false;
}
$tg = new \Components\Tools\Tables\Group($this->database);
$this->database->setQuery("SELECT * FROM " . $tg->getTableName() . " WHERE toolid=" . $tv->toolid);
$toolgroups = $this->database->loadObjectList();
if (empty($toolgroups)) {
//Log::debug("mw::_getToolAccess($tool,$login) WARNING: no tool member groups");
}
$xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
if (empty($xgroups)) {
//Log::debug("mw::_getToolAccess($tool,$login) WARNING: user not in any groups");
}
// Check if the user is in any groups for this app
$ingroup = false;
$groups = array();
$indevgroup = false;
if ($xgroups) {
foreach ($xgroups as $xgroup) {
$groups[] = $xgroup->cn;
}
if ($toolgroups) {
foreach ($toolgroups as $toolgroup) {
if (in_array($toolgroup->cn, $groups)) {
$ingroup = true;
if ($toolgroup->role == 1) {
$indevgroup = true;
}
}
}
}
}
$admin = false;
$ctconfig = Component::params('com_tools');
if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
$admin = true;
}
$exportAllowed = $this->_getToolExportControl($tv->exportControl);
$tisPublished = $tv->state == 1;
$tisDev = $tv->state == 3;
$tisGroupControlled = $tv->toolaccess == '@GROUP';
if ($tisDev) {
if ($indevgroup) {
//Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)");
return true;
} else {
if ($admin) {
//Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
return true;
} else {
Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
$this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_DEV_GROUP'));
return false;
}
}
} else {
if ($tisPublished) {
if ($tisGroupControlled) {
if ($ingroup) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ACCESS GROUP)");
return true;
} else {
if ($admin) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
return true;
} else {
Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
$this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_ACCESS_GROUP'));
return false;
}
}
} else {
if (!$exportAllowed) {
Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
return false;
} else {
if ($admin) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
return true;
} else {
if ($indevgroup) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)");
return true;
} else {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED");
return true;
}
}
}
}
} else {
Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
$this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_VERSION_UNPUBLISHED'));
return false;
}
}
return false;
}
/**
* Method to view tool session
*
* @apiMethod GET
* @apiUri /tools/{session}
* @return void
*/
public function readTask()
{
//get the userid and attempt to load user profile
$userid = App::get('authn')['user_id'];
$result = User::getInstance($userid);
//make sure we have a user
if (!$result->get('id')) {
throw new Exception(Lang::txt('Unable to find user.'), 404);
}
//include needed tool libs
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php';
require_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'session.php';
require_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'viewperm.php';
//instantiate db objects
$database = \App::get('db');
$mwdb = \Components\Tools\Helpers\Utils::getMWDBO();
//get request vars
$sessionid = Request::getVar('sessionid', '');
$ip = Request::ip();
//make sure we have the session
if (!$sessionid) {
throw new Exception(Lang::txt('Session ID Needed'), 400);
}
//create app object
$app = new stdClass();
$app->sess = $sessionid;
$app->ip = $ip;
//load the session
$ms = new \Components\Tools\Models\Middleware\Session($mwdb);
$row = $ms->loadSession($app->sess);
//if we didnt find a session
if (!is_object($row) || !$row->appname) {
throw new Exception(Lang::txt('Session Doesn\'t Exist.'), 404);
}
//get the version
if (strstr($row->appname, '_')) {
$v = substr(strrchr($row->appname, '_'), 1);
$v = str_replace('r', '', $v);
Request::setVar('version', $v);
}
//load tool version
$tv = new \Components\Tools\Tables\Version($database);
$parent_toolname = $tv->getToolname($row->appname);
$toolname = $parent_toolname ? $parent_toolname : $row->appname;
$tv->loadFromInstance($row->appname);
//command to run on middleware
$command = "view user="******" ip=" . $app->ip . " sess=" . $app->sess;
//app vars
$app->caption = $row->sessname;
$app->name = $row->appname;
$app->username = $row->username;
// Get plugins
Plugin::import('mw', $app->name);
// Trigger any events that need to be called before session start
Event::trigger('mw.onBeforeSessionStart', array($toolname, $tv->revision));
// Call the view command
$status = \Components\Tools\Helpers\Utils::middleware($command, $output);
// Trigger any events that need to be called after session start
Event::trigger('mw.onAfterSessionStart', array($toolname, $tv->revision));
//add the session id to the result
$output->session = $sessionid;
//add tool title to result
$output->tool = $tv->title;
$output->session_title = $app->caption;
$output->owner = $row->viewuser == $row->username ? 1 : 0;
$output->readonly = $row->readonly == 'Yes' ? 1 : 0;
//return result
if ($status) {
$this->send($output);
}
}
/**
* Return tool access
*
* @param $tool Tool name we are getting access rights to
* @param $login User Login name
*
* @return BOOL
*/
public static function getToolAccess($tool, $login = '')
{
//include tool models
include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php';
include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php';
include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php';
//instantiate objects
$access = new stdClass();
$access->error = new stdClass();
$database = \App::get('db');
// Ensure we have a tool
if (!$tool) {
$access->valid = 0;
$access->error->message = 'No tool provided.';
\Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
return $access;
}
// Ensure we have a login
if ($login == '') {
$login = User::get('username');
if ($login == '') {
$access->valid = 0;
$access->error->message = 'Unable to grant tool access to user, no user was found.';
\Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
return $access;
}
}
//load tool version
$toolVersion = new \Components\Tools\Tables\Version($database);
$toolVersion->loadFromInstance($tool);
if (empty($toolVersion)) {
$access->valid = 0;
$access->error->message = 'Unable to load the tool';
$xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
return $access;
}
//load the tool groups
$toolGroup = new \Components\Tools\Tables\Group($database);
$query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid;
$database->setQuery($query);
$toolgroups = $database->loadObjectList();
//get users groups
$xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
// Check if the user is in any groups for this app
$ingroup = false;
$groups = array();
$indevgroup = false;
if ($xgroups) {
foreach ($xgroups as $xgroup) {
$groups[] = $xgroup->cn;
}
if ($toolgroups) {
foreach ($toolgroups as $toolgroup) {
if (in_array($toolgroup->cn, $groups)) {
$ingroup = true;
if ($toolgroup->role == 1) {
$indevgroup = true;
}
}
}
}
}
//check to see if we are an admin
$admin = false;
$ctconfig = Component::params('com_tools');
if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
$admin = true;
}
//get access settings
$exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl);
$isToolPublished = $toolVersion->state == 1;
$isToolDev = $toolVersion->state == 3;
$isGroupControlled = $toolVersion->toolaccess == '@GROUP';
//check for dev tools
if ($isToolDev) {
//if were not in the dev group or an admin we must deny
if (!$indevgroup && !$admin) {
$access->valid = 0;
$access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
} else {
$access->valid = 1;
}
} else {
if ($isToolPublished) {
//are we checking for a group controlled tool
if ($isGroupControlled) {
//if were not in the group that controls it and not admin we must deny
if (!$ingroup && !$admin) {
$access->valid = 0;
$access->error->message = 'This tool may only be accessed by members of it\'s access control groups.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
} else {
$access->valid = 1;
}
} else {
if (!$exportAllowed->valid) {
$access->valid = 0;
$access->error->message = 'Export Access Denied';
\Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
} else {
$access->valid = 1;
}
}
} else {
$access->valid = 0;
$access->error->message = 'This tool version is not published.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
}
}
//return access
return $access;
}
/**
* Display a license for a resource
*
* @return void
*/
public function licenseTask()
{
// Get tool instance
$resource = Request::getInt('resource', 0);
$tool = Request::getVar('tool', '');
// Ensure we have a tool to work with
if (!$tool && !$resource) {
App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND'));
return;
}
if ($tool) {
// Load the tool version
$row = new \Components\Tools\Tables\Version($this->database);
$row->loadFromInstance($tool);
} else {
$row = new Resource($this->database);
$row->load($resource);
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'license.php';
$rt = new License($this->database);
$rt->load('custom' . $resource);
$row->license = stripslashes($rt->text);
}
// Output HTML
if (!$row) {
App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND'));
return;
}
// Set the page title
$this->view->title = stripslashes($row->title) . ': ' . Lang::txt('COM_RESOURCES_LICENSE');
// Write title
Document::setTitle($this->view->title);
// Instantiate a new view
$this->view->config = $this->config;
$this->view->row = $row;
$this->view->tool = $tool;
$this->view->no_html = Request::getVar('no_html', 0);
// Output HTML
foreach ($this->getErrors() as $error) {
$this->view->setError($error);
}
$this->view->setName('license')->setLayout('default')->display();
}