/**
* set all sessions and cookie credentials after autentifications
* @param type $userId
*/
public static function setAsLoged($userId, $key)
{
// $logActionType = 'login';
$coreName = Config::get('core_name');
$ips = '|' . Util\getIPs() . '|';
$_SESSION['ips'] = $ips;
$_SESSION['key'] = $key;
$_COOKIE['key'] = $_SESSION['key'];
if (php_sapi_name() == "cli") {
$_COOKIE['key'] = $_SESSION['key'];
} else {
setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true);
}
$rez = array('success' => true, 'user' => array());
$r = User::getPreferences($userId);
if (!empty($r)) {
$r['admin'] = Security::isAdmin($userId);
$r['manage'] = Security::canManage($userId);
$r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8');
$r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8');
//set default theme
if (empty($r['cfg']['theme'])) {
$r['cfg']['theme'] = 'classic';
}
// do not expose security params
unset($r['cfg']['security']);
$rez['user'] = $r;
$_SESSION['user'] = $r;
if (php_sapi_name() == "cli") {
$_COOKIE['key'] = $_SESSION['key'];
} else {
setcookie('L', $r['language']);
}
// set user groups
$rez['user']['groups'] = UsersGroups::getGroupIdsForUser();
$_SESSION['user']['groups'] = $rez['user']['groups'];
$_SESSION['user']['TSV_checked'] = true;
}
return $rez;
}
/**
* internal function executing a copy or move action
* @param array $sourceIds ids to be copied
* @param int $targetId
* @return array processed ids
*/
private function doAction($action, $objectIds, $targetId)
{
$rez = array();
// all the copy process will be made in a single transaction
DB\startTransaction();
//get security sets to which this user has
//read access for copy or delete access for move
$this->securitySetsFilter = '';
if (!Security::isAdmin()) {
$ss = array();
switch ($action) {
case 'copy':
$ss = \CB\Security::getSecuritySets();
break;
case 'move':
//check if the user can move, because it doesnt anctually delete the obj, but just move it
$ss = \CB\Security::getSecuritySets(false, 5);
break;
}
$this->securitySetsFilter = 'AND ti.security_set_id in (0' . implode(',', $ss) . ')';
}
/* select only objects that current user can delete */
$accessibleIds = array();
$res = DB\dbQuery('SELECT t.id
FROM tree t
JOIN tree_info ti ON
t.id = ti.id ' . $this->securitySetsFilter . '
WHERE t.id in (' . implode(',', $objectIds) . ')
AND t.dstatus = 0');
while ($r = $res->fetch_assoc()) {
$accessibleIds[] = $r['id'];
}
$res->close();
if (!empty($accessibleIds)) {
$this->objectsClass = new \CB\Objects();
$rez = $this->doRecursiveAction($action, $accessibleIds, $targetId);
} else {
throw new \Exception(L\get('Access_denied'), 1);
}
DB\commitTransaction();
return $rez;
}
/**
* get assign security sets to filters
* dont check if 'skipSecurity = true'
* it's used in Objects fields where we show all nodes
* without permission filtering
* @param array &$p
* @return varchar
*/
protected function getSecuritySetsParam(&$p)
{
$rez = '';
if (!Security::isAdmin() && empty($p['skipSecurity'])) {
$pids = false;
if (!empty($p['pid'])) {
$pids = $p['pid'];
} elseif (!empty($p['pids'])) {
$pids = $p['pids'];
}
$sets = Security::getSecuritySets(false, 5, $pids);
if (!empty($sets)) {
$rez = 'security_set_id:(' . implode(' OR ', $sets) . ') OR oid:' . User::getId();
} else {
//for created users that doesnt belong to any group
//and dont have any security sets associated
$rez = '!security_set_id:[* TO *]';
}
}
return $rez;
}
/**
* function to check if a user cam manage task
*
* This function returns true if specified user can manage/update specified task.
* User can manage a task if he is Administrator, Creator of the task
* or is one of the responsible task users.
*
* @param int $taskId id of the task to be checked
* @param int $userId id of the user to be checked
* @return boolean returns true in case of the user can manage the task
*/
public static function canManageTask($taskId, $userId = false)
{
$rez = false;
if ($userId == false) {
$userId = User::getId();
}
$task = Objects::getCachedObject($taskId);
$data = $task->getData();
$rez = $data['cid'] == $userId || in_array($userId, $data['sys_data']['task_u_ongoing']) || in_array($userId, $data['sys_data']['task_u_done']);
if (!$rez) {
$rez = Security::isAdmin($userId);
}
return $rez;
}
/**
* get action flags that a user can do this task
* @param int $userId
* @return array
*/
public function getActionFlags($userId = false)
{
$d =& $this->data;
if ($userId === false) {
$userId = $_SESSION['user']['id'];
}
$isAdmin = \CB\Security::isAdmin($userId);
$isOwner = $this->isOwner($userId);
$isClosed = $this->isClosed();
$canEdit = !$isClosed && ($isAdmin || $isOwner);
$rez = array('edit' => $canEdit, 'close' => $canEdit, 'reopen' => $isClosed && $isOwner, 'complete' => !$isClosed && $this->getUserStatus($userId) == static::$USERSTATUS_ONGOING);
return $rez;
}
/**
* check if current class is configured to return any result for
* given path and request params
* @param array &$pathArray
* @param array &$requestParams
* @return boolean
*/
protected function acceptedPath(&$pathArray, &$requestParams)
{
return parent::acceptedPath($pathArray, $requestParams) && Security::isAdmin();
}
/**
* change status for a task
* @param int $status
* @param int $id
* @return json response
*/
protected function changeStatus($id, $status)
{
$obj = Objects::getCachedObject($id);
$data = $obj->getData();
//status change for task is allowed only for owner or admin
if (!$obj->isOwner() && !Security::isAdmin()) {
return array('success' => false, 'msg' => L\get('No_access_for_this_action'));
}
switch ($status) {
case Objects\Task::$STATUS_ACTIVE:
$obj->setActive();
break;
case Objects\Task::$STATUS_CLOSED:
$obj->setClosed();
break;
default:
return array('success' => false, 'id' => $id);
}
$this->afterUpdate($id);
return array('success' => true, 'id' => $id);
}
/**
* login method for user authentication
* @param varchar $login username
* @param varchar $pass password
* @return array json responce
*/
public static function login($login, $pass)
{
$logActionType = 'login';
$ips = '|' . Util\getIPs() . '|';
$coreName = Config::get('core_name');
@(list($login, $loginAs) = explode('/', $login));
$_SESSION['ips'] = $ips;
$_SESSION['key'] = md5($ips . $login . $pass . time());
$_COOKIE['key'] = $_SESSION['key'];
setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true);
$rez = array('success' => false);
$user_id = false;
/* try to authentificate */
$res = DB\dbQuery('CALL p_user_login($1, $2, $3)', array($login, $pass, $ips)) or die(DB\dbQueryError());
if (($r = $res->fetch_assoc()) && $r['status'] == 1) {
$user_id = $r['user_id'];
}
$res->close();
DB\dbCleanConnection();
if ($user_id) {
$rez = array('success' => true, 'user' => array());
if (!empty($loginAs) && $login == 'root') {
$user_id = DM\User::getIdByName($loginAs);
}
$r = User::getPreferences($user_id);
if (!empty($r)) {
$r['admin'] = Security::isAdmin($user_id);
$r['manage'] = Security::canManage($user_id);
$r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8');
$r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8');
//set default theme
if (empty($r['cfg']['theme'])) {
$r['cfg']['theme'] = 'classic';
}
// do not expose security params
unset($r['cfg']['security']);
$rez['user'] = $r;
$_SESSION['user'] = $r;
setcookie('L', $r['language']);
// set user groups
$rez['user']['groups'] = UsersGroups::getGroupIdsForUser();
$_SESSION['user']['groups'] = $rez['user']['groups'];
}
} else {
//check if login exists and add user id to session for logging
$user_id = DM\User::getIdByName($login);
if (!empty($user_id)) {
$_SESSION['user']['id'] = $user_id;
$logActionType = 'login_fail';
}
$rez['msg'] = L\get('Auth_fail');
}
// $logParams = array(
// 'type' => $logActionType
// ,'data' => array(
// 'id' => @$_SESSION['user']['id']
// ,'name' => @Util\coalesce($_SESSION['user']['name'], $login)
// ,'result' => isset($_SESSION['user'])
// ,'info' => 'user: '.$login."\nip: ".$ips
// )
// );
// Log::add($logParams);
return $rez;
}
