/**
* Return tool access
*
* @param $tool Tool name we are getting access rights to
* @param $login User Login name
*
* @return BOOL
*/
public static function getToolAccess($tool, $login = '')
{
//include tool models
include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php';
include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php';
include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php';
//instantiate objects
$access = new stdClass();
$access->error = new stdClass();
$database = \App::get('db');
// Ensure we have a tool
if (!$tool) {
$access->valid = 0;
$access->error->message = 'No tool provided.';
\Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
return $access;
}
// Ensure we have a login
if ($login == '') {
$login = User::get('username');
if ($login == '') {
$access->valid = 0;
$access->error->message = 'Unable to grant tool access to user, no user was found.';
\Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
return $access;
}
}
//load tool version
$toolVersion = new \Components\Tools\Tables\Version($database);
$toolVersion->loadFromInstance($tool);
if (empty($toolVersion)) {
$access->valid = 0;
$access->error->message = 'Unable to load the tool';
$xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
return $access;
}
//load the tool groups
$toolGroup = new \Components\Tools\Tables\Group($database);
$query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid;
$database->setQuery($query);
$toolgroups = $database->loadObjectList();
//get users groups
$xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
// Check if the user is in any groups for this app
$ingroup = false;
$groups = array();
$indevgroup = false;
if ($xgroups) {
foreach ($xgroups as $xgroup) {
$groups[] = $xgroup->cn;
}
if ($toolgroups) {
foreach ($toolgroups as $toolgroup) {
if (in_array($toolgroup->cn, $groups)) {
$ingroup = true;
if ($toolgroup->role == 1) {
$indevgroup = true;
}
}
}
}
}
//check to see if we are an admin
$admin = false;
$ctconfig = Component::params('com_tools');
if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
$admin = true;
}
//get access settings
$exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl);
$isToolPublished = $toolVersion->state == 1;
$isToolDev = $toolVersion->state == 3;
$isGroupControlled = $toolVersion->toolaccess == '@GROUP';
//check for dev tools
if ($isToolDev) {
//if were not in the dev group or an admin we must deny
if (!$indevgroup && !$admin) {
$access->valid = 0;
$access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
} else {
$access->valid = 1;
}
} else {
if ($isToolPublished) {
//are we checking for a group controlled tool
if ($isGroupControlled) {
//if were not in the group that controls it and not admin we must deny
if (!$ingroup && !$admin) {
$access->valid = 0;
$access->error->message = 'This tool may only be accessed by members of it\'s access control groups.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
} else {
$access->valid = 1;
}
} else {
if (!$exportAllowed->valid) {
$access->valid = 0;
$access->error->message = 'Export Access Denied';
\Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
} else {
$access->valid = 1;
}
}
} else {
$access->valid = 0;
$access->error->message = 'This tool version is not published.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
}
}
//return access
return $access;
}
