/** * Return tool access * * @param $tool Tool name we are getting access rights to * @param $login User Login name * * @return BOOL */ public static function getToolAccess($tool, $login = '') { //include tool models include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php'; //instantiate objects $access = new stdClass(); $access->error = new stdClass(); $database = \App::get('db'); // Ensure we have a tool if (!$tool) { $access->valid = 0; $access->error->message = 'No tool provided.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return $access; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { $access->valid = 0; $access->error->message = 'Unable to grant tool access to user, no user was found.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return $access; } } //load tool version $toolVersion = new \Components\Tools\Tables\Version($database); $toolVersion->loadFromInstance($tool); if (empty($toolVersion)) { $access->valid = 0; $access->error->message = 'Unable to load the tool'; $xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return $access; } //load the tool groups $toolGroup = new \Components\Tools\Tables\Group($database); $query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid; $database->setQuery($query); $toolgroups = $database->loadObjectList(); //get users groups $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } //check to see if we are an admin $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } //get access settings $exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl); $isToolPublished = $toolVersion->state == 1; $isToolDev = $toolVersion->state == 3; $isGroupControlled = $toolVersion->toolaccess == '@GROUP'; //check for dev tools if ($isToolDev) { //if were not in the dev group or an admin we must deny if (!$indevgroup && !$admin) { $access->valid = 0; $access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if ($isToolPublished) { //are we checking for a group controlled tool if ($isGroupControlled) { //if were not in the group that controls it and not admin we must deny if (!$ingroup && !$admin) { $access->valid = 0; $access->error->message = 'This tool may only be accessed by members of it\'s access control groups.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if (!$exportAllowed->valid) { $access->valid = 0; $access->error->message = 'Export Access Denied'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); } else { $access->valid = 1; } } } else { $access->valid = 0; $access->error->message = 'This tool version is not published.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); } } //return access return $access; }