public function setPermissionsForUserInApp(API2ApplicationUserPermissionsModel $permissions, UserAccountModel $user, API2ApplicationModel $app)
{
global $DB;
$stat = $DB->prepare("SELECT user_in_api2_application_information.* FROM user_in_api2_application_information WHERE " . "api2_application_id =:api2_application_id AND user_id =:user_id");
$stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $user->getId()));
################## If not there, just add
if ($stat->rowCount() == 0) {
$stat = $DB->prepare("INSERT INTO user_in_api2_application_information " . "(api2_application_id, user_id, is_editor, created_at) " . "VALUES (:api2_application_id, :user_id, :is_editor, :created_at)");
$stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $user->getId(), 'is_editor' => $permissions->getIsEditorGranted() ? 1 : 0, 'created_at' => \TimeSource::getFormattedForDataBase()));
return;
}
################## get data, check if we need to escalate or remove permissions
$userInAppData = $stat->fetch();
if ($permissions->getIsEditorGranted() && $userInAppData['is_editor'] == 0) {
$stat = $DB->prepare("UPDATE user_in_api2_application_information " . " SET is_editor='1' " . " WHERE api2_application_id =:api2_application_id AND user_id =:user_id ");
$stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $user->getId()));
}
if ($permissions->getIsEditorRefused() && $userInAppData['is_editor'] == 1) {
$stat = $DB->prepare("UPDATE user_in_api2_application_information " . " SET is_editor='0' " . " WHERE api2_application_id =:api2_application_id AND user_id =:user_id ");
$stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $user->getId()));
}
}
function testStartRefusedThenGrantPermissionIsWriteCalendar()
{
$userAdmin = new UserAccountModel();
$userAdmin->setEmail("*****@*****.**");
$userAdmin->setUsername("admin");
$userAdmin->setPassword("password");
$user = new UserAccountModel();
$user->setEmail("*****@*****.**");
$user->setUsername("test");
$user->setPassword("password");
$userRepo = new UserAccountRepository();
$userRepo->create($userAdmin);
$userRepo->create($user);
$site = new SiteModel();
$site->setTitle("Test");
$site->setSlug("test");
$siteRepo = new SiteRepository();
$siteRepo->create($site, $userAdmin, array(), $this->getSiteQuotaUsedForTesting());
$api2appRepo = new API2ApplicationRepository();
$api2app = $api2appRepo->create($userAdmin, "Title");
$userInApi2AppRepo = new UserInAPI2ApplicationRepository();
#### Initial Set
$permissions = new API2ApplicationUserPermissionsModel();
// no permissions at all ....
$userInApi2AppRepo->setPermissionsForUserInApp($permissions, $user, $api2app);
#### Test
$userInApp = $userInApi2AppRepo->loadByUserAndApplication($user, $api2app);
$this->assertEquals(false, $userInApp->getIsEditor());
#### This should do nothing
$permissions = new API2ApplicationUserPermissionsModel();
$userInApi2AppRepo->setPermissionsForUserInApp($permissions, $user, $api2app);
#### Test
$userInApp = $userInApi2AppRepo->loadByUserAndApplication($user, $api2app);
$this->assertEquals(false, $userInApp->getIsEditor());
#### Then Remove
$permissions = new API2ApplicationUserPermissionsModel();
$permissions->setIsEditorGranted();
$userInApi2AppRepo->setPermissionsForUserInApp($permissions, $user, $api2app);
#### Test
$userInApp = $userInApi2AppRepo->loadByUserAndApplication($user, $api2app);
$this->assertEquals(true, $userInApp->getIsEditor());
#### This should do nothing
$permissions = new API2ApplicationUserPermissionsModel();
$userInApi2AppRepo->setPermissionsForUserInApp($permissions, $user, $api2app);
#### Test
$userInApp = $userInApi2AppRepo->loadByUserAndApplication($user, $api2app);
$this->assertEquals(true, $userInApp->getIsEditor());
}
function login(Request $request, Application $app)
{
if (!$app['apiApp']) {
return $app['twig']->render('indexapi2/index/login.app.problem.html.twig', array());
}
$appRequestTokenRepo = new API2ApplicationRequestTokenRepository();
$userAuthorisationTokenRepo = new API2ApplicationUserAuthorisationTokenRepository();
$userInApp2Repo = new UserInAPI2ApplicationRepository();
######################################## Check Data In
// Load and check request token!
$data = array();
if ($app['websession']->has('api2requestToken')) {
$data['request_token'] = $app['websession']->get('api2requestToken');
}
$data = array_merge($data, $_GET, $_POST);
$requestToken = $data['request_token'] ? $appRequestTokenRepo->loadByAppAndRequestToken($app['apiApp'], $data['request_token']) : null;
if (!$requestToken || $requestToken->getIsUsed()) {
return $app['twig']->render('indexapi2/index/login.requestToken.problem.html.twig', array());
}
$userAuthorisationToken = null;
$permissionsGranted = new API2ApplicationUserPermissionsModel();
$app['websession']->set('api2appToken', $app['apiApp']->getAppToken());
$app['websession']->set('api2requestToken', $requestToken->getRequestToken());
######################################## User Workflow
$formObj = new LogInUserForm($app['currentUser'], $app['apiApp'], $requestToken);
$form = $app['form.factory']->create($formObj);
if ('POST' == $request->getMethod()) {
$form->bind($request);
if ($form->isValid()) {
$formData = $form->getData();
$userRepository = new UserAccountRepository();
if ($formData['email']) {
$user = $userRepository->loadByEmail($formData['email']);
} else {
if ($formData['username']) {
$user = $userRepository->loadByUserName($formData['username']);
}
}
if ($user) {
if ($user->checkPassword($formData['password'])) {
if ($app['apiApp']->getIsAutoApprove()) {
$permissionsGranted->setFromApp($app['apiApp']);
} else {
$permissionsGranted->setFromData($formData);
}
$userInApp2Repo->setPermissionsForUserInApp($permissionsGranted, $user, $app['apiApp']);
$userAuthorisationToken = $userAuthorisationTokenRepo->createForAppAndUserFromRequestToken($app['apiApp'], $user, $requestToken);
} else {
$app['monolog']->addError("Login attempt on API2 - account " . $user->getId() . ' - password wrong.');
$form->addError(new FormError('User and password not recognised'));
}
} else {
$app['monolog']->addError("Login attempt on API2 - unknown account");
$form->addError(new FormError('User and password not recognised'));
}
}
}
if (!$userAuthorisationToken) {
return $app['twig']->render('indexapi2/index/login.html.twig', array('form' => $form->createView(), 'api2app' => $app['apiApp'], 'askForPermissionEditor' => $formObj->getIsEditor()));
}
###################################### Return
if ($requestToken->getCallbackUrl()) {
if ($userAuthorisationToken) {
return $app->redirect($requestToken->getCallbackUrlWithParams(array('authorisation_token' => $userAuthorisationToken->getAuthorisationToken(), 'state' => $requestToken->getStateFromUser())));
} else {
return $app->redirect($requestToken->getCallbackUrlWithParams(array('status' => 'failure')));
}
} else {
if ($requestToken->getIsCallbackJavascript()) {
if ($userAuthorisationToken) {
return $app['twig']->render('indexapi2/index/login.callback.javascript.success.html.twig', array('authorisationToken' => $userAuthorisationToken->getAuthorisationToken(), 'state' => $requestToken->getStateFromUser()));
} else {
return $app['twig']->render('indexapi2/index/login.callback.javascript.failure.html.twig', array());
}
} else {
if ($requestToken->getIsCallbackDisplay()) {
if ($userAuthorisationToken) {
return $app['twig']->render('indexapi2/index/login.callback.display.success.html.twig', array('authorisationToken' => $userAuthorisationToken->getAuthorisationToken()));
} else {
return $app['twig']->render('indexapi2/index/login.callback.display.failure.html.twig', array());
}
} else {
return "No Callback was given!";
}
}
}
return "???";
}