/**
* __invoke
*
* @param Request $request
* @param Response $response
* @param callable|null $out
*
* @return mixed
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
$isAllowed = $this->rcmUserService->isAllowed($this->getOption($request, 'resourceId', null), $this->getOption($request, 'privilege', null));
if ($isAllowed) {
return $out($request, $response);
}
return $this->getResponseWithAclFailStatus($request, $response);
}
/**
* allowed
*
* @param User $adminUser
* @param User $targetUser
*
* @return bool
*/
public function allowed(User $adminUser, User $targetUser)
{
$isAllowed = $this->rcmUserService->isUserAllowed($this->aclConfig['resourceId'], $this->aclConfig['privilege'], $this->aclConfig['providerId'], $targetUser);
if ($isAllowed) {
return new RestrictionResult(false, 'Cannot switch to this user');
}
return new RestrictionResult(true);
}
/**
* @param UserMessage $userMessageRepo
* @param RcmUserService $rcmUserService
* @param TranslatorInterface $translator
* @param \HTMLPurifier $htmlPurifier
*/
public function __construct(UserMessage $userMessageRepo, RcmUserService $rcmUserService, TranslatorInterface $translator, \HTMLPurifier $htmlPurifier)
{
$this->userMessageRepo = $userMessageRepo;
$this->rcmUserService = $rcmUserService;
$this->translator = $translator;
$this->htmlPurifier = $htmlPurifier;
$currentUser = $this->rcmUserService->getCurrentUser(null);
if (!empty($currentUser)) {
$this->currentUserId = $currentUser->getId();
}
}
/**
* switchBack
*
* @param User $impersonatorUser
* @param array $options
*
* @return Result
* @throws \Exception
*/
public function switchBack(User $impersonatorUser, $options = [])
{
// Get current user
$currentUserId = $this->rcmUserService->getCurrentUser()->getId();
$impersonatorUserId = $impersonatorUser->getId();
$result = new Result();
// Force login as $suUser
$this->rcmUserService->getUserAuthService()->setIdentity($impersonatorUser);
// log action
$this->logAction($impersonatorUserId, $currentUserId, 'SU switched back', true);
$result->setSuccess(true, 'SU switch back was successful');
return $result;
}
/**
* Should link be shown in nav bar?
*
* @param $page
*
* @return bool
*/
protected function shouldShowInNavigation(&$page)
{
if (isset($page['rcmOnly']) && $page['rcmOnly'] && empty($this->page)) {
return false;
}
if (isset($page['acl']) && is_array($page['acl']) && !empty($page['acl']['resource'])) {
$providerId = null;
if (!empty($page['acl']['providerId'])) {
$providerId = $page['acl']['providerId'];
}
$privilege = null;
if (!empty($page['acl']['privilege'])) {
$privilege = $page['acl']['privilege'];
}
$resource = $page['acl']['resource'];
$resource = str_replace([':siteId', ':pageName'], [$this->currentSite->getSiteId(), $this->page->getName()], $resource);
if (!empty($this->page)) {
$resource = str_replace([':siteId', ':pageName'], [$this->currentSite->getSiteId(), $this->page->getName()], $resource);
} else {
$resource = str_replace([':siteId'], [$this->currentSite->getSiteId()], $resource);
}
if (!$this->rcmUserService->isAllowed($resource, $privilege, $providerId)) {
return false;
}
}
return true;
}
/**
* Handle Post for Plugin
*
* @param ResetPasswordForm $form
* @param $instanceConfig
*
* @return null|string
*/
protected function handlePost(ResetPasswordForm $form, $instanceConfig)
{
$resetPw = new ResetPassword();
$form->setInputFilter($resetPw->getInputFilter());
$form->setData($this->getRequest()->getPost());
if (!$form->isValid()) {
return;
}
$formData = $form->getData();
$userId = $formData['userId'];
$user = $this->rcmUserManager->buildNewUser();
$user->setUsername($userId);
$result = $this->rcmUserManager->readUser($user);
if (!$result->isSuccess()) {
return;
}
$user = $result->getUser();
if (!$user->getEmail()) {
return;
}
$resetPw->setUserId($user->getId());
$this->entityMgr->persist($resetPw);
$this->entityMgr->flush();
$this->mailer->sendRestPasswordEmail($resetPw, $user, $instanceConfig['prospectEmail']);
return;
}
protected function handlePost(CreateNewPasswordForm $form, $instanceConfig, $userId)
{
$form->setInputFilter(new CreateNewPasswordInputFilter());
$form->setData($this->getRequest()->getPost());
if ($form->isValid()) {
$formData = $form->getData();
$newPasswordOne = $formData['password'];
$newPasswordTwo = $formData['passwordTwo'];
if ($newPasswordOne != $newPasswordTwo) {
return $instanceConfig['translate']['passwordsDoNotMatch'];
}
$user = $this->rcmUserService->buildNewUser();
$user->setUsername($userId);
try {
$result = $this->rcmUserService->readUser($user);
} catch (DistributorNotFoundException $e) {
return $instanceConfig['translate']['systemError'];
}
if (!$result->isSuccess()) {
return $instanceConfig['translate']['invalidLink'];
}
$user = $result->getUser();
$user->setPassword($newPasswordTwo);
$result = $this->rcmUserService->updateUser($user);
if (!$result->isSuccess()) {
throw new \Exception($result->getMessagesString());
}
}
return null;
}
/**
* @deprecated use SwitchUserAclService::currentUserIsSuAllowed
* currentUserIsAllowed
*
* @return bool|mixed
*/
public function currentUserIsAllowed()
{
$adminUser = $this->getCurrentImpersonatorUser();
$targetUser = $this->rcmUserService->getCurrentUser();
if (empty($adminUser)) {
$adminUser = $targetUser;
}
return $this->isAllowed($adminUser);
}
/**
* getUser
*
* @return null|\RcmUser\User\Entity\User
*/
protected function getUser()
{
$username = trim(filter_var($this->getRequest()->getPost('username'), FILTER_SANITIZE_STRING));
$password = filter_var($this->getRequest()->getPost('password'), FILTER_SANITIZE_STRING);
if (empty($username) || empty($password)) {
return null;
}
$user = $this->rcmUserService->buildNewUser();
$user->setUsername($username);
$user->setPassword($password);
return $user;
}
/**
* Process 401 Response Objects. This will redirect the visitor to the
* sites configured login page.
*
* @return Response
*/
protected function processNotAuthorized()
{
$loginPage = $this->currentSite->getLoginPage();
$notAuthorized = $this->currentSite->getNotAuthorizedPage();
$returnToUrl = urlencode($this->request->getServer('REQUEST_URI'));
$newResponse = new Response();
$newResponse->setStatusCode('302');
if (!$this->userService->hasIdentity()) {
$newResponse->getHeaders()->addHeaderLine('Location: ' . $loginPage . '?redirect=' . $returnToUrl);
} else {
$newResponse->getHeaders()->addHeaderLine('Location: ' . $notAuthorized);
}
return $newResponse;
}
/**
* Check to make sure user can see revisions
*
* @return bool
*/
public function shouldShowRevisions($siteId, $pageType, $pageName)
{
$allowedRevisions = $this->rcmUserService->isAllowed($this->buildPageResourceId($siteId, $pageType, $pageName), 'edit', 'Rcm\\Acl\\ResourceProvider');
if ($allowedRevisions) {
return true;
}
$allowedRevisions = $this->rcmUserService->isAllowed($this->buildPageResourceId($siteId, $pageType, $pageName), 'approve', 'Rcm\\Acl\\ResourceProvider');
if ($allowedRevisions) {
return true;
}
$allowedRevisions = $this->rcmUserService->isAllowed($this->buildPageResourceId($siteId, $pageType, $pageName), 'revisions', 'Rcm\\Acl\\ResourceProvider');
if ($allowedRevisions) {
return true;
}
$allowedRevisions = $this->rcmUserService->isAllowed($this->buildPagesResourceId($siteId), 'create', 'Rcm\\Acl\\ResourceProvider');
if ($allowedRevisions) {
return true;
}
return false;
}
/**
* isCurrentImpersonatorUserAllowed
*
* @param $resourceId
* @param $privilege
* @param $providerId
*
* @return bool|mixed
*/
public function isCurrentImpersonatorUserAllowed($resourceId, $privilege, $providerId)
{
$user = $this->rcmUserService->getCurrentUser();
return $this->isImpersonatorUserAllowed($resourceId, $privilege, $providerId, $user);
}
/**
* has Access
*
* @return boolean
*/
public function hasAccess()
{
// no restrictions
return $this->rcmUserService->isAllowed($this->resourceId, $this->privilege, $this->providerId);
}
/**
* @deprecated Use RcmUserService->getCurrentUser()
* __invoke
*
* @param mixed $default default
*
* @return null|\RcmUser\User\Entity\User
*/
public function __invoke($default = null)
{
$user = $this->rcmUserService->getIdentity($default);
return $user;
}
/**
* __invoke
*
* @param string $resourceId resourceId
* @param string $privilege privilege
* @param string $providerId providerId
*
* @return bool
*/
public function __invoke($resourceId, $privilege = null, $providerId = 'Rcm\\Acl\\ResourceProvider')
{
return $this->rcmUserService->isAllowed($resourceId, $privilege, $providerId);
}
public function testSetGetAuthorizeService()
{
$rcmUserService = new RcmUserService();
$rcmUserService->setAuthorizeService($this->authorizeService);
$service = $rcmUserService->getAuthorizeService();
$this->assertInstanceOf('\\RcmUser\\Acl\\Service\\AuthorizeService', $service, 'Getter or setter failed.');
}