/** * @return string The permissions of the file */ public function getPermissions($octal = true) { $meta = $this->getMeta(); if ($meta === null) { throw new EyeNullPointerException('No metadata found for ' . $this->path); } $perm = $meta->get(self::METADATA_KEY_PERMISSIONS); if ($perm === null) { if ($this->isDirectory()) { $perm = self::PERMISSIONS_MASK_DIR & ~$this->getUMask(); } else { if ($this->isLink()) { $perm = self::PERMISSIONS_VALUE_LINK; } else { $perm = self::PERMISSIONS_MASK_FILE & ~$this->getUMask(); } } if (!$octal) { return AdvancedPathLib::permsToUnix($perm); } return $perm; } if ($octal) { return AdvancedPathLib::permsToOctal($perm); } else { return $perm; } }
/** * TODO * * @param mixed $object * @param IPermission $permission * @param LoginContext $context * @return bool TRUE if the handler performed the permission check successfully, FALSE otherwise. * * @throws EyeInvalidArgumentException * @throws EyeUnexpectedValueException * @throws EyeAccessControlException */ public function checkPermission($object, IPermission $permission, LoginContext $context) { if (!$object instanceof EyeosApplicationDescriptor) { throw new EyeInvalidArgumentException('$object must be an EyeosApplicationDescriptor.'); } try { $eyeosUser = $context->getEyeosUser(); } catch (EyeNullPointerException $e) { $this->failureException = new EyeHandlerFailureException('No eyeos user found in login context.'); return false; } $meta = $object->getMeta(); if ($meta === null) { throw new EyeNullPointerException('$meta cannot be null.'); } $sysParams = $meta->get('eyeos.application.systemParameters'); // Extract owner, group and permissions from application's metadata try { $owner = UMManager::getInstance()->getUserByName($sysParams['owner']); } catch (EyeNoSuchPrincipalException $e) { $this->failureException = new EyeHandlerFailureException('Unknown owner "' . $owner . '".'); return false; } try { $group = UMManager::getInstance()->getGroupByName($sysParams['group']); } catch (EyeNoSuchPrincipalException $e) { $this->failureException = new EyeHandlerFailureException('Unknown group "' . $group . '".'); return false; } try { $perms = AdvancedPathLib::permsToOctal($sysParams['permissions']); } catch (Exception $e) { $this->failureException = new EyeHandlerFailureException('"' . $perms . '" is not a valid octal UNIX permission for application ' . $object->getName() . '.'); return false; } // Loop on actions (but here we currently know the action "execute" only) $accessGranted = false; $actionText = ''; foreach ($permission->getActions() as $action) { if ($action == 'execute') { $ref = 0100; $actionText = 'Execution'; } else { // the given action is not supported by this handler $this->failureException = new EyeHandlerFailureException('Unknown action received: ' . $action . '.'); return false; } //owner if ($eyeosUser->getId() == $owner->getId()) { if ($ref & $perms) { $accessGranted = true; continue; } else { throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for application ' . $object->getName() . ' (insufficient permissions).'); } } else { $ref = $ref >> 3; //group if ($context->getSubject()->getPrincipals()->contains($group)) { if ($ref & $perms) { $accessGranted = true; continue; } else { throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for application ' . $object->getName() . ' (insufficient permissions).'); } } else { $ref = $ref >> 3; //others if ($ref & $perms) { $accessGranted = true; continue; } else { throw new EyeAccessControlException($actionText . ' access denied to user ' . $eyeosUser->getName() . ' for application ' . $object->getName() . ' (insufficient permissions).'); } } } } if (self::$Logger->isInfoEnabled()) { self::$Logger->info('Access granted to user ' . $eyeosUser->getName() . ' for actions "' . $permission->getActionsAsString() . '" on application ' . $object->getName() . '.'); } return true; }
/** * @param bool $octal TRUE to return permissions in octal form (755), * FALSE to return them in Unix form (rwxr-xr-x) * @return mixed The permissions of the file or FALSE if the file doesn't exist */ public function getPermissions($octal = true) { if ($this->statsCache['permissions'] === null) { $this->fetchStats(); } if (!$octal) { return $this->statsCache['permissions']; } else { return AdvancedPathLib::permsToOctal($this->statsCache['permissions']); } }
public function testPermsToOctal() { $this->assertEquals('777', decoct(AdvancedPathLib::permsToOctal('-rwxrwxrwx'))); $this->assertEquals('777', decoct(AdvancedPathLib::permsToOctal('drwxrwxrwx'))); $this->assertEquals('777', decoct(AdvancedPathLib::permsToOctal('lrwxrwxrwx'))); $this->assertEquals('0', decoct(AdvancedPathLib::permsToOctal('----------'))); $this->assertEquals('755', decoct(AdvancedPathLib::permsToOctal('-rwxr-xr-x'))); $this->assertEquals('544', decoct(AdvancedPathLib::permsToOctal('-r-xr--r--'))); $this->assertEquals('411', decoct(AdvancedPathLib::permsToOctal('-r----x--x'))); }