function upgradeRootRoleForWelcome() { $rootRole = AuthService::getRole("ROOT_ROLE"); if (!empty($rootRole)) { echo '<br>Upgrading Root Role to let users access the new welcome page<br>'; $rootRole->setAcl("ajxp_home", "rw"); $rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", "ajxp_home"); AuthService::updateRole($rootRole); } }
public function testRolesStorage() { $r = new \AJXP_Role("phpunit_temporary_role"); $r->setAcl(0, "rw"); \AuthService::updateRole($r); $r1 = \AuthService::getRole("phpunit_temporary_role"); $this->assertTrue(is_a($r1, "AJXP_Role")); $this->assertEquals("rw", $r1->getAcl(0)); \AuthService::deleteRole("phpunit_temporary_role"); $r2 = \AuthService::getRole("phpunit_temporary_role"); $this->assertFalse($r2); }
/** * Specific operations to perform at boot time * @static * @param array $START_PARAMETERS A HashTable of parameters to send back to the client * @return void */ public static function bootSequence(&$START_PARAMETERS) { if (AJXP_Utils::detectApplicationFirstRun()) { return; } if (file_exists(AJXP_CACHE_DIR . "/admin_counted")) { return; } $rootRole = AuthService::getRole("ROOT_ROLE", false); if ($rootRole === false) { $rootRole = new AJXP_Role("ROOT_ROLE"); $rootRole->setLabel("Root Role"); $rootRole->setAutoApplies(array("standard", "admin")); $dashId = ""; foreach (ConfService::getRepositoriesList("all") as $repositoryId => $repoObject) { if ($repoObject->isTemplate) { continue; } if ($repoObject->getAccessType() == "ajxp_user") { $dashId = $repositoryId; } $gp = $repoObject->getGroupPath(); if (empty($gp) || $gp == "/") { if ($repoObject->getDefaultRight() != "") { $rootRole->setAcl($repositoryId, $repoObject->getDefaultRight()); } } } if (!empty($dashId)) { $rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", $dashId); } $paramNodes = AJXP_PluginsService::searchAllManifests("//server_settings/param[@scope]", "node", false, false, true); if (is_array($paramNodes) && count($paramNodes)) { foreach ($paramNodes as $xmlNode) { $default = $xmlNode->getAttribute("default"); if (empty($default)) { continue; } $parentNode = $xmlNode->parentNode->parentNode; $pluginId = $parentNode->getAttribute("id"); if (empty($pluginId)) { $pluginId = $parentNode->nodeName . "." . $parentNode->getAttribute("name"); } $rootRole->setParameterValue($pluginId, $xmlNode->getAttribute("name"), $default); } } AuthService::updateRole($rootRole); } $miniRole = AuthService::getRole("MINISITE", false); if ($miniRole === false) { $rootRole = new AJXP_Role("MINISITE"); $rootRole->setLabel("Minisite Users"); $actions = array("access.fs" => array("ajxp_link", "chmod", "purge"), "meta.watch" => array("toggle_watch"), "conf.serial" => array("get_bookmarks"), "conf.sql" => array("get_bookmarks"), "index.lucene" => array("index"), "action.share" => array("share"), "gui.ajax" => array("bookmark"), "auth.serial" => array("pass_change"), "auth.sql" => array("pass_change")); foreach ($actions as $pluginId => $acts) { foreach ($acts as $act) { $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false); } } AuthService::updateRole($rootRole); } $miniRole = AuthService::getRole("MINISITE_NODOWNLOAD", false); if ($miniRole === false) { $rootRole = new AJXP_Role("MINISITE_NODOWNLOAD"); $rootRole->setLabel("Minisite Users - No Download"); $actions = array("access.fs" => array("download", "download_chunk", "prepare_chunk_dl", "download_all")); foreach ($actions as $pluginId => $acts) { foreach ($acts as $act) { $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false); } } AuthService::updateRole($rootRole); } $miniRole = AuthService::getRole("GUEST", false); if ($miniRole === false) { $rootRole = new AJXP_Role("GUEST"); $rootRole->setLabel("Guest user role"); $actions = array("access.fs" => array("purge"), "meta.watch" => array("toggle_watch"), "index.lucene" => array("index")); $rootRole->setAutoApplies(array("guest")); foreach ($actions as $pluginId => $acts) { foreach ($acts as $act) { $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_ALL); } } AuthService::updateRole($rootRole); } $adminCount = AuthService::countAdminUsers(); if ($adminCount == 0) { $authDriver = ConfService::getAuthDriverImpl(); $adminPass = ADMIN_PASSWORD; if ($authDriver->getOption("TRANSMIT_CLEAR_PASS") !== true) { $adminPass = md5(ADMIN_PASSWORD); } AuthService::createUser("admin", $adminPass, true); if (ADMIN_PASSWORD == INITIAL_ADMIN_PASSWORD) { $userObject = ConfService::getConfStorageImpl()->createUserObject("admin"); $userObject->setAdmin(true); AuthService::updateAdminRights($userObject); if (AuthService::changePasswordEnabled()) { $userObject->setLock("pass_change"); } $userObject->save("superuser"); $START_PARAMETERS["ALERT"] .= "Warning! User 'admin' was created with the initial password '" . INITIAL_ADMIN_PASSWORD . "'. \\nPlease log in as admin and change the password now!"; } AuthService::updateUser($userObject); } else { if ($adminCount == -1) { // Here we may come from a previous version! Check the "admin" user and set its right as admin. $confStorage = ConfService::getConfStorageImpl(); $adminUser = $confStorage->createUserObject("admin"); $adminUser->setAdmin(true); $adminUser->save("superuser"); $START_PARAMETERS["ALERT"] .= "There is an admin user, but without admin right. Now any user can have the administration rights, \\n your 'admin' user was set with the admin rights. Please check that this suits your security configuration."; } } file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true"); }
function tryToLogUser(&$httpVars, $isLast = false) { if (isset($_SESSION["CURRENT_MINISITE"])) { return false; } $this->loadConfig(); if (isset($_SESSION['AUTHENTICATE_BY_CAS'])) { $flag = $_SESSION['AUTHENTICATE_BY_CAS']; } else { $flag = 0; } $pgtIou = !empty($httpVars['pgtIou']); $logged = isset($_SESSION['LOGGED_IN_BY_CAS']); $enre = !empty($httpVars['put_action_enable_redirect']); $ticket = !empty($httpVars['ticket']); $pgt = !empty($_SESSION['phpCAS']['pgt']); $clientModeTicketPendding = isset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']); if ($this->cas_modify_login_page) { if ($flag == 0 && $enre && !$logged && !$pgtIou) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; } elseif ($flag == 1 && !$enre && !$logged && !$pgtIou && !$ticket && !$pgt) { $_SESSION['AUTHENTICATE_BY_CAS'] = 0; } elseif ($flag == 1 && $enre && !$logged && !$pgtIou) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; } elseif ($pgtIou || $pgt) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; } elseif ($ticket) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; $_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING'] = 1; } elseif ($logged && $pgtIou) { $_SESSION['AUTHENTICATE_BY_CAS'] = 2; } else { $_SESSION['AUTHENTICATE_BY_CAS'] = 0; } if ($_SESSION['AUTHENTICATE_BY_CAS'] < 1) { if ($clientModeTicketPendding) { unset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']); } else { return false; } } } /** * Depend on phpCAS mode configuration */ switch ($this->cas_mode) { case PHPCAS_MODE_CLIENT: if ($this->checkConfigurationForClientMode()) { AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Client: ", "sucessfully"); phpCAS::client(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false); if (!empty($this->cas_certificate_path)) { phpCAS::setCasServerCACert($this->cas_certificate_path); } else { phpCAS::setNoCasServerValidation(); } /** * Debug */ if ($this->cas_debug_mode) { // logfile name by date: $today = getdate(); $file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt'; empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file); phpCAS::setDebug($file_path); } phpCAS::forceAuthentication(); } else { AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode CLIENT, please verify the configuration", ""); return false; } break; case PHPCAS_MODE_PROXY: /** * If in login page, user click on login via CAS, the page will be reload with manuallyredirectocas is set. * Or force redirect to cas login page even the force redirect is set in configuration of this module * */ if ($this->checkConfigurationForProxyMode()) { AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Proxy: ", "sucessfully"); /** * init phpCAS in mode proxy */ phpCAS::proxy(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false); if (!empty($this->cas_certificate_path)) { phpCAS::setCasServerCACert($this->cas_certificate_path); } else { phpCAS::setNoCasServerValidation(); } /** * Debug */ if ($this->cas_debug_mode) { // logfile name by date: $today = getdate(); $file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt'; empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file); phpCAS::setDebug($file_path); } if (!empty($this->cas_setFixedCallbackURL)) { phpCAS::setFixedCallbackURL($this->cas_setFixedCallbackURL); } // /** * PTG storage */ $this->setPTGStorage(); phpCAS::forceAuthentication(); /** * Get proxy ticket (PT) for SAMBA to authentication at CAS via pam_cas * In fact, we can use any other service. Of course, it should be enabled in CAS * */ $err_code = null; $serviceURL = $this->cas_proxied_service; AJXP_Logger::debug(__FUNCTION__, "Try to get proxy ticket for service: ", $serviceURL); $res = phpCAS::serviceSMB($serviceURL, $err_code); if (!empty($res)) { $_SESSION['PROXYTICKET'] = $res; AJXP_Logger::info(__FUNCTION__, "Get Proxy ticket successfully ", ""); } else { AJXP_Logger::info(__FUNCTION__, "Could not get Proxy ticket. ", ""); } break; } else { AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode PROXY, please verify the configuration", ""); return false; } default: return false; break; } AJXP_Logger::debug(__FUNCTION__, "Call phpCAS::getUser() after forceAuthentication ", ""); $cas_user = phpCAS::getUser(); if (!AuthService::userExists($cas_user) && $this->is_AutoCreateUser) { AuthService::createUser($cas_user, openssl_random_pseudo_bytes(20)); } if (AuthService::userExists($cas_user)) { $res = AuthService::logUser($cas_user, "", true); if ($res > 0) { AJXP_Safe::storeCredentials($cas_user, $_SESSION['PROXYTICKET']); $_SESSION['LOGGED_IN_BY_CAS'] = true; if (!empty($this->cas_additional_role)) { $userObj = ConfService::getConfStorageImpl()->createUserObject($cas_user); $roles = $userObj->getRoles(); $cas_RoleID = $this->cas_additional_role; $userObj->addRole(AuthService::getRole($cas_RoleID, true)); AuthService::updateUser($userObj); } return true; } } return false; }
/** * @param Array $httpVars * @param Repository $repository * @param AbstractAccessDriver $accessDriver * @param null $uniqueUser * @throws Exception * @return int|Repository */ public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null) { // ERRORS // 100 : missing args // 101 : repository label already exists // 102 : user already exists // 103 : current user is not allowed to share // SUCCESS // 200 if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") { return 100; } $foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId()); if (isset($foldersharing) && $foldersharing === false) { return 103; } $loggedUser = AuthService::getLoggedUser(); $actRights = $loggedUser->mergedRole->listActionsStatesFor($repository); if (isset($actRights["share"]) && $actRights["share"] === false) { return 103; } $users = array(); $uRights = array(); $uPasses = array(); $groups = array(); $index = 0; $prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId()); while (isset($httpVars["user_" . $index])) { $eType = $httpVars["entry_type_" . $index]; $rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : ""); if ($this->watcher !== false) { $uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false; } if (empty($rightString)) { $index++; continue; } if ($eType == "user") { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS); if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) { $index++; continue; } else { if (AuthService::userExists($u) && isset($httpVars["user_pass_" . $index])) { throw new Exception("User {$u} already exists, please choose another name."); } } if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) { $u = $prefix . $u; } $users[] = $u; } else { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]); if (strpos($u, "/AJXP_TEAM/") === 0) { $confDriver = ConfService::getConfStorageImpl(); if (method_exists($confDriver, "teamIdToUsers")) { $teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u)); foreach ($teamUsers as $userId) { $users[] = $userId; $uRights[$userId] = $rightString; if ($this->watcher !== false) { $uWatches[$userId] = $uWatch; } } } $index++; continue; } else { $groups[] = $u; } } $uRights[$u] = $rightString; $uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : ""; if ($this->watcher !== false) { $uWatches[$u] = $uWatch; } $index++; } $label = AJXP_Utils::decodeSecureMagic($httpVars["repo_label"]); $description = AJXP_Utils::decodeSecureMagic($httpVars["repo_description"]); if (isset($httpVars["repository_id"])) { $editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]); } // CHECK USER & REPO DOES NOT ALREADY EXISTS if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) { $repos = ConfService::getRepositoriesList(); foreach ($repos as $obj) { if ($obj->getDisplay() == $label && (!isset($editingRepo) || $editingRepo != $obj)) { return 101; } } } $confDriver = ConfService::getConfStorageImpl(); foreach ($users as $userName) { if (AuthService::userExists($userName)) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) { return 102; } } else { if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) { return 102; } if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") { return 100; } } } // CREATE SHARED OPTIONS $options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository); $customData = array(); foreach ($httpVars as $key => $value) { if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") { $customData[substr($key, strlen("PLUGINS_DATA_"))] = $value; } } if (count($customData)) { $options["PLUGINS_DATA"] = $customData; } if (isset($editingRepo)) { $newRepo = $editingRepo; if ($editingRepo->getDisplay() != $label) { $newRepo->setDisplay($label); ConfService::replaceRepository($httpVars["repository_id"], $newRepo); } $editingRepo->setDescription($description); } else { if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $index => $data) { if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) { $options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString(); } } } $newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null); $gPath = $loggedUser->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription($description); ConfService::addRepository($newRepo); } $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); if (isset($editingRepo)) { $currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file); $originalUsers = array_keys($currentRights["USERS"]); $removeUsers = array_diff($originalUsers, $users); if (count($removeUsers)) { foreach ($removeUsers as $user) { if (AuthService::userExists($user)) { $userObject = $confDriver->createUserObject($user); $userObject->personalRole->setAcl($newRepo->getUniqueId(), ""); $userObject->save("superuser"); } } } $originalGroups = array_keys($currentRights["GROUPS"]); $removeGroups = array_diff($originalGroups, $groups); if (count($removeGroups)) { foreach ($removeGroups as $groupId) { $role = AuthService::getRole("AJXP_GRP_" . AuthService::filterBaseGroup($groupId)); if ($role !== false) { $role->setAcl($newRepo->getUniqueId(), ""); AuthService::updateRole($role); } } } } foreach ($users as $userName) { if (AuthService::userExists($userName, "r")) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); } else { if (ConfService::getAuthDriverImpl()->getOption("TRANSMIT_CLEAR_PASS")) { $pass = $uPasses[$userName]; } else { $pass = md5($uPasses[$userName]); } $limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, ""); if (!empty($limit) && intval($limit) > 0) { $count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId())); if ($count >= $limit) { $mess = ConfService::getMessages(); throw new Exception($mess['483']); } } AuthService::createUser($userName, $pass); $userObject = $confDriver->createUserObject($userName); $userObject->personalRole->clearAcls(); $userObject->setParent($loggedUser->id); $userObject->setGroupPath($loggedUser->getGroupPath()); $userObject->setProfile("shared"); if (isset($httpVars["minisite"])) { $mess = ConfService::getMessages(); $userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . $newRepo->getDisplay()); } AJXP_Controller::applyHook("user.after_create", array($userObject)); } // CREATE USER WITH NEW REPO RIGHTS $userObject->personalRole->setAcl($newRepo->getUniqueId(), $uRights[$userName]); if (isset($httpVars["minisite"])) { $newRole = new AJXP_Role("AJXP_SHARED-" . $newRepo->getUniqueId()); $r = AuthService::getRole("MINISITE"); if (is_a($r, "AJXP_Role")) { if ($httpVars["disable_download"]) { $f = AuthService::getRole("MINISITE_NODOWNLOAD"); if (is_a($f, "AJXP_Role")) { $r = $f->override($r); } } $allData = $r->getDataArray(); $newData = $newRole->getDataArray(); if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) { $newData["ACTIONS"][$newRepo->getUniqueId()] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED]; } if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) { $newData["PARAMETERS"][$newRepo->getUniqueId()] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED]; } $newRole->bunchUpdate($newData); AuthService::updateRole($newRole); $userObject->addRole($newRole); } } $userObject->save("superuser"); if ($this->watcher !== false) { // Register a watch on the current folder for shared user if ($uWatches[$userName] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node($this->urlBase . $file), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId())); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $userName, true); } } } if ($this->watcher !== false) { // Register a watch on the new repository root for current user if ($httpVars["self_watch_folder"] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId()); } } foreach ($groups as $group) { $grRole = AuthService::getRole("AJXP_GRP_" . AuthService::filterBaseGroup($group), true); $grRole->setAcl($newRepo->getUniqueId(), $uRights[$group]); AuthService::updateRole($grRole); } if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) { AJXP_Controller::applyHook("node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo)); } return $newRepo; }
/** * @param string $parameterName Plugin parameter name * @param AbstractAjxpUser|string $userIdOrObject * @param string $pluginId Plugin name, core.conf by default * @param null $defaultValue * @return mixed */ public static function getUserPersonalParameter($parameterName, $userIdOrObject, $pluginId = "core.conf", $defaultValue = null) { $cacheId = $pluginId . "-" . $parameterName; if (!isset(self::$usersParametersCache[$cacheId])) { self::$usersParametersCache[$cacheId] = array(); } // Passed an already loaded object if (is_a($userIdOrObject, "AbstractAjxpUser")) { $value = $userIdOrObject->personalRole->filterParameterValue($pluginId, $parameterName, AJXP_REPO_SCOPE_ALL, $defaultValue); self::$usersParametersCache[$cacheId][$userIdOrObject->getId()] = $value; if (empty($value) && !empty($defaultValue)) { $value = $defaultValue; } return $value; } // Already in memory cache if (isset(self::$usersParametersCache[$cacheId][$userIdOrObject])) { return self::$usersParametersCache[$cacheId][$userIdOrObject]; } // Try to load personal role if it was already loaded. $uRole = AuthService::getRole("AJXP_USR_/" . $userIdOrObject); if ($uRole === false) { $uObject = self::getConfStorageImpl()->createUserObject($userIdOrObject); if (isset($uObject)) { $uRole = $uObject->personalRole; } } if (empty($uRole)) { return $defaultValue; } $value = $uRole->filterParameterValue($pluginId, $parameterName, AJXP_REPO_SCOPE_ALL, $defaultValue); if (empty($value) && !empty($defaultValue)) { $value = $userIdOrObject; } self::$usersParametersCache[$cacheId][$userIdOrObject] = $value; return $value; }
public function __wakeup() { $this->storage = ConfService::getConfStorageImpl(); if (!is_object($this->personalRole)) { $this->personalRole = AuthService::getRole("AJXP_USR_/" . $this->getId()); } $this->recomputeMergedRole(); }
/** * @param Array $httpVars * @param Repository $repository * @param AbstractAccessDriver $accessDriver * @param null $uniqueUser * @throws Exception * @return int|Repository */ public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null) { // ERRORS // 100 : missing args // 101 : repository label already exists // 102 : user already exists // 103 : current user is not allowed to share // SUCCESS // 200 if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") { return 100; } /* // FILE IS ALWAYS THE PARENT FOLDER SO WE NOW CHECK FOLDER_SHARING AT A HIGHER LEVEL $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); $foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId()); $foldersharingDisabled = isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable")); if (is_dir($this->urlBase.$file) && $foldersharingDisabled) { return 103; } */ $loggedUser = AuthService::getLoggedUser(); $actRights = $loggedUser->mergedRole->listActionsStatesFor($repository); if (isset($actRights["share"]) && $actRights["share"] === false) { return 103; } $users = array(); $uRights = array(); $uPasses = array(); $groups = array(); $uWatches = array(); $index = 0; $prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId()); while (isset($httpVars["user_" . $index])) { $eType = $httpVars["entry_type_" . $index]; $uWatch = false; $rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : ""); if ($this->watcher !== false) { $uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false; } if (empty($rightString)) { $index++; continue; } if ($eType == "user") { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS); if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) { $index++; continue; } else { if (AuthService::userExists($u, "w") && isset($httpVars["user_pass_" . $index])) { throw new Exception("User {$u} already exists, please choose another name."); } } if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) { $u = $prefix . $u; } $users[] = $u; } else { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]); if (strpos($u, "/AJXP_TEAM/") === 0) { $confDriver = ConfService::getConfStorageImpl(); if (method_exists($confDriver, "teamIdToUsers")) { $teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u)); foreach ($teamUsers as $userId) { $users[] = $userId; $uRights[$userId] = $rightString; if ($this->watcher !== false) { $uWatches[$userId] = $uWatch; } } } $index++; continue; } else { $groups[] = $u; } } $uRights[$u] = $rightString; $uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : ""; if ($this->watcher !== false) { $uWatches[$u] = $uWatch; } $index++; } $label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML); $description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML); if (isset($httpVars["repository_id"])) { $editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]); } // CHECK USER & REPO DOES NOT ALREADY EXISTS if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) { $count = 0; $similarLabelRepos = ConfService::listRepositoriesWithCriteria(array("display" => $label), $count); if ($count && !isset($editingRepo)) { return 101; } if ($count && isset($editingRepo)) { foreach ($similarLabelRepos as $slr) { if ($slr->getUniqueId() != $editingRepo->getUniqueId()) { return 101; } } } /* $repos = ConfService::getRepositoriesList(); foreach ($repos as $obj) { if ($obj->getDisplay() == $label && (!isSet($editingRepo) || $editingRepo != $obj)) { } } */ } $confDriver = ConfService::getConfStorageImpl(); foreach ($users as $userName) { if (AuthService::userExists($userName)) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) { return 102; } } else { if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) { return 102; } if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") { return 100; } } } // CREATE SHARED OPTIONS $options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository); $customData = array(); foreach ($httpVars as $key => $value) { if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") { $customData[substr($key, strlen("PLUGINS_DATA_"))] = $value; } } if (count($customData)) { $options["PLUGINS_DATA"] = $customData; } if (isset($editingRepo)) { $this->getShareStore()->testUserCanEditShare($editingRepo->getOwner()); $newRepo = $editingRepo; $replace = false; if ($editingRepo->getDisplay() != $label) { $newRepo->setDisplay($label); $replace = true; } if ($editingRepo->getDescription() != $description) { $newRepo->setDescription($description); $replace = true; } if ($replace) { ConfService::replaceRepository($httpVars["repository_id"], $newRepo); } } else { if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $index => &$data) { if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) { $options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString(); } if ($index == "meta.syncable" && (!isset($data["REPO_SYNCABLE"]) || $data["REPO_SYNCABLE"] === true)) { $data["REQUIRES_INDEXATION"] = true; } } } $newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null); $gPath = $loggedUser->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription($description); $newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]); if (isset($httpVars["filter_nodes"])) { $newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"])); } ConfService::addRepository($newRepo); if (!isset($httpVars["minisite"])) { $this->getShareStore()->storeShare($repository->getId(), array("REPOSITORY" => $newRepo->getUniqueId(), "OWNER_ID" => $loggedUser->getId()), "repository"); } } $sel = new UserSelection($this->repository, $httpVars); $file = $sel->getUniqueFile(); $newRepoUniqueId = $newRepo->getUniqueId(); if (isset($editingRepo)) { $currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file); $originalUsers = array_keys($currentRights["USERS"]); $removeUsers = array_diff($originalUsers, $users); if (count($removeUsers)) { foreach ($removeUsers as $user) { if (AuthService::userExists($user)) { $userObject = $confDriver->createUserObject($user); $userObject->personalRole->setAcl($newRepoUniqueId, ""); $userObject->save("superuser"); } if ($this->watcher !== false) { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $user, true); } } } $originalGroups = array_keys($currentRights["GROUPS"]); $removeGroups = array_diff($originalGroups, $groups); if (count($removeGroups)) { foreach ($removeGroups as $groupId) { $role = AuthService::getRole($groupId); if ($role !== false) { $role->setAcl($newRepoUniqueId, ""); AuthService::updateRole($role); } } } } foreach ($users as $userName) { if (AuthService::userExists($userName, "r")) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); } else { if (ConfService::getAuthDriverImpl()->getOptionAsBool("TRANSMIT_CLEAR_PASS")) { $pass = $uPasses[$userName]; } else { $pass = md5($uPasses[$userName]); } if (!isset($httpVars["minisite"])) { // This is an explicit user creation - check possible limits AJXP_Controller::applyHook("user.before_create", array($userName, null, false, false)); $limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, ""); if (!empty($limit) && intval($limit) > 0) { $count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId())); if ($count >= $limit) { $mess = ConfService::getMessages(); throw new Exception($mess['483']); } } } AuthService::createUser($userName, $pass, false, isset($httpVars["minisite"])); $userObject = $confDriver->createUserObject($userName); $userObject->personalRole->clearAcls(); $userObject->setParent($loggedUser->id); $userObject->setGroupPath($loggedUser->getGroupPath()); $userObject->setProfile("shared"); if (isset($httpVars["minisite"])) { $mess = ConfService::getMessages(); $userObject->setHidden(true); $userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . AJXP_Utils::sanitize($newRepo->getDisplay(), AJXP_SANITIZE_EMAILCHARS)); } AJXP_Controller::applyHook("user.after_create", array($userObject)); } // CREATE USER WITH NEW REPO RIGHTS $userObject->personalRole->setAcl($newRepoUniqueId, $uRights[$userName]); // FORK MASK IF THERE IS ANY if ($file != "/" && $loggedUser->mergedRole->hasMask($repository->getId())) { $parentTree = $loggedUser->mergedRole->getMask($repository->getId())->getTree(); // Try to find a branch on the current selection $parts = explode("/", trim($file, "/")); while (($next = array_shift($parts)) !== null) { if (isset($parentTree[$next])) { $parentTree = $parentTree[$next]; } else { $parentTree = null; break; } } if ($parentTree != null) { $newMask = new AJXP_PermissionMask(); $newMask->updateTree($parentTree); } if (isset($newMask)) { $userObject->personalRole->setMask($newRepoUniqueId, $newMask); } } if (isset($httpVars["minisite"])) { if (isset($editingRepo)) { try { AuthService::deleteRole("AJXP_SHARED-" . $newRepoUniqueId); } catch (Exception $e) { } } $newRole = new AJXP_Role("AJXP_SHARED-" . $newRepoUniqueId); $r = AuthService::getRole("MINISITE"); if (is_a($r, "AJXP_Role")) { if ($httpVars["disable_download"]) { $f = AuthService::getRole("MINISITE_NODOWNLOAD"); if (is_a($f, "AJXP_Role")) { $r = $f->override($r); } } $allData = $r->getDataArray(); $newData = $newRole->getDataArray(); if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) { $newData["ACTIONS"][$newRepoUniqueId] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED]; } if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) { $newData["PARAMETERS"][$newRepoUniqueId] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED]; } $newRole->bunchUpdate($newData); AuthService::updateRole($newRole); $userObject->addRole($newRole); } } $userObject->save("superuser"); if ($this->watcher !== false) { // Register a watch on the current folder for shared user if ($uWatches[$userName]) { $this->watcher->setWatchOnFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId())); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), $userName, true); } } } if ($this->watcher !== false) { // Register a watch on the new repository root for current user if ($httpVars["self_watch_folder"] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), AuthService::getLoggedUser()->getId()); } } foreach ($groups as $group) { $r = $uRights[$group]; /*if($group == "AJXP_GRP_/") { $group = "ROOT_ROLE"; }*/ $grRole = AuthService::getRole($group, true); $grRole->setAcl($newRepoUniqueId, $r); AuthService::updateRole($grRole); } if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) { AJXP_Controller::applyHook(isset($editingRepo) ? "node.share.update" : "node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo)); } return $newRepo; }
/** * @param $userObject AbstractAjxpUser * @param $rolePrefix get all roles with prefix * @param $includeString get roles in this string * @param $excludeString eliminate roles in this string * @param bool $byUserRoles * @return array */ public function getUserRoleList($userObject, $rolePrefix, $includeString, $excludeString, $byUserRoles = false) { if ($userObject) { if ($byUserRoles) { $allUserRoles = $userObject->getRoles(); } else { $allUserRoles = AuthService::getRolesList(array(), true); } $allRoles = array(); if (isset($allUserRoles)) { // Exclude if ($excludeString) { if (strpos($excludeString, "preg:") !== false) { $matchFilterExclude = "/" . str_replace("preg:", "", $excludeString) . "/i"; } else { $valueFiltersExclude = array_map("trim", explode(",", $excludeString)); $valueFiltersExclude = array_map("strtolower", $valueFiltersExclude); } } // Include if ($includeString) { if (strpos($includeString, "preg:") !== false) { $matchFilterInclude = "/" . str_replace("preg:", "", $includeString) . "/i"; } else { $valueFiltersInclude = array_map("trim", explode(",", $includeString)); $valueFiltersInclude = array_map("strtolower", $valueFiltersInclude); } } foreach ($allUserRoles as $roleId => $role) { if (!empty($rolePrefix) && strpos($roleId, $rolePrefix) === false) { continue; } if (isset($matchFilterExclude) && preg_match($matchFilterExclude, substr($roleId, strlen($rolePrefix)))) { continue; } if (isset($valueFiltersExclude) && in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersExclude)) { continue; } if (isset($matchFilterInclude) && !preg_match($matchFilterInclude, substr($roleId, strlen($rolePrefix)))) { continue; } if (isset($valueFiltersInclude) && !in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersInclude)) { continue; } if (is_a($role, "AJXP_Role")) { $roleObject = $role; } else { $roleObject = AuthService::getRole($roleId); } $label = $roleObject->getLabel(); $label = !empty($label) ? $label : substr($roleId, strlen($rolePrefix)); $allRoles[$roleId] = $label; } } return $allRoles; } }
public function updateUserObject(&$userObject) { if (!empty($this->separateGroup)) { $userObject->setGroupPath("/" . $this->separateGroup); } // SHOULD BE DEPRECATED if (!empty($this->customParamsMapping)) { $checkValues = array_values($this->customParamsMapping); $prefs = $userObject->getPref("CUSTOM_PARAMS"); if (!is_array($prefs)) { $prefs = array(); } // If one value exist, we consider the mapping has already been done. foreach ($checkValues as $val) { if (array_key_exists($val, $prefs)) { return; } } $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->customParamsMapping as $key => $value) { if (isset($entry[$key])) { $prefs[$value] = $entry[$key][0]; $changes = true; } } } if ($changes) { $userObject->setPref("CUSTOM_PARAMS", $prefs); $userObject->save(); } } if (!empty($this->paramsMapping)) { $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->paramsMapping as $params) { $key = strtolower($params['MAPPING_LDAP_PARAM']); if (isset($entry[$key])) { $value = $entry[$key][0]; $memberValues = array(); if ($key == "memberof") { // get CN from value foreach ($entry[$key] as $possibleValue) { $hnParts = array(); $parts = explode(",", ltrim($possibleValue, '/')); foreach ($parts as $part) { list($att, $attVal) = explode("=", $part); if (strtolower($att) == "cn") { $hnParts[] = $attVal; } } if (count($hnParts)) { $memberValues[implode(",", $hnParts)] = $possibleValue; } } } switch ($params['MAPPING_LOCAL_TYPE']) { case "role_id": if ($key == "memberof") { foreach ($memberValues as $uniqValue => $fullDN) { if (!in_array($uniqValue, array_keys($userObject->getRoles()))) { $userObject->addRole(AuthService::getRole($uniqValue, true)); $userObject->recomputeMergedRole(); $changes = true; } } } break; case "group_path": if ($key == "memberof") { $filter = $params["MAPPING_LOCAL_PARAM"]; if (strpos($filter, "preg:") !== false) { $matchFilter = "/" . str_replace("preg:", "", $filter) . "/i"; } else { if (!empty($filter)) { $valueFilters = array_map("trim", explode(",", $filter)); } } foreach ($memberValues as $uniqValue => $fullDN) { if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) { continue; } if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) { continue; } if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) { //break; } $humanName = $uniqValue; $branch = array(); $this->buildGroupBranch($uniqValue, $branch); $parent = "/"; if (count($branch)) { $parent = "/" . implode("/", array_reverse($branch)); } AuthService::createGroup($parent, $fullDN, $humanName); $userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true); // Update Roles from groupPath $b = array_reverse($branch); $b[] = $fullDN; for ($i = 1; $i <= count($b); $i++) { $userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true)); } $userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN); $userObject->recomputeMergedRole(); $changes = true; } } break; case "profile": if ($userObject->getProfile() != $value) { $changes = true; $userObject->setProfile($value); AuthService::updateAutoApplyRole($userObject); } break; case "plugin_param": default: if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) { list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]); } else { $pId = $this->getId(); $param = $params["MAPPING_LOCAL_PARAM"]; } if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) { $userObject->personalRole->setParameterValue($pId, $param, $value); $userObject->recomputeMergedRole(); $changes = true; } break; } } } } if ($changes) { $userObject->save("superuser"); } } }
<?php // FORCE bootstrap_repositories copy if (is_file(AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php" . ".new-" . date("Ymd"))) { rename(AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php", AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php.pre-update"); rename(AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php" . ".new-" . date("Ymd"), AJXP_INSTALL_PATH . "/conf/bootstrap_repositories.php"); } // Add new repo to root role $rootRole = AuthService::getRole("AJXP_GRP_/"); $rootRole->setAcl("inbox", "rw"); AuthService::updateRole($rootRole);
protected function actionUnshare($remoteId, $token, $parameters) { $token = \AJXP_Utils::sanitize($token, AJXP_SANITIZE_ALPHANUM); $remoteId = \AJXP_Utils::sanitize($remoteId, AJXP_SANITIZE_ALPHANUM); $store = new SQLStore(); $remoteShare = $store->remoteShareForOcsRemoteId($remoteId); if (empty($remoteShare)) { throw new InvalidArgumentsException(); } if ($token !== $remoteShare->getOcsToken()) { throw new InvalidArgumentsException(); } $targetUser = $remoteShare->getUser(); $store->deleteRemoteShare($remoteShare); $response = $this->buildResponse("ok", 200, "Successfully removed share."); $this->sendResponse($response, $this->getFormat($parameters)); $userRole = \AuthService::getRole("AJXP_USR_/" . $targetUser); if ($userRole !== false) { // Artificially "touch" user role // to force repositories reload if he is logged in \AuthService::updateRole($userRole); } }
function ajxp_gluecode_updateRole($loginData, &$userObject) { $authPlug = ConfService::getAuthDriverImpl(); if (property_exists($authPlug, "drivers") && is_array($authPlug->drivers) && $authPlug->drivers["remote"]) { $authPlug = $authPlug->drivers["remote"]; } $rolesMap = $authPlug->getOption("ROLES_MAP"); if (!isset($rolesMap) || strlen($rolesMap) == 0) { return; } // String like {key:value,key2:value2,key3:value3} $rolesMap = explode(",", $rolesMap); $newMap = array(); foreach ($rolesMap as $value) { $parts = explode(":", trim($value)); $roleId = trim($parts[1]); $roleObject = AuthService::getRole($roleId); if ($roleObject != null) { $newMap[trim($parts[0])] = $roleObject; $userObject->removeRole($roleId); } } $rolesMap = $newMap; if (isset($loginData["roles"]) && is_array($loginData["roles"])) { foreach ($loginData["roles"] as $role) { if (isset($rolesMap[$role])) { $userObject->addRole($rolesMap[$role]); } } } }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } parent::accessPreprocess($action, $httpVars, $fileVars); $loggedUser = AuthService::getLoggedUser(); if (ENABLE_USERS && !$loggedUser->isAdmin()) { return; } if ($action == "edit") { if (isset($httpVars["sub_action"])) { $action = $httpVars["sub_action"]; } } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // BASIC LISTING //------------------------------------ case "ls": $rootNodes = array("repositories" => array("LABEL" => $mess["ajxp_conf.3"], "ICON" => "folder_red.png"), "users" => array("LABEL" => $mess["ajxp_conf.2"], "ICON" => "yast_kuser.png"), "roles" => array("LABEL" => $mess["ajxp_conf.69"], "ICON" => "user_group_new.png"), "files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png"), "logs" => array("LABEL" => $mess["ajxp_conf.4"], "ICON" => "toggle_log.png"), "diagnostic" => array("LABEL" => $mess["ajxp_conf.5"], "ICON" => "susehelpcenter.png")); $dir = isset($httpVars["dir"]) ? $httpVars["dir"] : ""; $splits = explode("/", $dir); if (count($splits)) { if ($splits[0] == "") { array_shift($splits); } if (count($splits)) { $strippedDir = strtolower(urldecode($splits[0])); } else { $strippedDir = ""; } } if (array_key_exists($strippedDir, $rootNodes)) { AJXP_XMLWriter::header(); if ($strippedDir == "users") { $this->listUsers(); } else { if ($strippedDir == "roles") { $this->listRoles(); } else { if ($strippedDir == "repositories") { $this->listRepositories(); } else { if ($strippedDir == "logs") { $this->listLogFiles($dir); } else { if ($strippedDir == "diagnostic") { $this->printDiagnostic(); } else { if ($strippedDir == "files") { $this->listSharedFiles(); } } } } } } AJXP_XMLWriter::close(); exit(1); } else { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_conf.1" attributeName="ajxp_label" sortType="String"/></columns>'); foreach ($rootNodes as $key => $data) { $src = ''; if ($key == "logs") { $src = 'src="content.php?get_action=ls&dir=' . $key . '"'; } print '<tree text="' . $data["LABEL"] . '" icon="' . $data["ICON"] . '" filename="/' . $key . '" parentname="/" ' . $src . ' />'; } AJXP_XMLWriter::close(); exit(1); } break; case "stat": header("Content-type:application/json"); print '{"mode":true}'; exit(1); break; case "create_role": $roleId = $httpVars["role_id"]; if (AuthService::getRole($roleId) !== false) { throw new Exception($mess["ajxp_conf.65"]); } AuthService::updateRole(new AjxpRole($roleId)); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null); AJXP_XMLWriter::reloadDataNode("", $httpVars["role_id"]); AJXP_XMLWriter::close(); break; case "edit_role": $roleId = $httpVars["role_id"]; $role = AuthService::getRole($roleId); AJXP_XMLWriter::header("admin_data"); print AJXP_XMLWriter::writeRoleRepositoriesData($role); AJXP_XMLWriter::close("admin_data"); break; case "update_role_right": if (!isset($httpVars["role_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>"; AJXP_XMLWriter::close(); return; //exit(1); } $role = AuthService::getRole($httpVars["role_id"]); $role->setRight($httpVars["repository_id"], $httpVars["right"]); AuthService::updateRole($role); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.64"] . $httpVars["role_id"], null); print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $role->canRead($httpVars["repository_id"]) . "\" write=\"" . $role->canWrite($httpVars["repository_id"]) . "\"/>"; //AJXP_XMLWriter::reloadRepositoryList(); AJXP_XMLWriter::close(); //exit(1); break; case "update_role_actions": if (!isset($httpVars["role_id"]) || !isset($httpVars["disabled_actions"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); return; } $role = AuthService::getRole($httpVars["role_id"]); $actions = array_map("trim", explode(",", $httpVars["disabled_actions"])); // Clear and reload actions foreach ($role->getSpecificActionsRights("ajxp.all") as $actName => $actValue) { $role->setSpecificActionRight("ajxp.all", $actName, true); } foreach ($actions as $action) { if ($action == "") { continue; } $role->setSpecificActionRight("ajxp.all", $action, false); } AuthService::updateRole($role); AJXP_XMLWriter::header("admin_data"); print AJXP_XMLWriter::writeRoleRepositoriesData($role); AJXP_XMLWriter::close("admin_data"); break; case "edit_user": $confStorage = ConfService::getConfStorageImpl(); $userId = $httpVars["user_id"]; $userObject = $confStorage->createUserObject($userId); //print_r($userObject); AJXP_XMLWriter::header("admin_data"); AJXP_XMLWriter::sendUserData($userObject, true); // Add WALLET DATA : DEFINITIONS AND VALUES print "<drivers>"; print ConfService::availableDriversToXML("user_param"); print "</drivers>"; $wallet = $userObject->getPref("AJXP_WALLET"); if (is_array($wallet) && count($wallet) > 0) { print "<user_wallet>"; foreach ($wallet as $repoId => $options) { foreach ($options as $optName => $optValue) { print "<wallet_data repo_id=\"{$repoId}\" option_name=\"{$optName}\" option_value=\"{$optValue}\"/>"; } } print "</user_wallet>"; } $editPass = $userId != "guest" ? "1" : "0"; $authDriver = ConfService::getAuthDriverImpl(); if (!$authDriver->passwordsEditable()) { $editPass = "******"; } print "<edit_options edit_pass=\"" . $editPass . "\" edit_admin_right=\"" . ($userId != "guest" && $userId != $loggedUser->getId() ? "1" : "0") . "\" edit_delete=\"" . ($userId != "guest" && $userId != $loggedUser->getId() && $authDriver->usersEditable() ? "1" : "0") . "\"/>"; print "<ajxp_roles>"; foreach (AuthService::getRolesList() as $roleId => $roleObject) { print "<role id=\"{$roleId}\"/>"; } print "</ajxp_roles>"; AJXP_XMLWriter::close("admin_data"); exit(1); break; case "create_user": if (!isset($httpVars["new_user_login"]) || $httpVars["new_user_login"] == "" || !isset($httpVars["new_user_pwd"]) || $httpVars["new_user_pwd"] == "") { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); exit(1); } $forbidden = array("guest", "share"); if (AuthService::userExists($httpVars["new_user_login"]) || in_array($httpVars["new_user_login"], $forbidden)) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.43"]); AJXP_XMLWriter::close(); exit(1); } if (get_magic_quotes_gpc()) { $httpVars["new_user_login"] = stripslashes($httpVars["new_user_login"]); } $httpVars["new_user_login"] = str_replace("'", "", $httpVars["new_user_login"]); $confStorage = ConfService::getConfStorageImpl(); $newUser = $confStorage->createUserObject($httpVars["new_user_login"]); $newUser->save(); AuthService::createUser($httpVars["new_user_login"], $httpVars["new_user_pwd"]); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.44"], null); AJXP_XMLWriter::reloadFileList($httpVars["new_user_login"]); AJXP_XMLWriter::close(); exit(1); break; case "change_admin_right": $userId = $httpVars["user_id"]; $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($userId); $user->setAdmin($httpVars["right_value"] == "1" ? true : false); $user->save(); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.45"] . $httpVars["user_id"], null); AJXP_XMLWriter::reloadFileList(false); AJXP_XMLWriter::close(); exit(1); break; case "update_user_right": if (!isset($httpVars["user_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"]) || !AuthService::userExists($httpVars["user_id"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>"; AJXP_XMLWriter::close(); exit(1); } $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($httpVars["user_id"]); $user->setRight($httpVars["repository_id"], $httpVars["right"]); $user->save(); $loggedUser = AuthService::getLoggedUser(); if ($loggedUser->getId() == $user->getId()) { AuthService::updateUser($user); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.46"] . $httpVars["user_id"], null); print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $user->canRead($httpVars["repository_id"]) . "\" write=\"" . $user->canWrite($httpVars["repository_id"]) . "\"/>"; AJXP_XMLWriter::reloadRepositoryList(); AJXP_XMLWriter::close(); return; break; case "user_add_role": case "user_delete_role": if (!isset($httpVars["user_id"]) || !isset($httpVars["role_id"]) || !AuthService::userExists($httpVars["user_id"])) { throw new Exception($mess["ajxp_conf.61"]); } if ($action == "user_add_role") { $act = "add"; $messId = "73"; } else { $act = "remove"; $messId = "74"; } $this->updateUserRole($httpVars["user_id"], $httpVars["role_id"], $act); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf." . $messId] . $httpVars["user_id"], null); AJXP_XMLWriter::close(); return; break; case "batch_users_roles": $confStorage = ConfService::getConfStorageImpl(); $selection = new UserSelection(); $selection->initFromHttpVars($httpVars); $files = $selection->getFiles(); $detectedRoles = array(); if (isset($httpVars["role_id"]) && isset($httpVars["update_role_action"])) { $update = $httpVars["update_role_action"]; $roleId = $httpVars["role_id"]; } foreach ($files as $index => $file) { $userId = basename($file); if (isset($update)) { $userObject = $this->updateUserRole($userId, $roleId, $update); } else { $userObject = $confStorage->createUserObject($userId); } if ($userObject->hasParent()) { unset($files[$index]); continue; } $userRoles = $userObject->getRoles(); foreach ($userRoles as $roleIndex => $bool) { if (!isset($detectedRoles[$roleIndex])) { $detectedRoles[$roleIndex] = 0; } if ($bool === true) { $detectedRoles[$roleIndex]++; } } } $count = count($files); AJXP_XMLWriter::header("admin_data"); print "<user><ajxp_roles>"; foreach ($detectedRoles as $roleId => $roleCount) { if ($roleCount < $count) { continue; } print "<role id=\"{$roleId}\"/>"; } print "</ajxp_roles></user>"; print "<ajxp_roles>"; foreach (AuthService::getRolesList() as $roleId => $roleObject) { print "<role id=\"{$roleId}\"/>"; } print "</ajxp_roles>"; AJXP_XMLWriter::close("admin_data"); break; case "save_repository_user_params": $userId = $httpVars["user_id"]; if ($userId == $loggedUser->getId()) { $user = $loggedUser; } else { $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($userId); } $wallet = $user->getPref("AJXP_WALLET"); if (!is_array($wallet)) { $wallet = array(); } $repoID = $httpVars["repository_id"]; if (!array_key_exists($repoID, $wallet)) { $wallet[$repoID] = array(); } $options = $wallet[$repoID]; $this->parseParameters($httpVars, $options, $userId); $wallet[$repoID] = $options; $user->setPref("AJXP_WALLET", $wallet); $user->save(); if ($loggedUser->getId() == $user->getId()) { AuthService::updateUser($user); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.47"] . $httpVars["user_id"], null); AJXP_XMLWriter::close(); exit(1); break; case "update_user_pwd": if (!isset($httpVars["user_id"]) || !isset($httpVars["user_pwd"]) || !AuthService::userExists($httpVars["user_id"]) || trim($httpVars["user_pwd"]) == "") { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); exit(1); } $res = AuthService::updatePassword($httpVars["user_id"], $httpVars["user_pwd"]); AJXP_XMLWriter::header(); if ($res === true) { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.48"] . $httpVars["user_id"], null); } else { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.49"] . " : {$res}"); } AJXP_XMLWriter::close(); exit(1); break; case "get_drivers_definition": AJXP_XMLWriter::header("drivers"); print ConfService::availableDriversToXML("param"); AJXP_XMLWriter::close("drivers"); exit(1); break; case "create_repository": $options = array(); $repDef = $httpVars; unset($repDef["get_action"]); $this->parseParameters($repDef, $options); if (count($options)) { $repDef["DRIVER_OPTIONS"] = $options; } // NOW SAVE THIS REPOSITORY! $newRep = ConfService::createRepositoryFromArray(0, $repDef); if (is_file(INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $newRep->getAccessType() . ".php")) { chdir(INSTALL_PATH . "/server/tests/plugins"); include INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $newRep->getAccessType() . ".php"; $className = "ajxp_" . $newRep->getAccessType(); $class = new $className(); $result = $class->doRepositoryTest($newRep); if (!$result) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $class->failedInfo); AJXP_XMLWriter::close(); exit(1); } } if ($this->repositoryExists($newRep->getDisplay())) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]); AJXP_XMLWriter::close(); exit(1); } $res = ConfService::addRepository($newRep); AJXP_XMLWriter::header(); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]); } else { $confStorage = ConfService::getConfStorageImpl(); $loggedUser = AuthService::getLoggedUser(); $loggedUser->setRight($newRep->getUniqueId(), "rw"); $loggedUser->save(); AuthService::updateUser($loggedUser); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.52"], null); AJXP_XMLWriter::reloadFileList($newRep->getDisplay()); AJXP_XMLWriter::reloadRepositoryList(); } AJXP_XMLWriter::close(); exit(1); break; case "edit_repository": $repId = $httpVars["repository_id"]; $repList = ConfService::getRootDirsList(); //print_r($repList); AJXP_XMLWriter::header("admin_data"); if (!isset($repList[$repId])) { AJXP_XMLWriter::close("admin_data"); exit(1); } $repository = $repList[$repId]; $nested = array(); print "<repository index=\"{$repId}\""; foreach ($repository as $name => $option) { if (!is_array($option)) { if (is_bool($option)) { $option = $option ? "true" : "false"; } print " {$name}=\"" . SystemTextEncoding::toUTF8(AJXP_Utils::xmlEntities($option)) . "\" "; } else { if (is_array($option)) { $nested[] = $option; } } } if (count($nested)) { print ">"; foreach ($nested as $option) { foreach ($option as $key => $optValue) { if (is_array($optValue) && count($optValue)) { print "<param name=\"{$key}\"><![CDATA[" . json_encode($optValue) . "]]></param>"; } else { if (is_bool($optValue)) { $optValue = $optValue ? "true" : "false"; } print "<param name=\"{$key}\" value=\"{$optValue}\"/>"; } } } print "</repository>"; } else { print "/>"; } $pServ = AJXP_PluginsService::getInstance(); $plug = $pServ->getPluginById("access." . $repository->accessType); $manifest = $plug->getManifestRawContent("server_settings/param"); print "<ajxpdriver name=\"" . $repository->accessType . "\">{$manifest}</ajxpdriver>"; print "<metasources>"; $metas = $pServ->getPluginsByType("meta"); foreach ($metas as $metaPlug) { print "<meta id=\"" . $metaPlug->getId() . "\">"; $manifest = $metaPlug->getManifestRawContent("server_settings/param"); print $manifest; print "</meta>"; } print "</metasources>"; AJXP_XMLWriter::close("admin_data"); exit(1); break; case "edit_repository_label": case "edit_repository_data": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); $res = 0; if (isset($httpVars["newLabel"])) { $newLabel = SystemTextEncoding::fromPostedFileName($httpVars["newLabel"]); if ($this->repositoryExists($newLabel)) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]); AJXP_XMLWriter::close(); exit(1); } $repo->setDisplay($newLabel); $res = ConfService::replaceRepository($repId, $repo); } else { $options = array(); $this->parseParameters($httpVars, $options); if (count($options)) { foreach ($options as $key => $value) { $repo->addOption($key, $value); } } if (is_file(INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $repo->getAccessType() . ".php")) { chdir(INSTALL_PATH . "/server/tests/plugins"); include INSTALL_PATH . "/server/tests/plugins/test.ajxp_" . $repo->getAccessType() . ".php"; $className = "ajxp_" . $repo->getAccessType(); $class = new $className(); $result = $class->doRepositoryTest($repo); if (!$result) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $class->failedInfo); AJXP_XMLWriter::close(); exit(1); } } ConfService::replaceRepository($repId, $repo); } AJXP_XMLWriter::header(); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.53"]); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.54"], null); AJXP_XMLWriter::reloadDataNode("", isset($httpVars["newLabel"]) ? SystemTextEncoding::fromPostedFileName($httpVars["newLabel"]) : false); AJXP_XMLWriter::reloadRepositoryList(); } AJXP_XMLWriter::close(); exit(1); case "add_meta_source": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); $metaSourceType = $httpVars["new_meta_source"]; $options = array(); $this->parseParameters($httpVars, $options); $repoOptions = $repo->getOption("META_SOURCES"); if (is_array($repoOptions) && isset($repoOptions[$metaSourceType])) { throw new Exception($mess["ajxp_conf.55"]); } if (!is_array($repoOptions)) { $repoOptions = array(); } $repoOptions[$metaSourceType] = $options; $repo->addOption("META_SOURCES", $repoOptions); ConfService::replaceRepository($repId, $repo); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.56"], null); AJXP_XMLWriter::close(); break; case "delete_meta_source": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); $metaSourceId = $httpVars["plugId"]; $repoOptions = $repo->getOption("META_SOURCES"); if (is_array($repoOptions) && array_key_exists($metaSourceId, $repoOptions)) { unset($repoOptions[$metaSourceId]); $repo->addOption("META_SOURCES", $repoOptions); ConfService::replaceRepository($repId, $repo); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.57"], null); AJXP_XMLWriter::close(); break; case "edit_meta_source": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); $metaSourceId = $httpVars["plugId"]; $options = array(); $this->parseParameters($httpVars, $options); $repoOptions = $repo->getOption("META_SOURCES"); if (!is_array($repoOptions)) { $repoOptions = array(); } $repoOptions[$metaSourceId] = $options; $repo->addOption("META_SOURCES", $repoOptions); ConfService::replaceRepository($repId, $repo); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.58"], null); AJXP_XMLWriter::close(); break; case "delete": if (isset($httpVars["repository_id"])) { $repId = $httpVars["repository_id"]; //if(get_magic_quotes_gpc()) $repLabel = stripslashes($repLabel); $res = ConfService::deleteRepository($repId); AJXP_XMLWriter::header(); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.59"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::reloadRepositoryList(); } AJXP_XMLWriter::close(); exit(1); } else { if (isset($httpVars["shared_file"])) { AJXP_XMLWriter::header(); $element = basename($httpVars["shared_file"]); $publicletData = $this->loadPublicletData(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php"); unlink(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php"); AJXP_XMLWriter::sendMessage($mess["ajxp_shared.13"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); } else { if (isset($httpVars["role_id"])) { $roleId = $httpVars["role_id"]; if (AuthService::getRole($roleId) === false) { throw new Exception($mess["ajxp_conf.67"]); } AuthService::deleteRole($roleId); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); } else { $forbidden = array("guest", "share"); if (!isset($httpVars["user_id"]) || $httpVars["user_id"] == "" || in_array($httpVars["user_id"], $forbidden) || $loggedUser->getId() == $httpVars["user_id"]) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); exit(1); } $res = AuthService::deleteUser($httpVars["user_id"]); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.60"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); exit(1); } } } break; case "clear_expired": $deleted = $this->clearExpiredFiles(); AJXP_XMLWriter::header(); if (count($deleted)) { AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null); AJXP_XMLWriter::reloadDataNode(); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null); } AJXP_XMLWriter::close(); break; default: break; } return; }
public function updateUserRole($userId, $roleId, $addOrRemove, $updateSubUsers = false) { $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($userId); if (!AuthService::canAdministrate($user)) { throw new Exception("Cannot update user data for " . $userId); } if ($addOrRemove == "add") { $roleObject = AuthService::getRole($roleId); $user->addRole($roleObject); } else { $user->removeRole($roleId); } $user->save("superuser"); $loggedUser = AuthService::getLoggedUser(); if ($loggedUser->getId() == $user->getId()) { AuthService::updateUser($user); } return $user; }
/** * @param AbstractAjxpUser $userObject */ public function updateUserObject(&$userObject) { $applyRole = $this->getOption("AUTO_APPLY_ROLE"); if (!empty($applyRole)) { $rObject = AuthService::getRole($applyRole, true); $userObject->addRole($rObject); $userObject->save("superuser"); } }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } parent::accessPreprocess($action, $httpVars, $fileVars); $loggedUser = AuthService::getLoggedUser(); if (AuthService::usersEnabled() && !$loggedUser->isAdmin()) { return; } if ($action == "edit") { if (isset($httpVars["sub_action"])) { $action = $httpVars["sub_action"]; } } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // BASIC LISTING //------------------------------------ case "ls": $rootNodes = array("data" => array("LABEL" => $mess["ajxp_conf.110"], "ICON" => "user.png", "CHILDREN" => array("repositories" => array("LABEL" => $mess["ajxp_conf.3"], "ICON" => "hdd_external_unmount.png", "LIST" => "listRepositories"), "users" => array("LABEL" => $mess["ajxp_conf.2"], "ICON" => "user.png", "LIST" => "listUsers"), "roles" => array("LABEL" => $mess["ajxp_conf.69"], "ICON" => "yast_kuser.png", "LIST" => "listRoles"))), "config" => array("LABEL" => $mess["ajxp_conf.109"], "ICON" => "preferences_desktop.png", "CHILDREN" => array("core" => array("LABEL" => $mess["ajxp_conf.98"], "ICON" => "preferences_desktop.png", "LIST" => "listPlugins"), "plugins" => array("LABEL" => $mess["ajxp_conf.99"], "ICON" => "folder_development.png", "LIST" => "listPlugins"))), "admin" => array("LABEL" => $mess["ajxp_conf.111"], "ICON" => "toggle_log.png", "CHILDREN" => array("logs" => array("LABEL" => $mess["ajxp_conf.4"], "ICON" => "toggle_log.png", "LIST" => "listLogFiles"), "files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png", "LIST" => "listSharedFiles"), "diagnostic" => array("LABEL" => $mess["ajxp_conf.5"], "ICON" => "susehelpcenter.png", "LIST" => "printDiagnostic")))); AJXP_Controller::applyHook("ajxp_conf.list_config_nodes", array(&$rootNodes)); $dir = trim(AJXP_Utils::decodeSecureMagic(isset($httpVars["dir"]) ? $httpVars["dir"] : ""), " /"); if ($dir != "") { $splits = explode("/", $dir); $root = array_shift($splits); if (count($splits)) { $child = $splits[0]; if (strstr(urldecode($child), "#") !== false) { list($child, $hash) = explode("#", urldecode($child)); } if (isset($rootNodes[$root]["CHILDREN"][$child])) { $callback = $rootNodes[$root]["CHILDREN"][$child]["LIST"]; if (is_string($callback) && method_exists($this, $callback)) { AJXP_XMLWriter::header(); call_user_func(array($this, $callback), implode("/", $splits), $root, $hash); AJXP_XMLWriter::close(); } else { if (is_array($callback)) { call_user_func($callback, implode("/", $splits), $root, $hash); } } return; } } else { $parentName = "/" . $root . "/"; $nodes = $rootNodes[$root]["CHILDREN"]; } } else { $parentName = "/"; $nodes = $rootNodes; } if (isset($nodes)) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_conf.1" attributeName="ajxp_label" sortType="String"/></columns>'); foreach ($nodes as $key => $data) { print '<tree text="' . AJXP_Utils::xmlEntities($data["LABEL"]) . '" icon="' . $data["ICON"] . '" filename="' . $parentName . $key . '"/>'; } AJXP_XMLWriter::close(); } break; case "stat": header("Content-type:application/json"); print '{"mode":true}'; return; break; case "create_role": $roleId = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["role_id"]), AJXP_SANITIZE_HTML_STRICT); if (!strlen($roleId)) { throw new Exception($mess[349]); } if (AuthService::getRole($roleId) !== false) { throw new Exception($mess["ajxp_conf.65"]); } AuthService::updateRole(new AjxpRole($roleId)); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null); AJXP_XMLWriter::reloadDataNode("", $httpVars["role_id"]); AJXP_XMLWriter::close(); break; case "edit_role": $roleId = SystemTextEncoding::magicDequote($httpVars["role_id"]); $role = AuthService::getRole($roleId); if ($role === false) { throw new Exception("Cant find role! "); } AJXP_XMLWriter::header("admin_data"); print AJXP_XMLWriter::writeRoleRepositoriesData($role); AJXP_XMLWriter::close("admin_data"); break; case "update_role_right": if (!isset($httpVars["role_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>"; AJXP_XMLWriter::close(); return; } $role = AuthService::getRole($httpVars["role_id"]); if ($role === false) { throw new Exception("Cant find role!"); } $role->setRight($httpVars["repository_id"], $httpVars["right"]); AuthService::updateRole($role); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.64"] . $httpVars["role_id"], null); print "<update_checkboxes user_id=\"" . $httpVars["role_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $role->canRead($httpVars["repository_id"]) . "\" write=\"" . $role->canWrite($httpVars["repository_id"]) . "\"/>"; //AJXP_XMLWriter::reloadRepositoryList(); AJXP_XMLWriter::close(); break; case "update_role_actions": if (!isset($httpVars["role_id"]) || !isset($httpVars["disabled_actions"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); return; } $role = AuthService::getRole($httpVars["role_id"]); if ($role === false) { throw new Exception("Cant find role!"); } $actions = explode(",", $httpVars["disabled_actions"]); // Clear and reload actions foreach ($role->getSpecificActionsRights("ajxp.all") as $actName => $actValue) { $role->setSpecificActionRight("ajxp.all", $actName, true); } foreach ($actions as $action) { if (($action = AJXP_Utils::sanitize($action, AJXP_SANITIZE_ALPHANUM)) == "") { continue; } $role->setSpecificActionRight("ajxp.all", $action, false); } AuthService::updateRole($role); AJXP_XMLWriter::header("admin_data"); print AJXP_XMLWriter::writeRoleRepositoriesData($role); AJXP_XMLWriter::close("admin_data"); break; case "update_role_default": if (!isset($httpVars["role_id"]) || !isset($httpVars["default_value"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); return; } $role = AuthService::getRole($httpVars["role_id"]); if ($role === false) { throw new Exception("Cannot find role!"); } $role->setDefault($httpVars["default_value"] == "true"); AuthService::updateRole($role); AJXP_XMLWriter::header("admin_data"); print AJXP_XMLWriter::writeRoleRepositoriesData($role); AJXP_XMLWriter::close("admin_data"); break; case "get_custom_params": $confStorage = ConfService::getConfStorageImpl(); AJXP_XMLWriter::header("admin_data"); $confDriver = ConfService::getConfStorageImpl(); $customData = $confDriver->options['CUSTOM_DATA']; if (is_array($customData) && count($customData) > 0) { print "<custom_data>"; foreach ($customData as $custName => $custValue) { print "<param name=\"{$custName}\" type=\"string\" label=\"{$custValue}\" description=\"\" value=\"\"/>"; } print "</custom_data>"; } AJXP_XMLWriter::close("admin_data"); break; case "edit_user": $confStorage = ConfService::getConfStorageImpl(); $userId = $httpVars["user_id"]; if (!AuthService::userExists($userId)) { throw new Exception("Invalid user id!"); } $userObject = $confStorage->createUserObject($userId); //print_r($userObject); AJXP_XMLWriter::header("admin_data"); AJXP_XMLWriter::sendUserData($userObject, true); // Add CUSTOM USER DATA $confDriver = ConfService::getConfStorageImpl(); $customData = $confDriver->options['CUSTOM_DATA']; if (is_array($customData) && count($customData) > 0) { $userCustom = $userObject->getPref("CUSTOM_PARAMS"); print "<custom_data>"; foreach ($customData as $custName => $custValue) { $value = isset($userCustom[$custName]) ? $userCustom[$custName] : ''; print "<param name=\"{$custName}\" type=\"string\" label=\"{$custValue}\" description=\"\" value=\"{$value}\"/>"; } print "</custom_data>"; } // Add WALLET DATA : DEFINITIONS AND VALUES print "<drivers>"; print AJXP_XMLWriter::replaceAjxpXmlKeywords(ConfService::availableDriversToXML("user_param")); print "</drivers>"; $wallet = $userObject->getPref("AJXP_WALLET"); if (is_array($wallet) && count($wallet) > 0) { print "<user_wallet>"; foreach ($wallet as $repoId => $options) { foreach ($options as $optName => $optValue) { print "<wallet_data repo_id=\"{$repoId}\" option_name=\"{$optName}\" option_value=\"{$optValue}\"/>"; } } print "</user_wallet>"; } $editPass = $userId != "guest" ? "1" : "0"; $authDriver = ConfService::getAuthDriverImpl(); if (!$authDriver->passwordsEditable()) { $editPass = "******"; } print "<edit_options edit_pass=\"" . $editPass . "\" edit_admin_right=\"" . ($userId != "guest" && $userId != $loggedUser->getId() ? "1" : "0") . "\" edit_delete=\"" . ($userId != "guest" && $userId != $loggedUser->getId() && $authDriver->usersEditable() ? "1" : "0") . "\"/>"; print "<ajxp_roles>"; foreach (AuthService::getRolesList() as $roleId => $roleObject) { print "<role id=\"" . AJXP_Utils::xmlEntities($roleId) . "\"/>"; } print "</ajxp_roles>"; AJXP_XMLWriter::close("admin_data"); break; case "create_user": if (!isset($httpVars["new_user_login"]) || $httpVars["new_user_login"] == "" || !isset($httpVars["new_user_pwd"]) || $httpVars["new_user_pwd"] == "") { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); return; } $new_user_login = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["new_user_login"]), AJXP_SANITIZE_EMAILCHARS); if (AuthService::userExists($new_user_login) || AuthService::isReservedUserId($new_user_login)) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.43"]); AJXP_XMLWriter::close(); return; } $confStorage = ConfService::getConfStorageImpl(); $newUser = $confStorage->createUserObject($new_user_login); $customData = array(); $this->parseParameters($httpVars, $customData); if (is_array($customData) && count($customData) > 0) { $newUser->setPref("CUSTOM_PARAMS", $customData); } $newUser->save("superuser"); AuthService::createUser($new_user_login, $httpVars["new_user_pwd"]); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.44"], null); AJXP_XMLWriter::reloadDataNode("", $new_user_login); AJXP_XMLWriter::close(); break; case "change_admin_right": $userId = $httpVars["user_id"]; if (!AuthService::userExists($userId)) { throw new Exception("Invalid user id!"); } $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($userId); $user->setAdmin($httpVars["right_value"] == "1" ? true : false); $user->save("superuser"); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.45"] . $httpVars["user_id"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; case "update_user_right": if (!isset($httpVars["user_id"]) || !isset($httpVars["repository_id"]) || !isset($httpVars["right"]) || !AuthService::userExists($httpVars["user_id"])) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"old\" write=\"old\"/>"; AJXP_XMLWriter::close(); return; } $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($httpVars["user_id"]); $user->setRight(AJXP_Utils::sanitize($httpVars["repository_id"], AJXP_SANITIZE_ALPHANUM), AJXP_Utils::sanitize($httpVars["right"], AJXP_SANITIZE_ALPHANUM)); $user->save(); $loggedUser = AuthService::getLoggedUser(); if ($loggedUser->getId() == $user->getId()) { AuthService::updateUser($user); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.46"] . $httpVars["user_id"], null); print "<update_checkboxes user_id=\"" . $httpVars["user_id"] . "\" repository_id=\"" . $httpVars["repository_id"] . "\" read=\"" . $user->canRead($httpVars["repository_id"]) . "\" write=\"" . $user->canWrite($httpVars["repository_id"]) . "\"/>"; AJXP_XMLWriter::reloadRepositoryList(); AJXP_XMLWriter::close(); return; break; case "user_add_role": case "user_delete_role": if (!isset($httpVars["user_id"]) || !isset($httpVars["role_id"]) || !AuthService::userExists($httpVars["user_id"]) || !AuthService::getRole($httpVars["role_id"])) { throw new Exception($mess["ajxp_conf.61"]); } if ($action == "user_add_role") { $act = "add"; $messId = "73"; } else { $act = "remove"; $messId = "74"; } $this->updateUserRole($httpVars["user_id"], $httpVars["role_id"], $act); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf." . $messId] . $httpVars["user_id"], null); AJXP_XMLWriter::close(); return; break; case "batch_users_roles": $confStorage = ConfService::getConfStorageImpl(); $selection = new UserSelection(); $selection->initFromHttpVars($httpVars); $files = $selection->getFiles(); $detectedRoles = array(); if (isset($httpVars["role_id"]) && isset($httpVars["update_role_action"])) { $update = $httpVars["update_role_action"]; $roleId = $httpVars["role_id"]; if (AuthService::getRole($roleId) === false) { throw new Exception("Invalid role id"); } } foreach ($files as $index => $file) { $userId = basename($file); if (isset($update)) { $userObject = $this->updateUserRole($userId, $roleId, $update); } else { $userObject = $confStorage->createUserObject($userId); } if ($userObject->hasParent()) { unset($files[$index]); continue; } $userRoles = $userObject->getRoles(); foreach ($userRoles as $roleIndex => $bool) { if (!isset($detectedRoles[$roleIndex])) { $detectedRoles[$roleIndex] = 0; } if ($bool === true) { $detectedRoles[$roleIndex]++; } } } $count = count($files); AJXP_XMLWriter::header("admin_data"); print "<user><ajxp_roles>"; foreach ($detectedRoles as $roleId => $roleCount) { if ($roleCount < $count) { continue; } print "<role id=\"{$roleId}\"/>"; } print "</ajxp_roles></user>"; print "<ajxp_roles>"; foreach (AuthService::getRolesList() as $roleId => $roleObject) { print "<role id=\"{$roleId}\"/>"; } print "</ajxp_roles>"; AJXP_XMLWriter::close("admin_data"); break; case "save_custom_user_params": $userId = $httpVars["user_id"]; if ($userId == $loggedUser->getId()) { $user = $loggedUser; } else { $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($userId); } $custom = $user->getPref("CUSTOM_PARAMS"); if (!is_array($custom)) { $custom = array(); } $options = $custom; $this->parseParameters($httpVars, $options, $userId); $custom = $options; $user->setPref("CUSTOM_PARAMS", $custom); $user->save(); if ($loggedUser->getId() == $user->getId()) { AuthService::updateUser($user); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.47"] . $httpVars["user_id"], null); AJXP_XMLWriter::close(); break; case "save_repository_user_params": $userId = $httpVars["user_id"]; if ($userId == $loggedUser->getId()) { $user = $loggedUser; } else { $confStorage = ConfService::getConfStorageImpl(); $user = $confStorage->createUserObject($userId); } $wallet = $user->getPref("AJXP_WALLET"); if (!is_array($wallet)) { $wallet = array(); } $repoID = $httpVars["repository_id"]; if (!array_key_exists($repoID, $wallet)) { $wallet[$repoID] = array(); } $options = $wallet[$repoID]; $this->parseParameters($httpVars, $options, $userId); $wallet[$repoID] = $options; $user->setPref("AJXP_WALLET", $wallet); $user->save(); if ($loggedUser->getId() == $user->getId()) { AuthService::updateUser($user); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.47"] . $httpVars["user_id"], null); AJXP_XMLWriter::close(); break; case "update_user_pwd": if (!isset($httpVars["user_id"]) || !isset($httpVars["user_pwd"]) || !AuthService::userExists($httpVars["user_id"]) || trim($httpVars["user_pwd"]) == "") { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); return; } $res = AuthService::updatePassword($httpVars["user_id"], $httpVars["user_pwd"]); AJXP_XMLWriter::header(); if ($res === true) { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.48"] . $httpVars["user_id"], null); } else { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.49"] . " : {$res}"); } AJXP_XMLWriter::close(); break; case "save_user_preference": if (!isset($httpVars["user_id"]) || !AuthService::userExists($httpVars["user_id"])) { throw new Exception($mess["ajxp_conf.61"]); } $userId = $httpVars["user_id"]; if ($userId == $loggedUser->getId()) { $userObject = $loggedUser; } else { $confStorage = ConfService::getConfStorageImpl(); $userObject = $confStorage->createUserObject($userId); } $i = 0; while (isset($httpVars["pref_name_" . $i]) && isset($httpVars["pref_value_" . $i])) { $prefName = AJXP_Utils::sanitize($httpVars["pref_name_" . $i], AJXP_SANITIZE_ALPHANUM); $prefValue = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["pref_value_" . $i])); if ($prefName == "password") { continue; } if ($prefName != "pending_folder" && $userObject == null) { $i++; continue; } $userObject->setPref($prefName, $prefValue); $userObject->save("user"); $i++; } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage("Succesfully saved user preference", null); AJXP_XMLWriter::close(); break; case "get_drivers_definition": AJXP_XMLWriter::header("drivers"); print AJXP_XMLWriter::replaceAjxpXmlKeywords(ConfService::availableDriversToXML("param", "", true)); AJXP_XMLWriter::close("drivers"); break; case "get_templates_definition": AJXP_XMLWriter::header("repository_templates"); $repositories = ConfService::getRepositoriesList(); foreach ($repositories as $repo) { if (!$repo->isTemplate) { continue; } $repoId = $repo->getUniqueId(); $repoLabel = $repo->getDisplay(); $repoType = $repo->getAccessType(); print "<template repository_id=\"{$repoId}\" repository_label=\"{$repoLabel}\" repository_type=\"{$repoType}\">"; foreach ($repo->getOptionsDefined() as $optionName) { print "<option name=\"{$optionName}\"/>"; } print "</template>"; } AJXP_XMLWriter::close("repository_templates"); break; case "create_repository": $options = array(); $repDef = $httpVars; $isTemplate = isset($httpVars["sf_checkboxes_active"]); unset($repDef["get_action"]); unset($repDef["sf_checkboxes_active"]); $this->parseParameters($repDef, $options); if (count($options)) { $repDef["DRIVER_OPTIONS"] = $options; } if (strstr($repDef["DRIVER"], "ajxp_template_") !== false) { $templateId = substr($repDef["DRIVER"], 14); $templateRepo = ConfService::getRepositoryById($templateId); $newRep = $templateRepo->createTemplateChild($repDef["DISPLAY"], $repDef["DRIVER_OPTIONS"]); } else { $pServ = AJXP_PluginsService::getInstance(); $driver = $pServ->getPluginByTypeName("access", $repDef["DRIVER"]); $newRep = ConfService::createRepositoryFromArray(0, $repDef); $testFile = $driver->getBaseDir() . "/test." . $newRep->getAccessType() . "Access.php"; if (!$isTemplate && is_file($testFile)) { //chdir(AJXP_TESTS_FOLDER."/plugins"); include $testFile; $className = $newRep->getAccessType() . "AccessTest"; $class = new $className(); $result = $class->doRepositoryTest($newRep); if (!$result) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $class->failedInfo); AJXP_XMLWriter::close(); return; } } // Apply default metasource if any if ($driver != null && $driver->getConfigs() != null) { $confs = $driver->getConfigs(); if (!empty($confs["DEFAULT_METASOURCES"])) { $metaIds = AJXP_Utils::parseCSL($confs["DEFAULT_METASOURCES"]); $metaSourceOptions = array(); foreach ($metaIds as $metaID) { $metaPlug = $pServ->getPluginById($metaID); if ($metaPlug == null) { continue; } $pNodes = $metaPlug->getManifestRawContent("//param[@default]", "nodes"); $defaultParams = array(); foreach ($pNodes as $domNode) { $defaultParams[$domNode->getAttribute("name")] = $domNode->getAttribute("default"); } $metaSourceOptions[$metaID] = $defaultParams; } $newRep->addOption("META_SOURCES", $metaSourceOptions); } } } if ($this->repositoryExists($newRep->getDisplay())) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]); AJXP_XMLWriter::close(); return; } if ($isTemplate) { $newRep->isTemplate = true; } $res = ConfService::addRepository($newRep); AJXP_XMLWriter::header(); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]); } else { $loggedUser = AuthService::getLoggedUser(); $loggedUser->setRight($newRep->getUniqueId(), "rw"); $loggedUser->save("superuser"); AuthService::updateUser($loggedUser); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.52"], null); AJXP_XMLWriter::reloadDataNode("", $newRep->getUniqueId()); AJXP_XMLWriter::reloadRepositoryList(); } AJXP_XMLWriter::close(); break; case "edit_repository": $repId = $httpVars["repository_id"]; $repList = ConfService::getRootDirsList(); //print_r($repList); if (!isset($repList[$repId])) { throw new Exception("Cannot find repository with id {$repId}"); } $repository = $repList[$repId]; $pServ = AJXP_PluginsService::getInstance(); $plug = $pServ->getPluginById("access." . $repository->accessType); if ($plug == null) { throw new Exception("Cannot find access driver (" . $repository->accessType . ") for repository!"); } AJXP_XMLWriter::header("admin_data"); $slug = $repository->getSlug(); if ($slug == "" && $repository->isWriteable()) { $repository->setSlug(); ConfService::replaceRepository($repId, $repository); } $nested = array(); print "<repository index=\"{$repId}\""; foreach ($repository as $name => $option) { if (strstr($name, " ") > -1) { continue; } if (!is_array($option)) { if (is_bool($option)) { $option = $option ? "true" : "false"; } print " {$name}=\"" . SystemTextEncoding::toUTF8(AJXP_Utils::xmlEntities($option)) . "\" "; } else { if (is_array($option)) { $nested[] = $option; } } } if (count($nested)) { print ">"; foreach ($nested as $option) { foreach ($option as $key => $optValue) { if (is_array($optValue) && count($optValue)) { print "<param name=\"{$key}\"><![CDATA[" . json_encode($optValue) . "]]></param>"; } else { if (is_bool($optValue)) { $optValue = $optValue ? "true" : "false"; } print "<param name=\"{$key}\" value=\"{$optValue}\"/>"; } } } // Add SLUG if (!$repository->isTemplate) { print "<param name=\"AJXP_SLUG\" value=\"" . $repository->getSlug() . "\"/>"; } print "</repository>"; } else { print "/>"; } if ($repository->hasParent()) { $parent = ConfService::getRepositoryById($repository->getParentId()); if (isset($parent) && $parent->isTemplate) { $parentLabel = $parent->getDisplay(); $parentType = $parent->getAccessType(); print "<template repository_id=\"" . $repository->getParentId() . "\" repository_label=\"{$parentLabel}\" repository_type=\"{$parentType}\">"; foreach ($parent->getOptionsDefined() as $parentOptionName) { print "<option name=\"{$parentOptionName}\"/>"; } print "</template>"; } } $manifest = $plug->getManifestRawContent("server_settings/param"); $manifest = AJXP_XMLWriter::replaceAjxpXmlKeywords($manifest); print "<ajxpdriver name=\"" . $repository->accessType . "\">{$manifest}</ajxpdriver>"; print "<metasources>"; $metas = $pServ->getPluginsByType("metastore"); $metas = array_merge($metas, $pServ->getPluginsByType("meta")); $metas = array_merge($metas, $pServ->getPluginsByType("index")); foreach ($metas as $metaPlug) { print "<meta id=\"" . $metaPlug->getId() . "\" label=\"" . AJXP_Utils::xmlEntities($metaPlug->getManifestLabel()) . "\">"; $manifest = $metaPlug->getManifestRawContent("server_settings/param"); $manifest = AJXP_XMLWriter::replaceAjxpXmlKeywords($manifest); print $manifest; print "</meta>"; } print "</metasources>"; AJXP_XMLWriter::close("admin_data"); return; break; case "edit_repository_label": case "edit_repository_data": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); $res = 0; if (isset($httpVars["newLabel"])) { $newLabel = AJXP_Utils::decodeSecureMagic($httpVars["newLabel"]); if ($this->repositoryExists($newLabel)) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.50"]); AJXP_XMLWriter::close(); return; } $repo->setDisplay($newLabel); $res = ConfService::replaceRepository($repId, $repo); } else { $options = array(); $this->parseParameters($httpVars, $options); if (count($options)) { foreach ($options as $key => $value) { if ($key == "AJXP_SLUG") { $repo->setSlug($value); continue; } $repo->addOption($key, $value); } } if (is_file(AJXP_TESTS_FOLDER . "/plugins/test.ajxp_" . $repo->getAccessType() . ".php")) { chdir(AJXP_TESTS_FOLDER . "/plugins"); include AJXP_TESTS_FOLDER . "/plugins/test.ajxp_" . $repo->getAccessType() . ".php"; $className = "ajxp_" . $repo->getAccessType(); $class = new $className(); $result = $class->doRepositoryTest($repo); if (!$result) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $class->failedInfo); AJXP_XMLWriter::close(); return; } } ConfService::replaceRepository($repId, $repo); } AJXP_XMLWriter::header(); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.53"]); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.54"], null); AJXP_XMLWriter::reloadDataNode("", isset($httpVars["newLabel"]) ? $repId : false); AJXP_XMLWriter::reloadRepositoryList(); } AJXP_XMLWriter::close(); break; case "add_meta_source": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); if (!is_object($repo)) { throw new Exception("Invalid repository id! {$repId}"); } $metaSourceType = AJXP_Utils::sanitize($httpVars["new_meta_source"], AJXP_SANITIZE_ALPHANUM); $options = array(); $this->parseParameters($httpVars, $options); $repoOptions = $repo->getOption("META_SOURCES"); if (is_array($repoOptions) && isset($repoOptions[$metaSourceType])) { throw new Exception($mess["ajxp_conf.55"]); } if (!is_array($repoOptions)) { $repoOptions = array(); } $repoOptions[$metaSourceType] = $options; uksort($repoOptions, array($this, "metaSourceOrderingFunction")); $repo->addOption("META_SOURCES", $repoOptions); ConfService::replaceRepository($repId, $repo); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.56"], null); AJXP_XMLWriter::close(); break; case "delete_meta_source": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); if (!is_object($repo)) { throw new Exception("Invalid repository id! {$repId}"); } $metaSourceId = $httpVars["plugId"]; $repoOptions = $repo->getOption("META_SOURCES"); if (is_array($repoOptions) && array_key_exists($metaSourceId, $repoOptions)) { unset($repoOptions[$metaSourceId]); uksort($repoOptions, array($this, "metaSourceOrderingFunction")); $repo->addOption("META_SOURCES", $repoOptions); ConfService::replaceRepository($repId, $repo); } AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.57"], null); AJXP_XMLWriter::close(); break; case "edit_meta_source": $repId = $httpVars["repository_id"]; $repo = ConfService::getRepositoryById($repId); if (!is_object($repo)) { throw new Exception("Invalid repository id! {$repId}"); } $metaSourceId = $httpVars["plugId"]; $options = array(); $this->parseParameters($httpVars, $options); $repoOptions = $repo->getOption("META_SOURCES"); if (!is_array($repoOptions)) { $repoOptions = array(); } $repoOptions[$metaSourceId] = $options; uksort($repoOptions, array($this, "metaSourceOrderingFunction")); $repo->addOption("META_SOURCES", $repoOptions); ConfService::replaceRepository($repId, $repo); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.58"], null); AJXP_XMLWriter::close(); break; case "delete": if (isset($httpVars["repository_id"])) { $repId = $httpVars["repository_id"]; $res = ConfService::deleteRepository($repId); AJXP_XMLWriter::header(); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.59"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::reloadRepositoryList(); } AJXP_XMLWriter::close(); return; } else { if (isset($httpVars["shared_file"])) { AJXP_XMLWriter::header(); $element = basename($httpVars["shared_file"]); $dlFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"); $publicletData = $this->loadPublicletData($dlFolder . "/" . $element . ".php"); unlink($dlFolder . "/" . $element . ".php"); AJXP_XMLWriter::sendMessage($mess["ajxp_shared.13"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); } else { if (isset($httpVars["role_id"])) { $roleId = $httpVars["role_id"]; if (AuthService::getRole($roleId) === false) { throw new Exception($mess["ajxp_conf.67"]); } AuthService::deleteRole($roleId); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.66"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); } else { if (!isset($httpVars["user_id"]) || $httpVars["user_id"] == "" || AuthService::isReservedUserId($httpVars["user_id"]) || $loggedUser->getId() == $httpVars["user_id"]) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.61"]); AJXP_XMLWriter::close(); } $res = AuthService::deleteUser($httpVars["user_id"]); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.60"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); } } } break; case "clear_expired": $deleted = $this->clearExpiredFiles(); AJXP_XMLWriter::header(); if (count($deleted)) { AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null); AJXP_XMLWriter::reloadDataNode(); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null); } AJXP_XMLWriter::close(); break; case "get_plugin_manifest": $ajxpPlugin = AJXP_PluginsService::getInstance()->getPluginById($httpVars["plugin_id"]); AJXP_XMLWriter::header("admin_data"); echo AJXP_XMLWriter::replaceAjxpXmlKeywords($ajxpPlugin->getManifestRawContent()); $definitions = $ajxpPlugin->getConfigsDefinitions(); $values = $ajxpPlugin->getConfigs(); if (!is_array($values)) { $values = array(); } echo "<plugin_settings_values>"; foreach ($values as $key => $value) { if ($definitions[$key]["type"] == "array" && is_array($value)) { $value = implode(",", $value); } else { if ($definitions[$key]["type"] == "boolean") { $value = $value === true || $value === "true" || $value == 1 ? "true" : "false"; } else { if ($definitions[$key]["type"] == "textarea") { //$value = str_replace("\\n", "\n", $value); } } } echo "<param name=\"{$key}\" value=\"" . AJXP_Utils::xmlEntities($value) . "\"/>"; } if ($ajxpPlugin->getType() != "core") { echo "<param name=\"AJXP_PLUGIN_ENABLED\" value=\"" . ($ajxpPlugin->isEnabled() ? "true" : "false") . "\"/>"; } echo "</plugin_settings_values>"; echo "<plugin_doc><![CDATA[<p>" . $ajxpPlugin->getPluginInformationHTML("Charles du Jeu", "http://ajaxplorer.info/plugins/") . "</p>"; if (file_exists($ajxpPlugin->getBaseDir() . "/plugin_doc.html")) { echo file_get_contents($ajxpPlugin->getBaseDir() . "/plugin_doc.html"); } echo "]]></plugin_doc>"; AJXP_XMLWriter::close("admin_data"); break; case "edit_plugin_options": $options = array(); $this->parseParameters($httpVars, $options); $confStorage = ConfService::getConfStorageImpl(); $confStorage->savePluginConfig($httpVars["plugin_id"], $options); @unlink(AJXP_PLUGINS_CACHE_FILE); @unlink(AJXP_PLUGINS_REQUIRES_FILE); @unlink(AJXP_PLUGINS_MESSAGES_FILE); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["ajxp_conf.97"], null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; default: break; } return; }
public function updateUserObject(&$userObject) { parent::updateUserObject($userObject); if (!empty($this->separateGroup)) { $userObject->setGroupPath("/" . $this->separateGroup); } // SHOULD BE DEPRECATED if (!empty($this->customParamsMapping)) { $checkValues = array_values($this->customParamsMapping); $prefs = $userObject->getPref("CUSTOM_PARAMS"); if (!is_array($prefs)) { $prefs = array(); } // If one value exist, we consider the mapping has already been done. foreach ($checkValues as $val) { if (array_key_exists($val, $prefs)) { return; } } $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->customParamsMapping as $key => $value) { if (isset($entry[$key])) { $prefs[$value] = $entry[$key][0]; $changes = true; } } } if ($changes) { $userObject->setPref("CUSTOM_PARAMS", $prefs); $userObject->save(); } } if (!empty($this->paramsMapping)) { $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->paramsMapping as $params) { $key = strtolower($params['MAPPING_LDAP_PARAM']); if (isset($entry[$key])) { $value = $entry[$key][0]; $memberValues = array(); if ($key == "memberof") { // get CN from value foreach ($entry[$key] as $possibleValue) { $hnParts = array(); $parts = explode(",", ltrim($possibleValue, '/')); foreach ($parts as $part) { list($att, $attVal) = explode("=", $part); //if (strtolower($att) == "cn") $hnParts[] = $attVal; /* * In the example above, 1st CN indicates the name of group, from 2nd, CN indicate a container, * therefore, we just take the first "cn" element by breaking the for if we found. * */ if (strtolower($att) == "cn") { $hnParts[] = $attVal; break; } } if (count($hnParts)) { $memberValues[implode(",", $hnParts)] = $possibleValue; } } } switch ($params['MAPPING_LOCAL_TYPE']) { case "role_id": $valueFilters = null; $matchFilter = null; $filter = $params["MAPPING_LOCAL_PARAM"]; if (strpos($filter, "preg:") !== false) { $matchFilter = "/" . str_replace("preg:", "", $filter) . "/i"; } else { if (!empty($filter)) { $valueFilters = array_map("trim", explode(",", $filter)); } } if ($key == "memberof") { if (empty($valueFilters)) { $valueFilters = $this->getLdapGroupListFromDN(); } if ($this->mappedRolePrefix) { $rolePrefix = $this->mappedRolePrefix; } else { $rolePrefix = ""; } $userroles = $userObject->getRoles(); //remove all mapped roles before if (is_array($userroles)) { foreach ($userroles as $key => $role) { if (AuthService::getRole($key) && !(strpos($key, $this->mappedRolePrefix) === false)) { $userObject->removeRole($key); } } } $userObject->recomputeMergedRole(); foreach ($memberValues as $uniqValue => $fullDN) { $uniqValueWithPrefix = $rolePrefix . $uniqValue; if (isset($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) { continue; } if (isset($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) { continue; } $roleToAdd = AuthService::getRole($uniqValueWithPrefix, true); $roleToAdd->setLabel($uniqValue); AuthService::updateRole($roleToAdd); $userObject->addRole($roleToAdd); $changes = true; } } else { foreach ($entry[$key] as $uniqValue) { if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) { continue; } if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) { continue; } if (!in_array($uniqValue, array_keys($userObject->getRoles())) && !empty($uniqValue)) { $userObject->addRole(AuthService::getRole($uniqValue, true)); $changes = true; } } } break; case "group_path": if ($key == "memberof") { $filter = $params["MAPPING_LOCAL_PARAM"]; if (strpos($filter, "preg:") !== false) { $matchFilter = "/" . str_replace("preg:", "", $filter) . "/i"; } else { if (!empty($filter)) { $valueFilters = array_map("trim", explode(",", $filter)); } } foreach ($memberValues as $uniqValue => $fullDN) { if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) { continue; } if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) { continue; } if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) { //break; } $humanName = $uniqValue; $branch = array(); $this->buildGroupBranch($uniqValue, $branch); $parent = "/"; if (count($branch)) { $parent = "/" . implode("/", array_reverse($branch)); } if (!ConfService::getConfStorageImpl()->groupExists(rtrim(AuthService::filterBaseGroup($parent), "/") . "/" . $fullDN)) { AuthService::createGroup($parent, $fullDN, $humanName); } $userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true); // Update Roles from groupPath $b = array_reverse($branch); $b[] = $fullDN; for ($i = 1; $i <= count($b); $i++) { $userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true)); } $userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN); $userObject->recomputeMergedRole(); $changes = true; } } break; case "profile": if ($userObject->getProfile() != $value) { $changes = true; $userObject->setProfile($value); AuthService::updateAutoApplyRole($userObject); } break; case "plugin_param": default: if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) { list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]); } else { $pId = $this->getId(); $param = $params["MAPPING_LOCAL_PARAM"]; } if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) { $userObject->personalRole->setParameterValue($pId, $param, $value); $userObject->recomputeMergedRole(); $changes = true; } break; } } } } if ($changes) { $userObject->save("superuser"); } } }
/** * @param string $repositoryId * @param bool $disableDownload * @param bool $replace * @return AJXP_Role|null */ public function createRoleForMinisite($repositoryId, $disableDownload, $replace) { if ($replace) { try { AuthService::deleteRole("AJXP_SHARED-" . $repositoryId); } catch (Exception $e) { } } $newRole = new AJXP_Role("AJXP_SHARED-" . $repositoryId); $r = AuthService::getRole("MINISITE"); if (is_a($r, "AJXP_Role")) { if ($disableDownload) { $f = AuthService::getRole("MINISITE_NODOWNLOAD"); if (is_a($f, "AJXP_Role")) { $r = $f->override($r); } } $allData = $r->getDataArray(); $newData = $newRole->getDataArray(); if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) { $newData["ACTIONS"][$repositoryId] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED]; } if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) { $newData["PARAMETERS"][$repositoryId] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED]; } $newRole->bunchUpdate($newData); AuthService::updateRole($newRole); return $newRole; } return null; }