/** * Short description for 'validToolReg' * * Long description (if any) ... * * @param array &$tool Parameter description (if any) ... * @param array &$err Parameter description (if any) ... * @param string $id Parameter description (if any) ... * @param object $config Parameter description (if any) ... * @param integer $checker Parameter description (if any) ... * @param integer $result Parameter description (if any) ... * @return integer Return description (if any) ... */ public function validToolReg(&$tool, &$err, $id, $config, $checker = 0, $result = 1) { $tgObj = new \Components\Tools\Tables\Group($this->_db); // check if toolname exists in tool table $query = "SELECT t.id "; $query .= "FROM #__tool as t "; $query .= "WHERE t.toolname LIKE " . $this->_db->quote($tool['toolname']) . " "; if ($id) { $query .= "AND t.id!=" . $this->_db->quote($id) . " "; } $this->_db->setQuery($query); $checker = $this->_db->loadResult(); if ($checker or in_array($tool['toolname'], array('test', 'shortname', 'hub', 'tool')) && !$id) { $err['toolname'] = Lang::txt('ERR_TOOLNAME_EXISTS'); } else { if (preg_match('#^[a-zA-Z0-9]{3,15}$#', $tool['toolname']) == '' && !$id) { $err['toolname'] = Lang::txt('ERR_TOOLNAME'); } } // check if title can be used - tool table $query = "SELECT title, toolname "; $query .= "FROM #__tool "; if ($id) { $query .= "WHERE id!=" . $this->_db->quote($id) . " "; } $this->_db->setQuery($query); $rows = $this->_db->loadObjectList(); if ($rows) { for ($i = 0, $n = count($rows); $i < $n; $i++) { if (strtolower($rows[$i]->title) == strtolower($tool['title']) && $rows[$i]->toolname != $tool['toolname']) { $checker = 1; } } } $tool['toolname'] = strtolower($tool['toolname']); // make toolname lower case by default if ($checker) { // check if title exists for other tools $err['title'] = Lang::txt('ERR_TITLE_EXISTS'); } else { if ($tool['title'] == '') { $err['title'] = Lang::txt('ERR_TITLE'); } } if ($tool['description'] == '') { $err['description'] = Lang::txt('ERR_DESC'); } if ($tool['version']) { $this->validVersion($tool['toolname'], $tool['version'], $error_v, 0); if ($error_v) { $err['version'] = $error_v; } } if ($tool['exec'] == '') { $err['exec'] = Lang::txt('ERR_EXEC'); } if ($tool['exec'] == '@GROUP' && $tool['membergroups'] == '') { $err['membergroups'] = Lang::txt('ERR_GROUPS_EMPTY'); $tool['membergroups'] = array(); } else { if ($tool['membergroups'] == '' or $tool['exec'] != '@GROUP') { $tool['membergroups'] = array(); } else { if ($tool['exec'] == '@GROUP') { $tool['membergroups'] = $tgObj->writeMemberGroups($tool['membergroups'], $id, $this->_db, $error_g); if ($error_g) { $err['membergroups'] = $error_g; } } } } if ($tool['code'] == '') { $err['code'] = Lang::txt('ERR_CODE'); } if ($tool['wiki'] == '') { $err['wiki'] = Lang::txt('ERR_WIKI'); } if ($tool['developers'] == '') { $tool['developers'] = array(); $err['developers'] = Lang::txt('ERR_TEAM_EMPTY'); } else { $tool['developers'] = $tgObj->writeTeam($tool['developers'], $id, $this->_db, $error_t); if ($error_t) { $err['developers'] = $error_t; } } // format some data $vnc = isset($config->parameters['default_vnc']) ? $config->parameters['default_vnc'] : '780x600'; if ($tool['vncGeometryX'] && $tool['vncGeometryY'] && !preg_match('#[^0-9]#', $tool['vncGeometryX']) && !preg_match('#[^0-9]#', $tool['vncGeometryY'])) { $tool['vncGeometry'] = $tool['vncGeometryX'] . 'x' . $tool['vncGeometryY']; } else { $tool['vncGeometry'] = $vnc; } // return result and errors if (count($err) > 0) { $result = 0; } return $result; }
/** * Get the access level for this user and tool * * @param string $tool Tool name * @param string $login Username * @return boolean True if the user has access */ private function _getToolAccess($tool, $login = '') { include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'tool.php'; include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'group.php'; include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php'; // Ensure we have a tool if (!$tool) { $this->setError(Lang::txt('COM_TOOLS_ERROR_TOOL_NOT_FOUND')); Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return false; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return false; } } $tv = new \Components\Tools\Tables\Version($this->database); $tv->loadFromInstance($tool); if (empty($tv->id)) { Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return false; } $tg = new \Components\Tools\Tables\Group($this->database); $this->database->setQuery("SELECT * FROM " . $tg->getTableName() . " WHERE toolid=" . $tv->toolid); $toolgroups = $this->database->loadObjectList(); if (empty($toolgroups)) { //Log::debug("mw::_getToolAccess($tool,$login) WARNING: no tool member groups"); } $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); if (empty($xgroups)) { //Log::debug("mw::_getToolAccess($tool,$login) WARNING: user not in any groups"); } // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } $exportAllowed = $this->_getToolExportControl($tv->exportControl); $tisPublished = $tv->state == 1; $tisDev = $tv->state == 3; $tisGroupControlled = $tv->toolaccess == '@GROUP'; if ($tisDev) { if ($indevgroup) { //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)"); return true; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_DEV_GROUP')); return false; } } } else { if ($tisPublished) { if ($tisGroupControlled) { if ($ingroup) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ACCESS GROUP)"); return true; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_ACCESS_GROUP')); return false; } } } else { if (!$exportAllowed) { Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); return false; } else { if ($admin) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)"); return true; } else { if ($indevgroup) { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)"); return true; } else { //Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED"); return true; } } } } } else { Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); $this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_VERSION_UNPUBLISHED')); return false; } } return false; }
/** * Return tool access * * @param $tool Tool name we are getting access rights to * @param $login User Login name * * @return BOOL */ public static function getToolAccess($tool, $login = '') { //include tool models include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php'; include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php'; //instantiate objects $access = new stdClass(); $access->error = new stdClass(); $database = \App::get('db'); // Ensure we have a tool if (!$tool) { $access->valid = 0; $access->error->message = 'No tool provided.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check"); return $access; } // Ensure we have a login if ($login == '') { $login = User::get('username'); if ($login == '') { $access->valid = 0; $access->error->message = 'Unable to grant tool access to user, no user was found.'; \Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check"); return $access; } } //load tool version $toolVersion = new \Components\Tools\Tables\Version($database); $toolVersion->loadFromInstance($tool); if (empty($toolVersion)) { $access->valid = 0; $access->error->message = 'Unable to load the tool'; $xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check"); return $access; } //load the tool groups $toolGroup = new \Components\Tools\Tables\Group($database); $query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid; $database->setQuery($query); $toolgroups = $database->loadObjectList(); //get users groups $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members'); // Check if the user is in any groups for this app $ingroup = false; $groups = array(); $indevgroup = false; if ($xgroups) { foreach ($xgroups as $xgroup) { $groups[] = $xgroup->cn; } if ($toolgroups) { foreach ($toolgroups as $toolgroup) { if (in_array($toolgroup->cn, $groups)) { $ingroup = true; if ($toolgroup->role == 1) { $indevgroup = true; } } } } } //check to see if we are an admin $admin = false; $ctconfig = Component::params('com_tools'); if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) { $admin = true; } //get access settings $exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl); $isToolPublished = $toolVersion->state == 1; $isToolDev = $toolVersion->state == 3; $isGroupControlled = $toolVersion->toolaccess == '@GROUP'; //check for dev tools if ($isToolDev) { //if were not in the dev group or an admin we must deny if (!$indevgroup && !$admin) { $access->valid = 0; $access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if ($isToolPublished) { //are we checking for a group controlled tool if ($isGroupControlled) { //if were not in the group that controls it and not admin we must deny if (!$ingroup && !$admin) { $access->valid = 0; $access->error->message = 'This tool may only be accessed by members of it\'s access control groups.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)"); } else { $access->valid = 1; } } else { if (!$exportAllowed->valid) { $access->valid = 0; $access->error->message = 'Export Access Denied'; \Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)"); } else { $access->valid = 1; } } } else { $access->valid = 0; $access->error->message = 'This tool version is not published.'; \Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)"); } } //return access return $access; }