/**
* Short description for 'validToolReg'
*
* Long description (if any) ...
*
* @param array &$tool Parameter description (if any) ...
* @param array &$err Parameter description (if any) ...
* @param string $id Parameter description (if any) ...
* @param object $config Parameter description (if any) ...
* @param integer $checker Parameter description (if any) ...
* @param integer $result Parameter description (if any) ...
* @return integer Return description (if any) ...
*/
public function validToolReg(&$tool, &$err, $id, $config, $checker = 0, $result = 1)
{
$tgObj = new \Components\Tools\Tables\Group($this->_db);
// check if toolname exists in tool table
$query = "SELECT t.id ";
$query .= "FROM #__tool as t ";
$query .= "WHERE t.toolname LIKE " . $this->_db->quote($tool['toolname']) . " ";
if ($id) {
$query .= "AND t.id!=" . $this->_db->quote($id) . " ";
}
$this->_db->setQuery($query);
$checker = $this->_db->loadResult();
if ($checker or in_array($tool['toolname'], array('test', 'shortname', 'hub', 'tool')) && !$id) {
$err['toolname'] = Lang::txt('ERR_TOOLNAME_EXISTS');
} else {
if (preg_match('#^[a-zA-Z0-9]{3,15}$#', $tool['toolname']) == '' && !$id) {
$err['toolname'] = Lang::txt('ERR_TOOLNAME');
}
}
// check if title can be used - tool table
$query = "SELECT title, toolname ";
$query .= "FROM #__tool ";
if ($id) {
$query .= "WHERE id!=" . $this->_db->quote($id) . " ";
}
$this->_db->setQuery($query);
$rows = $this->_db->loadObjectList();
if ($rows) {
for ($i = 0, $n = count($rows); $i < $n; $i++) {
if (strtolower($rows[$i]->title) == strtolower($tool['title']) && $rows[$i]->toolname != $tool['toolname']) {
$checker = 1;
}
}
}
$tool['toolname'] = strtolower($tool['toolname']);
// make toolname lower case by default
if ($checker) {
// check if title exists for other tools
$err['title'] = Lang::txt('ERR_TITLE_EXISTS');
} else {
if ($tool['title'] == '') {
$err['title'] = Lang::txt('ERR_TITLE');
}
}
if ($tool['description'] == '') {
$err['description'] = Lang::txt('ERR_DESC');
}
if ($tool['version']) {
$this->validVersion($tool['toolname'], $tool['version'], $error_v, 0);
if ($error_v) {
$err['version'] = $error_v;
}
}
if ($tool['exec'] == '') {
$err['exec'] = Lang::txt('ERR_EXEC');
}
if ($tool['exec'] == '@GROUP' && $tool['membergroups'] == '') {
$err['membergroups'] = Lang::txt('ERR_GROUPS_EMPTY');
$tool['membergroups'] = array();
} else {
if ($tool['membergroups'] == '' or $tool['exec'] != '@GROUP') {
$tool['membergroups'] = array();
} else {
if ($tool['exec'] == '@GROUP') {
$tool['membergroups'] = $tgObj->writeMemberGroups($tool['membergroups'], $id, $this->_db, $error_g);
if ($error_g) {
$err['membergroups'] = $error_g;
}
}
}
}
if ($tool['code'] == '') {
$err['code'] = Lang::txt('ERR_CODE');
}
if ($tool['wiki'] == '') {
$err['wiki'] = Lang::txt('ERR_WIKI');
}
if ($tool['developers'] == '') {
$tool['developers'] = array();
$err['developers'] = Lang::txt('ERR_TEAM_EMPTY');
} else {
$tool['developers'] = $tgObj->writeTeam($tool['developers'], $id, $this->_db, $error_t);
if ($error_t) {
$err['developers'] = $error_t;
}
}
// format some data
$vnc = isset($config->parameters['default_vnc']) ? $config->parameters['default_vnc'] : '780x600';
if ($tool['vncGeometryX'] && $tool['vncGeometryY'] && !preg_match('#[^0-9]#', $tool['vncGeometryX']) && !preg_match('#[^0-9]#', $tool['vncGeometryY'])) {
$tool['vncGeometry'] = $tool['vncGeometryX'] . 'x' . $tool['vncGeometryY'];
} else {
$tool['vncGeometry'] = $vnc;
}
// return result and errors
if (count($err) > 0) {
$result = 0;
}
return $result;
}
/**
* Get the access level for this user and tool
*
* @param string $tool Tool name
* @param string $login Username
* @return boolean True if the user has access
*/
private function _getToolAccess($tool, $login = '')
{
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'tool.php';
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'group.php';
include_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'version.php';
// Ensure we have a tool
if (!$tool) {
$this->setError(Lang::txt('COM_TOOLS_ERROR_TOOL_NOT_FOUND'));
Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
return false;
}
// Ensure we have a login
if ($login == '') {
$login = User::get('username');
if ($login == '') {
Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
return false;
}
}
$tv = new \Components\Tools\Tables\Version($this->database);
$tv->loadFromInstance($tool);
if (empty($tv->id)) {
Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
return false;
}
$tg = new \Components\Tools\Tables\Group($this->database);
$this->database->setQuery("SELECT * FROM " . $tg->getTableName() . " WHERE toolid=" . $tv->toolid);
$toolgroups = $this->database->loadObjectList();
if (empty($toolgroups)) {
//Log::debug("mw::_getToolAccess($tool,$login) WARNING: no tool member groups");
}
$xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
if (empty($xgroups)) {
//Log::debug("mw::_getToolAccess($tool,$login) WARNING: user not in any groups");
}
// Check if the user is in any groups for this app
$ingroup = false;
$groups = array();
$indevgroup = false;
if ($xgroups) {
foreach ($xgroups as $xgroup) {
$groups[] = $xgroup->cn;
}
if ($toolgroups) {
foreach ($toolgroups as $toolgroup) {
if (in_array($toolgroup->cn, $groups)) {
$ingroup = true;
if ($toolgroup->role == 1) {
$indevgroup = true;
}
}
}
}
}
$admin = false;
$ctconfig = Component::params('com_tools');
if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
$admin = true;
}
$exportAllowed = $this->_getToolExportControl($tv->exportControl);
$tisPublished = $tv->state == 1;
$tisDev = $tv->state == 3;
$tisGroupControlled = $tv->toolaccess == '@GROUP';
if ($tisDev) {
if ($indevgroup) {
//Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)");
return true;
} else {
if ($admin) {
//Log::debug("mw::_getToolAccess($tool,$login): DEV TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
return true;
} else {
Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
$this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_DEV_GROUP'));
return false;
}
}
} else {
if ($tisPublished) {
if ($tisGroupControlled) {
if ($ingroup) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ACCESS GROUP)");
return true;
} else {
if ($admin) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
return true;
} else {
Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
$this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_ACCESS_GROUP'));
return false;
}
}
} else {
if (!$exportAllowed) {
Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
return false;
} else {
if ($admin) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN ADMIN GROUP)");
return true;
} else {
if ($indevgroup) {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED (USER IN DEVELOPMENT GROUP)");
return true;
} else {
//Log::debug("mw::_getToolAccess($tool,$login): PUBLISHED TOOL ACCESS GRANTED");
return true;
}
}
}
}
} else {
Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
$this->setError(Lang::txt('COM_TOOLS_ERROR_ACCESS_DENIED_VERSION_UNPUBLISHED'));
return false;
}
}
return false;
}
/**
* Return tool access
*
* @param $tool Tool name we are getting access rights to
* @param $login User Login name
*
* @return BOOL
*/
public static function getToolAccess($tool, $login = '')
{
//include tool models
include_once dirname(__DIR__) . DS . 'tables' . DS . 'tool.php';
include_once dirname(__DIR__) . DS . 'tables' . DS . 'group.php';
include_once dirname(__DIR__) . DS . 'tables' . DS . 'version.php';
//instantiate objects
$access = new stdClass();
$access->error = new stdClass();
$database = \App::get('db');
// Ensure we have a tool
if (!$tool) {
$access->valid = 0;
$access->error->message = 'No tool provided.';
\Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool check");
return $access;
}
// Ensure we have a login
if ($login == '') {
$login = User::get('username');
if ($login == '') {
$access->valid = 0;
$access->error->message = 'Unable to grant tool access to user, no user was found.';
\Log::debug("mw::_getToolAccess({$tool},{$login}) FAILED null user check");
return $access;
}
}
//load tool version
$toolVersion = new \Components\Tools\Tables\Version($database);
$toolVersion->loadFromInstance($tool);
if (empty($toolVersion)) {
$access->valid = 0;
$access->error->message = 'Unable to load the tool';
$xlog->debug("mw::_getToolAccess({$tool},{$login}) FAILED null tool version check");
return $access;
}
//load the tool groups
$toolGroup = new \Components\Tools\Tables\Group($database);
$query = "SELECT * FROM " . $toolGroup->getTableName() . " WHERE toolid=" . $toolVersion->toolid;
$database->setQuery($query);
$toolgroups = $database->loadObjectList();
//get users groups
$xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'members');
// Check if the user is in any groups for this app
$ingroup = false;
$groups = array();
$indevgroup = false;
if ($xgroups) {
foreach ($xgroups as $xgroup) {
$groups[] = $xgroup->cn;
}
if ($toolgroups) {
foreach ($toolgroups as $toolgroup) {
if (in_array($toolgroup->cn, $groups)) {
$ingroup = true;
if ($toolgroup->role == 1) {
$indevgroup = true;
}
}
}
}
}
//check to see if we are an admin
$admin = false;
$ctconfig = Component::params('com_tools');
if ($ctconfig->get('admingroup') != '' && in_array($ctconfig->get('admingroup'), $groups)) {
$admin = true;
}
//get access settings
$exportAllowed = \Components\Tools\Helpers\Utils::getToolExportAccess($toolVersion->exportControl);
$isToolPublished = $toolVersion->state == 1;
$isToolDev = $toolVersion->state == 3;
$isGroupControlled = $toolVersion->toolaccess == '@GROUP';
//check for dev tools
if ($isToolDev) {
//if were not in the dev group or an admin we must deny
if (!$indevgroup && !$admin) {
$access->valid = 0;
$access->error->message = 'The development version of this tool may only be accessed by members of it\'s development group.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): DEV TOOL ACCESS DENIED (USER NOT IN DEVELOPMENT OR ADMIN GROUPS)");
} else {
$access->valid = 1;
}
} else {
if ($isToolPublished) {
//are we checking for a group controlled tool
if ($isGroupControlled) {
//if were not in the group that controls it and not admin we must deny
if (!$ingroup && !$admin) {
$access->valid = 0;
$access->error->message = 'This tool may only be accessed by members of it\'s access control groups.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (USER NOT IN ACCESS OR ADMIN GROUPS)");
} else {
$access->valid = 1;
}
} else {
if (!$exportAllowed->valid) {
$access->valid = 0;
$access->error->message = 'Export Access Denied';
\Log::debug("mw::_getToolAccess({$tool},{$login}): PUBLISHED TOOL ACCESS DENIED (EXPORT DENIED)");
} else {
$access->valid = 1;
}
}
} else {
$access->valid = 0;
$access->error->message = 'This tool version is not published.';
\Log::debug("mw::_getToolAccess({$tool},{$login}): UNPUBLISHED TOOL ACCESS DENIED (TOOL NOT PUBLISHED)");
}
}
//return access
return $access;
}
