protected function LogRequest($trans_id, $action, $ipaddr, $request, $response) { if ($request['debug'] == 1 || $request['Debug'] == 1 || $request['Action'] == 'DNSZoneRecordAdd') { try { $this->DB->Execute("INSERT INTO api_log SET\n transaction_id\t= ?,\n dtadded\t\t\t= ?,\n action\t\t\t= ?,\n ipaddress\t\t= ?,\n request\t\t\t= ?,\n response\t\t= ?,\n clientid\t\t= ?,\n env_id\t\t\t= ?\n ", array($trans_id, time(), $action, $ipaddr, http_build_query($request), $response, $this->user->getAccountId(), $this->Environment->id)); } catch (Exception $e) { } } }
/** * {@inheritdoc} * @see \Scalr\LogCollector\AuditLoggerRetrieveConfigurationInterface::getAuditLoggerConfig() */ public function getAuditLoggerConfig() { $config = new AuditLoggerConfiguration(AuditLogger::REQUEST_TYPE_API); $config->user = $this->user; $config->accountId = $this->user ? $this->user->getAccountId() : null; $config->envId = isset($this->Environment) ? $this->Environment->id : null; $config->remoteAddr = $this->getContainer()->request->getRemoteAddr(); return $config; }
/** * {@inheritdoc} * @see \Scalr\LogCollector\AuditLoggerRetrieveConfigurationInterface::getAuditLoggerConfig() */ public function getAuditLoggerConfig() { $config = new AuditLoggerConfiguration(AuditLogger::REQUEST_TYPE_UI); $config->user = $this->user; $config->accountId = $this->user ? $this->user->getAccountId() : null; $config->envId = isset($this->environment) ? $this->environment->id : null; $config->ruid = Scalr_Session::getInstance()->getRealUserId(); $config->remoteAddr = $this->getRemoteAddr(); return $config; }
protected function LogRequest($trans_id, $action, $ipaddr, $request, $response) { $request = filter_var_array($request, ['debug' => ['filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_SCALAR], 'Debug' => ['filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_SCALAR], 'Action' => ['filter' => FILTER_DEFAULT, 'flags' => FILTER_REQUIRE_SCALAR]], true); if ($request['debug'] === 1 || $request['Debug'] === 1 || $request['Action'] === 'DNSZoneRecordAdd') { try { $this->DB->Execute("\n INSERT INTO api_log SET\n transaction_id = ?,\n dtadded = ?,\n action = ?,\n ipaddress = ?,\n request = ?,\n response = ?,\n clientid = ?,\n env_id = ?\n ", [$trans_id, time(), $action, $ipaddr, http_build_query($request), $response, $this->user instanceof Scalr_Account_User ? $this->user->getAccountId() : null, !empty($this->Environment->id) ? $this->Environment->id : null]); } catch (Exception $ignore) { } } }
public function callActionMethod($method) { if ($this->request->getRequestType() == Scalr_UI_Request::REQUEST_TYPE_API) { $apiMethodCheck = false; if (method_exists($this, 'getApiDefinitions')) { $api = $this::getApiDefinitions(); $m = str_replace('Action', '', $method); if (in_array($m, $api)) { $apiMethodCheck = true; } } if (!$apiMethodCheck) { throw new Scalr_UI_Exception_NotFound(); } } /* * Debug action section * Controller::Action => array of filter's params (accountId, userId) or true */ $debug = false; $debugMode = false; $key = get_class($this) . '::' . $method; if ($debug && array_key_exists($key, $debug)) { $value = $debug[$key]; if (is_array($value) && $this->user) { if (isset($value['accountId'])) { if (is_array($value['accountId']) && in_array($this->user->getAccountId(), $value['accountId'])) { $debugMode = true; } if (is_numeric($value['accountId']) && $value['accountId'] == $this->user->getAccountId()) { $debugMode = true; } } if (isset($value['userId'])) { if (is_array($value['userId']) && in_array($this->user->getId(), $value['userId'])) { $debugMode = true; } if (is_numeric($value['userId']) && $value['userId'] == $this->user->getId()) { $debugMode = true; } } } else { $debugMode = true; } } if ($debugMode) { $this->response->debugLog('Server', $_SERVER); $this->response->debugLog('Request', $_REQUEST); $this->response->debugLog('Session', Scalr_Session::getInstance()); } $this->{$method}(); if ($debugMode) { if ($this->response->jsResponseFlag) { $this->response->debugLog('JS Response', $this->response->jsResponse); } try { $message = ''; foreach ($this->response->serverDebugLog as $value) { $message .= $value['key'] . ":\n" . $value['value'] . "\n\n"; } $this->db->Execute('INSERT INTO ui_debug_log (ipaddress, url, report, env_id, account_id, user_id) VALUES(?, ?, ?, ?, ?, ?)', array($this->request->getClientIp(), $key, $message, $this->getEnvironment() ? $this->getEnvironmentId() : 0, $this->user ? $this->user->getAccountId() : 0, $this->user ? $this->user->getId() : 0)); } catch (Exception $e) { } } }
/** * @param \Scalr_Account_User $user * @param int $envId * @throws \Scalr_Exception_InsufficientPermissions */ public function checkPermission(\Scalr_Account_User $user, $envId) { if ($this->accountId && $this->accountId != $user->getAccountId()) { throw new \Scalr_Exception_InsufficientPermissions(); } if ($this->envId && $this->envId != $envId) { throw new \Scalr_Exception_InsufficientPermissions(); } }
/** * Checks wheter access to ACL resource or unique permission is allowed. * * @param \Scalr_Account_User $user The user * @param \Scalr_Environment $environment The client's environment * @param int $resourceId The ID of the ACL resource or its symbolic name without "RESOURCE_" prefix. * @param string $permissionId optional The ID of the uniqure permission which is * related to specified resource. * @return bool Returns TRUE if access is allowed */ public function isUserAllowedByEnvironment(\Scalr_Account_User $user, $environment, $resourceId, $permissionId = null) { //Checks wheter environment and user are from the same account. if ($user->isScalrAdmin()) { return true; } else { if (!$environment instanceof \Scalr_Environment) { //If environment is not defined it will return false. return false; } else { if ($environment->clientId != $user->getAccountId()) { return false; } } } //Scalr-Admin and Account-Owner is allowed for everything if ($user->isAccountOwner()) { return true; } if (is_string($resourceId)) { $sName = 'Scalr\\Acl\\Acl::RESOURCE_' . strtoupper($resourceId); if (defined($sName)) { $resourceId = constant($sName); } else { throw new \InvalidArgumentException(sprintf('Cannot find ACL resource %s by specified symbolic name %s.', $sName, $resourceId)); } } return (bool) $user->getAclRolesByEnvironment($environment->id)->isAllowed($resourceId, $permissionId); }
/** * Checks whether the user is allowed to edit specified user * * @param \Scalr_Account_User $user The user to edit * @return boolean Returns true if the user is allowed to edit specified user */ public function canEditUser($user) { return !$this->isTeamUser() && $user->getAccountId() == $this->getAccountId() && ($this->getId() == $user->getId() || $this->isAccountOwner() || $this->isAccountSuperAdmin() && !$user->isAccountOwner() || $this->isAccountAdmin() && !$user->isAccountOwner() && !$user->isAccountSuperAdmin()); }
/** * @param string $newRoleName * @param Scalr_Account_User $user * @param int $envId * @return int * @throws Exception */ public function cloneRole($newRoleName, $user, $envId) { $this->db->BeginTrans(); $accountId = $user->getAccountId(); try { $this->db->Execute("INSERT INTO roles SET\n name = ?,\n origin = ?,\n client_id = ?,\n env_id = ?,\n cat_id = ?,\n description = ?,\n behaviors = ?,\n generation = ?,\n os_id = ?,\n dtadded = NOW(),\n added_by_userid = ?,\n added_by_email = ?\n ", array($newRoleName, $accountId ? ROLE_TYPE::CUSTOM : ROLE_TYPE::SHARED, empty($accountId) ? null : intval($accountId), empty($envId) ? null : intval($envId), $this->catId, $this->description, $this->behaviorsRaw, 2, $this->osId, $user->getId(), $user->getEmail())); $newRoleId = $this->db->Insert_Id(); //Set behaviors foreach ($this->getBehaviors() as $behavior) { $this->db->Execute("INSERT IGNORE INTO role_behaviors SET role_id = ?, behavior = ?", array($newRoleId, $behavior)); } // Set images $rsr7 = $this->db->Execute("SELECT * FROM role_images WHERE role_id = ?", array($this->id)); while ($r7 = $rsr7->FetchRow()) { $this->db->Execute("INSERT INTO role_images SET\n `role_id` = ?,\n `cloud_location` = ?,\n `image_id` = ?,\n `platform` = ?\n ", array($newRoleId, $r7['cloud_location'], $r7['image_id'], $r7['platform'])); } $props = $this->db->Execute("SELECT * FROM role_properties WHERE role_id=?", array($this->id)); while ($p1 = $props->FetchRow()) { $this->db->Execute("\n INSERT INTO role_properties\n SET `role_id` = ?,\n `name`\t= ?,\n `value`\t= ?\n ON DUPLICATE KEY UPDATE\n `value` = ?\n ", array($newRoleId, $p1['name'], $p1['value'], $p1['value'])); } //Set global variables $variables = new Scalr_Scripting_GlobalVariables($this->clientId, $this->envId, ScopeInterface::SCOPE_ROLE); $variables->setValues($variables->getValues($this->id), $newRoleId); //Set scripts $rsr8 = $this->db->Execute("SELECT * FROM role_scripts WHERE role_id = ?", array($this->id)); while ($r8 = $rsr8->FetchRow()) { $this->db->Execute("INSERT INTO role_scripts SET\n role_id = ?,\n event_name = ?,\n target = ?,\n script_id = ?,\n version = ?,\n timeout = ?,\n issync = ?,\n params = ?,\n order_index = ?,\n script_type = ?,\n script_path = ?,\n hash = ?\n ", array($newRoleId, $r8['event_name'], $r8['target'], $r8['script_id'], $r8['version'], $r8['timeout'], $r8['issync'], $r8['params'], $r8['order_index'], $r8['script_type'], $r8['script_path'], CryptoTool::sault(12))); } //Set environments only for account-scope roles if (!empty($accountId) && empty($envId)) { $rsr9 = $this->db->Execute("SELECT * FROM role_environments WHERE role_id = ?", array($this->id)); while ($r9 = $rsr9->FetchRow()) { $this->db->Execute("INSERT INTO role_environments SET\n role_id = ?,\n env_id = ?\n ", array($newRoleId, $r9['env_id'])); } } } catch (Exception $e) { $this->db->RollbackTrans(); throw $e; } $this->db->CommitTrans(); if (!empty($newRoleId)) { $newRole = self::loadById($newRoleId); $newRole->syncAnalyticsTags(); } return $newRoleId; }
public function callActionMethod($method) { if ($this->request->getRequestType() == Scalr_UI_Request::REQUEST_TYPE_API) { $apiMethodCheck = false; if (method_exists($this, 'getApiDefinitions')) { $api = $this::getApiDefinitions(); $m = str_replace('Action', '', $method); if (in_array($m, $api)) { $apiMethodCheck = true; } } if (!$apiMethodCheck) { throw new Scalr_UI_Exception_NotFound(); } } /* * Debug action section * Controller::Action => array of filter's params (accountId, userId) or true */ $debug = false; $debugMode = false; $key = get_class($this) . '::' . $method; if ($debug && array_key_exists($key, $debug)) { $value = $debug[$key]; if (is_array($value) && $this->user) { if (isset($value['accountId'])) { if (is_array($value['accountId']) && in_array($this->user->getAccountId(), $value['accountId'])) { $debugMode = true; } if (is_numeric($value['accountId']) && $value['accountId'] == $this->user->getAccountId()) { $debugMode = true; } } if (isset($value['userId'])) { if (is_array($value['userId']) && in_array($this->user->getId(), $value['userId'])) { $debugMode = true; } if (is_numeric($value['userId']) && $value['userId'] == $this->user->getId()) { $debugMode = true; } } } else { $debugMode = true; } } if ($debugMode) { $this->response->debugLog('Server', $_SERVER); $this->response->debugLog('Request', $_REQUEST); $this->response->debugLog('Session', Scalr_Session::getInstance()); } $reflection = new ReflectionMethod($this, $method); if ($reflection->getNumberOfParameters()) { $params = array(); $comment = $reflection->getDocComment(); $matches = array(); $types = array(); if (preg_match_all('/^\\s+\\*\\s+@param\\s+(.*)\\s+\\$([A-Za-z0-9_]+)*.*$/m', $comment, $matches)) { for ($i = 0; $i < count($matches[0]); $i++) { $matches[1][$i] = strtolower(trim($matches[1][$i])); if (in_array($matches[1][$i], array('bool', 'boolean', 'int', 'integer', 'float', 'string', 'array'))) { $types[trim($matches[2][$i])] = $matches[1][$i]; } } } // TODO: else: make some warning to log, otherwise we don't know when type-casting is not working foreach ($reflection->getParameters() as $parameter) { $className = $parameter->getClass() ? $parameter->getClass()->name : NULL; $value = $this->request->getRequestParam($parameter->name); $hasValue = $this->request->hasParam($parameter->name); if ($className) { if (is_subclass_of($className, 'Scalr\\UI\\Request\\ObjectInitializingInterface')) { /* @var ObjectInitializingInterface $className */ $params[] = $className::initFromRequest($className == 'Scalr\\UI\\Request\\FileUploadData' ? $this->request->getFileName($parameter->name) : $value); } else { throw new Scalr\Exception\Http\BadRequestException(sprintf('%s is invalid class in argument', $className)); } } else { $type = $types[$parameter->name] ? $types[$parameter->name] : 'string'; if ($hasValue) { if (in_array($type, ['bool', 'boolean'])) { if (is_numeric($value)) { $value = !empty($value); } else { if (is_string($value)) { $value = $value !== '' && strtolower($value) !== 'false'; } else { $value = (bool) $value; } } } else { if ($type == 'array') { // do not strip value settype($value, $type); } else { $value = $this->request->stripValue($value); settype($value, $type); } } } else { if ($parameter->isDefaultValueAvailable()) { $value = $parameter->getDefaultValue(); } else { throw new Exception(sprintf('Missing required argument: %s', $parameter->name)); } } $params[] = $value; } } call_user_func_array(array($this, $method), $params); } else { $this->{$method}(); } if ($debugMode) { if ($this->response->jsResponseFlag) { $this->response->debugLog('JS Response', $this->response->jsResponse); } try { $message = ''; foreach ($this->response->serverDebugLog as $value) { $message .= $value['key'] . ":\n" . $value['value'] . "\n\n"; } $this->db->Execute('INSERT INTO ui_debug_log (ipaddress, url, report, env_id, account_id, user_id) VALUES(?, ?, ?, ?, ?, ?)', array($this->request->getClientIp(), $key, $message, $this->getEnvironment() ? $this->getEnvironmentId() : 0, $this->user ? $this->user->getAccountId() : 0, $this->user ? $this->user->getId() : 0)); } catch (Exception $e) { } } }
/** * @param $name * @param \Scalr_Account_User $user * @return Script */ public function fork($name, \Scalr_Account_User $user) { $script = new self(); $script->name = $name; $script->description = $this->description; $script->os = $this->os; $script->isSync = $this->isSync; $script->timeout = $this->timeout; $script->accountId = $user->getAccountId() ? $user->getAccountId() : NULL; $script->envId = $this->envId; $script->createdById = $user->getId(); $script->createdByEmail = $user->getEmail(); $script->save(); $version = new ScriptVersion(); $version->scriptId = $script->id; $version->changedById = $user->getId(); $version->changedByEmail = $user->getEmail(); $version->content = $this->getLatestVersion()->content; $version->version = 1; $version->save(); return $script; }