/** * check if one of the roles the user is in has a given right for a given application * * we read all right for the given user at once and cache them in the internal class cache * * @param string|Tinebase_Model_Application $_application the application (one of: app name, id or record) * @param int $_accountId the numeric id of a user account * @param int $_right the right to check for * @return bool */ public function hasRight($_application, $_accountId, $_right) { try { $application = Tinebase_Application::getInstance()->getApplicationById($_application); } catch (Tinebase_Exception_NotFound $tenf) { return false; } if ($application->status !== Tinebase_Application::ENABLED) { return false; } try { $roleMemberships = $this->getRoleMemberships($_accountId); } catch (Tinebase_Exception_NotFound $tenf) { $roleMemberships = array(); } if (empty($roleMemberships)) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' ' . $_accountId . ' has no role/group memberships.'); if (is_object(Tinebase_Core::getUser()) && Tinebase_Core::getUser()->getId() === $_accountId) { // @todo throw exception in this case? Tinebase_Session::destroyAndRemoveCookie(); } return false; } $classCacheId = Tinebase_Helper::convertCacheId(implode('', $roleMemberships)); if (!isset($this->_classCache[__FUNCTION__][$classCacheId])) { $select = $this->_getDb()->select()->distinct()->from(array('role_rights' => SQL_TABLE_PREFIX . 'role_rights'), array('application_id', 'right'))->where($this->_getDb()->quoteIdentifier('role_id') . ' IN (?)', $roleMemberships); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . $select->__toString()); } $stmt = $this->_getDb()->query($select); $rows = $stmt->fetchAll(Zend_Db::FETCH_ASSOC); $rights = array(); foreach ($rows as $row) { $rights[$row['application_id']][$row['right']] = true; } $this->_classCache[__FUNCTION__][$classCacheId] = $rights; } else { $rights = $this->_classCache[__FUNCTION__][$classCacheId]; } $applicationId = $application->getId(); return isset($rights[$applicationId]) && (isset($rights[$applicationId][$_right]) || isset($rights[$applicationId][Tinebase_Acl_Rights::ADMIN])); }
/** * login from HTTP post * * redirects the tine main screen if authentication is successful * otherwise redirects back to login url */ public function loginFromPost($username, $password) { Tinebase_Core::startCoreSession(); if (!empty($username)) { // try to login user $success = Tinebase_Controller::getInstance()->login($username, $password, Tinebase_Core::get(Tinebase_Core::REQUEST), self::REQUEST_TYPE) === TRUE; } else { $success = FALSE; } if ($success === TRUE) { $this->_setJsonKeyCookie(); $ccAdapter = Tinebase_Auth_CredentialCache::getInstance()->getCacheAdapter(); if (Tinebase_Core::isRegistered(Tinebase_Core::USERCREDENTIALCACHE)) { $ccAdapter->setCache(Tinebase_Core::getUserCredentialCache()); } else { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Something went wrong with the CredentialCache / no CC registered.'); $success = FALSE; $ccAdapter->resetCache(); } } $request = new Sabre\HTTP\Request(); $redirectUrl = str_replace('index.php', '', $request->getAbsoluteUri()); // authentication failed if ($success !== TRUE) { $_SESSION = array(); Tinebase_Session::destroyAndRemoveCookie(); // redirect back to loginurl if needed $redirectUrl = Tinebase_Config::getInstance()->get(Tinebase_Config::REDIRECTURL, $redirectUrl); } // load the client with GET header('Location: ' . $redirectUrl); }
/** * destroy session * * @return array */ public function logout() { Tinebase_Controller::getInstance()->logout($_SERVER['REMOTE_ADDR']); Tinebase_Auth_CredentialCache::getInstance()->getCacheAdapter()->resetCache(); if (Tinebase_Session::isStarted()) { Tinebase_Session::destroyAndRemoveCookie(); } $result = array('success' => true); return $result; }
/** * destroy session * * @return void */ public function logout() { $_SESSION = array(); Tinebase_Session::destroyAndRemoveCookie(); }