public function testUserCanAccessMethod_projectPageDto_NotAMember_false()
 {
     $userId = self::$environ->createUser('user', 'user', '*****@*****.**', SystemRoles::USER);
     $project = self::$environ->createProject('projectForTest', 'projTestCode');
     $project->appName = 'sfchecks';
     $project->write();
     $projectId = $project->id->asString();
     $project = ProjectModel::getById($projectId);
     $rh = new RightsHelper($userId, $project, self::$environ->website);
     $result = $rh->userCanAccessMethod('project_pageDto', array());
     $this->assertFalse($result);
 }
Пример #2
0
 public function view(Application $app, $folder = '', $scriptName = '', $runType = 'test')
 {
     if (!file_exists("Api/Library/Shared/Script/{$folder}/{$scriptName}.php")) {
         $app->abort(404, $this->website->base);
         // this terminates PHP
     } else {
         $userId = (string) $app['session']->get('user_id');
         if (!RightsHelper::hasSiteRight($userId, Domain::PROJECTS + Operation::DELETE)) {
             $app->abort(403, 'You have insufficient privileges to run scripts');
             // this terminates PHP
         } else {
             try {
                 $className = "Api\\Library\\Shared\\Script\\{$folder}\\{$scriptName}";
                 $script = new $className();
                 $this->data['scriptname'] = $className . '->run()';
                 $this->data['insert'] = '';
                 $this->data['output'] = '';
                 if (strtolower($folder) == 'control' and strtolower($scriptName) == 'panel') {
                     $this->data['insert'] .= $script->run($userId, $runType);
                 } else {
                     if ($runType != 'run') {
                         $this->data['output'] .= "--------------- THIS IS A TEST RUN - The database should not be modified ----------------\n\n";
                     }
                     $this->data['output'] .= $script->run($userId, $runType);
                 }
                 return $this->renderPage($app, 'textoutput');
             } catch (\Exception $e) {
                 $app->abort(500, "Looks like there was a problem with the script {$className}");
                 // this terminates PHP
             }
         }
     }
 }
 /**
  * @param string $projectId
  * @param string $textId
  * @param string $userId
  * @returns array - the DTO array
  */
 public static function encode($projectId, $textId, $userId)
 {
     $user = new UserModel($userId);
     $project = new SfchecksProjectModel($projectId);
     $text = new TextModel($project, $textId);
     $questionList = new QuestionAnswersListModel($project, $textId);
     $questionList->read();
     $data = array();
     $data['text'] = JsonEncoder::encode($text);
     $data['archivedQuestions'] = array();
     foreach ($questionList->entries as $questionData) {
         $question = new QuestionModel($project, $questionData['id']);
         if ($question->isArchived) {
             // Just want answer count, not whole list
             $questionData['answerCount'] = count($questionData['answers']);
             $responseCount = 0;
             // "Reponses" = answers + comments
             foreach ($questionData['answers'] as $a) {
                 $commentCount = count($a['comments']);
                 $responseCount += $commentCount + 1;
                 // +1 for this answer
             }
             $questionData['responseCount'] = $responseCount;
             unset($questionData['answers']);
             $questionData['dateModified'] = $question->dateModified->asDateTimeInterface()->format(\DateTime::RFC2822);
             $data['archivedQuestions'][] = $questionData;
         }
     }
     $data['rights'] = RightsHelper::encode($user, $project);
     $data['bcs'] = BreadCrumbHelper::encode('settings', $project, $text, null);
     return $data;
 }
 public function view(Application $app, $folder = '', $scriptName = '', $runType = 'test')
 {
     $this->data['controlpanel'] = false;
     $this->data['runtype'] = $runType;
     if (!file_exists("Api/Library/Shared/Script/{$folder}/{$scriptName}.php")) {
         // show list of scripts
         $this->data['scriptnames'] = $this->scriptBaseNames();
         $this->data['controlpanel'] = true;
         return $this->renderPage($app, 'scriptoutput');
     } else {
         // run script and render output
         $this->data['scriptrunurl'] = "/script/{$folder}/{$scriptName}/run";
         $userId = SilexSessionHelper::getUserId($app);
         if (!RightsHelper::hasSiteRight($userId, Domain::PROJECTS + Operation::DELETE)) {
             $app->abort(403, 'You have insufficient privileges to run scripts');
             // this terminates PHP
         } else {
             try {
                 $className = "Api\\Library\\Shared\\Script\\{$folder}\\{$scriptName}";
                 $script = new $className();
                 $this->data['scriptname'] = $className . '->run()';
                 $this->data['output'] = '';
                 if ($runType != 'run') {
                     $this->data['scriptname'] = "[TEST RUN] " . $this->data['scriptname'];
                 }
                 $this->data['output'] .= $script->run($userId, $runType);
                 return $this->renderPage($app, 'scriptoutput');
             } catch (\Exception $e) {
                 var_dump($e);
                 $app->abort(500, "Looks like there was a problem with the script {$className}");
                 // this terminates PHP
             }
         }
     }
 }
 /**
  * @param string $projectId
  * @param string $textId
  * @param string $userId
  * @return array - the DTO array
  * @throws ResourceNotAvailableException
  */
 public static function encode($projectId, $textId, $userId)
 {
     $project = new SfchecksProjectModel($projectId);
     $text = new TextModel($project, $textId);
     $user = new UserModel($userId);
     if (($project->isArchived || $text->isArchived) && $project->users[$userId]->role != ProjectRoles::MANAGER) {
         throw new ResourceNotAvailableException("This Text is no longer available. If this is incorrect contact your project manager.");
     }
     $questionList = new QuestionAnswersListModel($project, $textId);
     $questionList->read();
     $data = array();
     $data['rights'] = RightsHelper::encode($user, $project);
     $data['entries'] = array();
     $data['project'] = array('id' => $projectId, 'name' => $project->projectName, 'slug' => $project->databaseName(), 'allowAudioDownload' => $project->allowAudioDownload);
     $data['text'] = JsonEncoder::encode($text);
     $usxHelper = new UsxHelper($text->content);
     $data['text']['content'] = $usxHelper->toHtml();
     foreach ($questionList->entries as $questionData) {
         $question = new QuestionModel($project, $questionData['id']);
         if (!$question->isArchived) {
             // Just want answer count, not whole list
             $questionData['answerCount'] = count($questionData['answers']);
             $responseCount = 0;
             // "Reponses" = answers + comments
             foreach ($questionData['answers'] as $a) {
                 $commentCount = count($a['comments']);
                 $responseCount += $commentCount + 1;
                 // +1 for this answer
             }
             $questionData['responseCount'] = $responseCount;
             unset($questionData['answers']);
             $questionData['dateCreated'] = $question->dateCreated->asDateTimeInterface()->format(\DateTime::RFC2822);
             $data['entries'][] = $questionData;
         }
     }
     // sort Questions with newest at the top
     usort($data['entries'], function ($a, $b) {
         $sortOn = 'dateCreated';
         if (array_key_exists($sortOn, $a) && array_key_exists($sortOn, $b)) {
             return strtotime($a[$sortOn]) < strtotime($b[$sortOn]) ? 1 : -1;
         } else {
             return 0;
         }
     });
     $data['count'] = count($data['entries']);
     return $data;
 }
 /**
  * Encodes a QuestionModel and related data for $questionId
  * @param string $projectId
  * @param string $questionId
  * @param string $userId
  * @return array - The DTO.
  */
 public static function encode($projectId, $questionId, $userId)
 {
     $user = new UserModel($userId);
     $project = new SfchecksProjectModel($projectId);
     $question = new QuestionModel($project, $questionId);
     $textId = $question->textRef->asString();
     $text = new TextModel($project, $textId);
     if (($text->isArchived || $question->isArchived) && $project->users[$userId]->role != ProjectRoles::MANAGER) {
         throw new ResourceNotAvailableException("This Question is no longer available. If this is incorrect contact your project manager.");
     }
     $usxHelper = new UsxHelper($text->content);
     //echo $usxHelper->toHtml();
     //echo $text->content;
     $votes = new UserVoteModel($userId, $projectId, $questionId);
     $votesDto = array();
     foreach ($votes->votes as $vote) {
         $votesDto[$vote->answerRef->id] = true;
     }
     $unreadAnswerModel = new UnreadAnswerModel($userId, $project->id->asString(), $questionId);
     $unreadAnswers = $unreadAnswerModel->unreadItems();
     $unreadAnswerModel->markAllRead();
     $unreadAnswerModel->write();
     $unreadCommentModel = new UnreadCommentModel($userId, $project->id->asString(), $questionId);
     $unreadComments = $unreadCommentModel->unreadItems();
     $unreadCommentModel->markAllRead();
     $unreadCommentModel->write();
     $unreadActivityModel = new UnreadActivityModel($userId, $projectId);
     $unreadActivity = $unreadActivityModel->unreadItems();
     $dto = array();
     $dto['question'] = QuestionCommentDtoEncoder::encode($question);
     $dto['votes'] = $votesDto;
     $dto['text'] = JsonEncoder::encode($text);
     $dto['text']['content'] = $usxHelper->toHtml();
     $dto['project'] = JsonEncoder::encode($project);
     $dto['project']['slug'] = $project->databaseName();
     $dto['rights'] = RightsHelper::encode($user, $project);
     $dto['unreadAnswers'] = $unreadAnswers;
     $dto['unreadComments'] = $unreadComments;
     $dto['unreadActivityCount'] = count($unreadActivity);
     return $dto;
 }
 /**
  * @param string $projectId
  * @param string $userId
  * @returns array - the DTO array
  */
 public static function encode($projectId, $userId)
 {
     $userModel = new UserModel($userId);
     $projectModel = new SfchecksProjectModel($projectId);
     $textList = new TextListModel($projectModel);
     $textList->read();
     $list = $projectModel->listUsers();
     $data = array();
     $data['count'] = count($list->entries);
     $data['entries'] = array_values($list->entries);
     // re-index array
     $data['project'] = ProjectSettingsDtoEncoder::encode($projectModel);
     unset($data['project']['users']);
     $data['archivedTexts'] = array();
     foreach ($textList->entries as $entry) {
         $textModel = new TextModel($projectModel, $entry['id']);
         if ($textModel->isArchived) {
             $questionList = $textModel->listQuestionsWithAnswers();
             // Just want count of questions and responses, not whole list
             $entry['questionCount'] = $questionList->count;
             $responseCount = 0;
             // "Responses" = answers + comments
             foreach ($questionList->entries as $q) {
                 foreach ($q['answers'] as $a) {
                     $commentCount = count($a['comments']);
                     $responseCount += $commentCount + 1;
                     // +1 for this answer
                 }
             }
             $entry['responseCount'] = $responseCount;
             $entry['dateModified'] = $textModel->dateModified->asDateTimeInterface()->format(\DateTime::RFC2822);
             $data['archivedTexts'][] = $entry;
         }
     }
     $data['rights'] = RightsHelper::encode($userModel, $projectModel);
     $data['bcs'] = BreadCrumbHelper::encode('settings', $projectModel, null, null);
     return $data;
 }
 /**
  * @param  string                    $projectId
  * @param  string                    $userId
  * @param  \libraries\shared\Website $website
  * @param  string                    $commentId
  * @param  string                    $replyId
  * @throws \Exception
  */
 public static function deleteReply($projectId, $userId, $website, $commentId, $replyId)
 {
     // if the userId is different from the author, throw if user does not have DELETE privilege
     $project = new LexiconProjectModel($projectId);
     $comment = new LexCommentModel($project, $commentId);
     $reply = $comment->getReply($replyId);
     if ($reply->authorInfo->createdByUserRef->asString() != $userId) {
         // if the userId is different from the author, throw if user does not have DELETE privilege
         $rh = new RightsHelper($userId, $project, $website);
         if (!$rh->userHasProjectRight(Domain::COMMENTS + Operation::DELETE)) {
             throw new \Exception("No permission to delete other people's comment replies!");
         }
     }
     $comment->deleteReply($replyId);
     $comment->write();
 }
 /**
  * @param string $projectId
  * @param string $userId
  * @returns array - the DTO array
  * @throws ResourceNotAvailableException
  */
 public static function encode($projectId, $userId)
 {
     $user = new UserModel($userId);
     $project = new SfchecksProjectModel($projectId);
     if ($project->isArchived && $project->users[$userId]->role != ProjectRoles::MANAGER) {
         throw new ResourceNotAvailableException("This Project is no longer available. If this is incorrect contact your project manager.");
     }
     $textList = new TextListModel($project);
     $textList->read();
     $data = array();
     $data['rights'] = RightsHelper::encode($user, $project);
     $data['project'] = array('name' => $project->projectName, 'id' => $projectId);
     if ($project->isArchived) {
         $data['project']['name'] .= " [ARCHIVED]";
     }
     $data['texts'] = array();
     foreach ($textList->entries as $entry) {
         $text = new TextModel($project, $entry['id']);
         if (!$text->isArchived) {
             $questionList = $text->listQuestionsWithAnswers();
             // Just want count of questions and responses, not whole list
             $entry['questionCount'] = 0;
             $responseCount = 0;
             // "Responses" = answers + comments
             foreach ($questionList->entries as $q) {
                 $question = new QuestionModel($project, $q['id']);
                 if (!$question->isArchived) {
                     $entry['questionCount']++;
                     foreach ($q['answers'] as $a) {
                         $commentCount = count($a['comments']);
                         $responseCount += $commentCount + 1;
                         // +1 for this answer
                     }
                 }
             }
             $entry['responseCount'] = $responseCount;
             $entry['dateCreated'] = $text->dateCreated->asDateTimeInterface()->format(\DateTime::RFC2822);
             $data['texts'][] = $entry;
         }
     }
     // sort Texts with newest at the top
     usort($data['texts'], function ($a, $b) {
         $sortOn = 'dateCreated';
         if (array_key_exists($sortOn, $a) && array_key_exists($sortOn, $b)) {
             return strtotime($a[$sortOn]) < strtotime($b[$sortOn]) ? 1 : -1;
         } else {
             return 0;
         }
     });
     // future support for members
     $data['members'] = array();
     // unread activity count
     $unreadActivity = new UnreadActivityModel($userId, $projectId);
     $unreadItems = $unreadActivity->unreadItems();
     $data['activityUnreadCount'] = count($unreadItems);
     // unread broadcast messages
     $unreadMessages = new UnreadMessageModel($userId, $projectId);
     $messageIds = $unreadMessages->unreadItems();
     $messages = array();
     foreach ($messageIds as $messageId) {
         $message = new MessageModel($project, $messageId);
         $messages[] = array('id' => $message->id->asString(), 'subject' => $message->subject, 'content' => $message->content);
     }
     $data['broadcastMessages'] = $messages;
     return $data;
 }
Пример #10
0
 public function checkPermissions($methodName, $params)
 {
     if (!self::isAnonymousMethod($methodName)) {
         if (!$this->userId) {
             throw new UserNotAuthenticatedException("Your session has timed out.  Please login again.");
         }
         try {
             $projectModel = ProjectModel::getById($this->projectId);
         } catch (\Exception $e) {
             $projectModel = null;
         }
         $rightsHelper = new RightsHelper($this->userId, $projectModel, $this->website);
         if (!$rightsHelper->userCanAccessMethod($methodName, $params)) {
             throw new UserUnauthorizedException("Insufficient privileges accessing API method '{$methodName}'");
         }
     }
 }