Пример #1
0
 /**
  * Changes the password for the logged in user.
  * 
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Web\AccessControl\Entity\User $user
  */
 protected function saveUser(WebRequest $request, User $user)
 {
     $formValues = $this->layout->getFormValues();
     // Set the username
     $user->setName($formValues['required-data.username']);
     // Set the password to a new user or if the user has changed the password
     if ($user->isNew() || $formValues['required-data.password'] != '') {
         $user->setNewPassword($formValues['required-data.password']);
     }
     // Set the optional data
     $user->setMetaData('email', $formValues['optional-data.email']);
     $user->setMetaData('location', $formValues['optional-data.location']);
     $user->setMetaData('website', $formValues['optional-data.website']);
     $user->setMetaData('twitter', $formValues['optional-data.twitter']);
     $user->setMetaData('biography', $formValues['optional-data.biography']);
     // Save the user
     if ($user->isNew()) {
         $user = $this->userManager->addUser($user);
     } else {
         $this->userManager->updateUser($user);
     }
     if ($user === false) {
         return false;
     }
     // Save the access levels
     $this->accessControlManager->updatePermissions($user, $formValues['access-levels'], $request->getSession()->getUser());
     return true;
 }
Пример #2
0
 /**
  * Authorizes the user with his username and password. Initializes
  * the user session if the user data are valid.
  * 
  * @access protected
  * @param \Zepi\Web\UserInterface\Form\Form $registrationForm
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\RequestAbstract $request
  * @param \Zepi\Turbo\Response\Response $response
  * @return string|boolean
  */
 protected function createUser(Form $registrationForm, Framework $framework, RequestAbstract $request, Response $response)
 {
     $group = $registrationForm->searchPartByKeyAndType('user-data');
     $username = trim($group->getPart('username')->getValue());
     $email = trim($group->getPart('email')->getValue());
     $password = trim($group->getPart('password')->getValue());
     $tos = $group->getPart('tos-accepted')->getValue();
     $result = $this->validateData($framework, $username, $email, $password, $tos);
     // If the validate function returned a string there was an error in the validation.
     if ($result !== true) {
         return $result;
     }
     // Create the new user
     $user = new User('', '', $username, '', array('email' => $email));
     $user->setNewPassword($password);
     // Generate an activation code
     $activationToken = uniqid(md5($email), true);
     $user->setMetaData('activationToken', $activationToken);
     $user = $this->userManager->addUser($user);
     // Add the disabled access level
     $this->accessControlManager->grantPermission($user->getUuid(), '\\Zepi\\Web\\AccessControl\\Entity\\User', '\\Global\\Disabled', 'Registration');
     // Send the registration mail
     $activationLink = $request->getFullRoute('/activate/' . $user->getUuid() . '/' . $activationToken . '/');
     $this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('Your registration', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\Registration', array('user' => $user, 'activationLink' => $activationLink)));
     return true;
 }
Пример #3
0
 /**
  * Replaces all group access levels with the permissions of the group
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\RequestAbstract $request
  * @param \Zepi\Turbo\Response\Response $response
  * @param mixed $value
  * @return mixed
  */
 public function execute(Framework $framework, RequestAbstract $request, Response $response, $value = null)
 {
     $permissions = array();
     foreach ($value as $accessLevel) {
         $parts = explode('\\', $accessLevel);
         if ($parts[1] === 'Group' && count($parts) === 3) {
             $uuid = $parts[2];
             $groupPermissions = $this->accessControlManager->getPermissionsForUuid($uuid);
             if ($groupPermissions !== false) {
                 foreach ($groupPermissions as $groupPermission) {
                     $permissions[] = $groupPermission;
                 }
             }
         } else {
             $permissions[] = $accessLevel;
         }
     }
     $permissions = array_unique($permissions);
     return $permissions;
 }
Пример #4
0
 /**
  * Returns true if the given group uuid has a permission 
  * for the given modified group uuid.
  * 
  * @param string $modifiedUuid
  * @param string $groupUuid
  * @return boolean
  */
 protected function hasPermissionForModifiedGroup($modifiedUuid, $groupUuid)
 {
     $permissions = $this->accessControlManager->getPermissionsRawForUuid($groupUuid);
     if ($permissions === false) {
         return false;
     }
     foreach ($permissions as $permission) {
         $result = $this->hasGroupLoop($permission, $modifiedUuid);
         if ($result === true) {
             return true;
         }
     }
 }
Пример #5
0
 /**
  * Generates the layout
  *
  * @return \Zepi\Web\UserInterface\Layout\AbstractContainer
  * 
  * @throws \Zepi\Web\AccessControl\Exception Group is not set.
  */
 protected function generateLayout()
 {
     if ($this->group === null) {
         throw new Exception('Group is not set.');
     }
     $request = $this->framework->getRequest();
     $accessLevelSelectorItems = $this->accessLevelHelper->transformAccessLevels($this->accessLevelManager->getAccessLevels(), $request->getSession()->getUser(), $this->group);
     $rawPermissionsForUuid = $this->accessControlManager->getPermissionsRawForUuid($this->group->getUuid());
     if ($rawPermissionsForUuid === false) {
         $rawPermissionsForUuid = array();
     }
     $page = new Page(array(new Form('edit-group', $request->getFullRoute(), 'post', array(new ErrorBox('edit-group-errors'), new Tabs(array(new Tab(array(new Row(array(new Column(array(new Group('required-data', $this->translate('Required data', '\\Zepi\\Web\\AccessControl'), array(new Text('groupname', $this->translate('Group name', '\\Zepi\\Web\\AccessControl'), true, $this->group->getName(), $this->translate('The group name must be unique. Only one group can use a group name.', '\\Zepi\\Web\\AccessControl'))), 1)), array('col-md-6')), new Column(array(new Group('optional-data', $this->translate('Optional data', '\\Zepi\\Web\\AccessControl'), array(new Textarea('description', $this->translate('Description', '\\Zepi\\Web\\AccessControl'), false, $this->group->getMetaData('description'))), 2)), array('col-md-6'))))), array(), 'group-tab', $this->translate('Group informations', '\\Zepi\\Web\\AccessControl')), new Tab(array(new Selector('access-levels', $this->translate('Access Level Selector', '\\Zepi\\Web\\AccessControl'), false, $rawPermissionsForUuid, $accessLevelSelectorItems, $this->translate('Available Access Levels', '\\Zepi\\Web\\AccessControl'), $this->translate('Granted Access Levels', '\\Zepi\\Web\\AccessControl'), '\\Zepi\\Web\\AccessControl\\Templates\\Form\\Snippet\\AccessLevel')), array(), 'access-tab', $this->translate('Permissions', '\\Zepi\\Web\\AccessControl')))), new Row(array(new Column(array(new ButtonGroup('buttons-left', array(new Button('back', $this->translate('Back', '\\Zepi\\Web\\AccessControl'), array('btn-default'), '', 'a', $request->getFullRoute('/administration/groups/'))), 1000, array('text-left'))), array('col-md-4')), new Column(array(new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Save', '\\Zepi\\Web\\AccessControl'), array('btn-large', 'btn-primary'), 'mdi mdi-save')), 1000)), array('col-md-4'))))))));
     return $page;
 }
Пример #6
0
 /**
  * Activates the user or returns an error message
  * 
  * @access protected
  * @param string $uuid
  * @param string $activationToken
  * @return array
  */
 protected function activateUser($uuid, $activationToken)
 {
     // Check the uuid
     if (!$this->userManager->hasUserForUuid($uuid)) {
         return array('result' => false, 'message' => $this->translate('Account with the given UUID does not exist.', '\\Zepi\\Web\\AccessControl'));
     }
     // Compare the activation token
     $user = $this->userManager->getUserForUuid($uuid);
     if ($user->getMetaData('activationToken') !== $activationToken) {
         return array('result' => false, 'message' => $this->translate('The given activation token is not valid.', '\\Zepi\\Web\\AccessControl'));
     }
     // Remove the disabled access level
     $this->accessControlManager->revokePermission($uuid, get_class($user), '\\Global\\Disabled');
     $this->accessControlManager->grantPermission($uuid, get_class($user), '\\Global\\Active', 'Activation');
     return array('result' => true, 'message' => $this->translate('Your account was activated successfully.', '\\Zepi\\Web\\AccessControl'));
 }
Пример #7
0
 /**
  * Execute the installation the access control module
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\CliRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, CliRequest $request, Response $response)
 {
     // Execute the installer only if there are no users
     $dataRequest = new \Zepi\DataSource\Core\Entity\DataRequest(1, 0, 'name', 'ASC');
     if ($this->userManager->count($dataRequest) > 0) {
         return;
     }
     $username = '';
     while ($username === '') {
         $username = trim($this->cliHelper->inputText('Please enter the username for the super-admin user:'******'';
     while ($password === '') {
         $password = trim($this->cliHelper->inputText('Please enter the password for the super-admin user:'******'', '', $username, '', array());
     $user->setNewPassword($password);
     // Save the super-admin user
     $user = $this->userManager->addUser($user);
     // Add the super-admin access level
     $this->accessControlManager->grantPermission($user->getUuid(), '\\Zepi\\Web\\AccessControl\\Entity\\User', '\\Global\\*', 'CLI');
 }
Пример #8
0
 /**
  * Returns the entity for the given id. Returns false if
  * there is no entity for the given id.
  *
  * @param integer $entityId
  * @return false|mixed
  */
 public function get($entityId)
 {
     return $this->accessControlManager->get(self::ACCESS_ENTITY_TYPE, $entityId);
 }
 /**
  * Revokes all permissions for the given access level key
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\RequestAbstract $request
  * @param \Zepi\Turbo\Response\Response $response
  * @param mixed $value
  * @return mixed
  */
 public function execute(Framework $framework, RequestAbstract $request, Response $response, $value = null)
 {
     // Revoke all permissions for the given access level key
     $this->accessControlManager->revokePermissions($value);
     return $value;
 }