/** * Authorize current user * * @param mixed $idx Index value * @return array */ private function _authorize() { // NOT logged in if (User::isGuest()) { // If the resource is published and public if ($this->published() && ($this->resource->access == 0 || $this->resource->access == 3)) { // Allow view access $this->params->set('access-view-resource', true); if ($this->resource->access == 0) { $this->params->set('access-view-all-resource', true); } } $this->_authorized = true; return; } if ($this->isTool()) { $tconfig = Component::params('com_tools'); if ($admingroup = trim($tconfig->get('admingroup', ''))) { // Check if they're a member of admin group $ugs = \Hubzero\User\Helper::getGroups(User::get('id')); if ($ugs && count($ugs) > 0) { $admingroup = strtolower($admingroup); foreach ($ugs as $ug) { if (strtolower($ug->cn) == $admingroup) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-admin-resource', true); $this->params->set('access-manage-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); break; } } } } if (!$this->params->get('access-admin-resource') && !$this->params->get('access-manage-resource')) { // If logged in and resource is published and public or registered if ($this->published() && ($this->resource->access == 0 || $this->resource->access == 1)) { // Allow view access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } if ($this->resource->group_owner) { // For protected resources, make sure users can see abstract if ($this->resource->access < 3) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } else { if ($this->resource->access == 3) { $this->params->set('access-view-resource', true); } } // Get the groups the user has access to $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'all'); $usersgroups = array(); if (!empty($xgroups)) { foreach ($xgroups as $group) { if ($group->regconfirmed) { $usersgroups[] = $group->cn; } } } // Get the groups that can access this resource $allowedgroups = $this->resource->getGroups(); // Find what groups the user has in common with the resource, if any $common = array_intersect($usersgroups, $allowedgroups); // Check if the user is apart of the group that owns the resource // or if they have any groups in common if (in_array($this->resource->group_owner, $usersgroups) || count($common) > 0) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } } $obj = new \Components\Tools\Tables\Tool($this->_db); $obj->loadFromName($this->resource->alias); // check if user in tool dev team if ($developers = $obj->getToolDevelopers($obj->id)) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); } } } } $this->_authorized = true; return; } else { // Check if they're a site admin (from Joomla) $this->params->set('access-admin-resource', User::authorise('core.admin', null)); $this->params->set('access-manage-resource', User::authorise('core.manage', null)); if ($this->params->get('access-admin-resource') || $this->params->get('access-manage-resource')) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); $this->_authorized = true; return; } // If they're not an admin // If logged in and resource is published and public or registered if ($this->published() && ($this->resource->access == 0 || $this->resource->access == 1)) { // Allow view access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } // Check if they're the resource creator if ($this->resource->created_by == User::get('id')) { // Give full access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); } else { if (in_array(User::get('id'), $this->contributors('id'))) { // Give full access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); } else { if ($this->resource->group_owner) { // For protected resources, make sure users can see abstract if ($this->resource->access < 3) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } else { if ($this->resource->access == 3) { $this->params->set('access-view-resource', true); } } // Get the groups the user has access to $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'all'); $usersgroups = array(); if (!empty($xgroups)) { foreach ($xgroups as $group) { if ($group->regconfirmed) { $usersgroups[] = $group->cn; } } } // Get the groups that can access this resource $allowedgroups = $this->resource->getGroups(); // Find what groups the user has in common with the resource, if any $common = array_intersect($usersgroups, $allowedgroups); // Check if the user is apart of the group that owns the resource // or if they have any groups in common if (in_array($this->resource->group_owner, $usersgroups) || count($common) > 0) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); // if (!empty($xgroups)) // { // foreach ($xgroups as $group) // { // if ($this->resource->group_owner == $group->cn && $group->manager) // { // $this->params->set('access-delete-resource', true); // $this->params->set('access-edit-resource', true); // $this->params->set('access-edit-state-resource', true); // $this->params->set('access-edit-own-resource', true); // break; // } // } // } } } else { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } } } } $this->_authorized = true; }
/** * Check if user has access * * @param integer $toolid Tool ID * @param boolean $allowAuthors Allow tool authors? * @return boolean True if user has access, False if not */ private function _checkAccess($toolid, $allowAuthors = false) { // Create a Tool object $obj = new \Components\Tools\Tables\Tool($this->database); // allow to view if admin if ($this->config->get('access-manage-component')) { return true; } // check if user in tool dev team if ($developers = $obj->getToolDevelopers($toolid)) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { return true; } } } // allow access to tool authors if ($allowAuthors) { // Nothing here? } return false; }
/** * Check if a user has access to a tool * * @param integer $toolid Tool ID * @return boolean True if user has access, false if not */ private function _checkToolaccess($toolid) { // Check if they're a site admin if (User::authorize($this->_option, 'manage')) { return true; } // Create a Tool object $obj = new \Components\Tools\Tables\Tool($this->database); // check if user in tool dev team $developers = $obj->getToolDevelopers($toolid); if ($developers) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { return true; } } } return false; }
/** * Display a list of authors * * @param integer $id Resource ID * @return void */ public function displayTask($id = null) { // Incoming if (!$id) { $id = Request::getInt('rid', 0); } // Ensure we have an ID to work with if (!$id) { App::abort(500, Lang::txt('COM_TOOLS_CONTRIBUTE_NO_ID')); } $this->view->version = Request::getVar('version', 'dev'); // Get all contributors of this resource $helper = new \Components\Resources\Helpers\Helper($id, $this->database); if ($this->view->version == 'dev') { $helper->getCons(); } else { $obj = new \Components\Tools\Tables\Tool($this->database); $toolname = $obj->getToolnameFromResource($id); $objV = new \Components\Tools\Tables\Version($this->database); $revision = $objV->getCurrentVersionProperty($toolname, 'revision'); $helper->getToolAuthors($toolname, $revision); } // Get a list of all existing contributors include_once PATH_CORE . DS . 'components' . DS . 'com_resources' . DS . 'tables' . DS . 'contributor' . DS . 'roletype.php'; $resource = new \Components\Resources\Tables\Resource($this->database); $resource->load($id); $rt = new \Components\Resources\Tables\Contributor\RoleType($this->database); // Output HTML $this->view->config = $this->config; $this->view->contributors = $helper->_contributors; $this->view->id = $id; $this->view->roles = $rt->getRolesForType($resource->type); $this->view->setErrors($this->getErrors())->setLayout('display')->display(); }
/** * Finalize a tool * * @param string &$out Output messages container * @return boolean True on success, False if errors */ protected function _finalizeTool(&$out = '') { Log::debug("finalizeTool(): checkpoint 1"); if (!$this->_toolid) { return false; } // We need to make sure we don't prepend with PATH_APP if we already have a root-relative path $tarball_path = $this->config->get('sourcecodePath', 'site/protected/source'); if (substr($tarball_path, 0, 1) != DS) { $tarball_path = PATH_APP . DS . trim($this->config->get('sourcecodePath', 'site/protected/source'), DS); } Log::debug("finalizeTool(): checkpoint 2"); // Create a Tool object $obj = new \Components\Tools\Tables\Tool($this->database); $obj->getToolStatus($this->_toolid, $this->_option, $status, 'dev'); if (count($status) > 0) { // Make sure the path exist if (!is_dir('/tmp')) { if (!Filesystem::makeDirectory('/tmp')) { $out .= Lang::txt('COM_TOOLS_ERR_UNABLE_TO_CREATE_PATH') . ' /tmp'; return false; } } $token = md5(uniqid()); $fname = '/tmp/license' . $this->_toolid . '-r' . $status['revision'] . '-' . $token . '.txt'; $handle = fopen($fname, "w"); fwrite($handle, $status['license']); fclose($handle); chmod($fname, 0664); $command = '/usr/bin/sudo -u apps /usr/bin/finalizetool -hubdir ' . PATH_CORE . '/../ -title "' . $status['title'] . '" -version "' . $status['version'] . '" -license ' . $fname . ' ' . $status['toolname']; Log::debug("finalizeTool(): checkpoint 3: {$command}"); if (!$this->_invokescript($command, Lang::txt('COM_TOOLS_NOTICE_VERSION_FINALIZED'))) { $out .= " invoke script failure"; unlink($fname); return false; } unlink($fname); if ($this->getError()) { $out .= " invoke script failure"; return false; } // get tarball $tar = explode("source tarball: /tmp/", $this->getMessage()); $tar = $tar[1]; $file_path = $tarball_path . DS . $status['toolname']; // Make sure the upload path exist if (!is_dir($file_path)) { if (!Filesystem::makeDirectory($file_path)) { Log::debug("findalizeTool(): failed to create tarball path {$file_path}"); $out .= Lang::txt('COM_TOOLS_ERR_UNABLE_TO_CREATE_TAR_PATH'); return false; } } Log::debug("finalizeTool(): checkpoint 4: " . DS . 'tmp' . DS . $tar . " to " . $file_path . '/' . $tar); if (!@copy(DS . 'tmp' . DS . $tar, $file_path . '/' . $tar)) { $out .= " failed to copy {$tar} to {$file_path}"; Log::debug("findalizeTool(): failed tarball copy"); return false; } else { Log::debug("findalizeTool(): deleting tmp files"); exec('sudo -u apps rm -f /tmp/' . $tar, $out, $result); } return true; } else { $out = Lang::txt('COM_TOOLS_ERR_CANNOT_RETRIEVE'); return false; } return true; }