/** * Gestion du type "group" * @param string $pString la chaine de droit à tester * @param CopixUser $pUser l'utilisateur sur lequel on test les droits */ private function _group($pString, $pUser) { $arParts = explode('@', $pString); //on regarde si c'est par caption ou id if (substr($arParts[0], 0, 1) == '[' && substr($arParts[0], -1) == ']') { $byCaption = true; } else { $byCaption = false; } //on regarde si la recherche est limitée à un seul handler if (count($arParts) > 1) { $byHandler = $arParts[1]; } else { $byHandler = null; } foreach ($pUser->getGroups() as $handler => $arGroupForHandler) { foreach ($arGroupForHandler as $groupId => $groupCaption) { if ($byHandler === null || $byHandler === $handler) { if ($byCaption) { if ($arParts[0] == '[' . $groupCaption . ']') { return true; } } else { if ($groupId === $arParts[0]) { return true; } } } } } return false; }
/** * Gestion du type module * * @param string $pString la chaine à tester * @param CopixUser $pUser l'utilisateur dont on teste les droits */ private function _module($pString, $pUser) { $userGroups = $pUser->getGroups(); $mapResourceTypeToRole = array('classroom' => array('teacher'), 'school' => array('teacher_school', 'principal', 'administration_staff', 'schools_group_animator', 'cities_group_animator'), 'city' => array('city_agent'), 'cities_group' => array('cities_group_agent'), '*' => array('teacher', 'teacher_school', 'principal', 'administration_staff', 'city_agent', 'cities_group_agent', 'schools_group_animator', 'cities_group_animator')); // Teste de la ressource parente $module = substr($pString, strrpos($pString, '@') + 1); $credentialParams = explode('|', substr($pString, 0, strrpos($pString, '@'))); // Si le formatage du droit n'est pas bon if (count($credentialParams) != 4 || !isset($mapResourceTypeToRole[$credentialParams[0]])) { return false; } // Pour chaque role intervenant dans la ressource, on test les droits foreach ($mapResourceTypeToRole[$credentialParams[0]] as $role) { // Si l'id de la ressource est précisée => alors recherche ciblée if ($credentialParams[1] != '') { if ($pUser->testCredential('group:' . $role . '_' . $credentialParams[1] . '@gestionautonome|iconitogrouphandler')) { if ($this->_hasCredential($credentialParams[2], $credentialParams[3], $role, $module)) { return true; } } } elseif (isset($userGroups['gestionautonome|iconitogrouphandler'])) { // Recherche générique foreach ($userGroups['gestionautonome|iconitogrouphandler'] as $key => $group) { if (substr($key, 0, strrpos($key, '_')) == $role) { if ($this->_hasCredential($credentialParams[2], $credentialParams[3], $role, $module)) { return true; } } } } } // Récupération du parent if ($credentialParams[1] != '') { $credential = $credentialParams[2] . '|' . $credentialParams[3] . (!is_null($module) ? '@' . $module : ''); switch ($credentialParams[0]) { case 'classroom': $classroomDAO = _ioDAO('kernel|kernel_bu_ecole_classe'); if ($classroom = $classroomDAO->get($credentialParams[1])) { return $this->_module('school|' . $classroom->ecole . '|' . $credential, $pUser); } break; case 'school': $schoolDAO = _ioDAO('kernel|kernel_bu_ecole'); if ($school = $schoolDAO->get($credentialParams[1])) { return $this->_module('city|' . $school->id_ville . '|' . $credential, $pUser); } break; case 'city': $cityDAO = _ioDAO('kernel|kernel_bu_ville'); if ($city = $cityDAO->get($credentialParams[1])) { return $this->_module('cities_group|' . $city->id_grville . '|' . $credential, $pUser); } break; } } return false; }
/** * Gestion du type module * * @param string $pString la chaine à tester * @param CopixUser $pUser l'utilisateur dont on teste les droits */ private function _module($pString, $pUser) { foreach ($pUser->getGroups() as $handler => $arGroupForHandler) { foreach ($arGroupForHandler as $id => $groupCaption) { _classInclude('auth|dbdynamicgrouphandler'); $handlerCredential = new dbDynamicGroupHandler($handler, $id); if ($handlerCredential->isOk($pString)) { return true; } } } return false; }
function CopixDBUser() { parent::CopixUser(); }
/** * @constructor */ function CopixADUser() { parent::CopixUser(); }
/** * Gets the user properties * @return array of CopixUserField */ function getProperties() { $toReturn = parent::getProperties(); $toReturn['login'] =& new CopixUserField('login', 'copix:auth.userField.login', 'string', array(CopixUserField::forList() => 1, CopixUserField::forAdmin() => 1, CopixUserField::forUserUpdate() => 0, CopixUserField::forUser() => 1)); $toReturn['password'] =& new CopixUserField('password', 'copix:auth.userField.password', 'string', array(CopixUserField::forList() => 0, CopixUserField::forAdmin() => 1, CopixUserField::forUserUpdate() => 1, CopixUserField::forUser() => 1)); $toReturn['email'] =& new CopixUserField('email', 'copix:auth.userField.email', 'string', array(CopixUserField::forList() => 1, CopixUserField::forAdmin() => 1, CopixUserField::forUserUpdate() => 1, CopixUserField::forUser() => 1)); return $toReturn; }
/** * @constructor */ function CopixLdapUser() { parent::CopixUser(); }