function testAllUsersCreateSiteByDefault() { $user = new UserAccountModel(); $user->setEmail("*****@*****.**"); $user->setUsername("test"); $user->setPassword("password"); $userRepo = new UserAccountRepository(); $userRepo->create($user); $userRepo->verifyEmail($user); // reload user object so all flags set correctly $user = $userRepo->loadByUserName("test"); $extensionsManager = new ExtensionManager($this->app); $userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager); ## user can create sites, anon can't! $permissions = $userPerRepo->getPermissionsForUserInIndex(null, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex(null, true); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($user, false); $this->assertEquals(1, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($user, true); $this->assertEquals(0, count($permissions->getPermissions())); }
function testSpecificUsersCreateSite() { $user = new UserAccountModel(); $user->setEmail("*****@*****.**"); $user->setUsername("test"); $user->setPassword("password"); $userOther = new UserAccountModel(); $userOther->setEmail("*****@*****.**"); $userOther->setUsername("other"); $userOther->setPassword("password"); $userRepo = new UserAccountRepository(); $userRepo->create($user); $userRepo->verifyEmail($user); $userRepo->create($userOther); $userRepo->verifyEmail($userOther); // reload user object so all flags set correctly $userOther = $userRepo->loadByUserName($userOther->getUsername()); $user = $userRepo->loadByUserName("test"); $extensionsManager = new ExtensionManager($this->app); $userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager); ## Noone can create sites $permissions = $userPerRepo->getPermissionsForUserInIndex(null); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($user); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($userOther); $this->assertEquals(0, count($permissions->getPermissions())); ## Now create user group for all users $userGroupModel = new \models\UserGroupModel(); $userGroupModel->setTitle("TITLE"); $userGroupRepo = new \repositories\UserGroupRepository(); $userGroupRepo->createForIndex($userGroupModel); $userGroupRepo->addUserToGroup($user, $userGroupModel); $userGroupRepo->addPermissionToGroup(new \userpermissions\CreateSiteUserPermission(), $userGroupModel, null); ## Now user can create sites, anon can't! $permissions = $userPerRepo->getPermissionsForUserInIndex(null, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex(null, true); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($user, false); $this->assertEquals(1, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($user, true); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($userOther, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInIndex($userOther, true); $this->assertEquals(0, count($permissions->getPermissions())); }
$timezone = ""; if (isset($_GET['mytimezone']) && in_array($_GET['mytimezone'], $timezones)) { setcookie("siteIndextimezone", $_GET['mytimezone'], time() + 60 * 60 * 24 * 365, '/', $CONFIG->webCommonSessionDomain, false, false); $timezone = $_GET['mytimezone']; } else { if (isset($_COOKIE["siteIndextimezone"]) && in_array($_COOKIE["siteIndextimezone"], $timezones)) { $timezone = $_COOKIE["siteIndextimezone"]; } else { $timezone = 'Europe/London'; } } $app['twig']->addGlobal('currentTimeZone', $timezone); $app['twig']->addGlobal('allowedTimeZones', $timezones); $app['currentTimeZone'] = $timezone; # ////////////// Permissions $userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']); $app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInIndex($app['currentUser'], false, true); $app['twig']->addGlobal('actionCreateSite', $app['currentUserPermissions']->hasPermission("org.openacalendar", "CREATE_SITE")); }); $permissionCreateSiteRequired = function (Request $request, Application $app) { global $CONFIG; if (!$app['currentUserPermissions']->hasPermission("org.openacalendar", "CREATE_SITE")) { return new RedirectResponse($CONFIG->getWebIndexDomainSecure() . '/you/login'); } }; $appUserRequired = function (Request $request) use($app) { global $CONFIG; if (!$app['currentUser']) { return new RedirectResponse($CONFIG->getWebIndexDomainSecure() . '/you/login'); } };
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 30 * 60)); $data = array(); // TODO would like to depreceate httpDomain and get scripts to just use httpDomainIndex & httpDomainSite for clarity $data['httpDomain'] = $site->getSlug() . "." . $CONFIG->webSiteDomain; $data['httpDomainIndex'] = $CONFIG->webIndexDomain; if ($CONFIG->hasSSL) { $data['hasSSL'] = true; $data['httpsDomain'] = $site->getSlug() . "." . $CONFIG->webSiteDomainSSL; $data['httpsDomainIndex'] = $CONFIG->webIndexDomainSSL; } else { $data['hasSSL'] = false; } $data['twitter'] = $CONFIG->contactTwitter; $data['isSingleSiteMode'] = false; $user = userGetCurrent(); if ($user) { $data['currentUser'] = array('username' => $user->getUsername()); } else { $data['currentUser'] = false; } $removeEditorPermissions = false; $userHasNoEditorPermissionsInSiteRepo = new UserHasNoEditorPermissionsInSiteRepository(); if ($app['currentUser'] && $userHasNoEditorPermissionsInSiteRepo->isUserInSite($app['currentUser'], $site)) { $removeEditorPermissions = true; } $userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']); $currentUserPermissions = $userPermissionsRepo->getPermissionsForUserInSite($user, $site, $removeEditorPermissions, true); $data['currentUserPermissions'] = $currentUserPermissions->getAsArrayForJSON(); print "var config = " . json_encode($data); } }
if ($apiapp && !$apiapp->getIsClosedBySysAdmin()) { $app['apiApp'] = $apiapp; $app['userAgent']->setApi2ApplicationId($apiapp->getId()); // User Token $userTokenRepo = new API2ApplicationUserTokenRepository(); if ($data['user_token']) { $app['apiUserToken'] = $userTokenRepo->loadByAppAndUserTokenAndUserSecret($apiapp, $data['user_token'], $data['user_secret']); if ($app['apiUserToken']) { // User $userRepo = new UserAccountRepository(); $app['apiUser'] = $userRepo->loadByID($app['apiUserToken']->getUserId()); } } } // user permissons $userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']); // if app is not editor or token is not editor, remove edit permissions $removeEditPermissions = $app['apiApp'] && !$app['apiApp']->getIsEditor() || $app['apiUserToken'] && !$app['apiUserToken']->getIsEditor(); $app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInSite($app['apiUser'], $app['currentSite'], $removeEditPermissions, true); // finally user actions $app['currentUserActions'] = new UserActionsSiteList($app['currentSite'], $app['currentUserPermissions']); }); $appUserRequired = function (Request $request) use($app) { if (!$app['apiUser']) { // TODO also if app closed die("ERROR"); // TODO something better } }; $appUserPermissionCalendarChangeRequired = function (Request $request) use($app) { if (!$app['apiUser']) {
$app['twig']->addGlobal('currentSite', $site); $app['currentSite'] = $site; # ////////////// Site closed if ($app['currentSite']->getIsClosedBySysAdmin()) { $app['twig']->addGlobal('currentUserInSite', null); $app['twig']->addGlobal('currentUserCanAdminSite', false); $app['twig']->addGlobal('currentUserCanEditSite', false); return new Response($app['twig']->render('site/closed_by_sys_admin.html.twig', array())); } # ////////////// Features $siteFeaturesRepo = new repositories\SiteFeatureRepository($app); $app['currentSiteFeatures'] = new SiteFeaturesList($siteFeaturesRepo->getForSiteAsTree($app['currentSite'])); $app['twig']->addGlobal('currentSiteFeatures', $app['currentSiteFeatures']); $app['currentSiteFeatures']->setFeaturesOnSite($app['currentSite']); # ////////////// Permissions and Watch $userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']); // We do not check UserHasNoEditorPermissionsInSiteRepository(); because that is site mode only. // In Single Site mode sysadmins can remove this right. $app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInSite($app['currentUser'], $app['currentSite'], false, true); # ////////////// User and their watch and perms $app['currentUserActions'] = new UserActionsSiteList($app['currentSite'], $app['currentUserPermissions']); $app['currentUserWatchesSite'] = false; if ($app['currentUser']) { $uwsr = new UserWatchesSiteRepository(); $uws = $uwsr->loadByUserAndSite($app['currentUser'], $app['currentSite']); $app['currentUserWatchesSite'] = $uws && $uws->getIsWatching(); } $app['twig']->addGlobal('currentUserActions', $app['currentUserActions']); $app['twig']->addGlobal('currentUserWatchesSite', $app['currentUserWatchesSite']); # ////////////// if not current user, let templates see what currentUser could do if (!$app['currentUser']) {
function testSiteOwnerSpecificEdit() { global $CONFIG; $CONFIG->newUsersAreEditors = true; $this->addCountriesToTestDB(); $userOwner = new UserAccountModel(); $userOwner->setEmail("*****@*****.**"); $userOwner->setUsername("test"); $userOwner->setPassword("password"); $userVerified = new UserAccountModel(); $userVerified->setEmail("*****@*****.**"); $userVerified->setUsername("verified"); $userVerified->setPassword("password"); $userUnverified = new UserAccountModel(); $userUnverified->setEmail("*****@*****.**"); $userUnverified->setUsername("unverified"); $userUnverified->setPassword("password"); $userRepo = new UserAccountRepository(); $userRepo->create($userOwner); $userRepo->verifyEmail($userOwner); $userRepo->create($userVerified); $userRepo->verifyEmail($userVerified); $userRepo->create($userUnverified); // reload user object so all flags set correctly $userOwner = $userRepo->loadByUserName($userOwner->getUsername()); $userVerified = $userRepo->loadByUserName($userVerified->getUsername()); $userUnverified = $userRepo->loadByUserName($userUnverified->getUsername()); $extensionsManager = new ExtensionManager($this->app); $userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager); $siteModel = new \models\SiteModel(); $siteModel->setTitle("Test"); $siteModel->setSlug("test"); $siteRepository = new \repositories\SiteRepository(); $countryRepository = new \repositories\CountryRepository(); $siteRepository->create($siteModel, $userOwner, array($countryRepository->loadByTwoCharCode("GB")), $this->getSiteQuotaUsedForTesting(), false); ## Check! $extensionsManager = new ExtensionManager($this->app); $userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager); $permissions = $userPerRepo->getPermissionsForUserInSite($userOwner, $siteModel, false); $this->assertEquals(2, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInSite($userOwner, $siteModel, true); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInSite($userVerified, $siteModel, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInSite($userVerified, $siteModel, true); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInSite($userUnverified, $siteModel, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForUserInSite($userUnverified, $siteModel, true); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForAnonymousInSite($siteModel, false, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForAnyUserInSite($siteModel, false, false); $this->assertEquals(0, count($permissions->getPermissions())); $permissions = $userPerRepo->getPermissionsForAnyVerifiedUserInSite($siteModel, false, false); $this->assertEquals(0, count($permissions->getPermissions())); }