/** * @param array $schema */ protected static function prepareConfigSchemaField(array &$schema) { $roles = Role::whereIsActive(1)->get(); $roleList = []; foreach ($roles as $role) { $roleList[] = ['label' => $role->name, 'name' => $role->id]; } parent::prepareConfigSchemaField($schema); switch ($schema['name']) { case 'default_role': $schema['type'] = 'picklist'; $schema['values'] = $roleList; $schema['description'] = 'Select a default role for users logging in with this AD/LDAP service type.'; break; case 'host': $schema['description'] = 'The host name for your AD/LDAP server.'; break; case 'base_dn': $schema['label'] = 'Base DN'; $schema['description'] = 'The base DN for your domain.'; break; case 'account_suffix': $schema['description'] = 'The full account suffix for your domain.'; break; } }
/** * Returns role info cached, or reads from db if not present. * Pass in a key to return a portion/index of the cached data. * * @param int $id * @param null|string $key * @param null $default * * @return mixed|null */ public static function getCachedInfo($id, $key = null, $default = null) { $cacheKey = 'role:' . $id; try { $result = \Cache::remember($cacheKey, \Config::get('df.default_cache_ttl'), function () use($id) { $role = Role::with(['role_lookup_by_role_id', 'role_service_access_by_role_id', 'service_by_role_service_access'])->whereId($id)->first(); if (empty($role)) { throw new NotFoundException("Role not found."); } if (!$role->is_active) { throw new ForbiddenException("Role is not active."); } $roleInfo = $role->toArray(); $services = ArrayUtils::get($roleInfo, 'service_by_role_service_access'); unset($roleInfo['service_by_role_service_access']); foreach ($roleInfo['role_service_access_by_role_id'] as $key => $value) { $serviceName = ArrayUtils::findByKeyValue($services, 'id', ArrayUtils::get($value, 'service_id'), 'name'); $component = ArrayUtils::get($value, 'component'); $roleInfo['role_service_access_by_role_id'][$key]['service'] = $serviceName; $roleInfo['role_service_access_by_role_id'][$key]['component'] = trim($component, '/'); } return $roleInfo; }); if (is_null($result)) { return $default; } } catch (ModelNotFoundException $ex) { return $default; } if (is_null($key)) { return $result; } return isset($result[$key]) ? $result[$key] : $default; }
/** * @param array $schema */ protected static function prepareConfigSchemaField(array &$schema) { $roles = Role::whereIsActive(1)->get(); $roleList = []; foreach ($roles as $role) { $roleList[] = ['label' => $role->name, 'name' => $role->id]; } parent::prepareConfigSchemaField($schema); switch ($schema['name']) { case 'default_role': $schema['type'] = 'picklist'; $schema['values'] = $roleList; $schema['description'] = 'Select a default role for users logging in with this OAuth service type.'; break; case 'client_id': $schema['label'] = 'Client ID'; $schema['description'] = 'A public string used by the service to identify your app and to build authorization URLs.'; break; case 'client_secret': $schema['description'] = 'A private string used by the service to authenticate the identity of the application.'; break; case 'redirect_url': $schema['label'] = 'Redirect URL'; $schema['description'] = 'The location the user will be redirected to after a successful login.'; break; case 'icon_class': $schema['description'] = 'The icon to display for this OAuth service.'; break; } }
/** @inheritdoc */ protected static function prepareConfigSchemaField(array &$schema) { $roles = Role::whereIsActive(1)->get(); $roleList = []; foreach ($roles as $role) { $roleList[] = ['label' => $role->name, 'name' => $role->id]; } parent::prepareConfigSchemaField($schema); switch ($schema['name']) { case 'default_role': $schema['type'] = 'picklist'; $schema['values'] = $roleList; $schema['description'] = 'Select a default role for users logging in with this AD/LDAP service type.'; break; case 'host': $schema['description'] = 'The host name for your AD/LDAP server.'; break; case 'base_dn': $schema['label'] = 'Base DN'; $schema['description'] = 'The base DN for your domain.'; break; case 'account_suffix': $schema['description'] = 'The full account suffix for your domain.'; break; case 'map_group_to_role': $schema['description'] = 'Checking this will map your Roles to AD Groups.'; break; case 'username': $schema['description'] = '(Optional) Enter AD administrator username to enable additional features.'; break; case 'password': $schema['description'] = '(Optional) Enter AD administrator password to enable additional features.'; break; } }
public function index() { $uri = static::getURI($_SERVER); $dist = env('DF_INSTALL', ''); if (empty($dist) && false !== stripos(env('DB_DATABASE', ''), 'bitnami')) { $dist = 'Bitnami'; } $appCount = App::all()->count(); $adminCount = User::whereIsSysAdmin(1)->count(); $userCount = User::whereIsSysAdmin(0)->count(); $serviceCount = Service::all()->count(); $roleCount = Role::all()->count(); $status = ["uri" => $uri, "managed" => env('DF_MANAGED', false), "dist" => $dist, "demo" => Environment::isDemoApplication(), "version" => \Config::get('df.version'), "host_os" => PHP_OS, "resources" => ["app" => $appCount, "admin" => $adminCount, "user" => $userCount, "service" => $serviceCount, "role" => $roleCount]]; return ResponseFactory::sendResponse(ResponseFactory::create($status)); }
/** * @param array $schema */ protected static function prepareConfigSchemaField(array &$schema) { parent::prepareConfigSchemaField($schema); $roleList = [['label' => '', 'name' => null]]; $emailSvcList = [['label' => '', 'name' => null]]; $templateList = [['label' => '', 'name' => null]]; switch ($schema['name']) { case 'open_reg_role_id': $roles = Role::whereIsActive(1)->get(); foreach ($roles as $role) { $roleList[] = ['label' => $role->name, 'name' => $role->id]; } $schema['type'] = 'picklist'; $schema['values'] = $roleList; $schema['label'] = 'Open Reg Role'; $schema['description'] = 'Select a role for self registered users.'; break; case 'open_reg_email_service_id': case 'invite_email_service_id': case 'password_email_service_id': $label = substr($schema['label'], 0, strlen($schema['label']) - 11); $services = Service::whereIsActive(1)->whereIn('type', ['aws_ses', 'smtp_email', 'mailgun_email', 'mandrill_email', 'local_email'])->get(); foreach ($services as $service) { $emailSvcList[] = ['label' => $service->label, 'name' => $service->id]; } $schema['type'] = 'picklist'; $schema['values'] = $emailSvcList; $schema['label'] = $label . ' Service'; $schema['description'] = 'Select an Email service for sending out ' . $label . '.'; break; case 'open_reg_email_template_id': case 'invite_email_template_id': case 'password_email_template_id': $label = substr($schema['label'], 0, strlen($schema['label']) - 11); $templates = EmailTemplate::get(); foreach ($templates as $template) { $templateList[] = ['label' => $template->name, 'name' => $template->id]; } $schema['type'] = 'picklist'; $schema['values'] = $templateList; $schema['label'] = $label . ' Template'; $schema['description'] = 'Select an Email template to use for ' . $label . '.'; break; } }
/** * @param Request $request * @param Closure $next * * @return array|mixed|string */ public function handle($request, Closure $next) { // Allow console requests through if (env('DF_IS_VALID_CONSOLE_REQUEST', false)) { return $next($request); } try { static::setExceptions(); if (static::isAccessAllowed()) { return $next($request); } elseif (static::isException($request)) { //API key and/or (non-admin) user logged in, but if access is still not allowed then check for exception case. return $next($request); } else { $apiKey = Session::getApiKey(); $token = Session::getSessionToken(); if (empty($apiKey) && empty($token)) { throw new BadRequestException('Bad request. No token or api key provided.'); } elseif (true === Session::get('token_expired')) { throw new UnauthorizedException(Session::get('token_expired_msg')); } elseif (true === Session::get('token_blacklisted')) { throw new ForbiddenException(Session::get('token_blacklisted_msg')); } elseif (true === Session::get('token_invalid')) { throw new BadRequestException('Invalid token: ' . Session::get('token_invalid_msg'), 401); } else { if (!Role::getCachedInfo(Session::getRoleId(), 'is_active')) { throw new ForbiddenException("Role is not active."); } elseif (!Session::isAuthenticated()) { throw new UnauthorizedException('Unauthorized.'); } else { throw new ForbiddenException('Access Forbidden.'); } } } } catch (\Exception $e) { return ResponseFactory::getException($e, $request); } }
public static function setSessionData($appId = null, $userId = null) { $appInfo = $appId ? App::getCachedInfo($appId) : null; $userInfo = $userId ? User::getCachedInfo($userId) : null; $roleId = null; if (!empty($userId) && !empty($appId)) { $roleId = static::getRoleIdByAppIdAndUserId($appId, $userId); } if (empty($roleId) && !empty($appInfo)) { $roleId = ArrayUtils::get($appInfo, 'role_id'); } Session::setUserInfo($userInfo); Session::put('app.id', $appId); $roleInfo = $roleId ? Role::getCachedInfo($roleId) : null; if (!empty($roleInfo)) { Session::put('role.id', $roleId); Session::put('role.name', $roleInfo['name']); Session::put('role.services', $roleInfo['role_service_access_by_role_id']); } $systemLookup = Lookup::getCachedLookups(); $systemLookup = !empty($systemLookup) ? $systemLookup : []; $appLookup = !empty($appInfo['app_lookup_by_app_id']) ? $appInfo['app_lookup_by_app_id'] : []; $roleLookup = !empty($roleInfo['role_lookup_by_role_id']) ? $roleInfo['role_lookup_by_role_id'] : []; $userLookup = !empty($userInfo['user_lookup_by_user_id']) ? $userInfo['user_lookup_by_user_id'] : []; $combinedLookup = LookupKey::combineLookups($systemLookup, $appLookup, $roleLookup, $userLookup); Session::put('lookup', ArrayUtils::get($combinedLookup, 'lookup')); Session::put('lookup_secret', ArrayUtils::get($combinedLookup, 'lookup_secret')); }
public function tearDown() { User::whereEmail('*****@*****.**')->delete(); Role::whereName('test_role')->delete(); App::whereId(1)->update(['role_id' => null]); }
/** * Generates the role data array using the role model. * * @param Role $role * * @return array */ protected static function getRoleData(Role $role) { $rsa = $role->getRoleServiceAccess(); $roleData = ['name' => $role->name, 'id' => $role->id, 'services' => $rsa]; return $roleData; }