/** * * @param unknown $queryBuilder */ public function filterCallback($queryBuilder) { $filter = new FilterExtractor($this); // Apply access restriction filters here $user = SessionManager::getInstance()->getCurrentSession()->getUser(); $queryBuilder->andWhere("(q.target = :sessionuser OR q.owner = :sessionuser)"); $queryBuilder->setParameter("sessionuser", $user->getId()); // Apply User filters here if ($filter->has("done") && $filter->get("done") != "") { $queryBuilder->andWhere("q.done = :done"); $queryBuilder->setParameter("done", $filter->get("done")); } }
/** * Logs in the given user. If the login was successful, a session is automatically started. * * @return array The data * @throws InvalidLoginDataException * * @ServiceCall(description="Authenticates a user against the system", * documentation="Authenticates a user and starts a new session upon success.", * returnValues={ * @ServiceReturnValue( * name="username", * type="string:50", * description="The logged in username" * ), * @ServiceReturnValue( * name="sessionid", * type="string:50", * description="The session ID" * ), * @ServiceReturnValue( * name="admin", * type="boolean", * description="True if the logged in user has admin rights" * ), * @ServiceReturnValue( * name="userPreferences", * type="UserPreference[]", * description="An array of UserPreferences" * ) * }, * parameters={ * @ServiceParameter( name="username", * type="string:50", * required=true, * description="The username to authenticate" * ), * @ServiceParameter( name="password", * type="string:32", * required=true, * description="The password, hashed in MD5" * ) * }) * */ public function login() { $this->requireParameter("username"); $this->requireParameter("password"); /* Build a temporary user */ $user = new User(); $user->setRawUsername($this->getParameter("username")); $user->setHashedPassword($this->getParameter("password")); $authenticatedUser = UserManager::getInstance()->authenticate($user); if ($authenticatedUser !== false) { /* Start Session */ $session = SessionManager::getInstance()->startSession($authenticatedUser); $session->getUser()->updateSeen(); $aPreferences = array(); foreach ($session->getUser()->getPreferences() as $result) { $aPreferences[] = $result->serialize(); } return array("sessionid" => $session->getSessionID(), "username" => $this->getParameter("username"), "admin" => $session->getUser()->isAdmin(), "userPreferences" => array("response" => array("data" => $aPreferences))); } else { throw new InvalidLoginDataException(); } }
/* HTTP auth */ if (Configuration::getOption("partkeepr.auth.http", false) === true) { if (!isset($_SERVER["PHP_AUTH_USER"])) { // @todo Redirect to permission denied page die("Permission denied"); } try { $user = User::loadByName($_SERVER['PHP_AUTH_USER']); } catch (\Doctrine\ORM\NoResultException $e) { $user = new User(); $user->setUsername($_SERVER['PHP_AUTH_USER']); $user->setPassword("invalid"); PartKeepr::getEM()->persist($user); PartKeepr::getEM()->flush(); } $session = SessionManager::getInstance()->startSession($user); $aParameters["autoLoginUsername"] = $user->getUsername(); $aParameters["auto_start_session"] = $session->getSessionID(); $aPreferences = array(); foreach ($user->getPreferences() as $result) { $aPreferences[] = $result->serialize(); } $aParameters["userPreferences"] = array("response" => array("data" => $aPreferences)); } \Twig_Autoloader::register(); $loader = new \Twig_Loader_Filesystem(dirname(__FILE__) . '/templates/'); $twig = new \Twig_Environment($loader); /* Information about maximum upload sizes */ $maxPostSize = PartKeepr::getBytesFromHumanReadable(ini_get("post_max_size")); $maxFileSize = PartKeepr::getBytesFromHumanReadable(ini_get("upload_max_filesize")); $aParameters["maxUploadSize"] = min($maxPostSize, $maxFileSize);
public function __construct() { $this->created = new \DateTime(); $this->done = false; $this->owner = SessionManager::getInstance()->getCurrentSession()->getUser(); }
private function authenticateByUsername($username, $password) { /* Build a temporary user */ $user = new User(); $user->setRawUsername($username); $user->setHashedPassword($password); $authenticatedUser = UserManager::getInstance()->authenticate($user); if ($authenticatedUser !== false) { /* Start Session */ $session = SessionManager::getInstance()->startSession($authenticatedUser); return $session->getSessionID(); } else { throw new InvalidLoginDataException(); } }