/** * creates a new access group controller * @return AccessGroupController AccessGroupController instance */ public static function create() { //check, if an AccessGroupController instance already exists if (AccessGroupController::$accessGroupController == null) { AccessGroupController::$accessGroupController = new AccessGroupController(); } return AccessGroupController::$accessGroupController; }
/** * Ask for authorisation * @param $accessgroup accessgroup of the user * @param $applicationpart part of the application the user wants access * @return access permissions for the application part * 0 = no access, 1 = readonly, 2 = read/write */ public function authorise($accessgroup, $applicationpart) { $accessGroupController = AccessGroupController::create(); /* * setup array with possible application parts. * Example: objects/router => objects/router, objects, default */ $applicationparts = array(); $applicationparts[] = "default"; $applicationparts[] = $applicationpart; while (strrpos($applicationpart, '/') !== FALSE) { $newlength = strrpos($applicationpart, '/'); $applicationpart = substr($applicationpart, 0, $newlength); $applicationparts[] = $applicationpart; } //get permissions from database $permissionDefault = -1; $permissionBestMatch = -1; $matchLevel = 0; try { $accessGroupObject = $accessGroupController->getAccessGroup($accessgroup); $accessRules = $accessGroupObject->getAccessRules(); foreach ($accessRules as $accessRule) { $accessRuleAppPart = $accessRule->getApplicationPart(); $accessRuleAccess = $accessRule->getAccess(); if (array_search($accessRuleAppPart, $applicationparts) !== FALSE) { $accessRuleMatchLevel = substr_count($accessRuleAppPart, '/'); if ($accessRuleAppPart == "default") { $permissionDefault = $accessRuleAccess; } elseif ($accessRuleMatchLevel >= $matchLevel) { $permissionBestMatch = $accessRuleAccess; $matchLevel = $accessRuleMatchLevel; } } } } catch (Exception $e) { //doing nothing } //calculate permission $permission = 0; if ($permissionDefault > -1) { $permission = $permissionDefault; } if ($permissionBestMatch > -1) { $permission = $permissionBestMatch; } return $permission; }
/** * creates the default access groups in datastore * @return boolean true, if access groups were created * false, if there were errors */ public function createDefaultAccessGroups() { try { $accessGroupController = AccessGroupController::create(); //add access group $accessGroupController->addAccessGroup("admin"); $accessGroupController->addAccessGroup("user"); //add access rights $accessGroupController->addAccessRule("admin", "default", 2); $accessGroupController->addAccessRule("admin", "admin", 2); $accessGroupController->addAccessRule("admin", "rest", 2); $accessGroupController->addAccessRule("user", "default", 2); $accessGroupController->addAccessRule("user", "admin", 0); $accessGroupController->addAccessRule("user", "rest", 0); return true; } catch (Exception $e) { return false; } }
use yourCMDB\controller\ObjectController; use yourCMDB\controller\ObjectLinkController; use yourCMDB\controller\ObjectLogController; use yourCMDB\security\AuthorisationProviderLocal; use yourCMDB\taskscheduler\EventProcessor; use yourCMDB\info\InfoController; //define base directories $webScriptBaseDir = dirname(__FILE__); $coreBaseDir = realpath("{$webScriptBaseDir}/../../core"); //include yourCMDB bootstrap include "{$coreBaseDir}/bootstrap.php"; //include function definitions include "functions.inc.php"; //define variables $config = CmdbConfig::create(); $accessGroupController = AccessGroupController::create(); $objectController = ObjectController::create(); $objectLinkController = ObjectLinkController::create(); $objectLogController = ObjectLogController::create(); $authorisationProvider = new AuthorisationProviderLocal(); $eventProcessor = new EventProcessor(); $infoController = new InfoController(); //set default values of some variables $authUser = ""; //get configuration $installTitle = $config->getViewConfig()->getInstallTitle(); //setup i18n with gettext $i18nLocale = $config->getViewConfig()->getLocale(); $i18nDomain = "web"; $i18nCodeset = "utf-8"; $i18nBaseDir = realpath("{$webScriptBaseDir}/../../i18n");