Skip to content

Commit

Permalink
Dev WIP Lots of refactoring for Authentication and Authorization plug…
Browse files Browse the repository at this point in the history 
…ins.
  • Loading branch information
@SamMousa
SamMousa committed Feb 9, 2015
1 parent 714afd3 commit 8d3aa4e
Show file tree
Hide file tree
Showing 69 changed files with 788 additions and 781 deletions.
91 changes: 91 additions & 0 deletions application/components/AuthManager.php
View file
@@ -0,0 +1,91 @@
<?php

class AuthManager implements IAuthManager {
/**
* @var IAuthManager
*/
public $authorizationPlugin;
public function init() {
$this->authorizationPlugin = App()->pluginManager->getPlugin(App()->getConfig('authorizationPlugin', 'ls_core_plugins_PermissionDb'));
}
public function addItemChild($itemName, $childName) {
return $this->authorizationPlugin->addItemChild($itemName, $childName);
}

public function assign($itemName, $userId, $bizRule = null, $data = null) {
return $this->authorizationPlugin->assign($itemName, $userId, $bizRule, $data);
}

public function checkAccess($itemName, $userId, $params = array()) {
return $this->authorizationPlugin->checkAccess($itemName, $userId, $params);
}

public function clearAll() {
return $this->authorizationPlugin->clearAll();
}

public function clearAuthAssignments() {
return $this->authorizationPlugin->clearAuthAssignments();
}

public function createAuthItem($name, $type, $description = '', $bizRule = null, $data = null) {
return $this->authorizationPlugin->createAuthItem($name, $type, $description, $bizRule, $data);
}

public function executeBizRule($bizRule, $params, $data) {
return $this->authorizationPlugin->executeBizRule($bizRule, $params, $data);
}

public function getAuthAssignment($itemName, $userId) {
return $this->authorizationPlugin->getAuthAssignment($itemName, $userId);
}

public function getAuthAssignments($userId) {
return $this->authorizationPlugin->getAuthAssignments($userId);
}

public function getAuthItem($name) {
return $this->authorizationPlugin->getAuthItem($name);
}

public function getAuthItems($type = null, $userId = null) {
return $this->authorizationPlugin->getAuthItems($type, $userId);
}

public function getItemChildren($itemName) {
return $this->authorizationPlugin->getItemChildren($itemName);
}

public function hasItemChild($itemName, $childName) {
return $this->authorizationPlugin->hasItemChild($itemName, $childName);
}

public function isAssigned($itemName, $userId) {
return $this->authorizationPlugin->isAssigned($itemName, $userId);
}

public function removeAuthItem($name) {
return $this->authorizationPlugin->removeAuthItem($name);
}

public function removeItemChild($itemName, $childName) {
return $this->authorizationPlugin->removeItemChild($itemName, $childName);
}

public function revoke($itemName, $userId) {
return $this->authorizationPlugin->revoke($itemName, $userId);
}

public function save() {
return $this->authorizationPlugin->save();
}

public function saveAuthAssignment($assignment) {
return $this->authorizationPlugin->saveAuthAssignment($assignment);
}

public function saveAuthItem($item, $oldName = null) {
return $this->authorizationPlugin->saveAuthItem($item);
}

}
54 changes: 54 additions & 0 deletions application/components/PluginIdentity.php
View file
@@ -0,0 +1,54 @@
<?php

/**
* @property \ls\pluginmanager\PluginBase $plugin
*/
class PluginIdentity extends CBaseUserIdentity {
/**
*
* @var \ls\pluginmanager\AuthPluginBase
*/
private $plugin;
protected $_id;
protected $_name;
public function __construct(\ls\pluginmanager\AuthPluginBase $plugin) {
$this->plugin = $plugin;
}
public function authenticate() {
$result = $this->plugin->authenticate(Yii::app()->request);
$this->setState('authenticationPlugin', $this->plugin->id);
if (!isset($result)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->errorCode = self::ERROR_NONE;
if (is_array($result)) {
$this->_name = $result['name'];
$this->_id = $result['id'];
unset($result['name']);
unset($result['id']);
$this->attributes = $result;
}
}
return $this->errorCode === self::ERROR_NONE;
}

public function getId() {
return $this->_id;
}

public function getName() {
return $this->_name;
}

public function setAttributes($value) {
return $this->setState('attributes', $value);
}
public function getAttributes() {
return $this->getState('attributes', []);
}





}
5 changes: 5 additions & 0 deletions application/config/internal.php
View file
Expand Up @@ -65,6 +65,8 @@
),
'user' => array(
'class' => 'LSWebUser',
'stateKeyPrefix' => 'LSWebUser',
'loginUrl' => ['users/login']
),
'log' => array(
'class' => 'CLogRouter',
Expand Down Expand Up @@ -124,6 +126,9 @@
],
'yiiwheels' => [
'class' => 'yiiwheels.YiiWheels'
],
'authManager' => [
'class' => 'AuthManager'
]
),

Expand Down
42 changes: 21 additions & 21 deletions application/controllers/AdminController.php
View file
Expand Up @@ -140,27 +140,27 @@ public function run($action)
$this->redirect(array('/admin/update/sa/db'));
}

if ($action != "update" && $action != "db")
if (empty($this->user_id) && $action != "authentication" && $action != "remotecontrol")
{
if (!empty($action) && $action != 'index')
Yii::app()->session['redirect_after_login'] = $this->createUrl('/');

App()->user->setReturnUrl(App()->request->requestUri);

$this->redirect(array('/admin/authentication/sa/login'));
}
elseif (!empty($this->user_id) && $action != "remotecontrol")
{
if (Yii::app()->session['session_hash'] != hash('sha256',getGlobalSetting('SessionName').Yii::app()->user->getName().Yii::app()->user->getId()))
{
Yii::app()->session->clear();
Yii::app()->session->close();
$this->redirect(array('/admin/authentication/sa/login'));
}

}

// if ($action != "update" && $action != "db")
// if (empty($this->user_id) && $action != "authentication" && $action != "remotecontrol")
// {
// if (!empty($action) && $action != 'index')
// Yii::app()->session['redirect_after_login'] = $this->createUrl('/');
//
// App()->user->setReturnUrl(App()->request->requestUri);
//
// $this->redirect(array('/admin/authentication/sa/login'));
// }
// elseif (!empty($this->user_id) && $action != "remotecontrol")
// {
// if (Yii::app()->session['session_hash'] != hash('sha256',getGlobalSetting('SessionName').Yii::app()->user->getName().Yii::app()->user->getId()))
// {
// Yii::app()->session->clear();
// Yii::app()->session->close();
// $this->redirect(array('/admin/authentication/sa/login'));
// }
//
// }
//
return parent::run($action);
}

Expand Down
53 changes: 22 additions & 31 deletions application/controllers/PluginsController.php
View file
Expand Up @@ -29,43 +29,27 @@ public function _init()

public function accessRules()
{
$aRules = array(
array('allow', 'roles' => array('superadmin')),
array('allow', 'actions' => array('direct')),
array('deny')
);
$rules = [
['allow', 'roles' => ['superadmin']],
['allow', 'actions' => ['direct']],
['deny']
];


// Note the order; rules are numerically indexed and we want to
// parents rules to be executed only if ours dont apply.
return array_merge($aRules, parent::accessRules());
return array_merge($rules, parent::accessRules());
}

public function actionActivate($id)
{
$oPlugin = Plugin::model()->findByPk($id);
if (!is_null($oPlugin))
{
$iStatus = $oPlugin->active;
if ($iStatus == 0)
{
// Load the plugin:
App()->getPluginManager()->loadPlugin($oPlugin->name, $id);
$result = App()->getPluginManager()->dispatchEvent(new PluginEvent('beforeActivate', $this), $oPlugin->name);
if ($result->get('success', true))
{
$iStatus = 1;
} else
{
$sMessage = $result->get('message', gT('Failed to activate the plugin.'));
App()->user->setFlash('pluginActivation', $sMessage);
$this->redirect(array('plugins/'));
}
foreach (App()->pluginManager->scanPlugins() as $pluginConfig) {
if ($pluginConfig->id === $id) {
$pluginConfig->active = true;
$pluginConfig->save();
}
$oPlugin->active = $iStatus;
$oPlugin->save();
}
$this->redirect(array('plugins/'));
$this->redirect(['plugins/']);
}

public function actionConfigure($id)
Expand All @@ -76,9 +60,6 @@ public function actionConfigure($id)
if (App()->request->isPostRequest) {
$plugin->saveSettings(App()->request->getPost($plugin->id));
}
// var_dump($settings);
// var_dump($plugin);
// die();
// if ($arPlugin === null)
// {
// Yii::app()->user->setFlash('pluginmanager', 'Plugin not found');
Expand Down Expand Up @@ -166,11 +147,21 @@ public function actionDirect($plugin, $function)
}
}

public function actionSetAuthorizer() {
if (App()->request->isPostRequest && null !== $id = App()->request->getParam('authorizationPlugin')) {
$plugin = App()->pluginManager->getPlugin($id);
if ($plugin instanceof IAuthManager) {
App()->setConfig('authorizationPlugin', App()->request->getParam('authorizationPlugin'));
}
}
$this->redirect(['plugins/index']);
}
public function actionIndex()
{

$plugins = new CArrayDataProvider(App()->pluginManager->scanPlugins());
return $this->render('index', ['plugins' => $plugins]);
$loadedPlugins = App()->pluginManager->loadPlugins();
return $this->render('index', ['plugins' => $plugins, 'loadedPlugins' => $loadedPlugins]);
}

public function filters()
Expand Down
1 change: 0 additions & 1 deletion application/controllers/UploaderController.php
View file
Expand Up @@ -112,7 +112,6 @@ function run($actionID)
$_SESSION[$sFieldName] = ls_json_encode($aFiles);
}
}
//var_dump($sFileDir.$sFilename);
// Return some json to do a beautiful text
if (@unlink($sFileDir.$sFileName))
{
Expand Down
25 changes: 20 additions & 5 deletions application/controllers/UsersController.php
View file
Expand Up @@ -17,11 +17,26 @@ public function accessRules()
}

public function actionLogin() {
// Get all active auth plugins.
$event = new PluginEvent('newLoginForm');
$event->dispatch();
$loginForms = $event->get('forms');
return $this->render('login', ['loginForms' => $loginForms]);
$request = Yii::app()->request;
if ($request->getParam('_logintype') !== null) {
$plugin = App()->pluginManager->getPlugin($request->getParam('_logintype'));
if ($plugin instanceof \ls\pluginmanager\AuthPluginBase) {
$identity = new PluginIdentity($plugin);
if ($identity->authenticate());

App()->user->login($identity);
$this->redirect(App()->user->returnUrl);
}
} else {
// Get all active auth plugins.
$event = new PluginEvent('beforeLoginForm');
$event->dispatch();
return $this->render('login', ['loginForms' => $event->get('forms', [])]);
}
}

public function actionLogout() {
App()->user->logout();
}

}
Expand Down
6 changes: 3 additions & 3 deletions application/controllers/admin/checkintegrity.php
View file
Expand Up @@ -26,7 +26,7 @@ public function __construct($controller, $id)
{
parent::__construct($controller, $id);

if (!Permission::model()->hasGlobalPermission('settings','read')){
if (!App()->user->checkAccess('settings')){
Yii::app()->session['flashmessage'] = gT("You do not have sufficient rights to access this page.");
$this->getController()->redirect($this->getController()->createUrl("/admin/"));
}
Expand All @@ -46,7 +46,7 @@ public function fixredundancy()

$oldsmultidelete=Yii::app()->request->getPost('oldsmultidelete', array());
$aData['messages'] = array();
if ( Permission::model()->hasGlobalPermission('settings','update') && Yii::app()->request->getPost('ok') == 'Y') {
if ( App()->user->checkAccess('settings', ['crud' => 'update']) && Yii::app()->request->getPost('ok') == 'Y') {
$aDelete = $this->_checkintegrity();
if (isset($aDelete['redundanttokentables'])) {
foreach ($aDelete['redundanttokentables'] as $aTokenTable)
Expand Down Expand Up @@ -80,7 +80,7 @@ public function fixintegrity()
{
$aData = array();

if (Permission::model()->hasGlobalPermission('settings','update') && Yii::app()->request->getPost('ok') == 'Y') {
if (App()->user->checkAccess('settings', ['crud' => 'update']) && Yii::app()->request->getPost('ok') == 'Y') {
$aDelete = $this->_checkintegrity();

// TMSW Condition->Relevance: Update this to process relevance instead
Expand Down
2 changes: 1 addition & 1 deletion application/controllers/admin/dumpdb.php
View file
Expand Up @@ -24,7 +24,7 @@ function __construct($controller, $id)
{
parent::__construct($controller, $id);

if (!Permission::model()->hasGlobalPermission('superadmin','read'))
if (!App()->user->checkAccess('superadmin'))
{
die();
}
Expand Down
2 changes: 1 addition & 1 deletion application/controllers/admin/export.php
View file
Expand Up @@ -48,7 +48,7 @@ public function survey()
*/
public function surveyarchives()
{
if ( ! Permission::model()->hasGlobalPermission('superadmin','read') )
if ( ! App()->user->checkAccess('superadmin') )
{
die('Access denied.');
}
Expand Down
2 changes: 1 addition & 1 deletion application/controllers/admin/expressions.php
View file
Expand Up @@ -22,7 +22,7 @@ function index()
{
$needpermission=true;
}
if($needpermission && !Permission::model()->hasSurveyPermission($surveyid,'surveycontent','read'))
if($needpermission && !App()->user->checkAccess('surveycontent', ['entity' => 'survey', 'entity_id' => $surveyid]))
{
App()->getClientScript()->registerPackage('jquery-superfish');
$message['title']= gT('Access denied!');
Expand Down

0 comments on commit 8d3aa4e

Please sign in to comment.