From 8d3aa4e8fc997a8ff18ed53001933f03a84eaf9b Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 9 Feb 2015 21:35:03 +0100 Subject: [PATCH] Dev WIP Lots of refactoring for Authentication and Authorization plugins. --- application/components/AuthManager.php | 91 ++++++ application/components/PluginIdentity.php | 54 ++++ application/config/internal.php | 5 + application/controllers/AdminController.php | 42 +-- application/controllers/PluginsController.php | 53 ++- .../controllers/UploaderController.php | 1 - application/controllers/UsersController.php | 25 +- .../controllers/admin/checkintegrity.php | 6 +- application/controllers/admin/dumpdb.php | 2 +- application/controllers/admin/export.php | 2 +- application/controllers/admin/expressions.php | 2 +- .../controllers/admin/globalsettings.php | 4 +- application/controllers/admin/labels.php | 10 +- .../controllers/admin/participantsaction.php | 28 +- .../controllers/admin/printablesurvey.php | 2 +- application/controllers/admin/responses.php | 2 +- application/controllers/admin/statistics.php | 1 - application/controllers/admin/surveyadmin.php | 44 +-- .../controllers/admin/surveypermission.php | 8 +- application/controllers/admin/templates.php | 18 +- application/controllers/admin/tokens.php | 2 +- application/controllers/admin/useraction.php | 26 +- application/controllers/admin/usergroups.php | 12 +- application/core/LSWebUser.php | 63 +--- application/core/LSYii_Validators.php | 2 +- application/core/Survey_Common_Action.php | 4 +- application/core/WebApplication.php | 1 + application/core/plugins/Authdb/AuthDb.php | 50 +-- .../core/plugins/Authdb/limesurvey.json | 2 +- .../plugins/Authwebserver/AuthWebServer.php | 16 +- .../plugins/Authwebserver/limesurvey.json | 2 +- .../plugins/PermissionDb/PermissionDb.php | 99 ++++++ .../core/plugins/PermissionDb/limesurvey.json | 15 + application/extensions/Menu/MenuWidget.php | 20 +- .../SettingsWidget/SettingsWidget.php | 30 +- .../helpers/admin/htmleditor_helper.php | 2 +- application/helpers/admin/import_helper.php | 2 +- application/helpers/common_helper.php | 6 +- .../remotecontrol/remotecontrol_handle.php | 12 +- .../PluginManager/AuthPluginBase.php | 60 +--- .../libraries/PluginManager/PluginBase.php | 3 +- .../libraries/PluginManager/PluginManager.php | 9 +- application/models/Participant.php | 2 +- application/models/Permission.php | 4 +- application/models/User.php | 11 + application/models/UserGroup.php | 8 +- .../views/admin/globalSettings_view.php | 2 +- .../admin/participants/blacklist_view.php | 2 +- .../participants/displayParticipants_view.php | 4 +- .../participants/participantsPanel_view.php | 2 +- .../admin/participants/sharePanel_view.php | 2 +- .../admin/participants/userControl_view.php | 2 +- application/views/admin/super/adminmenu.php | 20 +- .../survey/Question/answerOptions_view.php | 2 +- .../survey/Question/questionbar_view.php | 10 +- .../survey/Question/subQuestion_view.php | 2 +- .../QuestionGroups/questiongroupbar_view.php | 2 +- .../views/admin/survey/surveybar_view.php | 4 +- .../templates/templateeditorbar_view.php | 18 +- .../admin/templates/templatesummary_view.php | 6 +- application/views/admin/token/browse.php | 4 +- application/views/admin/token/tokenbar.php | 2 +- application/views/admin/user/editusers.php | 20 +- .../admin/usergroup/usergroupbar_view.php | 6 +- application/views/layouts/main.php | 29 +- application/views/menu.php | 306 +++++++++--------- application/views/plugins/index.php | 28 +- application/views/users/login.php | 21 +- installer/css/style.css | 212 ------------ 69 files changed, 788 insertions(+), 781 deletions(-) create mode 100644 application/components/AuthManager.php create mode 100644 application/components/PluginIdentity.php create mode 100644 application/core/plugins/PermissionDb/PermissionDb.php create mode 100644 application/core/plugins/PermissionDb/limesurvey.json delete mode 100644 installer/css/style.css diff --git a/application/components/AuthManager.php b/application/components/AuthManager.php new file mode 100644 index 00000000000..93d1f970c2b --- /dev/null +++ b/application/components/AuthManager.php @@ -0,0 +1,91 @@ +authorizationPlugin = App()->pluginManager->getPlugin(App()->getConfig('authorizationPlugin', 'ls_core_plugins_PermissionDb')); + } + public function addItemChild($itemName, $childName) { + return $this->authorizationPlugin->addItemChild($itemName, $childName); + } + + public function assign($itemName, $userId, $bizRule = null, $data = null) { + return $this->authorizationPlugin->assign($itemName, $userId, $bizRule, $data); + } + + public function checkAccess($itemName, $userId, $params = array()) { + return $this->authorizationPlugin->checkAccess($itemName, $userId, $params); + } + + public function clearAll() { + return $this->authorizationPlugin->clearAll(); + } + + public function clearAuthAssignments() { + return $this->authorizationPlugin->clearAuthAssignments(); + } + + public function createAuthItem($name, $type, $description = '', $bizRule = null, $data = null) { + return $this->authorizationPlugin->createAuthItem($name, $type, $description, $bizRule, $data); + } + + public function executeBizRule($bizRule, $params, $data) { + return $this->authorizationPlugin->executeBizRule($bizRule, $params, $data); + } + + public function getAuthAssignment($itemName, $userId) { + return $this->authorizationPlugin->getAuthAssignment($itemName, $userId); + } + + public function getAuthAssignments($userId) { + return $this->authorizationPlugin->getAuthAssignments($userId); + } + + public function getAuthItem($name) { + return $this->authorizationPlugin->getAuthItem($name); + } + + public function getAuthItems($type = null, $userId = null) { + return $this->authorizationPlugin->getAuthItems($type, $userId); + } + + public function getItemChildren($itemName) { + return $this->authorizationPlugin->getItemChildren($itemName); + } + + public function hasItemChild($itemName, $childName) { + return $this->authorizationPlugin->hasItemChild($itemName, $childName); + } + + public function isAssigned($itemName, $userId) { + return $this->authorizationPlugin->isAssigned($itemName, $userId); + } + + public function removeAuthItem($name) { + return $this->authorizationPlugin->removeAuthItem($name); + } + + public function removeItemChild($itemName, $childName) { + return $this->authorizationPlugin->removeItemChild($itemName, $childName); + } + + public function revoke($itemName, $userId) { + return $this->authorizationPlugin->revoke($itemName, $userId); + } + + public function save() { + return $this->authorizationPlugin->save(); + } + + public function saveAuthAssignment($assignment) { + return $this->authorizationPlugin->saveAuthAssignment($assignment); + } + + public function saveAuthItem($item, $oldName = null) { + return $this->authorizationPlugin->saveAuthItem($item); + } + +} \ No newline at end of file diff --git a/application/components/PluginIdentity.php b/application/components/PluginIdentity.php new file mode 100644 index 00000000000..8ff8651febd --- /dev/null +++ b/application/components/PluginIdentity.php @@ -0,0 +1,54 @@ +plugin = $plugin; + } + public function authenticate() { + $result = $this->plugin->authenticate(Yii::app()->request); + $this->setState('authenticationPlugin', $this->plugin->id); + if (!isset($result)) { + $this->errorCode = self::ERROR_PASSWORD_INVALID; + } else { + $this->errorCode = self::ERROR_NONE; + if (is_array($result)) { + $this->_name = $result['name']; + $this->_id = $result['id']; + unset($result['name']); + unset($result['id']); + $this->attributes = $result; + } + } + return $this->errorCode === self::ERROR_NONE; + } + + public function getId() { + return $this->_id; + } + + public function getName() { + return $this->_name; + } + + public function setAttributes($value) { + return $this->setState('attributes', $value); + } + public function getAttributes() { + return $this->getState('attributes', []); + } + + + + + +} \ No newline at end of file diff --git a/application/config/internal.php b/application/config/internal.php index 2d4961da2ca..0c3c84f7a7f 100644 --- a/application/config/internal.php +++ b/application/config/internal.php @@ -65,6 +65,8 @@ ), 'user' => array( 'class' => 'LSWebUser', + 'stateKeyPrefix' => 'LSWebUser', + 'loginUrl' => ['users/login'] ), 'log' => array( 'class' => 'CLogRouter', @@ -124,6 +126,9 @@ ], 'yiiwheels' => [ 'class' => 'yiiwheels.YiiWheels' + ], + 'authManager' => [ + 'class' => 'AuthManager' ] ), diff --git a/application/controllers/AdminController.php b/application/controllers/AdminController.php index ceeff01e6ba..efda3322534 100644 --- a/application/controllers/AdminController.php +++ b/application/controllers/AdminController.php @@ -140,27 +140,27 @@ public function run($action) $this->redirect(array('/admin/update/sa/db')); } - if ($action != "update" && $action != "db") - if (empty($this->user_id) && $action != "authentication" && $action != "remotecontrol") - { - if (!empty($action) && $action != 'index') - Yii::app()->session['redirect_after_login'] = $this->createUrl('/'); - - App()->user->setReturnUrl(App()->request->requestUri); - - $this->redirect(array('/admin/authentication/sa/login')); - } - elseif (!empty($this->user_id) && $action != "remotecontrol") - { - if (Yii::app()->session['session_hash'] != hash('sha256',getGlobalSetting('SessionName').Yii::app()->user->getName().Yii::app()->user->getId())) - { - Yii::app()->session->clear(); - Yii::app()->session->close(); - $this->redirect(array('/admin/authentication/sa/login')); - } - - } - +// if ($action != "update" && $action != "db") +// if (empty($this->user_id) && $action != "authentication" && $action != "remotecontrol") +// { +// if (!empty($action) && $action != 'index') +// Yii::app()->session['redirect_after_login'] = $this->createUrl('/'); +// +// App()->user->setReturnUrl(App()->request->requestUri); +// +// $this->redirect(array('/admin/authentication/sa/login')); +// } +// elseif (!empty($this->user_id) && $action != "remotecontrol") +// { +// if (Yii::app()->session['session_hash'] != hash('sha256',getGlobalSetting('SessionName').Yii::app()->user->getName().Yii::app()->user->getId())) +// { +// Yii::app()->session->clear(); +// Yii::app()->session->close(); +// $this->redirect(array('/admin/authentication/sa/login')); +// } +// +// } +// return parent::run($action); } diff --git a/application/controllers/PluginsController.php b/application/controllers/PluginsController.php index 7706537e183..7f415184c94 100644 --- a/application/controllers/PluginsController.php +++ b/application/controllers/PluginsController.php @@ -29,43 +29,27 @@ public function _init() public function accessRules() { - $aRules = array( - array('allow', 'roles' => array('superadmin')), - array('allow', 'actions' => array('direct')), - array('deny') - ); + $rules = [ + ['allow', 'roles' => ['superadmin']], + ['allow', 'actions' => ['direct']], + ['deny'] + ]; // Note the order; rules are numerically indexed and we want to // parents rules to be executed only if ours dont apply. - return array_merge($aRules, parent::accessRules()); + return array_merge($rules, parent::accessRules()); } public function actionActivate($id) { - $oPlugin = Plugin::model()->findByPk($id); - if (!is_null($oPlugin)) - { - $iStatus = $oPlugin->active; - if ($iStatus == 0) - { - // Load the plugin: - App()->getPluginManager()->loadPlugin($oPlugin->name, $id); - $result = App()->getPluginManager()->dispatchEvent(new PluginEvent('beforeActivate', $this), $oPlugin->name); - if ($result->get('success', true)) - { - $iStatus = 1; - } else - { - $sMessage = $result->get('message', gT('Failed to activate the plugin.')); - App()->user->setFlash('pluginActivation', $sMessage); - $this->redirect(array('plugins/')); - } + foreach (App()->pluginManager->scanPlugins() as $pluginConfig) { + if ($pluginConfig->id === $id) { + $pluginConfig->active = true; + $pluginConfig->save(); } - $oPlugin->active = $iStatus; - $oPlugin->save(); } - $this->redirect(array('plugins/')); + $this->redirect(['plugins/']); } public function actionConfigure($id) @@ -76,9 +60,6 @@ public function actionConfigure($id) if (App()->request->isPostRequest) { $plugin->saveSettings(App()->request->getPost($plugin->id)); } -// var_dump($settings); -// var_dump($plugin); -// die(); // if ($arPlugin === null) // { // Yii::app()->user->setFlash('pluginmanager', 'Plugin not found'); @@ -166,11 +147,21 @@ public function actionDirect($plugin, $function) } } + public function actionSetAuthorizer() { + if (App()->request->isPostRequest && null !== $id = App()->request->getParam('authorizationPlugin')) { + $plugin = App()->pluginManager->getPlugin($id); + if ($plugin instanceof IAuthManager) { + App()->setConfig('authorizationPlugin', App()->request->getParam('authorizationPlugin')); + } + } + $this->redirect(['plugins/index']); + } public function actionIndex() { $plugins = new CArrayDataProvider(App()->pluginManager->scanPlugins()); - return $this->render('index', ['plugins' => $plugins]); + $loadedPlugins = App()->pluginManager->loadPlugins(); + return $this->render('index', ['plugins' => $plugins, 'loadedPlugins' => $loadedPlugins]); } public function filters() diff --git a/application/controllers/UploaderController.php b/application/controllers/UploaderController.php index a455d56081e..2dc581bce80 100644 --- a/application/controllers/UploaderController.php +++ b/application/controllers/UploaderController.php @@ -112,7 +112,6 @@ function run($actionID) $_SESSION[$sFieldName] = ls_json_encode($aFiles); } } - //var_dump($sFileDir.$sFilename); // Return some json to do a beautiful text if (@unlink($sFileDir.$sFileName)) { diff --git a/application/controllers/UsersController.php b/application/controllers/UsersController.php index ed94d145731..7cec3e411a3 100644 --- a/application/controllers/UsersController.php +++ b/application/controllers/UsersController.php @@ -17,11 +17,26 @@ public function accessRules() } public function actionLogin() { - // Get all active auth plugins. - $event = new PluginEvent('newLoginForm'); - $event->dispatch(); - $loginForms = $event->get('forms'); - return $this->render('login', ['loginForms' => $loginForms]); + $request = Yii::app()->request; + if ($request->getParam('_logintype') !== null) { + $plugin = App()->pluginManager->getPlugin($request->getParam('_logintype')); + if ($plugin instanceof \ls\pluginmanager\AuthPluginBase) { + $identity = new PluginIdentity($plugin); + if ($identity->authenticate()); + + App()->user->login($identity); + $this->redirect(App()->user->returnUrl); + } + } else { + // Get all active auth plugins. + $event = new PluginEvent('beforeLoginForm'); + $event->dispatch(); + return $this->render('login', ['loginForms' => $event->get('forms', [])]); + } + } + + public function actionLogout() { + App()->user->logout(); } } diff --git a/application/controllers/admin/checkintegrity.php b/application/controllers/admin/checkintegrity.php index bf32f836926..5a2621c26f5 100644 --- a/application/controllers/admin/checkintegrity.php +++ b/application/controllers/admin/checkintegrity.php @@ -26,7 +26,7 @@ public function __construct($controller, $id) { parent::__construct($controller, $id); - if (!Permission::model()->hasGlobalPermission('settings','read')){ + if (!App()->user->checkAccess('settings')){ Yii::app()->session['flashmessage'] = gT("You do not have sufficient rights to access this page."); $this->getController()->redirect($this->getController()->createUrl("/admin/")); } @@ -46,7 +46,7 @@ public function fixredundancy() $oldsmultidelete=Yii::app()->request->getPost('oldsmultidelete', array()); $aData['messages'] = array(); - if ( Permission::model()->hasGlobalPermission('settings','update') && Yii::app()->request->getPost('ok') == 'Y') { + if ( App()->user->checkAccess('settings', ['crud' => 'update']) && Yii::app()->request->getPost('ok') == 'Y') { $aDelete = $this->_checkintegrity(); if (isset($aDelete['redundanttokentables'])) { foreach ($aDelete['redundanttokentables'] as $aTokenTable) @@ -80,7 +80,7 @@ public function fixintegrity() { $aData = array(); - if (Permission::model()->hasGlobalPermission('settings','update') && Yii::app()->request->getPost('ok') == 'Y') { + if (App()->user->checkAccess('settings', ['crud' => 'update']) && Yii::app()->request->getPost('ok') == 'Y') { $aDelete = $this->_checkintegrity(); // TMSW Condition->Relevance: Update this to process relevance instead diff --git a/application/controllers/admin/dumpdb.php b/application/controllers/admin/dumpdb.php index 27f7c41e6a6..bc5ba2d341c 100644 --- a/application/controllers/admin/dumpdb.php +++ b/application/controllers/admin/dumpdb.php @@ -24,7 +24,7 @@ function __construct($controller, $id) { parent::__construct($controller, $id); - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { die(); } diff --git a/application/controllers/admin/export.php b/application/controllers/admin/export.php index 70c10e8d857..65734816c12 100644 --- a/application/controllers/admin/export.php +++ b/application/controllers/admin/export.php @@ -48,7 +48,7 @@ public function survey() */ public function surveyarchives() { - if ( ! Permission::model()->hasGlobalPermission('superadmin','read') ) + if ( ! App()->user->checkAccess('superadmin') ) { die('Access denied.'); } diff --git a/application/controllers/admin/expressions.php b/application/controllers/admin/expressions.php index 01d88f10c30..abcd79e8135 100644 --- a/application/controllers/admin/expressions.php +++ b/application/controllers/admin/expressions.php @@ -22,7 +22,7 @@ function index() { $needpermission=true; } - if($needpermission && !Permission::model()->hasSurveyPermission($surveyid,'surveycontent','read')) + if($needpermission && !App()->user->checkAccess('surveycontent', ['entity' => 'survey', 'entity_id' => $surveyid])) { App()->getClientScript()->registerPackage('jquery-superfish'); $message['title']= gT('Access denied!'); diff --git a/application/controllers/admin/globalsettings.php b/application/controllers/admin/globalsettings.php index c73f39b4423..cbe56b1d776 100644 --- a/application/controllers/admin/globalsettings.php +++ b/application/controllers/admin/globalsettings.php @@ -26,7 +26,7 @@ function __construct($controller, $id) { parent::__construct($controller, $id); - if (!Permission::model()->hasGlobalPermission('settings','read')) { + if (!App()->user->checkAccess('settings')) { die(); } } @@ -117,7 +117,7 @@ private function _saveSettings() return; } - if (!Permission::model()->hasGlobalPermission('settings','update')) + if (!App()->user->checkAccess('settings', ['crud' => 'update'])) { $this->getController()->redirect(array('/admin')); } diff --git a/application/controllers/admin/labels.php b/application/controllers/admin/labels.php index fe3fd23b9ed..ceedd353519 100644 --- a/application/controllers/admin/labels.php +++ b/application/controllers/admin/labels.php @@ -162,9 +162,9 @@ public function index($sa, $lid=0) $lid = sanitize_int($lid); $aViewUrls = array(); - if (Permission::model()->hasGlobalPermission('labelsets','read')) + if (App()->user->checkAccess('labelsets')) { - if ($sa == "editlabelset" && Permission::model()->hasGlobalPermission('labelsets','update')) + if ($sa == "editlabelset" && App()->user->checkAccess('labelsets', ['crud' => 'update']) { $result = LabelSet::model()->findAllByAttributes(array('lid' => $lid)); foreach ($result as $row) @@ -181,7 +181,7 @@ public function index($sa, $lid=0) $aData['action'] = $sa; $aData['lid'] = $lid; - if ($sa == "newlabelset" && Permission::model()->hasGlobalPermission('labelsets','create')) + if ($sa == "newlabelset" && App()->user->checkAccess('labelsets', ['crud' => 'create'])) { $langids = Yii::app()->session['adminlang']; $tabitem = gT("Create new label set"); @@ -232,7 +232,7 @@ public function view($lid = 0) App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'labels.js'); App()->getClientScript()->registerPackage('jquery-json'); // Checks if user have the sufficient rights to manage the labels - if (Permission::model()->hasGlobalPermission('labelsets','read')) + if (App()->user->checkAccess('labelsets')) { // Get a result containing labelset with the specified id $result = LabelSet::model()->findByAttributes(array('lid' => $lid)); @@ -311,7 +311,7 @@ public function view($lid = 0) */ public function process() { - if ( Permission::model()->hasGlobalPermission('labelsets','update')) + if ( App()->user->checkAccess('labelsets', ['crud' => 'update']) { if (isset($_POST['method']) && get_magic_quotes_gpc()) $_POST['method'] = stripslashes($_POST['method']); diff --git a/application/controllers/admin/participantsaction.php b/application/controllers/admin/participantsaction.php index 072e7ce8f4f..1554339dc69 100644 --- a/application/controllers/admin/participantsaction.php +++ b/application/controllers/admin/participantsaction.php @@ -43,7 +43,7 @@ class participantsaction extends Survey_Common_Action { public function runWithParams($params) { - if (!Permission::model()->hasGlobalPermission('participantpanel','read')) + if (!App()->user->checkAccess('participantpanel')) { die('No permission'); } @@ -95,7 +95,7 @@ private function csvExport($search = null, $aAttributeIDs=null) { Yii::app()->loadHelper('export'); //If super admin all the participants will be visible - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $iUserID = null; } else { @@ -148,7 +148,7 @@ protected function csvExportCount($search = null) $attid = ParticipantAttributeName::model()->getVisibleAttributes(); //If super admin all the participants will be visible - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $iUserID = null; } else { @@ -173,7 +173,7 @@ function index() $iUserID = Yii::app()->session['loginID']; // if superadmin all the records in the cpdb will be displayed - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $iTotalRecords = Participant::model()->count(); } @@ -221,7 +221,7 @@ function displayParticipants() //Should be all surveys owned by user (or all surveys for super admin) $surveys = Survey::model(); //!!! Is this even possible to execute? - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) $surveys->permission(Yii::app()->user->getId()); $aSurveyNames = $surveys->model()->with(array('languagesettings'=>array('condition'=>'surveyls_language=language'), 'owner'))->findAll(); @@ -306,7 +306,7 @@ function getShareInfo_json() $aData->page = 1; // If super administrator all the share info in the links table will be shown - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $records = Participant::model()->getParticipantSharedAll(); $aData->records = count($records); @@ -460,7 +460,7 @@ function editAttributeInfo() */ function delParticipant() { - if (Permission::model()->hasGlobalPermission('participantpanel','delete')) + if (App()->user->checkAccess('participantpanel', ['crud' => 'delete'])) { $selectoption = Yii::app()->request->getPost('selectedoption'); $iParticipantId = Yii::app()->request->getPost('participant_id'); @@ -493,7 +493,7 @@ function editParticipant() $sOperation = Yii::app()->request->getPost('oper'); // if edit it will update the row - if ($sOperation == 'edit' && Permission::model()->hasGlobalPermission('participantpanel','update') && Participant::model()->is_owner(Yii::app()->request->getPost('id'))) + if ($sOperation == 'edit' && App()->user->checkAccess('participantpanel', ['crud' => 'update']) && Participant::model()->is_owner(Yii::app()->request->getPost('id'))) { $aData = array( 'participant_id' => Yii::app()->request->getPost('id'), @@ -506,7 +506,7 @@ function editParticipant() Participant::model()->updateRow($aData); } // if add it will insert a new row - elseif ($sOperation == 'add' && Permission::model()->hasGlobalPermission('participantpanel','create')) + elseif ($sOperation == 'add' && App()->user->checkAccess ('participantpanel',['crud' => 'create'])) { $uuid = $this->gen_uuid(); $aData = array( @@ -661,7 +661,7 @@ function getaddtosurveymsg() // if there is no search condition the participants will be counted on the basis of who is logged in else { - if (Permission::model()->hasGlobalPermission('superadmin','read')) //If super admin all the participants will be visible + if (App()->user->checkAccess('superadmin')) //If super admin all the participants will be visible { $count = Participant::model()->getParticipantsCountWithoutLimit(); } @@ -695,7 +695,7 @@ function getSearchIDs() foreach ($query as $key => $value) { - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $participantid .= "," . $value['participant_id']; // combine the participant id's in an string } else @@ -711,7 +711,7 @@ function getSearchIDs() else// if no search condition { $participantid = ""; // initiallise the participant id to blank - if (Permission::model()->hasGlobalPermission('superadmin','read')) //If super admin all the participants will be visible + if (App()->user->checkAccess('superadmin')) //If super admin all the participants will be visible { $query = Participant::model()->getParticipantsWithoutLimit(); // get all the participant id if it is a super admin } @@ -782,7 +782,7 @@ function getParticipants_json($search = null) $aData = new stdClass; //If super admin all the participants will be visible - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $iUserID = null; } else { @@ -1043,7 +1043,7 @@ function editAttributevalue() { $pid = explode('_',Yii::app()->request->getPost('participant_id')); $iAttributeId = Yii::app()->request->getPost('attid'); - if (Permission::model()->hasGlobalPermission('participantpanel','update') && Participant::model()->is_owner($pid[0])) + if (App()->user->checkAccess('participantpanel', ['crud' => 'update']) && Participant::model()->is_owner($pid[0])) { $aData = array('participant_id' => $pid[0], 'attribute_id' => $iAttributeId, 'value' => Yii::app()->request->getPost('attvalue')); ParticipantAttributeName::model()->editParticipantAttributeValue($aData); diff --git a/application/controllers/admin/printablesurvey.php b/application/controllers/admin/printablesurvey.php index 51df5835627..43c40bb6065 100644 --- a/application/controllers/admin/printablesurvey.php +++ b/application/controllers/admin/printablesurvey.php @@ -29,7 +29,7 @@ class printablesurvey extends Survey_Common_Action function index($surveyid, $lang = null) { $surveyid = sanitize_int($surveyid); - if(!Permission::model()->hasSurveyPermission($surveyid,'surveycontent','read')) + if(!App()->user->checkAccess('surveycontent', ['entity' => 'survey', 'entity_id' => $surveyid])) { $aData['surveyid'] = $surveyid; App()->getClientScript()->registerPackage('jquery-superfish'); diff --git a/application/controllers/admin/responses.php b/application/controllers/admin/responses.php index bbbb9333faf..658df3f2c58 100644 --- a/application/controllers/admin/responses.php +++ b/application/controllers/admin/responses.php @@ -454,7 +454,7 @@ function browse($iSurveyID) # Yii::app()->loadHelper('surveytranslator'); - $aData['issuperadmin'] = Permission::model()->hasGlobalPermission('superadmin'); + $aData['issuperadmin'] = App()->user->checkAccess('superadmin'); $aData['surveyid']= $iSurveyID; $aData['column_model_txt']= $column_model_txt; $aData['column_names_txt']= $column_names_txt; diff --git a/application/controllers/admin/statistics.php b/application/controllers/admin/statistics.php index 6e478d7d0ed..4cfa5689336 100644 --- a/application/controllers/admin/statistics.php +++ b/application/controllers/admin/statistics.php @@ -169,7 +169,6 @@ public function run($surveyid = 0, $subaction = null) } $aData['filters'] = $filters; - //var_dump($filters); // SHOW ID FIELD $grapherror = false; diff --git a/application/controllers/admin/surveyadmin.php b/application/controllers/admin/surveyadmin.php index 48eb1dd5a2f..f3bb91d9b0c 100644 --- a/application/controllers/admin/surveyadmin.php +++ b/application/controllers/admin/surveyadmin.php @@ -25,19 +25,6 @@ */ class SurveyAdmin extends Survey_Common_Action { - /** - * Initiates the survey action, checks for superadmin permission - * - * @access public - * @param CController $controller - * @param string $id - * @return void - */ - public function __construct($controller, $id) - { - parent::__construct($controller, $id); - } - /** * Loads list of surveys and it's few quick properties. * @@ -53,13 +40,6 @@ public function index() $this->_renderWrappedTemplate('super', 'firststeps'); } else { Yii::app()->loadHelper('surveytranslator'); - - $aData['issuperadmin'] = false; - if (Permission::model()->hasGlobalPermission('superadmin','read')) - { - $aData['issuperadmin'] = true; - } - $this->_renderWrappedTemplate('survey', 'listSurveys_view', $aData); } } @@ -109,7 +89,7 @@ public function regenquestioncodes($iSurveyID, $sSubAction ) function newsurvey() { App()->getClientScript()->registerPackage('jqgrid'); - if (!Permission::model()->hasGlobalPermission('surveys','create')) + if (!App()->user->checkAccess('surveys', ['crud' => 'create'])) $this->getController()->error('No permission'); $this->_registerScriptFiles(); @@ -146,7 +126,7 @@ function editsurveysettings($iSurveyID) { $iSurveyID = (int) $iSurveyID; - if (!Permission::model()->hasSurveyPermission($iSurveyID, 'surveysettings', 'read') && !Permission::model()->hasGlobalPermission('surveys','read')) + if (!App()->user->checkAccess('surveysettings', ['crud' => 'read']) && !App()->user->checkAccess('surveys', ['crud' => 'read'])) $this->getController()->error('No permission'); if(Yii::app()->request->isPostRequest) $this->update($iSurveyID); @@ -530,7 +510,7 @@ public function ajaxowneredit() $owner_id = Yii::app()->session['loginID']; $query_condition = 'sid=:sid'; $params[':sid']=$intSurveyId; - if (!Permission::model()->hasGlobalPermission('superadmin','create')) + if (!App()->user->checkAccess('superadmin', ['crud' => 'create'])) { $query_condition .= ' AND owner_id=:uid'; $params[':uid']=$owner_id; @@ -566,7 +546,7 @@ public function getSurveys_json() $dateformatdetails = getDateFormatData(Yii::app()->session['dateformat']); $oSurvey = new Survey; - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) $oSurvey->permission(Yii::app()->user->getId()); $aSurveys = $oSurvey->with(array('languagesettings'=>array('condition'=>'surveyls_language=language'), 'owner'))->findAll(); @@ -625,7 +605,7 @@ public function getSurveys_json() $aSurveyEntry[] = '' . $datetimeobj->convert($dateformatdetails['phpdate']); //Set Owner - if(Permission::model()->hasGlobalPermission('superadmin','read') || Yii::app()->session['loginID']==$rows['owner_id']) + if(App()->user->checkAccess('superadmin') || Yii::app()->session['loginID']==$rows['owner_id']) { $aSurveyEntry[] = $rows['users_name'] . ' ('. gT('Edit') .')'; } @@ -706,7 +686,7 @@ public function delete($iSurveyID) { if (Yii::app()->request->getPost("delete") == 'yes') { - $aData['issuperadmin'] = Permission::model()->hasGlobalPermission('superadmin','read'); + $aData['issuperadmin'] = App()->user->checkAccess('superadmin'); $this->_deleteSurvey($iSurveyID); Yii::app()->session['flashmessage'] = gT("Survey deleted."); $this->getController()->redirect(array("admin/index")); @@ -1069,15 +1049,13 @@ private function _fetchSurveyInfo($action, $iSurveyID=null) */ private function _generalTabNewSurvey() { - //Use the current user details for the default administrator name and email for this survey - $user=User::model()->findByPk(Yii::app()->session['loginID']); - $owner =$user->attributes; - + $owner = App()->user->attributes; //Degrade gracefully to $siteadmin details if anything is missing. if (empty($owner['full_name'])) - $owner['full_name'] = getGlobalSetting('siteadminname'); - if (empty($owner['email'])) + $owner['full_name'] = getGlobalSetting('siteadminname'); + if (empty($owner['email'])) { $owner['email'] = getGlobalSetting('siteadminemail'); + } //Bounce setting by default to global if it set globally if (getGlobalSetting('bounceaccounttype') != 'off') @@ -1539,7 +1517,7 @@ function update($iSurveyId) */ function insert($iSurveyID=null) { - if (Permission::model()->hasGlobalPermission('surveys','create')) + if (App()->user->checkAccess('surveys', ['crud' => 'create'])) { // Check if survey title was set if (!$_POST['surveyls_title']) diff --git a/application/controllers/admin/surveypermission.php b/application/controllers/admin/surveypermission.php index ee8df1b3b4a..988d475d262 100644 --- a/application/controllers/admin/surveypermission.php +++ b/application/controllers/admin/surveypermission.php @@ -99,7 +99,7 @@ function index($surveyid) if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','update')) { - if($PermissionRow['uid']!=Yii::app()->user->getId() || Permission::model()->hasGlobalPermission('superadmin','read')) // Can not update own security + if($PermissionRow['uid']!=Yii::app()->user->getId() || App()->user->checkAccess('superadmin')) // Can not update own security { $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/set/surveyid/{$surveyid}"), 'post', array('style'=>"display:inline;")) ."" @@ -376,7 +376,7 @@ function set($surveyid) $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : null; if($action == "setsurveysecurity") { - if ( (!Permission::model()->hasGlobalPermission('superadmin','read') && Yii::app()->user->getId()==$postuserid) // User can not change own security (except superadmin) + if ( (!App()->user->checkAccess('superadmin') && Yii::app()->user->getId()==$postuserid) // User can not change own security (except superadmin) || !in_array($postuserid,getUserList('onlyuidarray')) // User can not set user security if it can not see it ) { @@ -385,7 +385,7 @@ function set($surveyid) } elseif( $action == "setusergroupsurveysecurity" ) { - if ( !Permission::model()->hasGlobalPermission('superadmin','read') && !in_array($postusergroupid,getUserGroupList(null, 'simplegidarray')) ) // User can not change own security (except for superadmin ?) + if ( !App()->user->checkAccess('superadmin') && !in_array($postusergroupid,getUserGroupList(null, 'simplegidarray')) ) // User can not change own security (except for superadmin ?) { $this->getController()->error('Access denied'); } @@ -576,7 +576,7 @@ function surveyright($surveyid) $addsummary .= "
\n"; $where = ' '; if($postuserid){ - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id"; $resrow = Survey::model()->find($where,array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid)); diff --git a/application/controllers/admin/templates.php b/application/controllers/admin/templates.php index 0178e63f75c..97d7ad65221 100644 --- a/application/controllers/admin/templates.php +++ b/application/controllers/admin/templates.php @@ -26,7 +26,7 @@ class templates extends Survey_Common_Action public function runWithParams($params) { - if (!Permission::model()->hasGlobalPermission('templates','read')) + if (!App()->user->checkAccess('templates')) { die('No permission'); } @@ -44,7 +44,7 @@ public function runWithParams($params) */ public function templatezip($templatename) { - if (!Permission::model()->hasGlobalPermission('templates','export')) + if (!App()->user->checkAccess('templates', ['crud' => 'export'])) { die('No permission'); } @@ -95,7 +95,7 @@ public function tmp($id) */ public function upload() { - if (!Permission::model()->hasGlobalPermission('templates','import')) + if (!App()->user->checkAccess('templates', ['crud' => 'import'])) { die('No permission'); } @@ -234,7 +234,7 @@ private function _templateFixes($templatename) */ public function uploadfile() { - if (!Permission::model()->hasGlobalPermission('templates','import')) + if (!App()->user->checkAccess('templates', ['crud' => 'import'])) { die('No permission'); } @@ -399,7 +399,7 @@ public function fileredirect($templatename = '', $screenname = 'welcome', $editf */ public function templatefiledelete() { - if (!Permission::model()->hasGlobalPermission('templates','update')) + if (!App()->user->checkAccess('templates', ['crud' => 'update'])) { die('No permission'); } @@ -428,7 +428,7 @@ public function templatefiledelete() */ public function templaterename() { - if (!Permission::model()->hasGlobalPermission('templates','update')) + if (!App()->user->checkAccess('templates', ['crud' => 'update'])) { die('No permission'); } @@ -464,7 +464,7 @@ public function templaterename() */ public function templatecopy() { - if (!Permission::model()->hasGlobalPermission('templates','create')) + if (!App()->user->checkAccess('templates', ['crud' => 'create'])) { die('No permission'); } @@ -510,7 +510,7 @@ public function templatecopy() */ public function delete($templatename) { - if (!Permission::model()->hasGlobalPermission('templates','delete')) + if (!App()->user->checkAccess('templates', ['crud' => 'delete'])) { die('No permission'); } @@ -545,7 +545,7 @@ public function delete($templatename) */ public function templatesavechanges() { - if (!Permission::model()->hasGlobalPermission('templates','update')) + if (!App()->user->checkAccess('templates', ['crud' => 'update'])) { die('No permission'); } diff --git a/application/controllers/admin/tokens.php b/application/controllers/admin/tokens.php index 9992e214268..25023326063 100644 --- a/application/controllers/admin/tokens.php +++ b/application/controllers/admin/tokens.php @@ -413,7 +413,7 @@ function getTokens_json($iSurveyId, $search = null) $bCreatePermission = Permission::model()->hasSurveyPermission($iSurveyId, 'responses', 'create'); $bTokenUpdatePermission = Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'update'); $bTokenDeletePermission = Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'delete'); - $bGlobalPanelReadPermission = Permission::model()->hasGlobalPermission('participantpanel','read'); + $bGlobalPanelReadPermission = App()->user->checkAccess('participantpanel'); foreach ($tokens as $token) { $aRowToAdd = array(); diff --git a/application/controllers/admin/useraction.php b/application/controllers/admin/useraction.php index 4ab6f816ee9..259c14ad73f 100644 --- a/application/controllers/admin/useraction.php +++ b/application/controllers/admin/useraction.php @@ -44,7 +44,7 @@ public function index() $usrhimself = $userlist[0]; unset($userlist[0]); - if (Permission::model()->hasGlobalPermission('superadmin','read')) { + if (App()->user->checkAccess('superadmin')) { $noofsurveys = Survey::model()->countByAttributes(array("owner_id" => $usrhimself['uid'])); $aData['noofsurveys'] = $noofsurveys; } @@ -78,7 +78,7 @@ private function _getSurveyCountForUser(array $user) function adduser() { - if (!Permission::model()->hasGlobalPermission('users','create')) { + if (!App()->user->checkAccess('users', ['crud' => 'create'])) { Yii::app()->setFlashMessage(gT("You do not have sufficient rights to access this page."),'error'); $this->getController()->redirect(array("admin/user/sa/index")); } @@ -173,7 +173,7 @@ function adduser() function deluser() { - if (!Permission::model()->hasGlobalPermission('superadmin','read') && !Permission::model()->hasGlobalPermission('users','delete')) { + if (!App()->user->checkAccess('superadmin') && !App()->user->checkAccess('users', ['crud' => 'delete'])) { Yii::app()->setFlashMessage(gT("You do not have sufficient rights to access this page."),'error'); $this->getController()->redirect(array("admin/user/sa/index")); } @@ -195,13 +195,13 @@ function deluser() if ($postuserid) { $sresultcount = 0; // 1 if I am parent of $postuserid - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $sresult = User::model()->findAllByAttributes(array('parent_id' => $postuserid, 'parent_id' => Yii::app()->session['loginID'])); $sresultcount = count($sresult); } - if (Permission::model()->hasGlobalPermission('superadmin','read') || $sresultcount > 0 || $postuserid == Yii::app()->session['loginID']) + if (App()->user->checkAccess('superadmin') || $sresultcount > 0 || $postuserid == Yii::app()->session['loginID']) { $transfer_surveys_to = 0; $ownerUser = User::model()->findAll(); @@ -312,8 +312,8 @@ function modifyuser() $sresultcount = count($sresult); - if (Permission::model()->hasGlobalPermission('superadmin','read') || Yii::app()->session['loginID'] == $postuserid || - (Permission::model()->hasGlobalPermission('users','update') && $sresultcount > 0) ) + if (App()->user->checkAccess('superadmin') || Yii::app()->session['loginID'] == $postuserid || + (App()->user->checkAccess('users', ['crud' => 'update']) && $sresultcount > 0) ) { $sresult = User::model()->parentAndUser($postuserid); $aData['mur'] = $sresult; @@ -350,8 +350,8 @@ function moduser() $sresult = User::model()->findAllByAttributes(array('uid' => $postuserid, 'parent_id' => Yii::app()->session['loginID'])); $sresultcount = count($sresult); - if ((Permission::model()->hasGlobalPermission('superadmin','read') || $postuserid == Yii::app()->session['loginID'] || - ($sresultcount > 0 && Permission::model()->hasGlobalPermission('users','update'))) && !(Yii::app()->getConfig("demoMode") == true && $postuserid == 1) + if ((App()->user->checkAccess('superadmin') || $postuserid == Yii::app()->session['loginID'] || + ($sresultcount > 0 && App()->user->checkAccess('users', ['crud' => 'update']))) && !(Yii::app()->getConfig("demoMode") == true && $postuserid == 1) ) { $users_name = html_entity_decode($postuser, ENT_QUOTES, 'UTF-8'); @@ -476,14 +476,14 @@ function setuserpermissions() } $aBaseUserPermissions = Permission::model()->getGlobalBasePermissions(); if ($iUserID) {//Never update 1st admin - if(Permission::model()->hasGlobalPermission('superadmin','read')) + if(App()->user->checkAccess('superadmin')) $oUser = User::model()->findByAttributes(array('uid' => $iUserID)); else $oUser = User::model()->findByAttributes(array('uid' => $iUserID, 'parent_id' => Yii::app()->session['loginID'])); } // Check permissions $aBasePermissions=Permission::model()->getGlobalBasePermissions(); - if (!Permission::model()->hasGlobalPermission('superadmin','read')) // if not superadmin filter the available permissions as no admin may give more permissions than he owns + if (!App()->user->checkAccess('superadmin')) // if not superadmin filter the available permissions as no admin may give more permissions than he owns { Yii::app()->session['flashmessage'] = gT("Note: You can only give limited permissions to other users because your own permissions are limited, too."); $aFilteredPermissions=array(); @@ -502,7 +502,7 @@ function setuserpermissions() $aBasePermissions=$aFilteredPermissions; } - if ($oUser && (Permission::model()->hasGlobalPermission('superadmin','read') || Permission::model()->hasGlobalPermission('users','update') && Yii::app()->session['loginID'] != $iUserID) ) + if ($oUser && (App()->user->checkAccess('superadmin') || App()->user->checkAccess('users', ['crud' => 'update']) && Yii::app()->session['loginID'] != $iUserID) ) { // Only the original superadmin (UID 1) may create new superadmins if (Yii::app()->session['loginID']!=1) @@ -557,7 +557,7 @@ function usertemplates() $postuserid = (int) Yii::app()->request->getPost('uid'); // SUPERADMINS AND MANAGE_TEMPLATE USERS CAN SET THESE RIGHTS - if (Permission::model()->hasGlobalPermission('superadmin','read') || Permission::model()->hasGlobalPermission('templates','update')) + if (App()->user->checkAccess('superadmin') || App()->user->checkAccess('templates', ['crud' => 'update'])) { $aTemplatePermissions = array(); $tresult = Template::model()->findAll(); diff --git a/application/controllers/admin/usergroups.php b/application/controllers/admin/usergroups.php index b3cd8ea94fa..ff5fb35e424 100644 --- a/application/controllers/admin/usergroups.php +++ b/application/controllers/admin/usergroups.php @@ -42,7 +42,7 @@ public function mail($ugid) // user must be in user group or superadmin $result = UserInGroup::model()->findAllByPk(array('ugid' => $ugid, 'uid' => Yii::app()->session['loginID'])); - if (count($result) > 0 || Permission::model()->hasGlobalPermission('superadmin','read')) + if (count($result) > 0 || App()->user->checkAccess('superadmin')) { $criteria = new CDbCriteria; $criteria->compare('ugid',$ugid)->addNotInCondition('users.uid',array(Yii::app()->session['loginID'])); @@ -127,7 +127,7 @@ public function delete($ugid) $aViewUrls = array(); $aData = array(); - if (Permission::model()->hasGlobalPermission('usergroups','delete')) { + if (App()->user->checkAccess('usergroups', ['crud' => 'delete'])) { if (!empty($ugid) && ($ugid > -1)) { $result = UserGroup::model()->requestEditGroup($ugid, Yii::app()->session["loginID"]); @@ -161,7 +161,7 @@ public function add() $action = (isset($_POST['action'])) ? $_POST['action'] : ''; $aData = array(); - if (Permission::model()->hasGlobalPermission('usergroups','create')) { + if (App()->user->checkAccess('usergroups', ['crud' => 'create'])) { if ($action == "usergroupindb") { $db_group_name = flattenText($_POST['group_name'],false,true,'UTF-8',true); @@ -206,7 +206,7 @@ function edit($ugid) $ugid = (int)$ugid; $action = (isset($_POST['action'])) ? $_POST['action'] : ''; - if (Permission::model()->hasGlobalPermission('usergroups','update')) { + if (App()->user->checkAccess('usergroups',['crud' => 'update'])) { if ($action == "editusergroupindb") { $ugid = (int)$_POST['ugid']; @@ -295,7 +295,7 @@ public function index($ugid = false, $header = false) // output users $userloop[$row]["rowclass"] = $bgcc; - if (Permission::model()->hasGlobalPermission('superadmin','update')) { + if (App()->user->checkAccess('superadmin', ['crud' => 'update']) { $userloop[$row]["displayactions"] = true; } else { $userloop[$row]["displayactions"] = false; @@ -329,7 +329,7 @@ public function index($ugid = false, $header = false) function user($ugid, $action = 'add') { - if (!Permission::model()->hasGlobalPermission('usergroups','read') || !in_array($action, array('add', 'remove'))) + if (!App()->user->checkAccess('usergroups') || !in_array($action, array('add', 'remove'))) { die('access denied'); } diff --git a/application/core/LSWebUser.php b/application/core/LSWebUser.php index 5c13912f1e3..8fa62aad734 100644 --- a/application/core/LSWebUser.php +++ b/application/core/LSWebUser.php @@ -1,15 +1,8 @@ loginUrl = Yii::app()->createUrl('admin/authentication', array('sa' => 'login')); - // Try to fix missing language in plugin controller if (empty(Yii::app()->session['adminlang'])) { @@ -19,23 +12,6 @@ public function __construct() Yii::app()->setLanguage(Yii::app()->session['adminlang']); } - public function checkAccess($operation, $params = array(), $allowCaching = true) - { - $defaults = [ - 'entity' => 'global', - 'entity_id' => 0, - 'crud' => 'read' - ]; - $params = array_merge($defaults, $params); - return Permission::model()->hasPermission($params['entity_id'], $params['entity'], $operation, $params['crud']); - } - - public function getStateKeyPrefix() - { - return $this->sessionVariable; - } - - public function setFlash($key, $value, $defaultValue = null) { $this->setState("flash.$key", $value, $defaultValue); } @@ -50,18 +26,6 @@ public function getFlashes($delete = true) return $result; } - public function getState($key, $defaultValue = null) - { - if (!isset($_SESSION[$this->sessionVariable]) || !Hash::check($_SESSION[$this->sessionVariable], $key)) - { - return $defaultValue; - } - else - { - return Hash::get($_SESSION[$this->sessionVariable], $key); - } - } - /** * Removes a state variable. * @param string $key @@ -70,26 +34,19 @@ public function removeState($key) { $this->setState($key, null); } - - public function setState($key, $value, $defaultValue = null) - { - $current = isset($_SESSION[$this->sessionVariable]) ? $_SESSION[$this->sessionVariable] : array(); - if($value === $defaultValue) - { - $_SESSION[$this->sessionVariable] = Hash::remove($current, $key); - } - else - { - $_SESSION[$this->sessionVariable] = Hash::insert($current, $key, $value); - } - - + + /** + * Returns the plugin responsible for authenticating the current user. + * @return \ls\pluginmanager\PluginBase + */ + public function getPlugin() { + return App()->pluginManager->getPlugin($this->getState('authenticationPlugin')); } - public function hasState($key) - { - return isset($_SESSION[$this->sessionVariable]) && Hash::check($_SESSION[$this->sessionVariable], $key); + public function getAttributes() { + return $this->getState('attributes', []); } + } ?> \ No newline at end of file diff --git a/application/core/LSYii_Validators.php b/application/core/LSYii_Validators.php index 727ad8b706d..34c9f31cd0e 100644 --- a/application/core/LSYii_Validators.php +++ b/application/core/LSYii_Validators.php @@ -42,7 +42,7 @@ class LSYii_Validators extends CValidator { public function __construct() { - $this->xssfilter=($this->xssfilter && Yii::app()->getConfig('filterxsshtml') && !Permission::model()->hasGlobalPermission('superadmin','read')); + $this->xssfilter=($this->xssfilter && Yii::app()->getConfig('filterxsshtml') && !App()->user->checkAccess('superadmin')); } protected function validateAttribute($object,$attribute) diff --git a/application/core/Survey_Common_Action.php b/application/core/Survey_Common_Action.php index 2968de6a63f..b50c1246055 100644 --- a/application/core/Survey_Common_Action.php +++ b/application/core/Survey_Common_Action.php @@ -69,7 +69,7 @@ public function runWithParams($params) { $this->getController()->error('Invalid survey id'); } - elseif (!Permission::model()->hasSurveyPermission($params['iSurveyId'], 'survey', 'read')) + elseif (!App ()->user->checkAccess('survey', ['crud' => 'read', 'entity' => 'survey', 'entity_id' => $params['iSurveyId']])) { $this->getController()->error('No permission'); } @@ -905,7 +905,7 @@ function _userGroupBar($ugid = 0) if (!empty($ugid)) { $sQuery = "SELECT gp.* FROM {{user_groups}} AS gp, {{user_in_groups}} AS gu WHERE gp.ugid=gu.ugid AND gp.ugid = {$ugid}"; - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $sQuery .=" AND gu.uid = ".Yii::app()->session['loginID']; } diff --git a/application/core/WebApplication.php b/application/core/WebApplication.php index 301d1b0b93b..83f6b8829db 100644 --- a/application/core/WebApplication.php +++ b/application/core/WebApplication.php @@ -20,6 +20,7 @@ * Implements global config * @property CLogRouter $log Log router component. * @property \ls\pluginmanager\PluginManager $pluginManager + * @property LSWebUser $user */ class WebApplication extends CWebApplication { diff --git a/application/core/plugins/Authdb/AuthDb.php b/application/core/plugins/Authdb/AuthDb.php index 08ba7168594..f286390240c 100644 --- a/application/core/plugins/Authdb/AuthDb.php +++ b/application/core/plugins/Authdb/AuthDb.php @@ -46,26 +46,22 @@ protected function getOnePass() return $this->_onepass; } - public function eventNewLoginForm(PluginEvent $event) + public function eventBeforeLoginForm(PluginEvent $event) { - $event->set('forms.' . $this->name, [ - 'serverkey' => array( - 'type' => 'string', - 'label' => 'Key to use for username e.g. PHP_AUTH_USER, LOGON_USER, REMOTE_USER. See phpinfo in global settings.', - 'default' => 'REMOTE_USER', - ) ]); + $event->set('forms.' . $this->id, [ + 'label' => $this->name, + 'settings' => [ + 'username' => [ + 'type' => 'string', + 'label' => gT("Username"), + ], + 'password' => [ + 'type' => 'password', + 'label' => gT("Password"), + ], + ] + ]); return; - $sUserName=''; - $sPassword=''; - if (Yii::app()->getConfig("demoMode") === true && Yii::app()->getConfig("demoModePrefill") === true) - { - $sUserName=Yii::app()->getConfig("defaultuser"); - $sPassword=Yii::app()->getConfig("defaultpass"); - } - - $event->getContent($this) - ->addContent(CHtml::tag('li', array(), "".CHtml::textField('user',$sUserName,array('size'=>40,'maxlength'=>40)))) - ->addContent(CHtml::tag('li', array(), "".CHtml::passwordField('password',$sPassword,array('size'=>40,'maxlength'=>40)))); } public function eventNewUserSession(PluginEvent $event) @@ -217,4 +213,22 @@ public function eventNewExport() $event->set('writer', $writer); } + + /** + * This function performs username password configuration. + * @param \CHttpRequest $request + */ + public function authenticate(\CHttpRequest $request) { + if ($request->isPostRequest) { + $username = $request->getParam('username'); + $password = $request->getParam('password'); + $user = \User::model()->findByAttributes(['users_name' => $username]); + if ($user->validatePassword($password)) { + return array_merge($user->attributes, [ + 'id' => (int) $user->primaryKey, + 'name' => $username + ]); + } + } + } } diff --git a/application/core/plugins/Authdb/limesurvey.json b/application/core/plugins/Authdb/limesurvey.json index d0519f0d4a9..6b2046f1a5f 100644 --- a/application/core/plugins/Authdb/limesurvey.json +++ b/application/core/plugins/Authdb/limesurvey.json @@ -11,7 +11,7 @@ }, "events" : [ "beforeLogin", - "newLoginForm", + "beforeLoginForm", "afterLoginFormSubmit", "newUserSession", "beforeDeactivate", diff --git a/application/core/plugins/Authwebserver/AuthWebServer.php b/application/core/plugins/Authwebserver/AuthWebServer.php index fec871e6a8e..0fac6b54460 100644 --- a/application/core/plugins/Authwebserver/AuthWebServer.php +++ b/application/core/plugins/Authwebserver/AuthWebServer.php @@ -29,14 +29,13 @@ public function init() { } - public function eventNewLoginForm(PluginEvent $event) + public function eventBeforeLoginForm(PluginEvent $event) { - $event->set('forms.' . $this->name, [ - 'serverkey' => array( - 'type' => 'string', - 'label' => 'Key to use for username e.g. PHP_AUTH_USER, LOGON_USER, REMOTE_USER. See phpinfo in global settings.', - 'default' => 'REMOTE_USER', - ) ]); + $event->set('forms.' . $this->id, [ + 'label' => $this->name, + 'settings' => [ + ] + ]); return; } public function eventBeforeLogin(PluginEvent $event) @@ -133,5 +132,8 @@ public function eventNewUserSession(PluginEvent $event) } + public function authenticate(\CHttpRequest $request) { + + } } diff --git a/application/core/plugins/Authwebserver/limesurvey.json b/application/core/plugins/Authwebserver/limesurvey.json index 5447a38f025..b3fc100f546 100644 --- a/application/core/plugins/Authwebserver/limesurvey.json +++ b/application/core/plugins/Authwebserver/limesurvey.json @@ -12,7 +12,7 @@ "events" : [ "beforeLogin", "newUserSession", - "newLoginForm" + "beforeLoginForm" ], "apiVersion" : "1.0" } \ No newline at end of file diff --git a/application/core/plugins/PermissionDb/PermissionDb.php b/application/core/plugins/PermissionDb/PermissionDb.php new file mode 100644 index 00000000000..30d56be2ad7 --- /dev/null +++ b/application/core/plugins/PermissionDb/PermissionDb.php @@ -0,0 +1,99 @@ + 'global', + 'entity_id' => 0, + 'crud' => 'read' + ]; + $params = array_merge($defaults, $params); + + return \Permission::model()->hasPermission($params['entity_id'], $params['entity'], $itemName, $params['crud'], $userId); + } + + public function clearAll() { + + } + + public function clearAuthAssignments() { + + } + + public function createAuthItem($name, $type, $description = '', $bizRule = null, $data = null) { + + } + + public function executeBizRule($bizRule, $params, $data) { + + } + + public function getAuthAssignment($itemName, $userId) { + + } + + public function getAuthAssignments($userId) { + + } + + public function getAuthItem($name) { + + } + + public function getAuthItems($type = null, $userId = null) { + + } + + public function getItemChildren($itemName) { + + } + + public function hasItemChild($itemName, $childName) { + + } + + public function isAssigned($itemName, $userId) { + + } + + public function removeAuthItem($name) { + + } + + public function removeItemChild($itemName, $childName) { + + } + + public function revoke($itemName, $userId) { + + } + + public function save() { + + } + + public function saveAuthAssignment($assignment) { + + } + + public function saveAuthItem($item, $oldName = null) { + + } + +} \ No newline at end of file diff --git a/application/core/plugins/PermissionDb/limesurvey.json b/application/core/plugins/PermissionDb/limesurvey.json new file mode 100644 index 00000000000..4b35855ff29 --- /dev/null +++ b/application/core/plugins/PermissionDb/limesurvey.json @@ -0,0 +1,15 @@ +{ + "name" : "LimeSurvey Authorization db", + "vendor" : "Limesurvey Development Team", + "class" : "ls\\core\\plugins\\PermissionDb", + "description" : "Core: Database authorization.", + "type" : "simple", + "autoload" : { + "psr-4": { + "ls\\core\\plugins\\" : "" + } + }, + "events" : [ + ], + "apiVersion" : "1.0" +} \ No newline at end of file diff --git a/application/extensions/Menu/MenuWidget.php b/application/extensions/Menu/MenuWidget.php index 95d267b4e4d..2e0c8b78fdd 100644 --- a/application/extensions/Menu/MenuWidget.php +++ b/application/extensions/Menu/MenuWidget.php @@ -55,7 +55,7 @@ protected function menuMain() 'image' => 'home.png', ); $menu['items']['left'][] = 'separator'; - if(Permission::model()->hasGlobalPermission('users','read')) + if(App()->user->checkAccess('users')) { $menu['items']['left'][] = array( 'href' => array('admin/user'), @@ -531,7 +531,7 @@ protected function renderSub($item, $imageUrl, $level) protected function globalSettings() { - if (Permission::model()->hasGlobalPermission('settings','read')) + if (App()->user->checkAccess('settings')) { return array( 'href' => array('admin/globalsettings'), @@ -543,7 +543,7 @@ protected function globalSettings() protected function checkIntegrity() { - if (Permission::model()->hasGlobalPermission('settings','read')) + if (App()->user->checkAccess('settings')) { return array( 'href' => array('admin/checkintegrity'), @@ -556,7 +556,7 @@ protected function checkIntegrity() protected function createSurvey() { - if (Permission::model()->hasGlobalPermission('surveys','create')) + if (App()->user->checkAccess('surveys', ['crud' => 'create'])) { return array( 'href' => array('admin/survey', 'sa' => 'newsurvey'), @@ -567,7 +567,7 @@ protected function createSurvey() } protected function dumpDatabase() { - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { if (in_array(Yii::app()->db->getDriverName(), array('mysql', 'mysqli')) || Yii::app()->getConfig('demo_mode') == true) { @@ -590,7 +590,7 @@ protected function dumpDatabase() protected function editLabels() { - if (Permission::model()->hasGlobalPermission('labelsets','read')) + if (App()->user->checkAccess('labelsets')) { return array( 'href' => array('admin/labels', 'sa' => 'view'), @@ -602,7 +602,7 @@ protected function editLabels() protected function editTemplates() { - if (Permission::model()->hasGlobalPermission('templates','read')) + if (App()->user->checkAccess('templates')) { return array( 'href' => array('admin/templates/'), @@ -614,7 +614,7 @@ protected function editTemplates() protected function userGroups() { - if(Permission::model()->hasGlobalPermission('usergroups','read')) + if(App()->user->checkAccess('usergroups')) { return array( 'href' => array('admin/usergroups', 'sa' => 'index'), @@ -626,7 +626,7 @@ protected function userGroups() protected function participantDatabase() { - if (Permission::model()->hasGlobalPermission('participantpanel','read')) + if (App()->user->checkAccess('participantpanel')) { return array( 'alt' => gT('Central participant database/panel'), @@ -638,7 +638,7 @@ protected function participantDatabase() protected function pluginManager() { - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { return array( 'href' => array('/plugins'), diff --git a/application/extensions/SettingsWidget/SettingsWidget.php b/application/extensions/SettingsWidget/SettingsWidget.php index 8e1d035847a..be92e7e84e3 100644 --- a/application/extensions/SettingsWidget/SettingsWidget.php +++ b/application/extensions/SettingsWidget/SettingsWidget.php @@ -66,7 +66,6 @@ public function init() { // Add default form class. $this->formHtmlOptions['class'] = isset($this->formHtmlOptions['class']) ? $this->formHtmlOptions['class'] . " settingswidget form-horizontal" : 'settingswidget form-horizontal'; - // Start form $this->beginForm(); } @@ -76,8 +75,6 @@ protected function renderButton($label, $metaData) $htmlOptions = array_merge([ 'type' => 'submit' ], $this->htmlOptions($metaData, null)); - - var_dump($htmlOptions); switch($htmlOptions['type']) { case 'link': var_dump( array_merge($htmlOptions, ['url' => $metaData['href']])); @@ -186,7 +183,7 @@ public function run() { public function fixMetaData($name,$metaData){ $defaults = array( - 'class' => array(), + 'class' => [], 'htmlOptions'=>array(), 'type' => 'string', 'htmlOptions' => array(), @@ -394,28 +391,36 @@ public function renderString($name, array $metaData, $form = null) { $value = isset($metaData['current']) ? $metaData['current'] : ''; $htmlOptions = $this->htmlOptions($metaData,$form,array('size'=>50)); - return CHtml::textField($name, $value, $htmlOptions); + return TbHtml::textField($name, $value, $htmlOptions); + } + public function renderHidden($name, array $metaData, $form = null) + { + $value = isset($metaData['current']) ? $metaData['current'] : ''; + $htmlOptions = $this->htmlOptions($metaData,$form,array('size'=>50)); + return CHtml::hiddenField($name, $value, $htmlOptions); } public function renderEmail($name, array $metaData, $form = null) { $value = isset($metaData['current']) ? $metaData['current'] : ''; $htmlOptions = $this->htmlOptions($metaData,$form,array('size'=>50)); - return CHtml::emailField($name, $value, $htmlOptions); + return TbHtml::emailField($name, $value, $htmlOptions); } public function renderText($name, array $metaData, $form = null) { $value = isset($metaData['current']) ? $metaData['current'] : ''; $htmlOptions = $this->htmlOptions($metaData,$form); - return CHtml::textArea($name, $value, $htmlOptions); + return TbHtml::textArea($name, $value, $htmlOptions); } + + public function renderPassword($name, array $metaData, $form = null) { $value = isset($metaData['current']) ? $metaData['current'] : ''; $htmlOptions = $this->htmlOptions($metaData,$form,array('autocomplete'=>'off','size'=>50)); - return CHtml::passwordField($name,$value,$htmlOptions); + return TbHtml::passwordField($name,$value,$htmlOptions); } public function renderLink($name, array $metaData, $form = null) @@ -423,7 +428,7 @@ public function renderLink($name, array $metaData, $form = null) $metaData['class'][] = 'btn btn-link'; $metaData['text']=isset($metaData['text'])?$metaData['text']:$metaData['label']; $htmlOptions = $this->htmlOptions($metaData,$form,array('id' => $name)); - return CHtml::link($metaData['text'], $metaData['link'], $htmlOptions); + return TbHtml::link($metaData['text'], $metaData['link'], $htmlOptions); } public function renderList($name, array $metaData, $form = null) @@ -491,8 +496,11 @@ public function htmlOptions(array $metaData, $form = null,array $aDefault = arra if(!empty($metaData['style']) && is_string($metaData['style'])) $htmlOptions['style']=$metaData['style']; if (isset($metaData['readOnly'])) - $metaData['htmlOptions']["readonly"]= $metaData['readOnly']; - + $htmlOptions["readonly"]= $metaData['readOnly']; + if (isset($metaData['color'])) + $htmlOptions["color"]= $metaData['color']; + if (isset($metaData['name'])) + $htmlOptions["name"]= $metaData['name']; return array_merge(array('form'=>$form),$aDefault,$htmlOptions,$aForced); } } diff --git a/application/helpers/admin/htmleditor_helper.php b/application/helpers/admin/htmleditor_helper.php index 77dd6790511..7645c396b42 100644 --- a/application/helpers/admin/htmleditor_helper.php +++ b/application/helpers/admin/htmleditor_helper.php @@ -71,7 +71,7 @@ function initKcfinder() $contextarray = explode(':', Yii::app()->session['FileManagerContext'], 3); $labelid = $contextarray[2]; // check if the user has label management right and labelid defined - if (Permission::model()->hasGlobalPermission('labelsets','update') && isset($labelid) && $labelid != '') + if (App()->user->checkAccess('labelsets', ['crud' => 'update'] && isset($labelid) && $labelid != '') { $_SESSION['KCFINDER']['disabled'] = false; $_SESSION['KCFINDER']['uploadURL'] = Yii::app()->getConfig('uploadurl')."/labels/{$labelid}/"; diff --git a/application/helpers/admin/import_helper.php b/application/helpers/admin/import_helper.php index 0b7f53f3917..042bbd9d2ea 100644 --- a/application/helpers/admin/import_helper.php +++ b/application/helpers/admin/import_helper.php @@ -2027,7 +2027,7 @@ function XMLImportTimings($sFullFilePath,$iSurveyID,$aFieldReMap=array()) function XSSFilterArray(&$array) { - if(Yii::app()->getConfig('filterxsshtml') && !Permission::model()->hasGlobalPermission('superadmin','read')) + if(Yii::app()->getConfig('filterxsshtml') && !App()->user->checkAccess('superadmin')) { $filter = new CHtmlPurifier(); $filter->options = array('URI.AllowedSchemes'=>array( diff --git a/application/helpers/common_helper.php b/application/helpers/common_helper.php index 431a26394be..0562b794186 100644 --- a/application/helpers/common_helper.php +++ b/application/helpers/common_helper.php @@ -203,7 +203,7 @@ function getSurveyList($returnarray=false, $surveyid=false) if(is_null($cached)) { $args = array('order'=>'surveyls_title'); - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $surveyidresult = Survey::model()->permission(Yii::app()->user->getId())->with('defaultlanguage')->findAll($args); } else { @@ -1104,7 +1104,7 @@ function getUserList($outputformat='fullinfoarray') $myuid=sanitize_int(Yii::app()->session['loginID']); } $usercontrolSameGroupPolicy = Yii::app()->getConfig('usercontrolSameGroupPolicy'); - if (!Permission::model()->hasGlobalPermission('superadmin','read') && isset($usercontrolSameGroupPolicy) && + if (!App()->user->checkAccess('superadmin') && isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) { if (isset($myuid)) @@ -6775,7 +6775,7 @@ function getUserGroupList($ugid=NULL,$outputformat='optionlist') //$squery = "SELECT ugid, name FROM ".db_table_name('user_groups') ." WHERE owner_id = {Yii::app()->session['loginID']} ORDER BY name"; $sQuery = "SELECT distinct a.ugid, a.name, a.owner_id FROM {{user_groups}} AS a LEFT JOIN {{user_in_groups}} AS b ON a.ugid = b.ugid WHERE 1=1 "; - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $sQuery .="AND uid = ".Yii::app()->session['loginID']; } diff --git a/application/helpers/remotecontrol/remotecontrol_handle.php b/application/helpers/remotecontrol/remotecontrol_handle.php index 780af90dd48..78965a68122 100644 --- a/application/helpers/remotecontrol/remotecontrol_handle.php +++ b/application/helpers/remotecontrol/remotecontrol_handle.php @@ -80,7 +80,7 @@ public function get_site_settings($sSessionKey,$sSetttingName) { if ($this->_checkSessionKey($sSessionKey)) { - if(Permission::model()->hasGlobalPermission('superadmin','read')) + if(App()->user->checkAccess('superadmin')) { if (Yii::app()->getConfig($sSetttingName) !== false) return Yii::app()->getConfig($sSetttingName); @@ -114,7 +114,7 @@ public function add_survey($sSessionKey, $iSurveyID, $sSurveyTitle, $sSurveyLang Yii::app()->loadHelper("surveytranslator"); if ($this->_checkSessionKey($sSessionKey)) { - if (Permission::model()->hasGlobalPermission('surveys','create')) + if (App()->user->checkAccess('surveys', ['crud' => 'create'])) { if( $sSurveyTitle=='' || $sSurveyLanguage=='' || !array_key_exists($sSurveyLanguage,getLanguageDataRestricted()) || !in_array($sformat, array('A','G','S'))) return array('status' => 'Faulty parameters'); @@ -207,7 +207,7 @@ public function import_survey($sSessionKey, $sImportData, $sImportDataType, $sNe { if ($this->_checkSessionKey($sSessionKey)) { - if (Permission::model()->hasGlobalPermission('surveys','create')) + if (App()->user->checkAccess('surveys', ['crud' => 'create'])) { if (!in_array($sImportDataType,array('zip','csv','txt','lss'))) return array('status' => 'Invalid extension'); Yii::app()->loadHelper('admin/import'); @@ -1894,7 +1894,7 @@ public function list_surveys($sSessionKey, $sUsername=NULL) if ($this->_checkSessionKey($sSessionKey)) { $oSurvey = new Survey; - if (!Permission::model()->hasGlobalPermission('superadmin','read') && ($sUsername == null)) + if (!App()->user->checkAccess('superadmin') && ($sUsername == null)) { $oSurvey->permission(Yii::app()->user->getId()); } @@ -1938,7 +1938,7 @@ public function list_users($sSessionKey = null) { if ($this->_checkSessionKey($sSessionKey)) { - if( Permission::model()->hasGlobalPermission('superadmin','read') ) + if( App()->user->checkAccess('superadmin') ) { $users = User::model()->findAll(); @@ -1980,7 +1980,7 @@ public function list_users($sSessionKey = null) public function activate_tokens($sSessionKey, $iSurveyID, $aAttributeFields=array()) { if (!$this->_checkSessionKey($sSessionKey)) return array('status' => 'Invalid session key'); - if (Permission::model()->hasGlobalPermission('surveys','create')) + if (App()->user->checkAccess('surveys', ['crud' => 'create'])) { $oSurvey=Survey::model()->findByPk($iSurveyID); if (is_null($oSurvey)) diff --git a/application/libraries/PluginManager/AuthPluginBase.php b/application/libraries/PluginManager/AuthPluginBase.php index 48aee35119a..9063aa11081 100644 --- a/application/libraries/PluginManager/AuthPluginBase.php +++ b/application/libraries/PluginManager/AuthPluginBase.php @@ -16,9 +16,6 @@ abstract class AuthPluginBase extends PluginBase { const ERROR_UNKNOWN_HANDLER = 99; const ERROR_UNKNOWN_IDENTITY = 100; - protected $_username = null; - protected $_password = null; - /** * Get the password (if set) * @@ -70,60 +67,5 @@ public function setAuthSuccess(PluginEvent $event, User $user) return $this; } - /** - * Set authentication result to failure. - * - * @param int $code Any of the constants defined in this class - * @param string $message An optional message to return about the failure - * @return AuthPluginBase - */ - public function setAuthFailure($code = self::ERROR_UNKNOWN_IDENTITY, $message = '') - { - $event = $this->getEvent(); - $identity = $this->getEvent()->get('identity'); - $identity->id = null; - $event->set('result', new LSAuthResult($code, $message)); - - return $this; - } - - /** - * Set this plugin to handle the authentication - * - * @return AuthPluginBase - */ - public function setAuthPlugin(PluginEvent $event) - { - $identity = $this->getEvent()->get('identity'); - $identity->plugin = get_class($this); - $this->getEvent()->stop(); - - return $this; - } - - /** - * Set the password to use for authentication - * - * @param string $password - * @return AuthPluginBase - */ - protected function setPassword($event, $password) - { - $this->_password = $password; - $event->get('identity')->password = $password; - return $this; - } - - /** - * Set the username to use for authentication - * - * @param string $username The username - * @return AuthPluginBase - */ - protected function setUsername($event, $username) - { - $this->_username = $username; - $identity = $event->get('identity')->username = $username; - return $this; - } + abstract public function authenticate(\CHttpRequest $request); } \ No newline at end of file diff --git a/application/libraries/PluginManager/PluginBase.php b/application/libraries/PluginManager/PluginBase.php index 3e2d553c816..2e403ab8313 100644 --- a/application/libraries/PluginManager/PluginBase.php +++ b/application/libraries/PluginManager/PluginBase.php @@ -3,7 +3,7 @@ /** * Base class for plugins. */ -abstract class PluginBase implements iPlugin { +abstract class PluginBase extends \CComponent implements iPlugin { use PluginTrait; /** * @@ -16,6 +16,7 @@ abstract class PluginBase implements iPlugin { private $store = null; protected $settings = array(); + public $name; /** * This holds the pluginmanager that instantiated the plugin * diff --git a/application/libraries/PluginManager/PluginManager.php b/application/libraries/PluginManager/PluginManager.php index 7b1e92f7e7b..182ba6f4685 100644 --- a/application/libraries/PluginManager/PluginManager.php +++ b/application/libraries/PluginManager/PluginManager.php @@ -237,7 +237,11 @@ public function loadPlugin(PluginConfig $pluginConfig) throw new \Exception("Only simple"); } } - return $this->plugins[$pluginConfig->id]; + return $this->getPlugin($pluginConfig->id); + } + + public function getPlugin($id) { + return $this->plugins[$id]; } /** @@ -258,8 +262,9 @@ public function loadSimplePlugin(PluginConfig $pluginConfig) { */ public function loadPlugins() { - array_map([$this, 'loadPlugin'], PluginConfig::findAll()); + $result = array_map([$this, 'loadPlugin'], PluginConfig::findAll()); $this->dispatchEvent(new PluginEvent('afterPluginLoad')); // Alow plugins to do stuff after all plugins are loaded + return $result; } public function registerNamespaces() diff --git a/application/models/Participant.php b/application/models/Participant.php index 4f081824fec..720e962c6f6 100644 --- a/application/models/Participant.php +++ b/application/models/Participant.php @@ -419,7 +419,7 @@ function deleteParticipants($rows, $bFilter=true) */ function filterParticipantIDs($aParticipantIDs) { - if (!Permission::model()->hasGlobalPermission('superadmin','read')) // If not super admin filter the participant IDs first to owner only + if (!App()->user->checkAccess('superadmin')) // If not super admin filter the participant IDs first to owner only { $aCondition=array('and','owner_uid=:owner_uid',array('in', 'participant_id', $aParticipantIDs)); $aParameter=array(':owner_uid'=>Yii::app()->session['loginID']); diff --git a/application/models/Permission.php b/application/models/Permission.php index 63fe7e00898..10cee7bb307 100644 --- a/application/models/Permission.php +++ b/application/models/Permission.php @@ -298,7 +298,7 @@ public static function setPermissions($iUserID, $iEntityID, $sEntityName, $aPerm if ($sEntityName=='global') { $aBasePermissions=Permission::model()->getGlobalBasePermissions(); - if (!Permission::model()->hasGlobalPermission('superadmin','read') && !$bBypassCheck) // if not superadmin filter the available permissions as no admin may give more permissions than he owns + if (!App()->user->checkAccess('superadmin') && !$bBypassCheck) // if not superadmin filter the available permissions as no admin may give more permissions than he owns { // Make sure that he owns the user he wants to give global permissions for $oUser = User::model()->findByAttributes(array('uid' => $iUserID, 'parent_id' => Yii::app()->session['loginID'])); @@ -320,7 +320,7 @@ public static function setPermissions($iUserID, $iEntityID, $sEntityName, $aPerm } $aBasePermissions=$aFilteredPermissions; } - elseif (Permission::model()->hasGlobalPermission('superadmin','read') && Yii::app()->session['loginID']!=1) + elseif (App()->user->checkAccess('superadmin') && Yii::app()->session['loginID']!=1) { unset($aBasePermissions['superadmin']); } diff --git a/application/models/User.php b/application/models/User.php index 6fd867afbe7..61e1fc28bb5 100644 --- a/application/models/User.php +++ b/application/models/User.php @@ -292,4 +292,15 @@ public function relations() 'permissions' => array(self::HAS_MANY, 'Permission', 'uid') ); } + + public function validatePassword($password) { + // Check hash type. + if (strlen($this->password) == 64 && hash('sha256', $password) == $this->password) { + // Password is correct but needs rehashing. + $this->password = CPasswordHelper::hashPassword($password); + $this->save(); + } + + return CPasswordHelper::verifyPassword($password, $this->password); + } } diff --git a/application/models/UserGroup.php b/application/models/UserGroup.php index ef2e306b154..1e4475504b2 100644 --- a/application/models/UserGroup.php +++ b/application/models/UserGroup.php @@ -160,7 +160,7 @@ function requestEditGroup($ugid, $ownerid) $criteria->select='*'; $criteria->condition="ugid=:ugid"; $aParams=array(); - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $criteria->condition.=" AND owner_id=:ownerid"; $aParams[':ownerid']=$ownerid; @@ -175,13 +175,13 @@ function requestEditGroup($ugid, $ownerid) function requestViewGroup($ugid, $userid) { $sQuery = "SELECT a.ugid, a.name, a.owner_id, a.description, b.uid FROM {{user_groups}} AS a LEFT JOIN {{user_in_groups}} AS b ON a.ugid = b.ugid WHERE a.ugid = :ugid"; - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $sQuery.=" AND uid = :userid "; } $sQuery.=" ORDER BY name"; $command = Yii::app()->db->createCommand($sQuery)->bindParam(":ugid", $ugid, PDO::PARAM_INT); - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $command->bindParam(":userid", $userid, PDO::PARAM_INT); } @@ -193,7 +193,7 @@ function deleteGroup($ugid, $ownerid) $aParams=array(); $aParams[':ugid']=$ugid; $sCondition="ugid = :ugid"; - if (!Permission::model()->hasGlobalPermission('superadmin','read')) + if (!App()->user->checkAccess('superadmin')) { $sCondition.=" AND owner_id=:ownerid"; $aParams[':ownerid']=$ownerid; diff --git a/application/views/admin/globalSettings_view.php b/application/views/admin/globalSettings_view.php index 6c21b53e793..54c2ce39c1d 100644 --- a/application/views/admin/globalSettings_view.php +++ b/application/views/admin/globalSettings_view.php @@ -49,7 +49,7 @@ ), ); - if (!Permission::model()->hasGlobalPermission('superadmin')) + if (!App()->user->checkAccess('superadmin')) { unset($aOverviewSettings['phpinfo']); } diff --git a/application/views/admin/participants/blacklist_view.php b/application/views/admin/participants/blacklist_view.php index 2a997861220..01ba48f98e2 100644 --- a/application/views/admin/participants/blacklist_view.php +++ b/application/views/admin/participants/blacklist_view.php @@ -16,7 +16,7 @@
hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { $attribute = array('class' => 'form44'); echo CHtml::beginForm($this->createUrl('/admin/participants/sa/storeBlacklistValues'), 'post', $attribute); diff --git a/application/views/admin/participants/displayParticipants_view.php b/application/views/admin/participants/displayParticipants_view.php index 611817c5c9b..384236ec047 100644 --- a/application/views/admin/participants/displayParticipants_view.php +++ b/application/views/admin/participants/displayParticipants_view.php @@ -171,8 +171,8 @@ var ajaxUrl = "getConfig('adminimageurl') . "/ajax-loader.gif" ?>"; var redUrl = "getController()->createUrl("admin/participants/sa/displayParticipants"); ?>"; var searchconditions = ""; - var bEditPermission = hasGlobalPermission('participantpanel','update'))? 'true' : 'false'; ?>; - var bDeletePermission = hasGlobalPermission('participantpanel','delete'))? 'true' : 'false'; ?>; + var bEditPermission = user->checkAccess('participantpanel', ['crud' => 'update']))? 'true' : 'false'; ?>; + var bDeletePermission = user->checkAccess('participantpanel', ['crud' => 'delete']))? 'true' : 'false'; ?>; var colNames = '["participant_id","can_edit","","","","","","",""]'; var colModels = '[{ "name":"participant_id", "index":"participant_id", "width":100, "align":"center", "sorttype":"int", "sortable": true, "editable":false, "hidden":true},'; colModels += '{ "name":"can_edit", "index":"can_edit", "width":10, "align":"center", "sorttype":"int", "sortable": true, "editable":false, "hidden":true},'; diff --git a/application/views/admin/participants/participantsPanel_view.php b/application/views/admin/participants/participantsPanel_view.php index dbbd840a2d2..a30a715e329 100644 --- a/application/views/admin/participants/participantsPanel_view.php +++ b/application/views/admin/participants/participantsPanel_view.php @@ -93,7 +93,7 @@ echo CHtml::link(CHtml::image($export['src'], $export['alt']), '#',array('id'=>$export['id'])); echo CHtml::image($separator['src'], $separator['alt'], $separator['options']); echo CHtml::link(CHtml::image($blacklist['src'], $blacklist['alt']), $this->createUrl('admin/participants/sa/blacklistControl')); - if (Permission::model()->hasGlobalPermission('superadmin','read')) + if (App()->user->checkAccess('superadmin')) { echo CHtml::link(CHtml::image($globalsettings['src'], $globalsettings['alt']), $this->createUrl('admin/participants/sa/userControl')); } diff --git a/application/views/admin/participants/sharePanel_view.php b/application/views/admin/participants/sharePanel_view.php index b2aec48d227..646b84d6658 100644 --- a/application/views/admin/participants/sharePanel_view.php +++ b/application/views/admin/participants/sharePanel_view.php @@ -1,7 +1,7 @@