Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
move filterBaseGroup / canAssign / canAdministrate function from stat…
Browse files Browse the repository at this point in the history 
…ic AuthService to user instances functions.
  • Loading branch information
@cdujeu
cdujeu committed Jun 8, 2016
1 parent d8391a7 commit 8af5677
Show file tree
Hide file tree
Showing 11 changed files with 156 additions and 198 deletions.
21 changes: 21 additions & 0 deletions core/src/core/src/pydio/Core/Model/UserInterface.php
View file
Expand Up @@ -201,6 +201,27 @@ public function renameBookmark($repositoryId, $path, $title);
*/
public function getBookmarks($repositoryId);

/**
* Check if the current user can administrate the GroupPathProvider object
* @param AjxpGroupPathProvider $provider
* @return bool
*/
public function canAdministrate(AjxpGroupPathProvider $provider);

/**
* Check if the current user can assign administration for the GroupPathProvider object
* @param AjxpGroupPathProvider $provider
* @return bool
*/
public function canSee(AjxpGroupPathProvider $provider);

/**
* Automatically set the group to the current user base
* @param $baseGroup
* @return string
*/
public function getRealGroupPath($baseGroup);

/**
* @return mixed
*/
Expand Down
130 changes: 21 additions & 109 deletions core/src/core/src/pydio/Core/Services/AuthService.php
View file
Expand Up @@ -68,6 +68,9 @@ public static function changePasswordEnabled()
$authDriver = ConfService::getAuthDriverImpl();
return $authDriver->passwordsEditable();
}



/**
* Get a unique seed from the current auth driver
* @static
Expand All @@ -78,8 +81,6 @@ public static function generateSeed()
$authDriver = ConfService::getAuthDriverImpl();
return $authDriver->getSeed(true);
}


/**
* Get the currently logged user object
* @return AbstractAjxpUser
Expand All @@ -97,6 +98,7 @@ public static function getLoggedUser()
return null;
}


/**
* The array is located in the AjxpTmpDir/failedAJXP.log
* @static
Expand Down Expand Up @@ -171,6 +173,9 @@ public static function suspectBruteForceLogin()
return !self::checkBruteForceLogin($loginAttempt);
}




public static function filterUserSensitivity($user)
{
if (!ConfService::getCoreConf("CASE_SENSITIVE", "auth")) {
Expand Down Expand Up @@ -526,6 +531,7 @@ public static function getDefaultRootId()
return 0;
}


/**
* Update a user with admin rights and return it
* @param AbstractAjxpUser $adminUser
Expand All @@ -540,7 +546,6 @@ public static function updateAdminRights($adminUser)
}
return $adminUser;
}

/**
* Update a user object with the default repositories rights
*
Expand All @@ -549,24 +554,9 @@ public static function updateAdminRights($adminUser)
public static function updateDefaultRights(&$userObject)
{
if (!$userObject->hasParent()) {
/*
$changes = false;
$repoList = ConfService::getRepositoriesList("all");
foreach ($repoList as $repositoryId => $repoObject) {
if(!self::allowedForCurrentGroup($repoObject, $userObject)) continue;
if($repoObject->isTemplate) continue;
if ($repoObject->getDefaultRight() != "") {
$changes = true;
$userObject->personalRole->setAcl($repositoryId, $repoObject->getDefaultRight());
}
}
if ($changes) {
$userObject->recomputeMergedRole();
}
*/
$rolesList = self::getRolesList(array(), true);
foreach ($rolesList as $roleId => $roleObject) {
if(!self::allowedForCurrentGroup($roleObject, $userObject)) continue;
if(!$userObject->canSee($roleObject)) continue;
if ($userObject->getProfile() == "shared" && $roleObject->autoAppliesTo("shared")) {
$userObject->addRole($roleObject);
} else if ($roleObject->autoAppliesTo("standard")) {
Expand All @@ -575,7 +565,6 @@ public static function updateDefaultRights(&$userObject)
}
}
}

/**
* @static
* @param AbstractAjxpUser $userObject
Expand All @@ -584,7 +573,7 @@ public static function updateAutoApplyRole(&$userObject)
{
$roles = self::getRolesList(array(), true);
foreach ($roles as $roleObject) {
if(!self::allowedForCurrentGroup($roleObject, $userObject)) continue;
if(!$userObject->canSee($roleObject)) continue;
if ($roleObject->autoAppliesTo($userObject->getProfile()) || $roleObject->autoAppliesTo("all")) {
$userObject->addRole($roleObject);
}
Expand All @@ -596,6 +585,7 @@ public static function updateAuthProvidedData(&$userObject)
ConfService::getAuthDriverImpl()->updateUserObject($userObject);
}


/**
* Use driver implementation to check whether the user exists or not.
* @static
Expand Down Expand Up @@ -663,6 +653,9 @@ public static function checkPassword($userId, $userPass, $cookieString = false,
}
return $authDriver->checkPassword($userId, $userPass, $returnSeed);
}



/**
* Update the password in the auth driver implementation.
* @static
Expand Down Expand Up @@ -745,6 +738,7 @@ public static function createUser($userId, $userPass, $isAdmin=false, $isHidden=
AJXP_Logger::info(__CLASS__,"Create User", array("user_id"=>$userId));
return null;
}

/**
* Detect the number of admin users
* @static
Expand Down Expand Up @@ -783,37 +777,9 @@ public static function deleteUser($userId)
return true;
}

private static $groupFiltering = true;

/**
* @param boolean $boolean
*/
public static function setGroupFiltering($boolean){
self::$groupFiltering = $boolean;
}

/**
* Automatically set the group to the current user base
* @param $baseGroup
* @return string
*/
public static function filterBaseGroup($baseGroup)
{
if(!self::$groupFiltering) {
return $baseGroup;
}

$u = self::getLoggedUser();
// make sure it starts with a slash.
$baseGroup = "/".ltrim($baseGroup, "/");
if($u == null) return $baseGroup;
if ($u->getGroupPath() != "/") {
if($baseGroup == "/") return $u->getGroupPath();
else return $u->getGroupPath().$baseGroup;
} else {
return $baseGroup;
}
}

/**
* List children groups of current base
Expand All @@ -822,7 +788,7 @@ public static function filterBaseGroup($baseGroup)
*/
public static function listChildrenGroups($baseGroup = "/")
{
return ConfService::getAuthDriverImpl()->listChildrenGroups(self::filterBaseGroup($baseGroup));
return ConfService::getAuthDriverImpl()->listChildrenGroups($baseGroup);

}

Expand All @@ -837,13 +803,13 @@ public static function listChildrenGroups($baseGroup = "/")
public static function createGroup($baseGroup, $groupName, $groupLabel)
{
if(empty($groupName)) throw new \Exception("Please provide a name for this new group!");
$fullGroupPath = rtrim(self::filterBaseGroup($baseGroup), "/")."/".$groupName;
$fullGroupPath = rtrim($baseGroup, "/")."/".$groupName;
$exists = ConfService::getConfStorageImpl()->groupExists($fullGroupPath);
if($exists){
throw new \Exception("Group with this name already exists, please pick another name!");
}
if(empty($groupLabel)) $groupLabel = $groupName;
ConfService::getConfStorageImpl()->createGroup(rtrim(self::filterBaseGroup($baseGroup), "/")."/".$groupName, $groupLabel);
ConfService::getConfStorageImpl()->createGroup(rtrim($baseGroup, "/")."/".$groupName, $groupLabel);
}

/**
Expand All @@ -853,7 +819,7 @@ public static function createGroup($baseGroup, $groupName, $groupLabel)
*/
public static function deleteGroup($baseGroup, $groupName)
{
ConfService::getConfStorageImpl()->deleteGroup(rtrim(self::filterBaseGroup($baseGroup), "/")."/".$groupName);
ConfService::getConfStorageImpl()->deleteGroup(rtrim($baseGroup, "/")."/".$groupName);
}

/**
Expand All @@ -865,17 +831,7 @@ public static function getChildrenUsers($parentUserId)
{
return ConfService::getConfStorageImpl()->getUserChildren($parentUserId);
}

/**
* Retrieve the current users who have either read or write access to a repository
* @param $repositoryId
* @return array
*/
public static function getUsersForRepository($repositoryId)
{
return ConfService::getConfStorageImpl()->getUsersForRepository($repositoryId);
}


/**
* Retrieve the current users who have either read or write access to a repository
* @param $repositoryId
Expand Down Expand Up @@ -915,7 +871,6 @@ public static function countUsersForRepository(ContextInterface $ctx, $repositor
*/
public static function listUsers($baseGroup = "/", $regexp = null, $offset = -1, $limit = -1, $cleanLosts = true, $recursive = true, $countCallback = null, $loopCallback = null)
{
$baseGroup = self::filterBaseGroup($baseGroup);
$authDriver = ConfService::getAuthDriverImpl();
$confDriver = ConfService::getConfStorageImpl();
/**
Expand Down Expand Up @@ -1013,7 +968,7 @@ public static function authSupportsPagination()
public static function authCountUsers($baseGroup="/", $regexp="", $filterProperty = null, $filterValue = null, $recursive = true)
{
$authDriver = ConfService::getAuthDriverImpl();
return $authDriver->getUsersCount(self::filterBaseGroup($baseGroup), $regexp, $filterProperty, $filterValue, $recursive);
return $authDriver->getUsersCount($baseGroup, $regexp, $filterProperty, $filterValue, $recursive);
}

/**
Expand Down Expand Up @@ -1183,49 +1138,6 @@ public static function getRolesList($roleIds = array(), $excludeReserved = false
return $roles;
}

/**
* Check if the current user is allowed to see the GroupPathProvider object
* @param AjxpGroupPathProvider $provider
* @param AbstractAjxpUser $userObject
* @return bool
*/
public static function allowedForCurrentGroup(AjxpGroupPathProvider $provider, $userObject = null)
{
$l = ($userObject == null ? self::getLoggedUser() : $userObject);
$pGP = $provider->getGroupPath();
if(empty($pGP)) $pGP = "/";
if($l == null || $l->getGroupPath() == null || $pGP == null) return true;
return (strpos($l->getGroupPath(), $pGP, 0) === 0);
}

/**
* Check if the current user can administrate the GroupPathProvider object
* @param AjxpGroupPathProvider $provider
* @param AbstractAjxpUser $userObject
* @return bool
*/
public static function canAdministrate(AjxpGroupPathProvider $provider, $userObject = null)
{
$l = ($userObject == null ? self::getLoggedUser() : $userObject);
$pGP = $provider->getGroupPath();
if(empty($pGP)) $pGP = "/";
if($l == null || $l->getGroupPath() == null || $pGP == null) return true;
return (strpos($pGP, $l->getGroupPath(), 0) === 0);
}

/**
* Check if the current user can assign administration for the GroupPathProvider object
* @param AjxpGroupPathProvider $provider
* @param AbstractAjxpUser $userObject
* @return bool
*/
public static function canAssign(AjxpGroupPathProvider $provider, $userObject = null)
{
$l = ($userObject == null ? self::getLoggedUser() : $userObject);
$pGP = $provider->getGroupPath();
if(empty($pGP)) $pGP = "/";
if($l == null || $l->getGroupPath() == null || $pGP == null) return true;
return (strpos($l->getGroupPath(), $pGP, 0) === 0);
}

}
2 changes: 1 addition & 1 deletion core/src/core/src/pydio/Core/Services/ConfService.php
View file
Expand Up @@ -576,7 +576,7 @@ public static function repositoryIsAccessible($repositoryId, $repositoryObject,
if ($userObject == null && AuthService::usersEnabled()) {
return false;
}
if (!AuthService::canAssign($repositoryObject, $userObject)) {
if (!$userObject->canSee($repositoryObject)) {
return false;
}
if ($repositoryObject->isTemplate) {
Expand Down

0 comments on commit 8af5677

Please sign in to comment.