Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Generalize the usage of Roles for user_list_authorized_users and shar…
…ing.
  • Loading branch information
cdujeu committed Nov 14, 2014
1 parent 1259946 commit c8e255b
Show file tree
Hide file tree
Showing 7 changed files with 191 additions and 24 deletions.
6 changes: 4 additions & 2 deletions core/src/core/classes/class.AJXP_Role.php
Expand Up @@ -417,8 +417,10 @@ public function setLabel($roleLabel)

public function getLabel()
{
return $this->roleLabel;
}
$test = $this->filterParameterValue("core.conf", "ROLE_DISPLAY_NAME", AJXP_REPO_SCOPE_ALL, $this->roleLabel);
if(!empty($test)) return $test;
return $this->roleId;
}

/**
* @param array $specificRights
Expand Down
12 changes: 12 additions & 0 deletions core/src/core/classes/class.AuthService.php
Expand Up @@ -935,6 +935,18 @@ public static function getUsersForRepository($repositoryId)
return ConfService::getConfStorageImpl()->getUsersForRepository($repositoryId);
}

/**
* Retrieve the current users who have either read or write access to a repository
* @param $repositoryId
* @param string $rolePrefix
* @param bool $countOnly
* @return array
*/
public static function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false)
{
return ConfService::getConfStorageImpl()->getRolesForRepository($repositoryId, $rolePrefix, $countOnly);
}

/**
* Count the number of users who have either read or write access to a repository
* @param $repositoryId
Expand Down
100 changes: 96 additions & 4 deletions core/src/plugins/action.share/class.ShareCenter.php
Expand Up @@ -1283,8 +1283,76 @@ public static function loadPubliclet($data)
*/
public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups, $currentFileUrl = null)
{
$loggedUser = AuthService::getLoggedUser();
$roles = AuthService::getRolesForRepository($repoId);
$sharedEntries = $sharedGroups = $sharedRoles = array();
$mess = ConfService::getMessages();
foreach($roles as $rId){
$role = AuthService::getRole($rId);
if ($role == null) continue;

$RIGHT = $role->getAcl($repoId);
if (empty($RIGHT)) continue;
$ID = $rId;
$WATCH = false;
if(strpos($rId, "AJXP_USR_/") === 0){
$userId = substr($rId, strlen('AJXP_USR_/'));
$role = AuthService::getRole($rId);
$userObject = ConfService::getConfStorageImpl()->createUserObject($userId);
$LABEL = $role->filterParameterValue("core.conf", "USER_DISPLAY_NAME", AJXP_REPO_SCOPE_ALL, "");
if(empty($LABEL)) $LABEL = $userId;
$TYPE = $userObject->hasParent()?"tmp_user":"user";
if ($this->watcher !== false && $currentFileUrl != null) {
$WATCH = $this->watcher->hasWatchOnNode(
new AJXP_Node($currentFileUrl),
$userId,
MetaWatchRegister::$META_WATCH_USERS_NAMESPACE
);
}
$ID = $userId;
}else if(strpos($rId, "AJXP_GRP_/") === 0){
if(empty($loadedGroups)){
$loadedGroups = AuthService::listChildrenGroups();
}
$groupId = substr($rId, strlen('AJXP_GRP_'));
if(isSet($loadedGroups[$groupId])) {
$LABEL = $loadedGroups[$groupId];
}
if($groupId == "/"){
$LABEL = $mess["447"];
}
if(empty($LABEL)) $LABEL = $groupId;
$TYPE = "group";
}else{
$role = AuthService::getRole($rId);
$LABEL = $role->getLabel();
$TYPE = 'group';
}

if(empty($LABEL)) $LABEL = $rId;
$entry = array(
"ID" => $ID,
"TYPE" => $TYPE,
"LABEL" => $LABEL,
"RIGHT" => $RIGHT
);
if($WATCH) $entry["WATCH"] = $WATCH;
if($TYPE == "group"){
$sharedGroups[$entry["ID"]] = $entry;
} else {
$sharedEntries[$entry["ID"]] = $entry;
}
}

if (!$mixUsersAndGroups) {
return array("USERS" => $sharedEntries, "GROUPS" => $sharedGroups);
}else{
return array_merge(array_values($sharedGroups), array_values($sharedEntries));

}

/*
$users = AuthService::getUsersForRepository($repoId);
//var_dump($roles);
$baseGroup = "/";
$groups = AuthService::listChildrenGroups($baseGroup);
$mess = ConfService::getMessages();
Expand All @@ -1300,7 +1368,7 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups,
$right = $r->getAcl($repoId);
if (!empty($right)) {
$entry = array(
"ID" => $gId,
"ID" => "AJXP_GRP_".AuthService::filterBaseGroup($gId),
"TYPE" => "group",
"LABEL" => $gLabel,
"RIGHT" => $right);
Expand All @@ -1313,6 +1381,28 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups,
}
}
foreach ($roles as $rId){
if(strpos($rId, "AJXP_GRP_") === 0 || strpos($rId, "AJXP_USR_") === 0) continue;
$role = AuthService::getRole($rId);
if ($role != null) {
$right = $role->getAcl($repoId);
if (!empty($right)) {
$label = $role->getLabel();
if(empty($label)) $label = $rId;
$entry = array(
"ID" => $rId,
"TYPE" => "group",
"LABEL" => $label,
"RIGHT" => $right);
if (!$mixUsersAndGroups) {
$sharedGroups[$rId] = $entry;
} else {
$sharedEntries[] = $entry;
}
}
}
}
foreach ($users as $userId => $userObject) {
if($userObject->getId() == $loggedUser->getId() && !$loggedUser->isAdmin()) {
continue;
Expand Down Expand Up @@ -1346,6 +1436,7 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups,
return array("USERS" => $sharedEntries, "GROUPS" => $sharedGroups);
}
return $sharedEntries;
*/

}

Expand Down Expand Up @@ -1732,7 +1823,7 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u
$removeGroups = array_diff($originalGroups, $groups);
if (count($removeGroups)) {
foreach ($removeGroups as $groupId) {
$role = AuthService::getRole("AJXP_GRP_".AuthService::filterBaseGroup($groupId));
$role = AuthService::getRole($groupId);
if ($role !== false) {
$role->setAcl($newRepo->getUniqueId(), "");
AuthService::updateRole($role);
Expand Down Expand Up @@ -1837,7 +1928,8 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u
}

foreach ($groups as $group) {
$grRole = AuthService::getRole("AJXP_GRP_".AuthService::filterBaseGroup($group), true);
//$grRole = AuthService::getRole("AJXP_GRP_".AuthService::filterBaseGroup($group), true);
$grRole = AuthService::getRole($group, true);
$grRole->setAcl($newRepo->getUniqueId(), $uRights[$group]);
AuthService::updateRole($grRole);
}
Expand Down
11 changes: 11 additions & 0 deletions core/src/plugins/boot.conf/class.BootConfLoader.php
Expand Up @@ -619,7 +619,18 @@ public function getUsersForRepository($repositoryId)
// TODO: Implement getUsersForRepository() method.
}

/**
* @abstract
* @param string $repositoryId
* @param string $rolePrefix
* @param bool $countOnly
* @return array()
*/
public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false){

// TODO: Implement getUsersForRepository() method.

}
/**
* @param string $repositoryId
* @param boolean $details
Expand Down
11 changes: 11 additions & 0 deletions core/src/plugins/conf.serial/class.serialConfDriver.php
Expand Up @@ -369,6 +369,17 @@ public function getUsersForRepository($repositoryId)
return $result;
}

/**
* @abstract
* @param string $repositoryId
* @param string $rolePrefix
* @param bool $countOnly
* @return array()
*/
public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false){
return array();
}

/**
* @param string $repositoryId
* @param boolean $details
Expand Down
39 changes: 31 additions & 8 deletions core/src/plugins/conf.sql/class.sqlConfDriver.php
Expand Up @@ -504,31 +504,54 @@ public function getUsersForRepository($repositoryId)
foreach ($all as $item) {
$result[$item["login"]] = $this->createUserObject($item["login"]);
}
// NEW METHOD : SEARCH PERSONAL ROLE
$usersRoles = $this->getRolesForRepository($repositoryId, "AJXP_USR_/");
foreach($usersRoles as $rId){
$id = substr($rId, strlen("AJXP_USR/")+1);
$result[$id] = $this->createUserObject($id);
}
return $result;
}

/**
* @abstract
* @param string $repositoryId
* @param string $rolePrefix
* @param bool $countOnly
* @return array()
*/
public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false){
$allRoles = array();

switch ($this->sqlDriver["driver"]) {
case "sqlite":
case "sqlite3":
case "postgre":
$children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [searchable_repositories] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:');
if(!empty($rolePrefix)){
$children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [searchable_repositories] LIKE %~like~ AND [role_id] LIKE %like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:', $rolePrefix);
}else{
$children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [searchable_repositories] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:');
}
break;
case "mysql":
$children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [serial_role] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:');
if(!empty($rolePrefix)){
$children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [serial_role] LIKE %~like~ AND [role_id] LIKE %like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:', $rolePrefix);
}else{
$children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [serial_role] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:');
}
break;
default:
return "ERROR!, DB driver "+ $this->sqlDriver["driver"] +" not supported yet in __FUNCTION__";
}
$all = $children_results->fetchAll();
foreach ($all as $item) {
$rId = $item["role_id"];
if (strpos($rId, "AJXP_USR/") == 0) {
$id = substr($rId, strlen("AJXP_USR/")+1);
$result[$id] = $this->createUserObject($id);
}
$allRoles[] = $rId;
}

return $result;
return $allRoles;
}


/**
* @param string $repositoryId
* @param boolean $details
Expand Down
36 changes: 26 additions & 10 deletions core/src/plugins/core.conf/class.AbstractConfDriver.php
Expand Up @@ -426,6 +426,14 @@ abstract public function getUserChildren($userId);
*/
abstract public function getUsersForRepository($repositoryId);

/**
* @abstract
* @param string $repositoryId
* @param string $rolePrefix
* @param bool $countOnly
* @return array()
*/
abstract public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false);
/**
* @abstract
* @param string $repositoryId
Expand Down Expand Up @@ -1063,9 +1071,15 @@ public function switchAction($action, $httpVars, $fileVars)
$allGroups = array();

$roleOrGroup = ConfService::getCoreConf("GROUP_OR_ROLE", "conf");
$rolePrefix = $loggedUser->mergedRole->filterParameterValue("core.conf", "PREFIX", null, $roleOrGroup["PREFIX"]);
$excludeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "EXCLUDED", null, $roleOrGroup["EXCLUDED"]);
$includeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "INCLUDED", null, $roleOrGroup["EXCLUDED"]);
$rolePrefix = $excludeString = $includeString = null;
if(!is_array($roleOrGroup)){
$roleOrGroup = array("group_switch_value" => $roleOrGroup);
}
if(isSet($roleOrGroup["PREFIX"])){
$rolePrefix = $loggedUser->mergedRole->filterParameterValue("core.conf", "PREFIX", null, $roleOrGroup["PREFIX"]);
$excludeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "EXCLUDED", null, $roleOrGroup["EXCLUDED"]);
$includeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "INCLUDED", null, $roleOrGroup["EXCLUDED"]);
}

switch (strtolower($roleOrGroup["group_switch_value"])) {
case 'user':
Expand All @@ -1075,7 +1089,7 @@ public function switchAction($action, $httpVars, $fileVars)
$allUsers = AuthService::listUsers($baseGroup, $regexp, 0, $limit, false);
$authGroups = AuthService::listChildrenGroups($baseGroup);
foreach ($authGroups as $gId => $gName) {
$allGroups["AJXP_GRP_/" . $gId] = $gName;
$allGroups["AJXP_GRP_" . AuthService::filterBaseGroup($gId)] = $gName;
}
break;
case 'role':
Expand All @@ -1087,7 +1101,7 @@ public function switchAction($action, $httpVars, $fileVars)
$groups = array();
$authGroups = AuthService::listChildrenGroups($baseGroup);
foreach ($authGroups as $gId => $gName) {
$groups["AJXP_GRP_/" . $gId] = $gName;
$groups["AJXP_GRP_" . AuthService::filterBaseGroup($gId)] = $gName;
}
$roles = $this->getUserRoleList($loggedUser, $rolePrefix, $includeString, $excludeString);

Expand All @@ -1109,7 +1123,7 @@ public function switchAction($action, $httpVars, $fileVars)
}
$mess = ConfService::getMessages();
if ($regexp == null && !$usersOnly) {
$users .= "<li class='complete_group_entry' data-group='/' data-label='".$mess["447"]."'><span class='user_entry_label'>".$mess["447"]."</span></li>";
$users .= "<li class='complete_group_entry' data-group='AJXP_GRP_/' data-label='".$mess["447"]."'><span class='user_entry_label'>".$mess["447"]."</span></li>";
}
if (!$usersOnly) {
foreach ($allGroups as $groupId => $groupLabel) {
Expand Down Expand Up @@ -1231,7 +1245,7 @@ public function switchAction($action, $httpVars, $fileVars)
}

/**
* @param $userObject logged user
* @param $userObject AbstractAjxpUser
* @param $rolePrefix get all roles with prefix
* @param $includeString get roles in this string
* @param $excludeString eliminate roles in this string
Expand All @@ -1242,7 +1256,7 @@ public function getUserRoleList($userObject, $rolePrefix, $includeString, $exclu
if ($userObject) {
$allUserRoles = $userObject->getRoles();
$allRoles = array();
if (($allUserRoles) && ($rolePrefix)) {
if (isset($allUserRoles)) {

// Exclude
if ($excludeString) {
Expand All @@ -1265,12 +1279,14 @@ public function getUserRoleList($userObject, $rolePrefix, $includeString, $exclu
}

foreach ($allUserRoles as $roleId => $role) {
if (strpos($roleId, $rolePrefix) === false) continue;
if (!empty($rolePrefix) && strpos($roleId, $rolePrefix) === false) continue;
if (isSet($matchFilterExclude) && preg_match($matchFilterExclude, substr($roleId, strlen($rolePrefix)))) continue;
if (isSet($valueFiltersExclude) && in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersExclude)) continue;
if (isSet($matchFilterInclude) && !preg_match($matchFilterInclude, substr($roleId, strlen($rolePrefix)))) continue;
if (isSet($valueFiltersInclude) && !in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersInclude)) continue;
$allRoles[$roleId] = substr($roleId, strlen($rolePrefix));
$roleObject = AuthService::getRole($roleId);
$label = $roleObject->getLabel();
$allRoles[$roleId] = !empty($label) ? $label : substr($roleId, strlen($rolePrefix));
}
}
return $allRoles;
Expand Down

0 comments on commit c8e255b

Please sign in to comment.