From c8e255bd467be3ccbf7e4ecd4786c43da310b588 Mon Sep 17 00:00:00 2001 From: cdujeu Date: Fri, 14 Nov 2014 18:53:32 +0100 Subject: [PATCH] Generalize the usage of Roles for user_list_authorized_users and sharing. --- core/src/core/classes/class.AJXP_Role.php | 6 +- core/src/core/classes/class.AuthService.php | 12 +++ .../action.share/class.ShareCenter.php | 100 +++++++++++++++++- .../boot.conf/class.BootConfLoader.php | 11 ++ .../conf.serial/class.serialConfDriver.php | 11 ++ .../plugins/conf.sql/class.sqlConfDriver.php | 39 +++++-- .../core.conf/class.AbstractConfDriver.php | 36 +++++-- 7 files changed, 191 insertions(+), 24 deletions(-) diff --git a/core/src/core/classes/class.AJXP_Role.php b/core/src/core/classes/class.AJXP_Role.php index 011d632226..ae5400f1f5 100644 --- a/core/src/core/classes/class.AJXP_Role.php +++ b/core/src/core/classes/class.AJXP_Role.php @@ -417,8 +417,10 @@ public function setLabel($roleLabel) public function getLabel() { - return $this->roleLabel; - } + $test = $this->filterParameterValue("core.conf", "ROLE_DISPLAY_NAME", AJXP_REPO_SCOPE_ALL, $this->roleLabel); + if(!empty($test)) return $test; + return $this->roleId; + } /** * @param array $specificRights diff --git a/core/src/core/classes/class.AuthService.php b/core/src/core/classes/class.AuthService.php index 50d1905cd8..b52bb76cb7 100644 --- a/core/src/core/classes/class.AuthService.php +++ b/core/src/core/classes/class.AuthService.php @@ -935,6 +935,18 @@ public static function getUsersForRepository($repositoryId) return ConfService::getConfStorageImpl()->getUsersForRepository($repositoryId); } + /** + * Retrieve the current users who have either read or write access to a repository + * @param $repositoryId + * @param string $rolePrefix + * @param bool $countOnly + * @return array + */ + public static function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false) + { + return ConfService::getConfStorageImpl()->getRolesForRepository($repositoryId, $rolePrefix, $countOnly); + } + /** * Count the number of users who have either read or write access to a repository * @param $repositoryId diff --git a/core/src/plugins/action.share/class.ShareCenter.php b/core/src/plugins/action.share/class.ShareCenter.php index adc4311eaf..62252745be 100644 --- a/core/src/plugins/action.share/class.ShareCenter.php +++ b/core/src/plugins/action.share/class.ShareCenter.php @@ -1283,8 +1283,76 @@ public static function loadPubliclet($data) */ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups, $currentFileUrl = null) { - $loggedUser = AuthService::getLoggedUser(); + $roles = AuthService::getRolesForRepository($repoId); + $sharedEntries = $sharedGroups = $sharedRoles = array(); + $mess = ConfService::getMessages(); + foreach($roles as $rId){ + $role = AuthService::getRole($rId); + if ($role == null) continue; + + $RIGHT = $role->getAcl($repoId); + if (empty($RIGHT)) continue; + $ID = $rId; + $WATCH = false; + if(strpos($rId, "AJXP_USR_/") === 0){ + $userId = substr($rId, strlen('AJXP_USR_/')); + $role = AuthService::getRole($rId); + $userObject = ConfService::getConfStorageImpl()->createUserObject($userId); + $LABEL = $role->filterParameterValue("core.conf", "USER_DISPLAY_NAME", AJXP_REPO_SCOPE_ALL, ""); + if(empty($LABEL)) $LABEL = $userId; + $TYPE = $userObject->hasParent()?"tmp_user":"user"; + if ($this->watcher !== false && $currentFileUrl != null) { + $WATCH = $this->watcher->hasWatchOnNode( + new AJXP_Node($currentFileUrl), + $userId, + MetaWatchRegister::$META_WATCH_USERS_NAMESPACE + ); + } + $ID = $userId; + }else if(strpos($rId, "AJXP_GRP_/") === 0){ + if(empty($loadedGroups)){ + $loadedGroups = AuthService::listChildrenGroups(); + } + $groupId = substr($rId, strlen('AJXP_GRP_')); + if(isSet($loadedGroups[$groupId])) { + $LABEL = $loadedGroups[$groupId]; + } + if($groupId == "/"){ + $LABEL = $mess["447"]; + } + if(empty($LABEL)) $LABEL = $groupId; + $TYPE = "group"; + }else{ + $role = AuthService::getRole($rId); + $LABEL = $role->getLabel(); + $TYPE = 'group'; + } + + if(empty($LABEL)) $LABEL = $rId; + $entry = array( + "ID" => $ID, + "TYPE" => $TYPE, + "LABEL" => $LABEL, + "RIGHT" => $RIGHT + ); + if($WATCH) $entry["WATCH"] = $WATCH; + if($TYPE == "group"){ + $sharedGroups[$entry["ID"]] = $entry; + } else { + $sharedEntries[$entry["ID"]] = $entry; + } + } + + if (!$mixUsersAndGroups) { + return array("USERS" => $sharedEntries, "GROUPS" => $sharedGroups); + }else{ + return array_merge(array_values($sharedGroups), array_values($sharedEntries)); + + } + + /* $users = AuthService::getUsersForRepository($repoId); + //var_dump($roles); $baseGroup = "/"; $groups = AuthService::listChildrenGroups($baseGroup); $mess = ConfService::getMessages(); @@ -1300,7 +1368,7 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups, $right = $r->getAcl($repoId); if (!empty($right)) { $entry = array( - "ID" => $gId, + "ID" => "AJXP_GRP_".AuthService::filterBaseGroup($gId), "TYPE" => "group", "LABEL" => $gLabel, "RIGHT" => $right); @@ -1313,6 +1381,28 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups, } } + foreach ($roles as $rId){ + if(strpos($rId, "AJXP_GRP_") === 0 || strpos($rId, "AJXP_USR_") === 0) continue; + $role = AuthService::getRole($rId); + if ($role != null) { + $right = $role->getAcl($repoId); + if (!empty($right)) { + $label = $role->getLabel(); + if(empty($label)) $label = $rId; + $entry = array( + "ID" => $rId, + "TYPE" => "group", + "LABEL" => $label, + "RIGHT" => $right); + if (!$mixUsersAndGroups) { + $sharedGroups[$rId] = $entry; + } else { + $sharedEntries[] = $entry; + } + } + } + } + foreach ($users as $userId => $userObject) { if($userObject->getId() == $loggedUser->getId() && !$loggedUser->isAdmin()) { continue; @@ -1346,6 +1436,7 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups, return array("USERS" => $sharedEntries, "GROUPS" => $sharedGroups); } return $sharedEntries; + */ } @@ -1732,7 +1823,7 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u $removeGroups = array_diff($originalGroups, $groups); if (count($removeGroups)) { foreach ($removeGroups as $groupId) { - $role = AuthService::getRole("AJXP_GRP_".AuthService::filterBaseGroup($groupId)); + $role = AuthService::getRole($groupId); if ($role !== false) { $role->setAcl($newRepo->getUniqueId(), ""); AuthService::updateRole($role); @@ -1837,7 +1928,8 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u } foreach ($groups as $group) { - $grRole = AuthService::getRole("AJXP_GRP_".AuthService::filterBaseGroup($group), true); + //$grRole = AuthService::getRole("AJXP_GRP_".AuthService::filterBaseGroup($group), true); + $grRole = AuthService::getRole($group, true); $grRole->setAcl($newRepo->getUniqueId(), $uRights[$group]); AuthService::updateRole($grRole); } diff --git a/core/src/plugins/boot.conf/class.BootConfLoader.php b/core/src/plugins/boot.conf/class.BootConfLoader.php index e9d7d66695..09a644a9bc 100644 --- a/core/src/plugins/boot.conf/class.BootConfLoader.php +++ b/core/src/plugins/boot.conf/class.BootConfLoader.php @@ -619,7 +619,18 @@ public function getUsersForRepository($repositoryId) // TODO: Implement getUsersForRepository() method. } + /** + * @abstract + * @param string $repositoryId + * @param string $rolePrefix + * @param bool $countOnly + * @return array() + */ + public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false){ + + // TODO: Implement getUsersForRepository() method. + } /** * @param string $repositoryId * @param boolean $details diff --git a/core/src/plugins/conf.serial/class.serialConfDriver.php b/core/src/plugins/conf.serial/class.serialConfDriver.php index 045c6154e7..d0f25762fb 100644 --- a/core/src/plugins/conf.serial/class.serialConfDriver.php +++ b/core/src/plugins/conf.serial/class.serialConfDriver.php @@ -369,6 +369,17 @@ public function getUsersForRepository($repositoryId) return $result; } + /** + * @abstract + * @param string $repositoryId + * @param string $rolePrefix + * @param bool $countOnly + * @return array() + */ + public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false){ + return array(); + } + /** * @param string $repositoryId * @param boolean $details diff --git a/core/src/plugins/conf.sql/class.sqlConfDriver.php b/core/src/plugins/conf.sql/class.sqlConfDriver.php index c5c1fedee8..a3f24bc82d 100644 --- a/core/src/plugins/conf.sql/class.sqlConfDriver.php +++ b/core/src/plugins/conf.sql/class.sqlConfDriver.php @@ -504,15 +504,40 @@ public function getUsersForRepository($repositoryId) foreach ($all as $item) { $result[$item["login"]] = $this->createUserObject($item["login"]); } - // NEW METHOD : SEARCH PERSONAL ROLE + $usersRoles = $this->getRolesForRepository($repositoryId, "AJXP_USR_/"); + foreach($usersRoles as $rId){ + $id = substr($rId, strlen("AJXP_USR/")+1); + $result[$id] = $this->createUserObject($id); + } + return $result; + } + + /** + * @abstract + * @param string $repositoryId + * @param string $rolePrefix + * @param bool $countOnly + * @return array() + */ + public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false){ + $allRoles = array(); + switch ($this->sqlDriver["driver"]) { case "sqlite": case "sqlite3": case "postgre": - $children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [searchable_repositories] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:'); + if(!empty($rolePrefix)){ + $children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [searchable_repositories] LIKE %~like~ AND [role_id] LIKE %like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:', $rolePrefix); + }else{ + $children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [searchable_repositories] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:'); + } break; case "mysql": - $children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [serial_role] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:'); + if(!empty($rolePrefix)){ + $children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [serial_role] LIKE %~like~ AND [role_id] LIKE %like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:', $rolePrefix); + }else{ + $children_results = dibi::query('SELECT [role_id] FROM [ajxp_roles] WHERE [serial_role] LIKE %~like~ GROUP BY [role_id]', '"'.$repositoryId.'";s:'); + } break; default: return "ERROR!, DB driver "+ $this->sqlDriver["driver"] +" not supported yet in __FUNCTION__"; @@ -520,15 +545,13 @@ public function getUsersForRepository($repositoryId) $all = $children_results->fetchAll(); foreach ($all as $item) { $rId = $item["role_id"]; - if (strpos($rId, "AJXP_USR/") == 0) { - $id = substr($rId, strlen("AJXP_USR/")+1); - $result[$id] = $this->createUserObject($id); - } + $allRoles[] = $rId; } - return $result; + return $allRoles; } + /** * @param string $repositoryId * @param boolean $details diff --git a/core/src/plugins/core.conf/class.AbstractConfDriver.php b/core/src/plugins/core.conf/class.AbstractConfDriver.php index c6ea45abea..a624838acc 100644 --- a/core/src/plugins/core.conf/class.AbstractConfDriver.php +++ b/core/src/plugins/core.conf/class.AbstractConfDriver.php @@ -426,6 +426,14 @@ abstract public function getUserChildren($userId); */ abstract public function getUsersForRepository($repositoryId); + /** + * @abstract + * @param string $repositoryId + * @param string $rolePrefix + * @param bool $countOnly + * @return array() + */ + abstract public function getRolesForRepository($repositoryId, $rolePrefix = '', $countOnly = false); /** * @abstract * @param string $repositoryId @@ -1063,9 +1071,15 @@ public function switchAction($action, $httpVars, $fileVars) $allGroups = array(); $roleOrGroup = ConfService::getCoreConf("GROUP_OR_ROLE", "conf"); - $rolePrefix = $loggedUser->mergedRole->filterParameterValue("core.conf", "PREFIX", null, $roleOrGroup["PREFIX"]); - $excludeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "EXCLUDED", null, $roleOrGroup["EXCLUDED"]); - $includeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "INCLUDED", null, $roleOrGroup["EXCLUDED"]); + $rolePrefix = $excludeString = $includeString = null; + if(!is_array($roleOrGroup)){ + $roleOrGroup = array("group_switch_value" => $roleOrGroup); + } + if(isSet($roleOrGroup["PREFIX"])){ + $rolePrefix = $loggedUser->mergedRole->filterParameterValue("core.conf", "PREFIX", null, $roleOrGroup["PREFIX"]); + $excludeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "EXCLUDED", null, $roleOrGroup["EXCLUDED"]); + $includeString = $loggedUser->mergedRole->filterParameterValue("core.conf", "INCLUDED", null, $roleOrGroup["EXCLUDED"]); + } switch (strtolower($roleOrGroup["group_switch_value"])) { case 'user': @@ -1075,7 +1089,7 @@ public function switchAction($action, $httpVars, $fileVars) $allUsers = AuthService::listUsers($baseGroup, $regexp, 0, $limit, false); $authGroups = AuthService::listChildrenGroups($baseGroup); foreach ($authGroups as $gId => $gName) { - $allGroups["AJXP_GRP_/" . $gId] = $gName; + $allGroups["AJXP_GRP_" . AuthService::filterBaseGroup($gId)] = $gName; } break; case 'role': @@ -1087,7 +1101,7 @@ public function switchAction($action, $httpVars, $fileVars) $groups = array(); $authGroups = AuthService::listChildrenGroups($baseGroup); foreach ($authGroups as $gId => $gName) { - $groups["AJXP_GRP_/" . $gId] = $gName; + $groups["AJXP_GRP_" . AuthService::filterBaseGroup($gId)] = $gName; } $roles = $this->getUserRoleList($loggedUser, $rolePrefix, $includeString, $excludeString); @@ -1109,7 +1123,7 @@ public function switchAction($action, $httpVars, $fileVars) } $mess = ConfService::getMessages(); if ($regexp == null && !$usersOnly) { - $users .= "
  • ".$mess["447"]."
    • "; + $users .= "
  • ".$mess["447"]."
    • "; } if (!$usersOnly) { foreach ($allGroups as $groupId => $groupLabel) { @@ -1231,7 +1245,7 @@ public function switchAction($action, $httpVars, $fileVars) } /** - * @param $userObject logged user + * @param $userObject AbstractAjxpUser * @param $rolePrefix get all roles with prefix * @param $includeString get roles in this string * @param $excludeString eliminate roles in this string @@ -1242,7 +1256,7 @@ public function getUserRoleList($userObject, $rolePrefix, $includeString, $exclu if ($userObject) { $allUserRoles = $userObject->getRoles(); $allRoles = array(); - if (($allUserRoles) && ($rolePrefix)) { + if (isset($allUserRoles)) { // Exclude if ($excludeString) { @@ -1265,12 +1279,14 @@ public function getUserRoleList($userObject, $rolePrefix, $includeString, $exclu } foreach ($allUserRoles as $roleId => $role) { - if (strpos($roleId, $rolePrefix) === false) continue; + if (!empty($rolePrefix) && strpos($roleId, $rolePrefix) === false) continue; if (isSet($matchFilterExclude) && preg_match($matchFilterExclude, substr($roleId, strlen($rolePrefix)))) continue; if (isSet($valueFiltersExclude) && in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersExclude)) continue; if (isSet($matchFilterInclude) && !preg_match($matchFilterInclude, substr($roleId, strlen($rolePrefix)))) continue; if (isSet($valueFiltersInclude) && !in_array(strtolower(substr($roleId, strlen($rolePrefix))), $valueFiltersInclude)) continue; - $allRoles[$roleId] = substr($roleId, strlen($rolePrefix)); + $roleObject = AuthService::getRole($roleId); + $label = $roleObject->getLabel(); + $allRoles[$roleId] = !empty($label) ? $label : substr($roleId, strlen($rolePrefix)); } } return $allRoles;