Permalink
Browse files

Initial Import

  • Loading branch information...
inghamn committed Feb 27, 2012
0 parents commit f826e173abfae9b94f33dcd8280690d42e495be0
Showing with 4,294 additions and 0 deletions.
  1. +661 −0 AGPL.txt
  2. +32 −0 LICENSE.txt
  3. +26 −0 README
  4. +40 −0 access_control.inc
  5. +21 −0 blocks/html/endpoints/info.inc
  6. +36 −0 blocks/html/endpoints/list.inc
  7. +38 −0 blocks/html/endpoints/updateForm.inc
  8. +22 −0 blocks/html/errorMessages.inc
  9. +1 −0 blocks/html/errorMessages/invalidDate.inc
  10. +1 −0 blocks/html/errorMessages/invalidLogin.inc
  11. +1 −0 blocks/html/errorMessages/ldap/unknownUser.inc
  12. +1 −0 blocks/html/errorMessages/missingRequiredFields.inc
  13. +1 −0 blocks/html/errorMessages/noAccessAllowed.inc
  14. +1 −0 blocks/html/errorMessages/notLoggedIn.inc
  15. +1 −0 blocks/html/errorMessages/passwordIsCorrupted.inc
  16. +1 −0 blocks/html/errorMessages/unknownUser.inc
  17. +1 −0 blocks/html/errorMessages/users/missingPerson_id.inc
  18. +1 −0 blocks/html/errorMessages/wrongPassword.inc
  19. +14 −0 blocks/html/loginForm.inc
  20. +30 −0 blocks/html/people/personInfo.inc
  21. +50 −0 blocks/html/people/personList.inc
  22. +41 −0 blocks/html/people/updatePersonForm.inc
  23. +58 −0 blocks/html/users/updateUserForm.inc
  24. +61 −0 blocks/html/users/userList.inc
  25. +145 −0 configuration.inc.default
  26. +62 −0 controllers/EndpointsController.php
  27. +12 −0 controllers/IndexController.php
  28. +82 −0 controllers/LoginController.php
  29. +47 −0 controllers/PeopleController.php
  30. +51 −0 controllers/UsersController.php
  31. +41 −0 docs/AdminGuide/CAS.html
  32. +126 −0 docs/AdminGuide/Install.html
  33. +68 −0 docs/AdminGuide/LDAP.html
  34. +103 −0 docs/AdminGuide/Requirements.html
  35. +141 −0 installation.txt
  36. +43 −0 libraries/framework/blocks/html/pageNavigation.inc
  37. +76 −0 libraries/framework/classes/Block.php
  38. +17 −0 libraries/framework/classes/Controller.php
  39. +59 −0 libraries/framework/classes/Database.php
  40. +46 −0 libraries/framework/classes/Date.php
  41. +112 −0 libraries/framework/classes/Employee.php
  42. +39 −0 libraries/framework/classes/ExternalIdentity.php
  43. +147 −0 libraries/framework/classes/Paginator.php
  44. +105 −0 libraries/framework/classes/SystemUser.php
  45. +171 −0 libraries/framework/classes/Template.php
  46. +157 −0 libraries/framework/classes/URL.php
  47. +66 −0 libraries/framework/classes/View.php
  48. +181 −0 libraries/framework/classes/ZendDbResultIterator.php
  49. +11 −0 libraries/framework/errorMessages.php
  50. +171 −0 libraries/framework/globalFunctions.php
  51. +96 −0 models/Endpoint.php
  52. +57 −0 models/EndpointList.php
  53. +264 −0 models/Person.php
  54. +71 −0 models/PersonList.php
  55. +38 −0 public/index.php
  56. BIN public/skins/local/images/buttonBackground.png
  57. BIN public/skins/local/images/check_button.png
  58. BIN public/skins/local/images/emblem-important.png
  59. BIN public/skins/local/images/pencil_button.png
  60. BIN public/skins/local/images/plus_button.png
  61. BIN public/skins/local/images/x_button.png
  62. +1 −0 public/skins/local/layouts/full-width.css
  63. +6 −0 public/skins/local/layouts/three-column.css
  64. +5 −0 public/skins/local/layouts/two-column.css
  65. +50 −0 public/skins/local/reset.css
  66. +78 −0 public/skins/local/screen.css
  67. +18 −0 scripts/createPerson.php
  68. +29 −0 scripts/mysql.sql
  69. +1 −0 templates/html/default.inc
  70. +28 −0 templates/html/full-width.inc
  71. +9 −0 templates/html/partials/banner.inc
  72. +12 −0 templates/html/partials/footer.inc
  73. +8 −0 templates/html/partials/garbageCollection.inc
  74. +9 −0 templates/html/partials/header.inc
  75. +15 −0 templates/html/partials/menubar.inc
  76. +8 −0 templates/html/partials/panel-one.inc
  77. +2 −0 templates/html/partials/panel-two.inc
  78. +8 −0 templates/html/partials/panel-widgets/Admin.inc
  79. +32 −0 templates/html/three-column.inc
  80. +30 −0 templates/html/two-column.inc
661 AGPL.txt

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,32 @@
+Copyright 2006-2012 City of Bloomington, Indiana. All rights reserved.
+
+This application is free software; you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+
+
+This application is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this scaffolding; if not, you can get a copy at:
+http://www.gnu.org/copyleft/gpl.html
+
+Or, write to
+Free Software Foundation, Inc.
+51 Franklin Street, Fifth Floor
+Boston, MA 02110-1301, USA
26 README
@@ -0,0 +1,26 @@
+An open311-proxy web application intended to keep api_keys secure from HTML clients.
+
+Background
+----------------
+On our websites we have many web pages where we would like to embed
+an Open311 form. This is instead of setting up a seperate "Open311 forms" web
+application that we send the user to.
+
+Challenges with this approach
+* To post to Open311, you need an api_key, which should not be included in the markup
+* The website shouldn't need to know anything about Open311
+* Users should not leave the website when they post
+
+Intended Solution
+-----------------
+The webpage will embed an iframe on the page with src pointing to the
+open311-proxy's forms. (Similar to Wufoo) The open311-proxy can be at any domain.
+The user, inside the iframe, is interacting directly with the client proxy.
+Because of the iframe, they never leave the webpage.
+
+The open311-proxy will need to look up the api_key for each web page that
+embeds the proxy in an iframe. In essence, we're substituting an
+additional client identification system for the api_key system. It means we
+only need to write the web client code once for all the places we want
+to put it. But we can still track each of the places we put it as a
+separate api_key according to the Open311 Server.
@@ -0,0 +1,40 @@
+<?php
+/**
+ * @copyright 2012 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ */
+$ZEND_ACL = new Zend_Acl();
+$ZEND_ACL->addRole(new Zend_Acl_Role('Anonymous'))
+ ->addRole(new Zend_Acl_Role('Public'), 'Anonymous')
+ ->addRole(new Zend_Acl_Role('Staff'), 'Public')
+ ->addRole(new Zend_Acl_Role('Administrator'), 'Staff');
+
+/**
+ * Declare all the resources
+ */
+$ZEND_ACL->add(new Zend_Acl_Resource('index'));
+$ZEND_ACL->add(new Zend_Acl_Resource('people'));
+$ZEND_ACL->add(new Zend_Acl_Resource('users'));
+$ZEND_ACL->add(new Zend_Acl_Resource('login'));
+
+$ZEND_ACL->add(new Zend_Acl_Resource('endpoints'));
+$ZEND_ACL->add(new Zend_Acl_Resource('clients'));
+
+/**
+ * Assign permissions to the resources
+ */
+$ZEND_ACL->allow(null,'login');
+
+// Permissions for unauthenticated browsing
+$ZEND_ACL->allow(null,
+ array('index'),
+ array('index'));
+
+// Allow Staff to do stuff
+$ZEND_ACL->allow('Staff',
+ array('people', 'endpoints', 'clients'),
+ array('index', 'view'));
+
+// Administrator is allowed access to everything
+$ZEND_ACL->allow('Administrator');
@@ -0,0 +1,21 @@
+<?php
+/**
+ * @copyright 2012 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param Endpoint $this->endpoint
+ */
+$url = View::escape($this->endpoint->getUrl());
+$name = View::escape($this->endpoint->getName());
+$jurisdiction = View::escape($this->endpoint->getJurisdiction());
+$api_key = View::escape($this->endpoint->getApi_key());
+echo "
+<div class=\"endpointInfo\">
+ <h2>$name</h2>
+ <table>
+ <tr><th>url</th><td>$url</td></tr>
+ <tr><th>jurisdiction</th><td>$jurisdiction</td></tr>
+ <tr><th>api_key</th><td>$api_key</td></tr>
+ </table>
+</div>
+";
@@ -0,0 +1,36 @@
+<?php
+/**
+ * @copyright 2012 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param EndpointList $this->endpointList
+ */
+$addButton = userIsAllowed('endpoints','add')
+ ? "<a class=\"add button\" href=\"".BASE_URI."/endpoints/update\">Add</a>"
+ : '';
+echo "
+<div class=\"endpointList\">
+ <h2>Endpoints $addButton</h2>
+";
+ foreach ($this->endpointList as $endpoint) {
+ $url = View::escape($endpoint->getUrl());
+ $name = View::escape($endpoint->getName());
+ $jurisdiction = View::escape($endpoint->getJurisdiction());
+ $api_key = View::escape($endpoint->getApi_key());
+
+ $editButton = userIsAllowed('endpoints','update')
+ ? "<a class=\"edit button\" href=\"".BASE_URI."/endpoints/update?endpoint_id={$endpoint->getId()}\">Edit</a>"
+ : '';
+ echo "
+ <div><h3>$name $editButton</h3>
+ <table>
+ <tr><th>url</th><td>$url</td></tr>
+ <tr><th>jurisdiction</th><td>$jurisdiction</td></tr>
+ <tr><th>api_key</th><td>$api_key</td></tr>
+ </table>
+ </div>
+ ";
+ }
+echo "
+</div>
+";
@@ -0,0 +1,38 @@
+<?php
+/**
+ * @copyright 2012 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param Endpoint $this->endpoint
+ */
+$fields = array('url','name','jurisdiction','api_key');
+foreach ($fields as $field) {
+ $get = 'get'.ucfirst($field);
+ $$field = View::escape($this->endpoint->$get());
+}
+$title = $this->endpoint->getId() ? View::escape('Edit '.$this->endpoint->getName()) : 'Add Endpoint';
+?>
+<div class="updateEndpointForm">
+ <h2><?php echo $title; ?></h2>
+ <form method="post" action="<?php echo BASE_URI; ?>/endpoints/update">
+ <fieldset>
+ <input name="endpoint_id" type="hidden" value="<?php echo $this->endpoint->getId(); ?>" />
+ <table>
+ <tr><td><label for="name">Name</label></td>
+ <td><input name="name" id="name" value="<?php echo $name; ?>" /></td>
+ </tr>
+ <tr><td><label for="url">URL</label></td>
+ <td><input name="url" id="url" value="<?php echo $url; ?>" /></td>
+ </tr>
+ <tr><td><label for="jurisdiction">Jurisdiction</label></td>
+ <td><input name="jurisdiction" id="jurisdiction" value="<?php echo $jurisdiction; ?>" /></td>
+ </tr>
+ <tr><td><label for="api_key">API Key</label></td>
+ <td><input name="api_key" id="api_key" value="<?php echo $api_key; ?>" /></td>
+ </tr>
+ </table>
+ <button type="submit" class="submit">Submit</button>
+ <a class="cancel button" href="<?php echo BASE_URI; ?>/endpoints">Cancel</a>
+ </fieldset>
+ </form>
+</div>
@@ -0,0 +1,22 @@
+<?php
+/**
+ * @copyright 2007-2012 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param array $this->errorMessages
+ */
+?>
+<div id="errorMessages">
+ <h2>No that's wrong</h2>
+ <?php
+ foreach ($this->errorMessages as $e) {
+ $error = $e->getMessage();
+ if (file_exists(APPLICATION_HOME."/blocks/html/errorMessages/$error.inc")) {
+ include APPLICATION_HOME."/blocks/html/errorMessages/$error.inc";
+ }
+ else {
+ echo "<p>$error</p>";
+ }
+ }
+ ?>
+</div>
@@ -0,0 +1 @@
+<p>You provided an invalid date.</p>
@@ -0,0 +1 @@
+<p>The username and password combination you entered is not correct.</p>
@@ -0,0 +1 @@
+<p>That username is not in LDAP. You cannot set LDAP authentication if the user is not in LDAP.</p>
@@ -0,0 +1 @@
+<p>You did not include all the required fields.</p>
@@ -0,0 +1 @@
+<p>Sorry, you're not allowed to go there.</p>
@@ -0,0 +1 @@
+<p>You are not logged into this site anymore.</p>
@@ -0,0 +1 @@
+<p>Your password is corrupted. Please contact a system administrator for help.</p>
@@ -0,0 +1 @@
+<p>That username is not in our system</p>
@@ -0,0 +1 @@
+<p>You can only create user accounts for people who are already in the system, or are in LDAP.</p>
@@ -0,0 +1 @@
+<p>The password you entered is not correct.</p>
@@ -0,0 +1,14 @@
+<form method="post" action="<?php echo BASE_URL; ?>/login/login">
+ <fieldset><legend>Login</legend>
+ <input name="return_url" type="hidden" value="<?php echo View::escape($this->return_url); ?>" />
+ <table>
+ <tr><th><label for="username">Username:</label></th>
+ <td><input name="username" id="username" /></td><td></td>
+ </tr>
+ <tr><th><label for="password">Password:</label></th>
+ <td><input type="password" name="password" id="password" /></td>
+ </tr>
+ </table>
+ <button type="submit" class="login">Login</button>
+ </fieldset>
+</form>
@@ -0,0 +1,30 @@
+<?php
+/**
+ * @copyright 2009-2011 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param Person $this->person
+ */
+$username = $this->person->getUsername();
+if (!$username && userIsAllowed('users')) {
+ $username = "
+ <a class=\"add button\" href=\"".BASE_URL."/users/update?user_id={$this->person->getId()}\">
+ Create Account
+ </a>
+ ";
+}
+
+$name = View::escape($this->person->getFullname());
+echo <<<EOT
+<div class="personInfo">
+ <h2>$name</h2>
+ <table>
+ <tr><th>Email</th>
+ <td>{$this->person->getEmail()}</td>
+ </tr>
+ <tr><th>Username</th>
+ <td>$username</td>
+ </tr>
+ </table>
+</div>
+EOT;
@@ -0,0 +1,50 @@
+<?php
+/**
+ * @copyright 2009-2012 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param PersonList $this->personList
+ */
+?>
+<div class="interfaceBox">
+ <h2>People
+ <?php
+ if (userIsAllowed('people')) {
+ echo "<a class=\"add button\" href=\"".BASE_URL."/people/update\">Add a Person</a>";
+ }
+ ?>
+ </h2>
+ <table>
+ <thead>
+ <tr><th></th>
+ <th>Username</th>
+ <th>Name</th>
+ <th>Email</th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+ foreach ($this->personList as $person) {
+ $editButton = '';
+ if (userIsAllowed('people')) {
+ $editButton = "
+ <a class=\"edit button\"
+ href=\"".BASE_URL."/people/update?person_id={$person->getId()}\">
+ Edit
+ </a>
+ ";
+ }
+
+ $name = View::escape($person->getFullname());
+ echo "
+ <tr><td>$editButton</td>
+ <td>{$person->getUsername()}</td>
+ <td><a href=\"{$person->getURL()}\">$name</a></td>
+ <td>{$person->getEmail()}</td>
+ </tr>
+ ";
+ }
+ ?>
+ </tbody>
+ </table>
+</div>
@@ -0,0 +1,41 @@
+<?php
+/**
+ * @copyright 2009-2011 City of Bloomington, Indiana
+ * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
+ * @author Cliff Ingham <inghamn@bloomington.in.gov>
+ * @param Person $this->person
+ */
+$fields = array('firstname','lastname','email');
+foreach ($fields as $field) {
+ $get = 'get'.ucfirst($field);
+ $$field = View::escape($this->person->$get());
+}
+$title = $this->person->getId() ? View::escape('Edit '.$this->person->getFirstname()) : 'Add Someone';
+?>
+<div class="updatePersonForm">
+ <h2><?php echo $title; ?></h2>
+ <form method="post" action="<?php echo BASE_URL; ?>/people/update">
+ <fieldset><legend>Person Info</legend>
+ <input name="person_id" type="hidden" value="<?php echo $this->person->getId(); ?>" />
+
+ <table>
+ <tr><td><label for="firstname" class="required">Firstname</label></td>
+ <td><input name="firstname" id="firstname" value="<?php echo $firstname; ?>" /></td>
+ </tr>
+
+ <tr><td><label for="lastname" class="required">Lastname</label></td>
+ <td><input name="lastname" id="lastname" value="<?php echo $lastname; ?>" /></td>
+ </tr>
+
+ <tr><td><label for="email">Email</label></td>
+ <td><input name="email" id="email" value="<?php echo $email; ?>" /></td>
+ </tr>
+ </table>
+ <button type="submit" class="submit">Submit</button>
+ <button type="button" class="cancel"
+ onclick="document.location.href='<?php echo BASE_URL; ?>/people';">
+ Cancel
+ </button>
+ </fieldset>
+ </form>
+</div>
Oops, something went wrong.

0 comments on commit f826e17

Please sign in to comment.