Skip to content
Permalink
Browse files

#577 access control (duplicate #288) / refactorings: #576 #575

  • Loading branch information
danielp
danielp committed Jan 13, 2012
1 parent 1b41f05 commit b26123ab89203d500caa527cf442f9cfb5fc178a
@@ -34,6 +34,7 @@
// Initialize owa admin
$owa = new owa_php;


if (!$owa->isOwaInstalled()) {
// redirect to install
owa_lib::redirectBrowser(owa_coreAPI::getSetting('base','public_url').'install.php');
@@ -44,6 +45,7 @@
// run controller or view and echo page content
echo $owa->handleRequestFromURL();
} else {

// unload owa
$owa->restInPeace();
}
@@ -55,7 +55,7 @@ function action() {
// doesn't look like the currentuser has the necessary priviledges
owa_coreAPI::debug('User does not have capability required by this controller.');
// auth user
$auth = &owa_auth::get_instance();
$auth = owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
@@ -78,7 +78,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if (empty($id_check)) {

//Check to see if user name already exists
$u->getByColumn('user_id', 'admin');
$u->getByColumn('user_id', owa_user::ADMIN_USER_ID);

$id = $u->get('id');

@@ -89,7 +89,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if ( ! $password ) {
$password = $u->generateRandomPassword();
}
$ret = $u->createNewUser('admin', 'admin', $password, $email_address, $real_name);
$ret = $u->createNewUser('admin', owa_user::ADMIN_USER_ID, $password, $email_address, $real_name);
owa_coreAPI::debug("Admin user created successfully.");
return $password;

@@ -56,7 +56,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if (empty($id_check)) {

//Check to see if user name already exists
$u->getByColumn('user_id', 'admin');
$u->getByColumn('user_id', owa_user::ADMIN_USER_ID);

$id = $u->get('id');

@@ -874,6 +874,9 @@ function applyMetaDataToSingleResultRow($row) {
$type = 'metric';
$data_type = $this->getMetric($k)->getDataType();
}
else {
throw new Exception($k.' is not a metric or dimension. Check the configuration!');
}



@@ -245,8 +245,10 @@ function _loadEventProcessors() {

}

function &getCurrentUser() {

/**
* @return owa_serviceUser
*/
function getCurrentUser() {
return $this->current_user;
}

@@ -30,8 +30,10 @@


class owa_serviceUser extends owa_base {

var $user;
/**
* @var owa_user
*/
public $user;
var $capabilities = array();
var $preferences = array();
var $is_authenticated;
@@ -55,26 +57,24 @@ function loadRelatedUserData() {
$this->preferences = $this->getPreferences($this->user->get('user_id'));
return;
}

function getCapabilities($role) {

$caps = owa_coreAPI::getSetting('base', 'capabilities');

/**
* gets allowed capabilities for the user role
* @param unknown_type $role
*/
function getCapabilities($role) {
$caps = owa_coreAPI::getSetting('base', 'capabilities');
if (array_key_exists($role, $caps)) {
return $caps[$role];
} else {
return array();
}

}
}

function getPreferences($user_id) {

function getPreferences($user_id) {
return false;
}

function getRole() {

function getRole() {
return $this->user->get('role');
}

@@ -96,23 +96,33 @@ function getUserData($name) {
return $this->user->get($name);
}

function isCapable($cap) {
//owa_coreAPI::debug(print_r($this->user->getProperties(), true));
owa_coreAPI::debug("cap ".$cap);
// just in case there is no cap passed
if (!empty($cap)) {
//adding @ here as is_array throws warning that an empty array is not the right data type!
if (in_array($cap, $this->capabilities)) {
return true;
} else {
return false;
}

} else {

/**
* Checks if user is capable to do something
* @param string $cap
* @param integer $currentSiteId optionel - only needed if cap is a capabilities That Require SiteAccess. You need to pass site_id (not id) field
*/
function isCapable($cap, $siteId = null) {
owa_coreAPI::debug("check cap ".$cap);
//global admin can always everything:
if ($this->user->isOWAAdmin() || empty($cap)) {
return true;
}
if (!in_array($cap, $this->capabilities)) {
return false;
}

$capabilitiesThatRequireSiteAccess = owa_coreAPI::getSetting('base', 'capabilitiesThatRequireSiteAccess');
if (is_array($capabilitiesThatRequireSiteAccess) && in_array($cap, $capabilitiesThatRequireSiteAccess)) {
if (is_null($siteId)) {
throw new InvalidArgumentException('Capability "'.$cap.'" that should be checked requires a sited - but nothing given');
}
$site = owa_coreAPI::entityFactory('base.site');
$site->load($siteId,'site_id');
if (!$site->isUserAssigned($this->user->get('id'))) {
return false;
}
}
return true;
}

// mark the user as authenticated and populate their capabilities

0 comments on commit b26123a

Please sign in to comment.
You can’t perform that action at this time.