Permalink
Browse files

#577 access control (duplicate #288) / refactorings: #576 #575

  • Loading branch information...
danielp
danielp committed Jan 13, 2012
1 parent 1b41f05 commit b26123ab89203d500caa527cf442f9cfb5fc178a
View
@@ -34,6 +34,7 @@
// Initialize owa admin
$owa = new owa_php;
if (!$owa->isOwaInstalled()) {
// redirect to install
owa_lib::redirectBrowser(owa_coreAPI::getSetting('base','public_url').'install.php');
@@ -44,6 +45,7 @@
// run controller or view and echo page content
echo $owa->handleRequestFromURL();
} else {
// unload owa
$owa->restInPeace();
}
@@ -55,7 +55,7 @@ function action() {
// doesn't look like the currentuser has the necessary priviledges
owa_coreAPI::debug('User does not have capability required by this controller.');
// auth user
$auth = &owa_auth::get_instance();
$auth = owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
@@ -78,7 +78,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if (empty($id_check)) {
//Check to see if user name already exists
$u->getByColumn('user_id', 'admin');
$u->getByColumn('user_id', owa_user::ADMIN_USER_ID);
$id = $u->get('id');
@@ -89,7 +89,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if ( ! $password ) {
$password = $u->generateRandomPassword();
}
$ret = $u->createNewUser('admin', 'admin', $password, $email_address, $real_name);
$ret = $u->createNewUser('admin', owa_user::ADMIN_USER_ID, $password, $email_address, $real_name);
owa_coreAPI::debug("Admin user created successfully.");
return $password;
@@ -56,7 +56,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if (empty($id_check)) {
//Check to see if user name already exists
$u->getByColumn('user_id', 'admin');
$u->getByColumn('user_id', owa_user::ADMIN_USER_ID);
$id = $u->get('id');
@@ -874,6 +874,9 @@ function applyMetaDataToSingleResultRow($row) {
$type = 'metric';
$data_type = $this->getMetric($k)->getDataType();
}
else {
throw new Exception($k.' is not a metric or dimension. Check the configuration!');
}
@@ -245,8 +245,10 @@ function _loadEventProcessors() {
}
function &getCurrentUser() {
/**
* @return owa_serviceUser
*/
function getCurrentUser() {
return $this->current_user;
}
@@ -30,8 +30,10 @@
class owa_serviceUser extends owa_base {
var $user;
/**
* @var owa_user
*/
public $user;
var $capabilities = array();
var $preferences = array();
var $is_authenticated;
@@ -55,26 +57,24 @@ function loadRelatedUserData() {
$this->preferences = $this->getPreferences($this->user->get('user_id'));
return;
}
function getCapabilities($role) {
$caps = owa_coreAPI::getSetting('base', 'capabilities');
/**
* gets allowed capabilities for the user role
* @param unknown_type $role
*/
function getCapabilities($role) {
$caps = owa_coreAPI::getSetting('base', 'capabilities');
if (array_key_exists($role, $caps)) {
return $caps[$role];
} else {
return array();
}
}
}
function getPreferences($user_id) {
function getPreferences($user_id) {
return false;
}
function getRole() {
function getRole() {
return $this->user->get('role');
}
@@ -96,23 +96,33 @@ function getUserData($name) {
return $this->user->get($name);
}
function isCapable($cap) {
//owa_coreAPI::debug(print_r($this->user->getProperties(), true));
owa_coreAPI::debug("cap ".$cap);
// just in case there is no cap passed
if (!empty($cap)) {
//adding @ here as is_array throws warning that an empty array is not the right data type!
if (in_array($cap, $this->capabilities)) {
return true;
} else {
return false;
}
} else {
/**
* Checks if user is capable to do something
* @param string $cap
* @param integer $currentSiteId optionel - only needed if cap is a capabilities That Require SiteAccess. You need to pass site_id (not id) field
*/
function isCapable($cap, $siteId = null) {
owa_coreAPI::debug("check cap ".$cap);
//global admin can always everything:
if ($this->user->isOWAAdmin() || empty($cap)) {
return true;
}
if (!in_array($cap, $this->capabilities)) {
return false;
}
$capabilitiesThatRequireSiteAccess = owa_coreAPI::getSetting('base', 'capabilitiesThatRequireSiteAccess');
if (is_array($capabilitiesThatRequireSiteAccess) && in_array($cap, $capabilitiesThatRequireSiteAccess)) {
if (is_null($siteId)) {
throw new InvalidArgumentException('Capability "'.$cap.'" that should be checked requires a sited - but nothing given');
}
$site = owa_coreAPI::entityFactory('base.site');
$site->load($siteId,'site_id');
if (!$site->isUserAssigned($this->user->get('id'))) {
return false;
}
}
return true;
}
// mark the user as authenticated and populate their capabilities
Oops, something went wrong.

0 comments on commit b26123a

Please sign in to comment.