natalie/indefero
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
83761c66c56cc7392d816a5d200a5cd1332f3020
indefero/src/IDF/Precondition.php

265 lines
8.3 KiB
PHP
Raw Normal View History

Initial commit.
2008-07-25 10:26:05 +02:00
<?php
/* -*- tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
# ***** BEGIN LICENSE BLOCK *****
# This file is part of InDefero, an open source project management application.
Update copyrigt
2011-04-02 21:37:07 +02:00
# Copyright (C) 2008-2011 Céondo Ltd and contributors.
Initial commit.
2008-07-25 10:26:05 +02:00
#
# InDefero is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# InDefero is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# ***** END LICENSE BLOCK ***** */
class IDF_Precondition
{
Added private projects. It is now possible to create private projects. To mark a project as private, you simply go in the Administer > Tabs Access menu and select "Private project". Only project members and owners together with the extra authorized users will be able to access the project. The project will not appear in the list of projects for not authorized users.
2008-11-21 13:19:02 +01:00
/**
* Check if the user has a base authorization to access a given
* tab. This used in the case of private project. You need to
* further control with the accessSource, accessIssues,
* etc. preconditions.
*
* @param Pluf_HTTP_Request
* @return mixed
*/
static public function baseAccess($request)
{
if (!$request->project->private) {
return true;
}
if ($request->user->hasPerm('IDF.project-authorized-user', $request->project)) {
return true;
}
return self::projectMemberOrOwner($request);
}
Initial commit.
2008-07-25 10:26:05 +02:00
/**
* Check if the user is project owner.
*
* @param Pluf_HTTP_Request
* @return mixed
*/
static public function projectOwner($request)
{
$res = Pluf_Precondition::loginRequired($request);
if (true !== $res) {
return $res;
}
if ($request->user->hasPerm('IDF.project-owner', $request->project)) {
return true;
}
return new Pluf_HTTP_Response_Forbidden($request);
}
Added a download area to the forge.
2008-08-04 00:42:05 +02:00
/**
* Check if the user is project owner or member.
*
* @param Pluf_HTTP_Request
* @return mixed
*/
static public function projectMemberOrOwner($request)
{
$res = Pluf_Precondition::loginRequired($request);
if (true !== $res) {
return $res;
}
if ($request->user->hasPerm('IDF.project-owner', $request->project)
or
$request->user->hasPerm('IDF.project-member', $request->project)
) {
return true;
}
return new Pluf_HTTP_Response_Forbidden($request);
}
Fixed issue 4, with fine control over the tabs access. For each tab, at the exception of the project home and the administration area, it possible to control the access rights if the user is anonymous, signed in, member or owner.
2008-08-07 15:35:03 +02:00
/**
* Check if the user can access a given element.
*
* The rights are:
* - 'all' (default)
* - 'none'
* - 'login'
* - 'members'
* - 'owners'
*
* The order of the rights is such that a 'owner' is also a
* 'member' and of course a logged in person.
*
* @param Pluf_HTTP_Request
* @param string Control key
* @return mixed
*/
static public function accessTabGeneric($request, $key)
{
switch ($request->conf->getVal($key, 'all')) {
case 'none':
return new Pluf_HTTP_Response_Forbidden($request);
case 'login':
return Pluf_Precondition::loginRequired($request);
case 'members':
return self::projectMemberOrOwner($request);
case 'owners':
return self::projectOwner($request);
case 'all':
default:
return true;
}
}
static public function accessSource($request)
{
Added private projects. It is now possible to create private projects. To mark a project as private, you simply go in the Administer > Tabs Access menu and select "Private project". Only project members and owners together with the extra authorized users will be able to access the project. The project will not appear in the list of projects for not authorized users.
2008-11-21 13:19:02 +01:00
$res = self::baseAccess($request);
if (true !== $res) {
return $res;
}
Fixed issue 4, with fine control over the tabs access. For each tab, at the exception of the project home and the administration area, it possible to control the access rights if the user is anonymous, signed in, member or owner.
2008-08-07 15:35:03 +02:00
return self::accessTabGeneric($request, 'source_access_rights');
}
static public function accessIssues($request)
{
Added private projects. It is now possible to create private projects. To mark a project as private, you simply go in the Administer > Tabs Access menu and select "Private project". Only project members and owners together with the extra authorized users will be able to access the project. The project will not appear in the list of projects for not authorized users.
2008-11-21 13:19:02 +01:00
$res = self::baseAccess($request);
if (true !== $res) {
return $res;
}
Fixed issue 4, with fine control over the tabs access. For each tab, at the exception of the project home and the administration area, it possible to control the access rights if the user is anonymous, signed in, member or owner.
2008-08-07 15:35:03 +02:00
return self::accessTabGeneric($request, 'issues_access_rights');
}
static public function accessDownloads($request)
{
Added private projects. It is now possible to create private projects. To mark a project as private, you simply go in the Administer > Tabs Access menu and select "Private project". Only project members and owners together with the extra authorized users will be able to access the project. The project will not appear in the list of projects for not authorized users.
2008-11-21 13:19:02 +01:00
$res = self::baseAccess($request);
if (true !== $res) {
return $res;
}
Fixed issue 4, with fine control over the tabs access. For each tab, at the exception of the project home and the administration area, it possible to control the access rights if the user is anonymous, signed in, member or owner.
2008-08-07 15:35:03 +02:00
return self::accessTabGeneric($request, 'downloads_access_rights');
}
Added the first work on an API.
2008-11-21 20:33:39 +01:00
Partial fix of issue 55, addition of a simple Wiki. Added a base wiki, it is now possible to create wiki pages and update them. Revisions are kept also not used/displayed at the moment.
2008-11-22 23:51:23 +01:00
static public function accessWiki($request)
{
$res = self::baseAccess($request);
if (true !== $res) {
return $res;
}
return self::accessTabGeneric($request, 'wiki_access_rights');
}
Started ticket 39, add code review. We now have a limited support of the code review. Still some work to be done to allow the submission of new patches on a given review and update the status. For the moment, only pre-commit review is supported.
2008-11-30 10:26:05 +01:00
static public function accessReview($request)
{
$res = self::baseAccess($request);
if (true !== $res) {
return $res;
}
return self::accessTabGeneric($request, 'review_access_rights');
}
Fixed issue 71, add atom feeds. The basic building block is here with the feed of the timeline, it is rather easy to add the feed other elements based on this work. This will require iterations and polishing.
2008-12-03 15:00:47 +01:00
/**
Added the first work on an API.
2008-11-21 20:33:39 +01:00
* Based on the request, it is automatically setting the user.
*
* API calls are not translated.
*/
static public function apiSetUser($request)
{
// REQUEST is used to be used both for POST and GET requests.
if (!isset($request->REQUEST['_hash'])
or !isset($request->REQUEST['_login'])
or !isset($request->REQUEST['_salt'])) {
// equivalent to anonymous access.
return true;
}
$db =& Pluf::db();
$true = Pluf_DB_BooleanToDb(true, $db);
$sql = new Pluf_SQL('login=%s AND active='.$true,
$request->REQUEST['_login']);
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
Fixed issue 71, add atom feeds. The basic building block is here with the feed of the timeline, it is rather easy to add the feed other elements based on this work. This will require iterations and polishing.
2008-12-03 15:00:47 +01:00
if ($users->count() != 1 or !$users[0]->active) {
Added the first work on an API.
2008-11-21 20:33:39 +01:00
// Should return a special authentication error like user
// not found.
return true;
}
$hash = sha1($request->REQUEST['_salt'].sha1($users[0]->password));
if ($hash != $request->REQUEST['_hash']) {
return true; // Again need authentication error
}
$request->user = $users[0];
Add Project List API
2011-03-07 15:01:51 +01:00
// Don't try to load projects rights access if we are not in one
if ($request->query !== "/api/") {
IDF_Middleware::setRights($request);
}
Fixed issue 71, add atom feeds. The basic building block is here with the feed of the timeline, it is rather easy to add the feed other elements based on this work. This will require iterations and polishing.
2008-12-03 15:00:47 +01:00
return true;
}
/**
* Based on the request, it is automatically setting the user.
*
* Authenticated feeds have a token set at the end of the url in
* the for of 'authenticated/url/token/234092384023woeiur/'. If
* you remove 'token/234092384023woeiur/' the url is not
* authenticated.
*
* If the user is already logged in and not anonymous and no token
* is given, then the user is unset and a non authenticated user
* is loaded. This is to avoid people to not understand why a
* normally not authenticated feed is providing authenticated
* data.
*/
static public function feedSetUser($request)
{
if (!isset($request->project)) {
return true; // we do not act on non project pages at the
// moment.
}
if (!$request->user->isAnonymous()) {
// by default anonymous
$request->user = new Pluf_User();
IDF_Middleware::setRights($request);
}
$match = array();
if (!preg_match('#/token/([^/]+)/$#', $request->query, $match)) {
return true; // anonymous
}
$token = $match[1];
$hash = substr($token, 0, 2);
$encrypted = substr($token, 2);
if ($hash != substr(md5(Pluf::f('secret_key').$encrypted), 0, 2)) {
return true; // no match in the hash, anonymous
}
$cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
Remove the PHP 5.3 deprecated split function.
2009-09-24 20:40:22 +02:00
list($userid, $projectid) = explode(':', $cr->decrypt($encrypted), 2);
Fixed issue 71, add atom feeds. The basic building block is here with the feed of the timeline, it is rather easy to add the feed other elements based on this work. This will require iterations and polishing.
2008-12-03 15:00:47 +01:00
if ($projectid != $request->project->id) {
return true; // anonymous
}
$user = new Pluf_User($userid);
if (!$user->active) {
return true; // anonymous
}
$request->user = $user;
IDF_Middleware::setRights($request);
Added the first work on an API.
2008-11-21 20:33:39 +01:00
return true;
}
Fixed issue 71, add atom feeds. The basic building block is here with the feed of the timeline, it is rather easy to add the feed other elements based on this work. This will require iterations and polishing.
2008-12-03 15:00:47 +01:00
/**
* Generate the token for the feed.
*
* @param IDF_Project
* @param Pluf_User
* @return string Token
*/
static public function genFeedToken($project, $user)
{
$cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
$encrypted = trim($cr->encrypt($user->id.':'.$project->id), '~');
return substr(md5(Pluf::f('secret_key').$encrypted), 0, 2).$encrypted;
}
Add Project List API
2011-03-07 15:01:51 +01:00
}
Reference in New Issue Copy Permalink