From b26123ab89203d500caa527cf442f9cfb5fc178a Mon Sep 17 00:00:00 2001
From: danielp
Date: Fri, 13 Jan 2012 02:32:10 +0000
Subject: [PATCH] #577 access control (duplicate #288) / refactorings: #576
#575
---
index.php | 2 +
modules/base/apiRequest.php | 2 +-
modules/base/classes/installController.php | 4 +-
modules/base/classes/installManager.php | 2 +-
modules/base/classes/resultSetManager.php | 3 +
modules/base/classes/service.php | 6 +-
modules/base/classes/serviceUser.php | 64 ++++++----
modules/base/classes/settings.php | 136 ++++++++++++---------
modules/base/entities/site.php | 72 +++++++++++
modules/base/entities/site_user.php | 43 +++++++
modules/base/entities/user.php | 18 ++-
modules/base/error.php | 6 +-
modules/base/login.php | 2 +-
modules/base/module.php | 4 +-
modules/base/sites.php | 2 +-
modules/base/sitesEditAllowedUsers.php | 58 +++++++++
modules/base/sitesEditSettings.php | 4 +-
modules/base/sitesProfile.php | 29 ++++-
modules/base/templates/css.tpl | 2 +-
modules/base/templates/filter_site.tpl | 4 +-
modules/base/templates/generic_error.tpl | 2 +-
modules/base/templates/sites.tpl | 18 +--
modules/base/templates/sites_addoredit.tpl | 39 ++++--
modules/base/templates/users_addoredit.tpl | 6 +-
modules/base/updates.php | 4 +-
modules/base/updates/008.php | 66 ++++++++++
modules/base/usersAdd.php | 1 +
modules/base/usersEdit.php | 4 +-
modules/base/usersProfile.php | 14 ++-
owa_auth.php | 4 +-
owa_controller.php | 70 +++++++++--
owa_coreAPI.php | 49 +++++---
owa_lib.php | 24 ++--
owa_module.php | 59 +++++++--
owa_reportController.php | 20 +--
35 files changed, 636 insertions(+), 207 deletions(-)
create mode 100644 modules/base/entities/site_user.php
create mode 100644 modules/base/sitesEditAllowedUsers.php
create mode 100644 modules/base/updates/008.php
diff --git a/index.php b/index.php
index 2e345299b..8395d0bdf 100644
--- a/index.php
+++ b/index.php
@@ -34,6 +34,7 @@
// Initialize owa admin
$owa = new owa_php;
+
if (!$owa->isOwaInstalled()) {
// redirect to install
owa_lib::redirectBrowser(owa_coreAPI::getSetting('base','public_url').'install.php');
@@ -44,6 +45,7 @@
// run controller or view and echo page content
echo $owa->handleRequestFromURL();
} else {
+
// unload owa
$owa->restInPeace();
}
diff --git a/modules/base/apiRequest.php b/modules/base/apiRequest.php
index 518c52b61..41c609705 100644
--- a/modules/base/apiRequest.php
+++ b/modules/base/apiRequest.php
@@ -55,7 +55,7 @@ function action() {
// doesn't look like the currentuser has the necessary priviledges
owa_coreAPI::debug('User does not have capability required by this controller.');
// auth user
- $auth = &owa_auth::get_instance();
+ $auth = owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
diff --git a/modules/base/classes/installController.php b/modules/base/classes/installController.php
index 5024c7867..8ea6f9864 100644
--- a/modules/base/classes/installController.php
+++ b/modules/base/classes/installController.php
@@ -78,7 +78,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if (empty($id_check)) {
//Check to see if user name already exists
- $u->getByColumn('user_id', 'admin');
+ $u->getByColumn('user_id', owa_user::ADMIN_USER_ID);
$id = $u->get('id');
@@ -89,7 +89,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if ( ! $password ) {
$password = $u->generateRandomPassword();
}
- $ret = $u->createNewUser('admin', 'admin', $password, $email_address, $real_name);
+ $ret = $u->createNewUser('admin', owa_user::ADMIN_USER_ID, $password, $email_address, $real_name);
owa_coreAPI::debug("Admin user created successfully.");
return $password;
diff --git a/modules/base/classes/installManager.php b/modules/base/classes/installManager.php
index 1c75996d8..d770b001b 100644
--- a/modules/base/classes/installManager.php
+++ b/modules/base/classes/installManager.php
@@ -56,7 +56,7 @@ function createAdminUser($email_address, $real_name = '', $password = '') {
if (empty($id_check)) {
//Check to see if user name already exists
- $u->getByColumn('user_id', 'admin');
+ $u->getByColumn('user_id', owa_user::ADMIN_USER_ID);
$id = $u->get('id');
diff --git a/modules/base/classes/resultSetManager.php b/modules/base/classes/resultSetManager.php
index 6928d0701..ce7cd6706 100644
--- a/modules/base/classes/resultSetManager.php
+++ b/modules/base/classes/resultSetManager.php
@@ -874,6 +874,9 @@ function applyMetaDataToSingleResultRow($row) {
$type = 'metric';
$data_type = $this->getMetric($k)->getDataType();
}
+ else {
+ throw new Exception($k.' is not a metric or dimension. Check the configuration!');
+ }
diff --git a/modules/base/classes/service.php b/modules/base/classes/service.php
index 670f03f13..74fe02243 100644
--- a/modules/base/classes/service.php
+++ b/modules/base/classes/service.php
@@ -245,8 +245,10 @@ function _loadEventProcessors() {
}
- function &getCurrentUser() {
-
+ /**
+ * @return owa_serviceUser
+ */
+ function getCurrentUser() {
return $this->current_user;
}
diff --git a/modules/base/classes/serviceUser.php b/modules/base/classes/serviceUser.php
index 0b724f39b..67168a33f 100644
--- a/modules/base/classes/serviceUser.php
+++ b/modules/base/classes/serviceUser.php
@@ -30,8 +30,10 @@
class owa_serviceUser extends owa_base {
-
- var $user;
+ /**
+ * @var owa_user
+ */
+ public $user;
var $capabilities = array();
var $preferences = array();
var $is_authenticated;
@@ -55,26 +57,24 @@ function loadRelatedUserData() {
$this->preferences = $this->getPreferences($this->user->get('user_id'));
return;
}
-
- function getCapabilities($role) {
-
- $caps = owa_coreAPI::getSetting('base', 'capabilities');
-
+ /**
+ * gets allowed capabilities for the user role
+ * @param unknown_type $role
+ */
+ function getCapabilities($role) {
+ $caps = owa_coreAPI::getSetting('base', 'capabilities');
if (array_key_exists($role, $caps)) {
return $caps[$role];
} else {
return array();
- }
-
+ }
}
- function getPreferences($user_id) {
-
+ function getPreferences($user_id) {
return false;
}
- function getRole() {
-
+ function getRole() {
return $this->user->get('role');
}
@@ -96,23 +96,33 @@ function getUserData($name) {
return $this->user->get($name);
}
- function isCapable($cap) {
- //owa_coreAPI::debug(print_r($this->user->getProperties(), true));
- owa_coreAPI::debug("cap ".$cap);
- // just in case there is no cap passed
- if (!empty($cap)) {
- //adding @ here as is_array throws warning that an empty array is not the right data type!
- if (in_array($cap, $this->capabilities)) {
- return true;
- } else {
- return false;
- }
-
- } else {
-
+ /**
+ * Checks if user is capable to do something
+ * @param string $cap
+ * @param integer $currentSiteId optionel - only needed if cap is a capabilities That Require SiteAccess. You need to pass site_id (not id) field
+ */
+ function isCapable($cap, $siteId = null) {
+ owa_coreAPI::debug("check cap ".$cap);
+ //global admin can always everything:
+ if ($this->user->isOWAAdmin() || empty($cap)) {
return true;
}
+ if (!in_array($cap, $this->capabilities)) {
+ return false;
+ }
+ $capabilitiesThatRequireSiteAccess = owa_coreAPI::getSetting('base', 'capabilitiesThatRequireSiteAccess');
+ if (is_array($capabilitiesThatRequireSiteAccess) && in_array($cap, $capabilitiesThatRequireSiteAccess)) {
+ if (is_null($siteId)) {
+ throw new InvalidArgumentException('Capability "'.$cap.'" that should be checked requires a sited - but nothing given');
+ }
+ $site = owa_coreAPI::entityFactory('base.site');
+ $site->load($siteId,'site_id');
+ if (!$site->isUserAssigned($this->user->get('id'))) {
+ return false;
+ }
+ }
+ return true;
}
// mark the user as authenticated and populate their capabilities
diff --git a/modules/base/classes/settings.php b/modules/base/classes/settings.php
index c316beb19..482439e6e 100644
--- a/modules/base/classes/settings.php
+++ b/modules/base/classes/settings.php
@@ -33,7 +33,7 @@ class owa_settings {
/**
* Configuration Entity
*
- * @var object configuration entity
+ * @var owa_configuration
*/
var $config;
@@ -59,7 +59,8 @@ function __construct() {
// create configuration object
$this->config = owa_coreAPI::entityFactory('base.configuration');
// load the default settings
- $this->getDefaultConfig();
+ $this->config->set('settings', $this->getDefaultSettingsArray());
+
// include/load config file
$this->loadConfigFile();
// apply config constants
@@ -87,7 +88,10 @@ function __construct() {
}
- function isConfigFilePresent() {
+ /**
+ * @return boolean
+ */
+ public function isConfigFilePresent() {
$file = OWA_DIR.'owa-config.php';
$oldfile = OWA_BASE_DIR.'/conf/owa-config.php';
@@ -101,7 +105,7 @@ function isConfigFilePresent() {
}
}
- function loadConfigFile() {
+ private function loadConfigFile() {
/* LOAD CONFIG FILE */
$file = OWA_DIR.'owa-config.php';
@@ -225,8 +229,12 @@ function applyConfigConstants() {
}
}
-
- function applyModuleOverrides($module, $config) {
+ /**
+ * Ovverrides settings - used in some controllers (@see owa_caller )
+ * @param string $module
+ * @param array $config
+ */
+ public function applyModuleOverrides($module, $config) {
// merge default config with overrides
@@ -429,16 +437,15 @@ function set($module, $key, $value) {
/**
* Adds Setting value to be configuration and persistant data store
+ * same as $this->set
*
* @param string $module the name of the module
* @param string $key the configuration key
* @param string $value the configuration value
* @depricated
*/
- function setSetting($module, $key, $value) {
-
- return $this->set($module, $key, $value);
-
+ function setSetting($module, $key, $value) {
+ return $this->set($module, $key, $value);
}
/**
@@ -449,49 +456,45 @@ function setSetting($module, $key, $value) {
* @param string $value the configuration value
* @return
*/
- function persistSetting($module, $key, $value) {
+ public function persistSetting($module, $key, $value) {
$this->set($module, $key, $value);
$this->db_settings[$module][$key] = $value;
$this->is_dirty = true;
}
- function defaultSetting($module, $key) {
- $defaults = $this->getDefaultSettingsArray();
-
- if ( array_key_exists($module, $defaults) && array_key_exists($key, $defaults[$module]) ) {
- $this->set($module, $key, $defaults[$module][$key]);
-
- if ( array_key_exists($module, $this->db_settings) && array_key_exists($key, $this->db_settings[$module]) ) {
- unset($this->db_settings[$module][$key]);
- $this->is_dirty = true;
- }
- }
- }
-
-
-
/**
- * Adds Setting value to be configuration but DOES NOT add to persistant data store
+ * SEEMS unused - To be removed later
+ *
*
- * @param string $module the name of the module
- * @param string $key the configuration key
- * @param string $value the configuration value
- * @return
- */
- function setSettingTemporary($module, $key, $value) {
-
- $this->set($module, $key, $value);
+ function defaultSetting($module, $key) {
+ $defaults = $this->getDefaultSettingsArray();
+
+ if ( array_key_exists($module, $defaults) && array_key_exists($key, $defaults[$module]) ) {
+ $this->set($module, $key, $defaults[$module][$key]);
+
+ if ( array_key_exists($module, $this->db_settings) && array_key_exists($key, $this->db_settings[$module]) ) {
+ unset($this->db_settings[$module][$key]);
+ $this->is_dirty = true;
+ }
+ }
+ }
+
+ //Adds Setting value to be configuration but DOES NOT add to persistant data store
+ function setSettingTemporary($module, $key, $value) {
- return;
-
- }
+ $this->set($module, $key, $value);
+
+ return;
+
+ }
+ */
/**
* Replaces all values of a particular module's configuration
* @todo: search to see where else this is used. If unused then make it for use in persist only.
*/
- function replace($module, $values, $persist = false) {
+ private function replace($module, $values, $persist = false) {
if ($persist) {
$this->db_settings[$module] = $values;
@@ -510,8 +513,7 @@ function replace($module, $values, $persist = false) {
* Needed for backwards compatability with older classes
*
*/
- function &get_settings($id = 1) {
-
+ function &get_settings($id = 1) {
static $config2;
@@ -524,14 +526,11 @@ function &get_settings($id = 1) {
}
- function getDefaultConfig() {
-
- $config = $this->getDefaultSettingsArray();
- // set default values
- $this->config->set('settings', $config);
- }
-
- function getDefaultSettingsArray() {
+
+ /**
+ * @return array
+ */
+ private function getDefaultSettingsArray() {
return array(
'base' => array(
@@ -670,6 +669,12 @@ function getDefaultSettingsArray() {
'ad_type' => 'owa_ad_type'),
'trafficAttributionMode' => 'direct',
'campaignAttributionWindow' => 60,
+ //list of capabilities that require access to the site
+ 'capabilitiesThatRequireSiteAccess' => array(
+ 'view_reports',
+ 'edit_sites',
+ ),
+ // role to capabilities configuration
'capabilities' => array(
'admin' => array(
'view_reports',
@@ -701,7 +706,11 @@ function getDefaultSettingsArray() {
}
- function setupPaths() {
+ /**
+ * sets the basic path settings in the config object like "public_path" / "images_url" ...
+ * @return void
+ */
+ private function setupPaths() {
//build base url
$base_url = '';
@@ -759,7 +768,12 @@ function setupPaths() {
}
}
- function createConfigFile($config_values) {
+ /**
+ * Writes the config file based on the default config file - but with the given database credentials
+ *
+ * @param array $config_values with the database setting keys
+ */
+ public function createConfigFile($config_values) {
if (file_exists(OWA_DIR.'owa-config.php')) {
owa_coreAPI::error("Your config file already exists. If you need to change your configuration, edit that file at: ".OWA_DIR.'owa-config.php');
@@ -768,13 +782,14 @@ function createConfigFile($config_values) {
}
if (!file_exists(OWA_DIR.'owa-config-dist.php')) {
- owa_coreAPI::error("We can't find the configuration file template. Are you sure you installed OWA's files correctly? Exiting.");
- exit;
- } else {
- $configFileTemplate = file(OWA_DIR . 'owa-config-dist.php');
- owa_coreAPI::debug('found sample config file.');
- }
+ $errorMsg = "We can't find the configuration file template. Are you sure you installed OWA's files correctly? Exiting.";
+ owa_coreAPI::error($errorMsg);
+ throw new Exception($errorMsg);
+ }
+ $configFileTemplate = file(OWA_DIR . 'owa-config-dist.php');
+ owa_coreAPI::debug('found sample config file.');
+
$handle = fopen(OWA_DIR . 'owa-config.php', 'w');
foreach ($configFileTemplate as $line_num => $line) {
@@ -824,7 +839,12 @@ function reset($module) {
}
}
- function setCookieDomain ($domain = '') {
+ /**
+ * sets and checks the cookie domain setting
+ *
+ * @param unknown_type $domain
+ */
+ public function setCookieDomain ($domain = '') {
$explicit = false;
diff --git a/modules/base/entities/site.php b/modules/base/entities/site.php
index 674264ad4..410f480e9 100644
--- a/modules/base/entities/site.php
+++ b/modules/base/entities/site.php
@@ -32,6 +32,8 @@
class owa_site extends owa_entity {
+ private static $cachedAssignedUsers = array();
+
function __construct() {
$this->setTableName('site');
@@ -71,7 +73,77 @@ function settingsSetFilter($value) {
owa_coreAPI::debug($value);
return $value;
}
+
+
+
+ /**
+ * Updates the allowed Sites for the current loaded user
+ * @param array $siteIds
+ */
+ public function updateAssignedUserIds(array $userIds) {
+ if (!$this->get('id')) {
+ throw new Exception('no site data loaded!');
+ }
+ $db = owa_coreAPI::dbSingleton();
+ $db->deleteFrom('owa_site_user');
+ $db->where( 'site_id', $this->get('id') );
+ $ret = $db->executeQuery();
+
+ foreach ($userIds as $id) {
+ $relation = owa_coreAPI::entityFactory('base.site_user');
+ $relation->set( 'user_id', intval ($id ) );
+ $relation->set( 'site_id', $this->get('id') );
+ $relation->save();
+ }
+
+ unset ( self::$cachedAssignedUsers[$this->get('id')] );
+
+ }
+
+
+ /**
+ * Checks if user is allowed to access the site.
+ * @param integer $userId
+ * @return boolean
+ */
+ public function isUserAssigned($userId) {
+ $users = $this->getAssignedUsers();
+ foreach ($users as $user) {
+ if ($userId == $user->get('id')) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Returns collection of owa_user entities that are allowed for current user
+ * @return owa_user[]
+ */
+ public function getAssignedUsers() {
+ if (!$this->get('id')) {
+ throw new Exception('no site data loaded!');
+ }
+ if (!isset(self::$cachedAssignedUsers[$this->get('id')])) {
+ $db = owa_coreAPI::dbSingleton();
+ $db->selectFrom( 'owa_site_user' );
+ $db->selectColumn( '*' );
+ $db->where( 'site_id', $this->get('id') );
+ $relations = $db->getAllRows();
+ $result = array();
+ if (is_array($relations)) {
+ foreach ($relations as $row) {
+ $userEntity = owa_coreApi::entityFactory('base.user');
+ $userEntity->load($row['user_id']);
+ $result[] = $userEntity;
+ }
+ }
+ self::$cachedAssignedUsers[$this->get('id')] = $result;
+ }
+
+ return self::$cachedAssignedUsers[$this->get('id')];
+ }
}
diff --git a/modules/base/entities/site_user.php b/modules/base/entities/site_user.php
new file mode 100644
index 000000000..7cc35d377
--- /dev/null
+++ b/modules/base/entities/site_user.php
@@ -0,0 +1,43 @@
+
+ * @copyright Copyright © 2006 Peter Adams
+ * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0
+ * @category owa
+ * @package owa
+ * @version $Revision$
+ * @since owa 1.0.0
+ */
+
+class owa_site_user extends owa_entity {
+
+ public function __construct() {
+ $this->setTableName('site_user');
+ $this->setProperty( new owa_dbColumn( 'site_id' , OWA_DTD_BIGINT ) );
+ $this->setProperty( new owa_dbColumn( 'user_id' , OWA_DTD_INT ) );
+ }
+
+
+
+}
+
+?>
\ No newline at end of file
diff --git a/modules/base/entities/user.php b/modules/base/entities/user.php
index d8b888092..a47d8524f 100644
--- a/modules/base/entities/user.php
+++ b/modules/base/entities/user.php
@@ -30,6 +30,8 @@
class owa_user extends owa_entity {
+ const ADMIN_USER_ID = 'admin';
+
function __construct() {
$this->setTableName('user');
@@ -55,10 +57,16 @@ function __construct() {
$this->properties['creation_date']->setDataType(OWA_DTD_BIGINT);
$this->properties['last_update_date'] = new owa_dbColumn;
$this->properties['last_update_date']->setDataType(OWA_DTD_BIGINT);
+
$apiKey = new owa_dbColumn;
$apiKey->setName('api_key');
$apiKey->setDataType(OWA_DTD_VARCHAR255);
$this->setProperty($apiKey);
+
+ $allowedSite = new owa_dbColumn;
+ $allowedSite->setName('allowed_site');
+ $allowedSite->setDataType(OWA_DTD_VARCHAR255);
+ $this->setProperty($allowedSite);
}
function createNewUser($user_id, $role, $password = '', $email_address = '', $real_name = '') {
@@ -86,11 +94,17 @@ function generateTempPasskey($seed) {
return md5($seed.time().rand());
}
- function generateRandomPassword() {
-
+ function generateRandomPassword() {
return substr(owa_lib::encryptPassword(microtime()),0,6);
}
+ /**
+ * @return boolean
+ */
+ public function isOWAAdmin() {
+ return $this->get('user_id') == self::ADMIN_USER_ID;
+ }
+
}
?>
\ No newline at end of file
diff --git a/modules/base/error.php b/modules/base/error.php
index 08691a3af..c47e0229e 100644
--- a/modules/base/error.php
+++ b/modules/base/error.php
@@ -34,10 +34,6 @@
class owa_errorView extends owa_view {
- function owa_errorView() {
-
- return owa_errorView::__construct();
- }
function __construct() {
@@ -64,4 +60,4 @@ function render($data) {
-?>
\ No newline at end of file
+?>
diff --git a/modules/base/login.php b/modules/base/login.php
index 9eb492a5b..470c3b248 100644
--- a/modules/base/login.php
+++ b/modules/base/login.php
@@ -23,7 +23,7 @@ class owa_loginController extends owa_controller {
function action() {
- $auth = &owa_auth::get_instance();
+ $auth = owa_auth::get_instance();
$status = $auth->authenticateUser();
$go = $this->getParam('go');
// if authentication is successfull
diff --git a/modules/base/module.php b/modules/base/module.php
index 2b3559acc..0bf1c0b36 100644
--- a/modules/base/module.php
+++ b/modules/base/module.php
@@ -42,10 +42,10 @@ function __construct() {
$this->display_name = 'Open Web Analytics';
$this->group = 'Base';
$this->author = 'Peter Adams';
- $this->version = 7;
+ $this->version = 8;
$this->description = 'Base functionality for OWA.';
$this->config_required = false;
- $this->required_schema_version = 7;
+ $this->required_schema_version = 8;
return parent::__construct();
}
diff --git a/modules/base/sites.php b/modules/base/sites.php
index f4c86d707..91d82f1d2 100644
--- a/modules/base/sites.php
+++ b/modules/base/sites.php
@@ -42,7 +42,7 @@ function __construct($params) {
function action() {
$s = owa_coreAPI::entityFactory('base.site');
- $sites = owa_coreAPI::getSitesList();
+ $sites = $this->getAllowedSitesForCurrentUserAndControllerCap();
$this->set('tracked_sites', $sites);
$this->setSubview('base.sites');
$this->setView('base.options');
diff --git a/modules/base/sitesEditAllowedUsers.php b/modules/base/sitesEditAllowedUsers.php
new file mode 100644
index 000000000..58a3aec37
--- /dev/null
+++ b/modules/base/sitesEditAllowedUsers.php
@@ -0,0 +1,58 @@
+
+ * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0
+ * @category owa
+ * @package owa
+ * @version $Revision$
+ * @since owa 1.0.0
+ */
+class owa_sitesEditAllowedUsersController extends owa_sitesEditSettingsController {
+
+
+
+ function action() {
+
+ $site_id = $this->getParam( 'siteId' );
+ $siteEntity = owa_coreAPI::entityFactory( 'base.site' );
+ $siteEntity->load( $siteEntity->generateId( $site_id ) );
+
+ //print_r($this->getParam( 'allowed_users' ));die('no');
+ if ($this->getParam( 'allowed_users' ) ) {
+ $siteEntity->updateAssignedUserIds($this->getParam( 'allowed_users' ));
+ }
+ else {
+ $siteEntity->updateAssignedUserIds( array() );
+ }
+ //set variables for view
+ $this->set('siteId', $site_id);
+ $this->set('edit', true);
+ $this->setStatusCode( 3201 );
+ $this->setRedirectAction( 'base.sitesProfile' );
+
+ }
+
+}
+
+?>
\ No newline at end of file
diff --git a/modules/base/sitesEditSettings.php b/modules/base/sitesEditSettings.php
index 304e56fa8..7dc46fea7 100644
--- a/modules/base/sitesEditSettings.php
+++ b/modules/base/sitesEditSettings.php
@@ -40,7 +40,7 @@ function __construct($params) {
// validations
- // check that user_id is present
+ // check that siteId is present
$v1 = owa_coreAPI::validationFactory('required');
$v1->setValues($this->getParam('siteId'));
$this->setValidation('siteId', $v1);
@@ -91,7 +91,7 @@ function errorAction() {
$site_id = $this->getParam( 'siteId' );
$site = owa_coreAPI::entityFactory( 'base.site' );
$site->load( $site->generateId( $site_id ) );
- $this->set('site', $site);
+ $this->set('site', $site->_getProperties());
$this->set('config', $this->params);
}
}
diff --git a/modules/base/sitesProfile.php b/modules/base/sitesProfile.php
index 7c0534946..bd9ccda89 100644
--- a/modules/base/sitesProfile.php
+++ b/modules/base/sitesProfile.php
@@ -49,16 +49,20 @@ function action() {
$site_data = $site->_getProperties();
$this->set('config', $site->get('settings') );
$this->set('edit', $this->getParam('edit'));
+
} else {
$site_data = array();
}
+
+
$this->set('site', $site_data);
$this->set('siteId', $site_id);
$this->setView('base.options');
$this->setSubview('base.sitesProfile');
}
+
}
@@ -78,18 +82,30 @@ class owa_sitesProfileView extends owa_view {
function render() {
+
$site = $this->get('site');
if ($this->get('edit')) {
$this->body->set('action', 'base.sitesEdit');
$this->body->set('headline', 'Edit Site Profile for: '. $site['domain'] );
+
+ $siteEntity = owa_coreAPI::entityFactory('base.site');
+ $siteEntity->getByColumn('site_id', $this->get('siteId'));
+ $this->body->set('siteEntity', $siteEntity);
} else {
$this->body->set('action', 'base.sitesAdd');
$this->body->set('headline', 'Add a New Tracked Site Profile');
}
+ if (isset($site['domain'])) {
+ $this->t->set( 'page_title', 'Site Profile for: '. $site['domain'] );
+ }
+ else {
+ $this->t->set( 'page_title', 'Site Profile for new Site');
+ }
- $this->t->set( 'page_title', 'Site Profile for: '. $site['domain'] );
+ $this->body->set('users', $this->getAllUserRows());
+
$this->body->set( 'site', $site );
$this->body->set( 'edit', $this->get('edit') );
$this->body->set( 'site_id', $this->get('siteId') );
@@ -98,9 +114,18 @@ function render() {
$this->body->set_template( 'sites_addoredit.tpl' );
}
+ /**
+ * @return array
+ */
+ private function getAllUserRows() {
+ $db = owa_coreAPI::dbSingleton();
+ $db->selectFrom('owa_user');
+ $db->selectColumn("*");
+ return $db->getAllRows();
+ }
}
-?>
\ No newline at end of file
+?>
diff --git a/modules/base/templates/css.tpl b/modules/base/templates/css.tpl
index 5e1121bd7..4f67822fa 100644
--- a/modules/base/templates/css.tpl
+++ b/modules/base/templates/css.tpl
@@ -279,6 +279,6 @@ td#panel {margin: 0px; padding-top:0px;width:;border-collapse: collapse;border:0
font-weight: normal;
}
-
+.noedit {color: #999;}
\ No newline at end of file
diff --git a/modules/base/templates/filter_site.tpl b/modules/base/templates/filter_site.tpl
index cba2a931c..a66129085 100644
--- a/modules/base/templates/filter_site.tpl
+++ b/modules/base/templates/filter_site.tpl
@@ -3,8 +3,8 @@
Web Site:
- $value):?>
- selected="selected" selected >out( $value['name'] );?>
+
+ get('site_id')):?>selected="selected" selected >out( $site->get('name') );?>
diff --git a/modules/base/templates/generic_error.tpl b/modules/base/templates/generic_error.tpl
index 594b59815..190e1efa9 100644
--- a/modules/base/templates/generic_error.tpl
+++ b/modules/base/templates/generic_error.tpl
@@ -1 +1 @@
-
+
diff --git a/modules/base/templates/sites.tpl b/modules/base/templates/sites.tpl
index 1573a47be..c15265ed0 100644
--- a/modules/base/templates/sites.tpl
+++ b/modules/base/templates/sites.tpl
@@ -17,23 +17,23 @@ if it is to be tracked/reported separately.
- $value):?>
+
- out( $value['name'] );?>
+ out( $site->get('name') );?>
-
- out( $value['description'] );?>
+ get('description') != ''):?>
+ out( $site->get('description') );?>
- out( $value['domain'] );?>
+ out( $site->get('domain') );?>
- Edit |
- Delete |
- Get Tracking Code |
- Goals
+ Edit |
+ Delete |
+ Get Tracking Code |
+ Goals
diff --git a/modules/base/templates/sites_addoredit.tpl b/modules/base/templates/sites_addoredit.tpl
index 031b9639a..548a0db31 100644
--- a/modules/base/templates/sites_addoredit.tpl
+++ b/modules/base/templates/sites_addoredit.tpl
@@ -28,21 +28,24 @@
https://
-
- out( $validation_errors['domain'] );?>
+
+ out( @$validation_errors['domain'] );?>
Site Name:
-
+
Description:
-
+
+
+
+
createNonceFormField($action);?>
@@ -62,19 +65,19 @@
P3P Compact Privacy Policy
This setting controls the P3P compact privacy policy that is returned to the browser when OWA sets cookies. Click
here for more information on compact privacy policies and choosing the right one for your web site.
-
+
URL Parameters
This setting controls the URL parameters that OWA should ignore when processing requests. This is useful for avoiding duplicate URLs due to the use of tracking or others state parameters in your URLs. Parameter names should be separated by comma.
-
+
Default Page
This is the page that your web server defaults to when there is no page specified in your URL (e.g. index.html). Use this setting to combine page views for www.domain.com and www.domain.com/index.html.
-
+
@@ -91,10 +94,28 @@
createNonceFormField('base.sitesEditSettings');?>
-
+
-
\ No newline at end of file
+
+
diff --git a/modules/base/templates/users_addoredit.tpl b/modules/base/templates/users_addoredit.tpl
index 750db4188..9b5c0c91e 100644
--- a/modules/base/templates/users_addoredit.tpl
+++ b/modules/base/templates/users_addoredit.tpl
@@ -11,7 +11,7 @@
User Name
- out( $user['user_id'] )?>
+ out( $user['user_id'] )?>
@@ -21,7 +21,7 @@
API Key
-
+
@@ -40,6 +40,8 @@
+
+
E-mail Address
diff --git a/modules/base/updates.php b/modules/base/updates.php
index 10a2508f4..a3af43607 100644
--- a/modules/base/updates.php
+++ b/modules/base/updates.php
@@ -38,7 +38,7 @@ function render($data) {
//switch wrapper if OWA is not embedded
// needed becasue this view might be rendered before anything else.
- if ($this->config['is_embedded'] != true) {
+ if (isset($this->config['is_embedded']) && $this->config['is_embedded'] != true) {
$this->t->set_template('wrapper_public.tpl');
}
@@ -62,4 +62,4 @@ function action() {
}
}
-?>
\ No newline at end of file
+?>
diff --git a/modules/base/updates/008.php b/modules/base/updates/008.php
new file mode 100644
index 000000000..5d65681e7
--- /dev/null
+++ b/modules/base/updates/008.php
@@ -0,0 +1,66 @@
+
+ * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0
+ * @category owa
+ * @package owa
+ * @version $Revision$
+ * @since owa 1.5.0
+ */
+
+
+class owa_base_008_update extends owa_update {
+
+ var $schema_version = 8;
+
+
+ function up($force = false) {
+ $site = owa_coreAPI::entityFactory('base.site_user');
+ $ret = $site->createTable('site_user');
+ if ($ret === false ) {
+ $this->e->notice('Create table site_user failed');
+ return false;
+ }
+
+ $ret = $site->addColumn('site_id');
+ if ($ret === false ) {
+ $this->e->notice('Add column site_id failed');
+ return false;
+ }
+
+ $ret = $site->addColumn('user_id');
+ if ($ret === false ) {
+ $this->e->notice('Add column site_id failed');
+ return false;
+ }
+
+ return true;
+ }
+
+ function down() {
+ $site = owa_coreAPI::entityFactory('base.site_user');
+ $ret = $site->dropTable('site_user');
+ return true;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/modules/base/usersAdd.php b/modules/base/usersAdd.php
index 1f7e85488..485b467bc 100644
--- a/modules/base/usersAdd.php
+++ b/modules/base/usersAdd.php
@@ -83,6 +83,7 @@ function action() {
'base.new_user_account');
+
$this->setRedirectAction('base.users');
$this->set('status_code', 3000);
diff --git a/modules/base/usersEdit.php b/modules/base/usersEdit.php
index 3fdb7c144..f88dec956 100644
--- a/modules/base/usersEdit.php
+++ b/modules/base/usersEdit.php
@@ -63,9 +63,11 @@ function action() {
$u->set('real_name', $this->getParam('real_name'));
// never change the role of the admin user
- if ($u->get('user_id') != 'admin') {
+ if (!$u->isOWAAdmin()) {
$u->set('role', $this->getParam('role'));
}
+
+
$u->update();
$this->set('status_code', 3003);
$this->setRedirectAction('base.users');
diff --git a/modules/base/usersProfile.php b/modules/base/usersProfile.php
index 8aac14455..2820702f2 100644
--- a/modules/base/usersProfile.php
+++ b/modules/base/usersProfile.php
@@ -81,11 +81,16 @@ function __construct() {
}
function render($data) {
+ $user = $this->get('profile');
+ $this->body->set('isAdmin', false);
if ($this->get('edit')) {
$this->body->set('headline', 'Edit user profile');
$this->body->set('action', 'base.usersEdit');
$this->body->set('edit', true);
+ $userEntity = owa_coreAPI::entityFactory( 'base.user' );
+ $userEntity->load( $user['id'] );
+ $this->body->set('isAdmin', $userEntity->isOWAAdmin());
} else {
$this->body->set('headline', 'Add a new user profile');
$this->body->set('action', 'base.usersAdd');
@@ -95,12 +100,9 @@ function render($data) {
$this->t->set('page_title', 'User Profile');
$this->body->set_template('users_addoredit.tpl');
$this->body->set('roles', owa_coreAPI::getAllRoles());
- $user = $this->get('profile');
- $this->body->set('user', $user);
- $this->body->set('isAdmin', false);
- if ( isset( $user['id'] ) && $user['id'] == 1 ) {
- $this->body->set('isAdmin', true);
- }
+
+ $this->body->set('user', $user);
+
}
}
diff --git a/owa_auth.php b/owa_auth.php
index 80c7e910f..c0019e276 100644
--- a/owa_auth.php
+++ b/owa_auth.php
@@ -74,7 +74,7 @@ class owa_auth extends owa_base {
*
* @return object
*/
- public static function &get_instance($plugin = '') {
+ public static function get_instance($plugin = '') {
static $auth;
@@ -114,6 +114,8 @@ function authenticateUser() {
if (owa_coreAPI::getCurrentUser()->isAuthenticated()) {
$ret = true;
} elseif (owa_coreAPI::getRequestParam('apiKey')) {
+
+
// auth user by api key
$ret = $this->authByApiKey(owa_coreAPI::getRequestParam('apiKey'));
} elseif (owa_coreAPI::getRequestParam('pk') && owa_coreAPI::getStateParam('u')) {
diff --git a/owa_controller.php b/owa_controller.php
index bc96b6fd7..4f557b655 100644
--- a/owa_controller.php
+++ b/owa_controller.php
@@ -182,18 +182,19 @@ function doAction() {
}
/* CHECK USER FOR CAPABILITIES */
- if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) {
+ $currentUser = owa_coreAPI::getCurrentUser();
+ if (!$currentUser->isCapable($this->getRequiredCapability(),$this->getCurrentSiteId())) {
owa_coreAPI::debug('User does not have capability required by this controller.');
// check to see if the user has already been authenticated
if (owa_coreAPI::isCurrentUserAuthenticated()) {
- $this->authenticatedButNotCapableAction();
+ $this->authenticatedButNotCapableAction('User does not have capability required by this controller.');
return $this->data;
}
/* PERFORM AUTHENTICATION */
- $auth = &owa_auth::get_instance();
+ $auth = owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
@@ -201,7 +202,7 @@ function doAction() {
return $this->data;
} else {
//check for needed capability again now that they are authenticated
- if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) {
+ if ( !$currentUser->isCapable($this->getRequiredCapability(),$this->getCurrentSiteId()) ) {
$this->authenticatedButNotCapableAction();
//needed?
$this->set('go', urlencode(owa_lib::get_current_url()));
@@ -523,10 +524,12 @@ function setStatusMsg($msg) {
$this->data['status_message'] = $msg;
}
- function authenticatedButNotCapableAction() {
-
+ function authenticatedButNotCapableAction($additionalMessage = '') {
+ if ( empty($additionalMessage) ) {
+ $additionalMessage = '('.$this->getRequiredCapability().' / '.$this->getCurrentSiteId() .')';
+ }
$this->setView('base.error');
- $this->set('error_msg', $this->getMsg(2003));
+ $this->set('error_msg', $this->getMsg(2003).' '.$additionalMessage);
}
function notAuthenticatedAction() {
@@ -562,6 +565,57 @@ function getSetting($module, $name) {
return owa_coreAPI::getSetting($module, $name);
}
+
+ /**
+ * @return array
+ */
+ protected function getAllowedSitesForCurrentUserAndControllerCap() {
+ $currentUser = owa_coreAPI::getCurrentUser();
+ $allSites = owa_coreAPI::getSitesList();
+ $allowedSites=array();
+ foreach ($allSites as $siteRow) {
+ if ($currentUser->isCapable($this->capability,$siteRow['site_id'])) {
+ $site = owa_coreAPI::entityFactory('base.site');
+ $site->load($siteRow['id']);
+ $allowedSites[$siteRow['site_id']] = $site;
+ }
+ }
+ return $allowedSites;
+ }
+ /**
+ * gets the siteid taking the site access permissions into account
+ * If not a typical siteId parameter is set or user lacks permission, the first availabe site is used
+ *
+ * @return string or false if no site access
+ */
+ protected function getCurrentSiteId() {
+ $allowedSites = $this->getAllowedSitesForCurrentUserAndControllerCap();
+ $siteParameterValue = $this->getSiteIdParameterValue();
+
+ // set siteId from Request if set
+ if ( $siteParameterValue !== false && isset($allowedSites[$siteParameterValue])) {
+ return $siteParameterValue;
+ }
+ elseif (isset($allowedSites[0])) {
+ //set default
+ return $allowedSites[0]->get('site_id');
+ }
+ return false;
+ }
+
+ /**
+ * @return integer or false
+ */
+ protected function getSiteIdParameterValue() {
+ if ($this->getParam('siteId') ) {
+ return $this->getParam('siteId');
+ }
+ elseif ($this->getParam('site_id') ) {
+ return $this->getParam('site_id');
+ }
+ return false;
+ }
+
}
-?>
\ No newline at end of file
+?>
diff --git a/owa_coreAPI.php b/owa_coreAPI.php
index 7045f90a4..1ee8815f2 100644
--- a/owa_coreAPI.php
+++ b/owa_coreAPI.php
@@ -32,6 +32,7 @@
class owa_coreAPI {
+ const OWA_ROLE_VIEWER = 'viewer';
// @depricated
// @todo remove
@@ -74,7 +75,9 @@ public static function setupStorageEngine($type) {
return true;
}
-
+ /**
+ * @return owa_db
+ */
public static function dbSingleton() {
static $db;
@@ -109,8 +112,11 @@ public static function dbFactory() {
return $db;
}
}
-
- public static function &configSingleton($params = array()) {
+
+ /**
+ * @return owa_settings
+ */
+ public static function configSingleton() {
static $config;
@@ -222,8 +228,10 @@ public static function getAllRoles() {
return array_keys($caps);
}
- public static function &getCurrentUser() {
-
+ /**
+ * @return owa_serviceUser
+ */
+ public static function getCurrentUser() {
$s = owa_coreAPI::serviceSingleton();
return $s->getCurrentUser();
}
@@ -247,8 +255,10 @@ public static function isCurrentUserAuthenticated() {
$cu = owa_coreAPI::getCurrentUser();
return $cu->isAuthenticated();
}
-
- public static function &serviceSingleton() {
+ /**
+ * @return owa_service
+ */
+ public static function serviceSingleton() {
static $s;
@@ -329,7 +339,6 @@ public static function moduleRequireOnce($module, $class_dir, $file) {
}
public static function moduleFactory($modulefile, $class_suffix = null, $params = '', $class_ns = 'owa_') {
-
list($module, $file) = explode(".", $modulefile);
$class = $class_ns.$file.$class_suffix;
//print $class;
@@ -707,9 +716,10 @@ public static function getNavSort($a, $b) {
public static function getActiveModules() {
$c = owa_coreAPI::configSingleton();
- $config = $c->config->get('settings');
- //print_r($config);
+ $config = $c->config->get('settings');
+
+
$active_modules = array();
foreach ($config as $k => $module) {
@@ -742,12 +752,12 @@ public static function performAction($action, $params = array()) {
$controller = owa_coreAPI::moduleFactory($action, 'Controller', $params);
if (!$controller || !method_exists($controller, 'doAction')) {
+
owa_coreAPI::debug("No controller is associated with $action.");
return;
}
- $data = $controller->doAction();
-
+ $data = $controller->doAction();
// Display view if controller calls for one.
if (!empty($data['view']) || !empty($data['action'])):
@@ -1154,20 +1164,19 @@ public static function isUpdateRequired() {
return $service->isUpdateRequired();
}
- public static function getSitesList() {
-
+ /**
+ * @return array
+ */
+ public static function getSitesList() {
$db = owa_coreAPI::dbSingleton();
$db->selectFrom('owa_site');
$db->selectColumn('*');
$sites = $db->getAllRows();
- if ( ! $sites ) {
-
+ if ( ! $sites ) {
$sites = array();
- }
-
- return $sites;
-
+ }
+ return $sites;
}
public static function profile($that = '', $function = '', $line = '', $msg = '') {
diff --git a/owa_lib.php b/owa_lib.php
index 75be78824..be86cef80 100644
--- a/owa_lib.php
+++ b/owa_lib.php
@@ -485,12 +485,11 @@ public static function fileInclusionFilter($str) {
* @param string $class_dir
* @param string $class_prefix
* @param string $class_name
- * @param array $conf
+ * @param array $constructorArguments
* @return object
*/
- public static function factory($class_dir, $class_prefix, $class_name, $conf = array(), $class_suffix = '') {
+ public static function factory($class_dir, $class_prefix, $class_name, $constructorArguments = array(), $class_suffix = '') {
- //$class_dir = strtolower($class_dir).'/';
$class_dir = $class_dir.'/';
$classfile = $class_dir . $class_name . '.php';
$class = $class_prefix . $class_name . $class_suffix;
@@ -500,22 +499,17 @@ public static function factory($class_dir, $class_prefix, $class_name, $conf = a
* a failure as fatal. The caller may have already included their own
* version of the named class.
*/
- if (!class_exists($class)) {
-
- if (file_exists($classfile)) {
- require_once ($classfile);
+ if (!class_exists($class)) {
+ if (!file_exists($classfile)) {
+ throw new Exception('Class File '.$classfile.' not existend!');
}
-
+ require_once ($classfile);
}
- /* If the class exists, return a new instance of it. */
- if (class_exists($class)) {
- $obj = new $class($conf);
- return $obj;
+ if (!class_exists($class)) {
+ throw new Exception('Class '.$class.' not existend!');
}
-
- $null = null;
- return $null;
+ return new $class($constructorArguments);
}
/**
diff --git a/owa_module.php b/owa_module.php
index 587dcf725..8aba0a1a6 100644
--- a/owa_module.php
+++ b/owa_module.php
@@ -28,7 +28,7 @@
* @since owa 1.0.0
*/
-class owa_module extends owa_base {
+abstract class owa_module extends owa_base {
/**
* Name of module
@@ -385,24 +385,50 @@ function addAdminPanel($panel) {
/**
* Registers Group Link with a particular View
- *
+ * @DEPRICATED - use addNavigationSubGroup and addNavigationLinkInSubGroup
*/
function addNavigationLink($group, $subgroup = '', $ref, $anchortext, $order = 0, $priviledge = 'viewer') {
-
- $link = array('ref' => $ref,
- 'anchortext' => $anchortext,
- 'order' => $order,
- 'priviledge' => $priviledge);
if (!empty($subgroup)):
- $this->nav_links[$group][$subgroup]['subgroup'][] = $link;
+ $this->addNavigationLinkInSubGroup($subgroup,$ref, $anchortext, $order = 0, $priviledge = 'viewer',$group);
else:
- $this->nav_links[$group][$anchortext] = $link;
+ $this->addNavigationSubGroup($anchortext,$ref, $anchortext, $order = 0, $priviledge = 'viewer',$group);
endif;
return;
}
+ /**
+ * Adds a new Subgroup in the navigation
+ *
+ * @param string $subgroupName
+ * @param string $ref
+ * @param string $anchortext
+ * @param integer $order
+ * @param string $priviledge
+ * @param string $groupName
+ */
+ public function addNavigationSubGroup($subgroupName, $ref, $anchortext, $order = 0, $priviledge = owa_coreAPI::OWA_ROLE_VIEWER, $groupName = 'Reports') {
+ $this->nav_links[$groupName][$subgroupName] = $this->getLinkStruct($ref, $anchortext, $order,$priviledge);
+ }
+
+ /**
+ * Adds a new Link to an existing Subgroup in the navigation
+ *
+ * @param string $subgroupName
+ * @param string $ref
+ * @param string $anchortext
+ * @param integer $order
+ * @param string $priviledge
+ * @param string $groupName
+ */
+ public function addNavigationLinkInSubGroup($subgroupName, $ref, $anchortext, $order = 0, $priviledge = owa_coreAPI::OWA_ROLE_VIEWER, $groupName = 'Reports') {
+ if (!isset($this->nav_links[$groupName][$subgroupName]) || !is_array($this->nav_links[$groupName][$subgroupName])) {
+ throw new Exception('Subgroup "'.$subgroupName.'" is not existend - add Subgroup first with addNavigationSubGroup ');
+ }
+ $this->nav_links[$groupName][$subgroupName]['subgroup'][] = $this->getLinkStruct($ref, $anchortext, $order,$priviledge);
+ }
+
/**
* Abstract method for registering a module's entities
*
@@ -883,6 +909,21 @@ function registerBackgroundJobs() {
return false;
}
+ /**
+ * Retuns internal struct array used for saving link infos
+ * @param string $ref
+ * @param string $anchortext
+ * @param integer $order
+ * @param string $priviledge
+ * @return array
+ */
+ private function getLinkStruct($ref,$anchortext,$order,$priviledge) {
+ return array('ref' => $ref,
+ 'anchortext' => $anchortext,
+ 'order' => $order,
+ 'priviledge' => $priviledge);
+ }
+
}
?>
\ No newline at end of file
diff --git a/owa_reportController.php b/owa_reportController.php
index 67e577657..c8370a19a 100644
--- a/owa_reportController.php
+++ b/owa_reportController.php
@@ -39,32 +39,22 @@ class owa_reportController extends owa_adminController {
* @param array $params
* @return
*/
- function __construct($params) {
-
+ function __construct($params) {
$this->setControllerType('report');
$this->_setCapability('view_reports');
return parent::__construct($params);
}
+
+
/**
* pre action
*
*/
function pre() {
- // site lists
- $sites = owa_coreAPI::getSitesList();
- $this->set('sites', $sites);
- // set default siteId if none exists on request
- $site_id = $this->getParam('siteId');
- if ( ! $site_id ) {
- $site_id = $this->getParam('site_id');
- }
- if ( ! $site_id ) {
- $site_id = $sites[0]['site_id'];
- }
- $this->setParam('siteId', $site_id);
-
+ $this->set('sites', $this->getAllowedSitesForCurrentUserAndControllerCap());
+ $this->setParam('siteId', $this->getCurrentSiteId());
// pass full set of params to view
$this->data['params'] = $this->params;