}
static function load_all($user_id=null) {
- $rows = parent::load_all($user_id=null, self::TOKEN_TYPE);
+ $rows = parent::load_all($user_id, self::TOKEN_TYPE);
$tokens = array();
foreach ($rows as $row) {
*/
public function find_all_tokens($token_type, $user_id=null) {
$t_token_table = $this->token_table_name($token_type);
-
- if(isset($user_id)) {
+ if(isset($user_id)||($user_id)) {
$t_query = "SELECT * FROM $t_token_table WHERE user_id = $1";
$t_result = db_query_params( $t_query, array( (int) $user_id ) );
+
}
else {
$t_query = "SELECT * FROM $t_token_table";
$token_id = $token->getId();
if ( 0 == $token_id ) { # create
$t_query = "INSERT INTO $t_token_table ( consumer_id, token_key, token_secret, authorized, user_id, role_id, time_stamp ) VALUES ($1, $2, $3, $4, $5, $6, $7)";
- $t_result = db_query_params( $t_query, array( $token->getConsumerId(), $token->key, $token->secret, $token->getAuthorized(), $token->getUserId(), $token->getRole(), $token->gettime_stamp() ) );
+ $t_result = db_query_params( $t_query, array( $token->getConsumerId(), $token->key, $token->secret, $token->getAuthorized(), $token->getUserId(), $token->getRoleId(), $token->gettime_stamp() ) );
$token_id = db_insertid($t_result, $t_token_table, 'id');
} else { # update
$t_query = "UPDATE $t_token_table SET consumer_id=$1, token_key=$2, token_secret=$3, authorized=$4, user_id=$5, role_id=$6, time_stamp=$7 WHERE id=$8";
- db_query_params( $t_query, array( $token->getConsumerId(), $token->key, $token->secret, $token->getAuthorized(), $token->getUserId(), $token->getRole(), $token->gettime_stamp(), $token->getId() ) );
+ db_query_params( $t_query, array( $token->getConsumerId(), $token->key, $token->secret, $token->getAuthorized(), $token->getUserId(), $token->getRoleId(), $token->gettime_stamp(), $token->getId() ) );
}
return $token_id;
}
class oauthproviderPlugin extends ForgeAuthPlugin {
+ public $oauth_token = null;
+ public $oauth_user = null;
public function __construct() {
$this->ForgeAuthPlugin() ;
$this->_addHook("account_menu");
$this->_addHook("check_auth_session");
$this->_addHook("fetch_authenticated_user");
-
+ $this->_addHook("restrict_roles");
+
// Is the plugin temporarily sufficient, only for one particular script
$this->sufficient_forced = NULL;
global $G_SESSION,$HTML;
$text = $this->text; // this is what shows in the tab
if ($G_SESSION->usesPlugin("oauthprovider")) {
+ $param = '?type=user&id=' . $G_SESSION->getId(); // we indicate the part we're calling is the user one
echo $HTML->PrintSubMenu (array ($text),
- array ('/plugins/oauthprovider/index.php'), array(''));
+ array ('/plugins/oauthprovider/index.php'. $param) );
}
}
function groupmenu($params) {
}
(($params['toptab'] == $this->name) ? $params['selected']=(count($params['TITLES'])-1) : '' );
}
- function groupisactivecheckbox($params) {
+ /*
+ * works with the function implementations in Plugin.class.php
+ * re-implementation below is redundant
+ *
+ function groupisactivecheckbox($params) {
//Check if the group is active
// this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
$group_id=$params['group'];
$group->setPluginUse ( $this->name, false );
}
}
- /*
- function userisactivecheckbox ($params) {
- global $G_SESSION
+ /*function userisactivecheckbox ($params) {
+ global $G_SESSION;
//Check if the group is active
// this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
$userid = $params['user_id'];
} else {
$user->setPluginUse ( $this->name, false );
}
- }
- */
+ }*/
+
function user_personal_links($params) {
// this displays the link in the user's profile page to it's personal oauthprovider (if you want other sto access it, youll have to change the permissions in the index.php
$userid = $params['user_id'];
$group_id = $params['group_id'];
$group = &group_get_object($group_id);
if ( $group->usesPlugin ( $this->name ) ) {
- echo '<p>'.util_make_link ("/plugins/oauthprovider/admin/index.php?id=".$group->getID().'&type=admin&pluginname='.$this->name,
+ echo '<p>'.util_make_link ("/plugins/oauthprovider/admin/index.php?id=".$group->getID().'&type=admin',
_('oauthprovider Admin')).'</p>' ;
}
return (forge_get_config('sufficient', $this->name) || $this->sufficient_forced);
}
+ function restrictRoles(&$params) {
+ global $oauth_token, $oauth_user;
+ if($oauth_token!=null) {
+ $id = $oauth_token->getRoleId();
+ //$params['dropped_roles'][] = RBACEngine::getInstance()->getRoleById($id);
+ print_r("in restrict roles");
+ foreach (RBACEngine::getInstance()->getAvailableRolesForUser($oauth_user) as $role) {
+ $tempid = $role->getID();
+ if($tempid!=$id) {
+ $params['dropped_roles'][] = RBACEngine::getInstance()->getRoleById($tempid);
+ //print_r($role->getName() . " removed!");
+ }
+ }
+ }
+ }
+
/**
* Is there a valid session?
*
//echo "Authenticated with access token whose key is : $token->key \n";
//echo "\n";
$t_token = OauthAuthzAccessToken::load_by_key($token->key);
+ global $oauth_token, $oauth_user;
+ $oauth_token = $t_token;
$user =& user_get_object($t_token->getUserId());
+ $oauth_user = $user;
//$user_name = $user->getRealName().' ('.$user->getUnixName().')';
//echo "Acting on behalf of user : $user_name\n";
//echo "\n";
return $this->authorized;
}
- public function getRole() {
+ public function getRoleId() {
return $this->role_id;
}
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
/**
* Tokens stored in DB
- *
+ *
* This is only the base class that will be subclassed by Request Tokens or Access Tokens
* All tokens have an ID in the DB, and are issued for a consumer, at a certain time (stamp)
* When a token has been authorized by a user, the user id is recorded
- *
+ *
* @author Olivier Berger
*
*/
class OauthAuthzToken extends OAuthToken {
-
+
protected $id; // in the table
-
+
protected $consumer_id; // consumer for which the token was issued
protected $user_id; // user for which the token is (or will be) authorized
protected $time_stamp; // time of creation of the token
function __construct( $p_consumer_id, $p_key, $p_secret, $p_user_id=null, $p_time_stamp=null) {
// parent only stores key and secret
parent::__construct($p_key, $p_secret);
-
+
// will be set once inserted in the DB
$this->id = 0;
-
+
$this->consumer_id = $p_consumer_id;
$this->user_id = $p_user_id;
$this->time_stamp = $p_time_stamp;
public function getId() {
return $this->id;
}
-
+
public function getConsumerId() {
return $this->consumer_id;
}
-
+
public function getUserId() {
return $this->user_id;
}
-
+
public function gettime_stamp() {
return $this->time_stamp;
}
-
+
/* TO BE SUBCLASSED
static function row_to_new_token ($t_row) {
$t_token = new OauthAuthzToken( $t_row['consumer_id'], $t_row['token_key'], $t_row['token_secret'] );
/**
* Loads a particular token from the DB knowing its ID
- *
+ *
* @param int $p_id
*/
static function load( $p_id, $token_type ) {
-
+
$DBSTORE = FFDbOAuthDataStore::singleton();
-
+
$t_row = $DBSTORE->find_token_from_id($token_type, $p_id);
-
+
if(!$t_row) {
exit_error( "Error trying to load token!", 'oauthprovider' );
}
* @return Ambigous <multitype:, unknown>
*/
static function load_all($user_id=null, $token_type) {
-
+
$DBSTORE = FFDbOAuthDataStore::singleton();
-
- $t_rows = $DBSTORE->find_all_tokens($token_type, $user_id);
- return $t_rows;
+ $t_rows = $DBSTORE->find_all_tokens($token_type, $user_id);
+ return $t_rows;
}
/**
* Loads a token by its token key
- *
+ *
* @param string $p_token_key
* @return OauthAuthzToken subclass
*/
static function load_by_key( $p_token_key, $token_type ) {
$DBSTORE = FFDbOAuthDataStore::singleton();
-
+
$t_row = $DBSTORE->find_token_from_key($token_type, $p_token_key);
-
+
if(!$t_row) {
exit_error( "Error trying to load ".$token_type." token!", 'oauthprovider' );
}
throw new OAuthException('Mandatory "consumer_id", "key" or "secret" Token attribute(s) not set.');
}
}
-
+
/**
* @param int $p_id
*/
function delete($token_type) {
-
+
$DBSTORE = FFDbOAuthDataStore::singleton();
-
+
$DBSTORE->delete_token( $token_type, $this->id);
}
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
-// Screen which displays a list of access tokens the user has already granted to consumers
+// Screen which displays a list of access tokens the user has already granted to consumers
require_once('../../env.inc.php');
require_once $gfwww.'include/pre.php';
-require_once 'checks.php';
-
-$pluginname = 'oauthprovider';
+require_once 'checks.php';
$user_id = user_getid();
-// TODO : remove $id
-$id = $user_id;
-
-if(forge_check_global_perm ('forge_admin')) $admin_access=true;
-if($admin_access) {
- oauthprovider_CheckSiteAdmin();
- $t_tokens = OauthAuthzAccessToken::load_all();
+if($type=='group') {
+ if(oauthprovider_CheckAdmin()==0) {
+ $proj_admin = true;
+ }else {
+ oauthprovider_CheckGroup();
+ $proj_admin = false;
+ }
+ $temp_tokens = OauthAuthzAccessToken::load_all();
+ foreach($temp_tokens as $temp_token) {
+ $role = RBACEngine::getInstance()->getRoleById($temp_token->getRoleId());
+ if($role->getHomeProject()->getID() == $id) {
+ $t_tokens[] = $temp_token;
+ }
+ }
}else {
oauthprovider_CheckUser();
$t_tokens = OauthAuthzAccessToken::load_all($user_id);
_('Authorized on'),
'DELETE'
);
-echo $HTML->boxTop(_('Access Tokens'));
-echo $HTML->listTableTop($headers);
-$i = 0;
-foreach( $t_tokens as $t_token ) {
- $consumer = OauthAuthzConsumer::load($t_token->getConsumerId());
- echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
- if($admin_access) {
- echo '<td>'.util_make_link('/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_token->getConsumerId(), $consumer->getName()).'</td>';
- }else {
- echo '<td>'.$consumer->getName().'</td>';
- }
- echo '<td>'.$t_token->key.'</td>';
- echo '<td>'.$t_token->secret.'</td>';
- $role_id =$t_token->getRoleId();
- if($role_id!=0) {
- //echo 'Roleid: '.$role_id;
- $role = RBACEngine::getInstance()->getRoleById($role_id);
- //print_r($role);
- echo '<td>'.$role->getName().'</td>';
- }else {
- echo '<td>'.'---'.'</td>';
- }
- if($t_token->getUserId() > 0 ) {
- $user_object =& user_get_object($t_token->getUserId());
- $user = $user_object->getRealName().' ('.$user_object->getUnixName().')';
- } else {
- $user = "-";
- }
- echo '<td>'.$user.'</td>';
- echo '<td>'.date(DATE_RFC822, $t_token->gettime_stamp()) .'</td>';
- echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=access' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')). '</td>';
- echo '</tr>';
- $i++;
+if(count($t_tokens)>0) {
+ echo $HTML->boxTop(_('Access Tokens'));
+ echo $HTML->listTableTop($headers);
+
+ $i = 0;
+ foreach( $t_tokens as $t_token ) {
+ $consumer = OauthAuthzConsumer::load($t_token->getConsumerId());
+ echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
+ if(forge_check_global_perm ('forge_admin')) {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_token->getConsumerId(), $consumer->getName()).'</td>';
+ }else {
+ echo '<td>'.$consumer->getName().'</td>';
+ }
+ echo '<td>'.$t_token->key.'</td>';
+ echo '<td>'.$t_token->secret.'</td>';
+ $role_id =$t_token->getRoleId();
+ if($role_id!=0) {
+ //echo 'Roleid: '.$role_id;
+ $role = RBACEngine::getInstance()->getRoleById($role_id);
+ //print_r($role);
+ echo '<td>'.$role->getName().'</td>';
+ }else {
+ echo '<td>'.'---'.'</td>';
+ }
+ if($t_token->getUserId() > 0 ) {
+ $user_object =& user_get_object($t_token->getUserId());
+ $user = $user_object->getRealName().' ('.$user_object->getUnixName().')';
+ } else {
+ $user = "-";
+ }
+ echo '<td>'.$user.'</td>';
+ echo '<td>'.date(DATE_RFC822, $t_token->gettime_stamp()) .'</td>';
+ if(forge_check_global_perm ('forge_admin')) {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=access' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')). '</td>';
+ }elseif($type == 'group') {
+ if(($proj_admin)||($t_token->getUserId() == $user_id)) {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=access' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')). '</td>';
+ }else {
+ echo '<td>'.'</td>';
+ }
+ }else {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=access' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')). '</td>';
+ }
+ echo '</tr>';
+ $i++;
+ }
+ echo $HTML->listTableBottom();
+ echo $HTML->boxBottom();
+}else {
+ echo '<p>'. _('No access tokens were found!').'</p>';
}
-echo $HTML->listTableBottom();
-echo $HTML->boxBottom();
-site_project_footer(array());
+site_project_footer(array());
\ No newline at end of file
require_once('../../../env.inc.php');
require_once '../checks.php';
-oauthprovider_CheckUser();
+oauthprovider_CheckAdminExit();
?>
<?php
# Create a basic href link to the manage.php plugin page
-echo '<a href="', '/plugins/'.$pluginname.'/consumer.php?type='.$type.'&id='.$id , '">', 'Consumers', '</a><br> ';
+echo '<a href="', '/plugins/'.$pluginname.'/consumer.php' , '">', 'Consumers', '</a><br> ';
echo '<a href="', '/plugins/'.$pluginname.'/request_tokens.php?type='.$type.'&id='.$id , '">', 'Request tokens', '</a><br> ';
echo '<a href="', '/plugins/'.$pluginname.'/access_tokens.php?type='.$type.'&id='.$id , '">', 'Access tokens', '</a><br> ';
$t_request_token = OauthAuthzRequestToken::load_by_key($p_token);
- oauthprovider_CheckUser();
+ $group = oauthprovider_CheckGroup();
echo '<h2>'. _('Pending authorization requests via OAuth') .'</h2>';
- if($type=="group") $groupname = $name;
- else $groupname = null;
- $group = group_get_object_by_name($groupname);
$user_id = user_getid();
//echo "user: ".$user_id;
//echo "group: ".$groupid;
$roles = array () ;
foreach (RBACEngine::getInstance()->getAvailableRolesForUser($user) as $role) {
- //print_r('role :');
- //print_r($role);
if ($role->getHomeProject()) {
if($groupname) {
if ($role->getHomeProject()->getID() == $group->getID()) {
- print_r('role :');
- print_r($role);
+ print_r('role1 :');
+ $roles[] = $role ;
}
}
else {
- print_r('role :');
- print_r($role);
+ print_r('role2 :');
+ //print_r($role);
$roles[] = $role ;
}
* oauthprovider plugin
*
* Daniel Perez <danielperez.arg@gmail.com>
- *
+ *
* FIXME : FIX copyright
*
* This is an example to watch things in action. You can obviously modify things and logic as you see fit
require $gfconfig.'/plugins/oauthprovider/config.php';
require_once $gfwww.'admin/admin_utils.php';
+$pluginname = 'oauthprovider';
+
+$type = getStringFromRequest('type');
+$name = getStringFromRequest('name');
+$id = getStringFromRequest('id');
+if ($name) $type_param = array('name', $name);
+elseif ($id) $type_param = array('id', $id);
// the header that displays for the project portion of the plugin
-function oauthprovider_Project_Header($params) {
+function oauthprovider_Project_Header($params) {
global $DOCUMENT_ROOT,$HTML,$id, $group_id;
- $group_id = $id;
- $params['toptab']='oauthprovider';
- $params['group']=$id;
- /*
- Show horizontal links
- */
- site_project_header($params);
+ $params['toptab']='oauthprovider';
+
+ site_project_header($params);
}
// the header that displays for the user portion of the plugin
function oauthprovider_User_Header($params) {
global $DOCUMENT_ROOT,$HTML,$user_id;
- $params['toptab']='oauthprovider';
+ $params['toptab']='oauthprovider';
$params['user']=$user_id;
- /*
- Show horizontal links
- */
- site_user_header($params);
+ /*
+ Show horizontal links
+ */
+ site_user_header($params);
}
function oauthprovider_Admin_Header() {
site_admin_header(array('title'=>_('OAuth')));
}
-
+
function oauthprovider_CheckGroup() {
if (!session_loggedin()) {
exit_not_logged_in();
- }
+ }
$user = session_get_user(); // get the session user
-
+ global $pluginname, $name, $id;
+
if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) {
exit_error("Invalid User, Cannot Process your request for this user.", 'oauthprovider');
}
-
- $name = getStringFromRequest('name');
+
if ((!$name)&&(!$id)) {
exit_error("Cannot Process your request: No NAME or ID specified",'oauthprovider');
}
- $pluginname = 'oauthprovider';
-
- if($name) {
- $group = group_get_object_by_name($name);
- $id = $group->getID();
- }
- else $group = group_get_object($id);
- //print_r($group);
- if ( !$group) {
- exit_error("Invalid Project", 'oauthprovider');
- }
- if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active
- exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", 'oauthprovider');
- }
- $userperm = $group->getPermission($user);//we'll check if the user belongs to the group (optional)
- if ( !$userperm->IsMember()) {
- exit_error("Access Denied, You are not a member of this project", 'oauthprovider');
- }
- // other perms checks here...
- oauthprovider_Project_Header(array('group'=>$group->getID(),'title'=>$pluginname . ' Project Plugin!','pagename'=>$pluginname,'sectionvals'=>array($group->getPublicName())));
- // DO THE STUFF FOR THE PROJECT PART HERE
-
- echo "We are in the Project oauthprovider plugin page for group (project) $id <br><br>";
+
+ if($name) {
+ $group = group_get_object_by_name($name);
+ $id = $group->getID();
+ }
+ else if($id) $group = group_get_object($id);
+ //print_r($group);
+
+ if ( !$group) {
+ exit_error("Invalid Project", 'oauthprovider');
+ }
+ if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active
+ exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", 'oauthprovider');
+ }
+ $userperm = $group->getPermission($user);//we'll check if the user belongs to the group (optional)
+ if ( !$userperm->IsMember()) {
+ exit_error("Access Denied, You are not a member of this project", 'oauthprovider');
+ }
+
+ oauthprovider_Project_Header(array('group'=>$group->getID(),'title'=>_('OAuth Provider'),'pagename'=>$pluginname,'sectionvals'=>array($group->getPublicName())));
+ return $group;
+ //echo "We are in the Project oauthprovider plugin page for group (project) $id <br><br>";
}
function oauthprovider_CheckUser() {
if (!session_loggedin()) {
exit_not_logged_in();
- }
-
+ }
+
+ global $pluginname;
+
$user = session_get_user(); // get the session user
if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) {
exit_error("Invalid User, Cannot Process your request for trequire_once $gfwww.'admin/admin_utils.php';
- his user.", 'oauthprovider');
+ his user.", $pluginname);
}
- $name = getStringFromRequest('name');
- //$id = getStringFromRequest('id');
$id = $user->getID();
-
- if ((!$name)&&(!$id)) {
- exit_error("Cannot Process your request: No NAME or ID specified",'oauthprovider');
+
+ if (!$id) {
+ exit_error("Cannot Process your request: Invalid User", $pluginname);
}
- $pluginname = 'oauthprovider';
-
- if($name) $realuser = user_get_object_by_name($name);
- else $realuser = user_get_object($id);
- if (!($realuser) || !($realuser->usesPlugin($pluginname))) {
- exit_error("First activate the User's $pluginname plugin through Account Maintenance Page", 'oauthprovider');
- }
- if ( (!$user) || ($user->getID() != $id)) { // if someone else tried to access the private oauthprovider part of this user
- exit_error("Access Denied, You cannot access other user's personal $pluginname", 'oauthprovider');
- }
- oauthprovider_User_Header(array('title'=>'Personal page for OAuth','pagename'=>"$pluginname",'sectionvals'=>array($realuser->getUnixName())));
- // DO THE STUFF FOR THE USER PART HERE
- echo "We are in the User oauthprovider plugin page for user <br><br>";
+
+ $realuser = user_get_object($id);
+ if (!($realuser) || !($realuser->usesPlugin($pluginname))) {
+ exit_error("First activate the User's $pluginname plugin through Account Maintenance Page", 'oauthprovider');
+ }
+
+ oauthprovider_User_Header(array('title'=>'Personal page for OAuth','pagename'=>"$pluginname",'sectionvals'=>array($realuser->getUnixName())));
+ // DO THE STUFF FOR THE USER PART HERE
+ //echo "We are in the User oauthprovider plugin page for user <br><br>";
}
-function oauthprovider_CheckProjectAdmin() {
+/*
+ * checks whether the user is a forge admin or an admin of the corresponding project
+ */
+function oauthprovider_CheckAdmin() {
if (!session_loggedin()) {
exit_not_logged_in();
- }
+ }
$user = session_get_user(); // get the session user
+ global $pluginname, $name, $id;
if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) {
exit_error("Invalid User, Cannot Process your request for this user.", 'oauthprovider');
}
- $name = getStringFromRequest('name');
- $pluginname = 'oauthprovider';
-
- if($name) {
- $group = group_get_object_by_name($name);
- $id = $group->getID();
- }
- else $group = group_get_object($id);
-
- if ( !$group) {
- exit_error("Invalid Project", 'oauthprovider');
- }
- if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active
- exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", 'oauthprovider');
- }
-
- $userperm = $group->getPermission($user);//we'll check if the user belongs to the group
- if ( !$userperm->IsMember()) {
- exit_error("Access Denied, You are not a member of this project", 'oauthprovider');
- }
-
- //only project admin can access here
- if ( $userperm->isAdmin() ) {
- oauthprovider_Project_Header(array('group'=>$id, 'title'=>$pluginname . ' Project Plugin!','pagename'=>"$pluginname",'sectionvals'=>array(group_getname($id))));
- // DO THE STUFF FOR THE PROJECT ADMINISTRATION PART HERE
- //echo "We are in the Project oauthprovider plugin page for <font color=\"#ff0000\">ADMINISTRATION</font> <br><br>";
-
- } else {
- exit_error("Access Denied, You are not a project Admin", 'oauthprovider');
- }
-}
-
-function oauthprovider_CheckSiteAdmin() {
-
- if (!session_loggedin()) {
- exit_not_logged_in();
+ if($name) {
+ $group = group_get_object_by_name($name);
+ $id = $group->getID();
+ }
+ else if($id) $group = group_get_object($id);
+
+ if ( !$group) {
+ exit_error("Invalid Project", $pluginname);
+ }
+ if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active
+ exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", $pluginname);
+ }
+
+ $userperm = $group->getPermission($user);//we'll check if the user belongs to the group
+ if ( !$userperm->IsMember()) {
+ exit_error("Access Denied, You are not a member of this project", $pluginname);
+ }
+
+ //only project admin can access here
+ if ($userperm->isAdmin() || forge_check_global_perm ('forge_admin')) {
+ if($userperm->isAdmin()) {
+ oauthprovider_Project_Header(array('group'=>$id, 'title'=>_('OAuth Provider'), 'pagename'=>"$pluginname",'sectionvals'=>array(group_getname($id))));
+ }else {
+ oauthprovider_Admin_Header();
+ }
+ return 0;
+ }
+ else if(! forge_check_global_perm ('forge_admin')) {
+ //exit_error("Access Denied, You are not a forge Admin", 'oauthprovider');
+ return 1;
+ }
+ else {
+ //exit_error("Access Denied, You are not a project Admin", 'oauthprovider');
+ return 2;
}
+}
- $user = session_get_user(); // get the session user
+/*
+ * exits with error if user is ot a forge or project admin
+ */
+function oauthprovider_CheckAdminExit() {
+ switch(oauthprovider_CheckAdmin()) {
+ case 1: exit_error("Access Denied, You are not a forge Admin", 'oauthprovider');
+ break;
+ case 2: exit_error("Access Denied, You are not a project Admin", 'oauthprovider');
+ break;
+ };
+}
- if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) {
- exit_error("Invalid User, Cannot Process your request for this user.", 'oauthprovider');
- }
+/*
+ * checks whether the user is a forge admin
+ */
+function oauthprovider_CheckForgeAdmin() {
- $name = getStringFromRequest('name');
- $pluginname = 'oauthprovider';
- /*
- if($name) {
- $group = group_get_object_by_name($name);
- $id = $group->getID();
- }
- else $group = group_get_object($id);
-
- if ( !$group) {
- exit_error("Invalid Project", 'oauthprovider');
- }
- if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active
- exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", 'oauthprovider');
- }
-
- $userperm = $group->getPermission($user);//we'll check if the user belongs to the group
- if ( !$userperm->IsMember()) {
- exit_error("Access Denied, You are not a member of this project", 'oauthprovider');
- }
-
- //only project admin can access here
- if ( $userperm->isAdmin() ) {
- oauthprovider_Project_Header(array('group'=>$id, 'title'=>$pluginname . ' Project Plugin!','pagename'=>"$pluginname",'sectionvals'=>array(group_getname($id))));
- // DO THE STUFF FOR THE PROJECT ADMINISTRATION PART HERE
- //echo "We are in the Project oauthprovider plugin page for <font color=\"#ff0000\">ADMINISTRATION</font> <br><br>";
-
- } else {
- exit_error("Access Denied, You are not a project Admin", 'oauthprovider');
- }
- */
if(! forge_check_global_perm ('forge_admin')) {
- exit_error("Access Denied, You are not a site Admin", 'oauthprovider');
+ return false;
}
-
+
oauthprovider_Admin_Header();
+ return true;
+}
+/*
+ * checks whether the user is a forge admin and exits
+ */
+function oauthprovider_CheckForgeAdminExit() {
+ if(! forge_check_global_perm ('forge_admin')) {
+ exit_error("Access Denied, You are not a forge Admin", 'oauthprovider');
+ }
+
+ oauthprovider_Admin_Header();
+
}
-?>
+?>
\ No newline at end of file
/**
* Manage OAuth consumers
- *
+ *
* This file is (c) Copyright 2010 by Olivier BERGER, Madhumita DHAR, Institut TELECOM
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require_once('../../env.inc.php');
require_once $gfwww.'include/pre.php';
-require_once 'checks.php';
-$pluginname = 'oauthprovider';
+require_once 'checks.php';
-oauthprovider_CheckSiteAdmin();
+oauthprovider_CheckUser();
$user = session_get_user(); // get the session user
$t_consumers = OauthAuthzConsumer::load_all();
if(forge_check_global_perm ('forge_admin')) $t_can_manage = true;
// FIXME : use $HTML->boxTop() and likes bellow
-if(count($t_consumers)>0) {
+if(count($t_consumers)>0) {
echo $HTML->boxTop(_('OAuth consumers'));
echo $HTML->listTableTop(array(_('Consumer'), _('URL'), _('Description'), _('Email'), _('Key'), _('Secret'), '', ''));
-
+
$i = 0;
foreach( $t_consumers as $t_consumer ) { ?>
<tr <?php echo $HTML->boxGetAltRowStyle($i++) ?>>
<td class="center"><?php echo ( $t_consumer->getURL() ) ?></td>
<td class="center"><?php echo ( $t_consumer->getDesc() ) ?></td>
<td class="center"><?php echo ( $t_consumer->getEmail() ) ?></td>
- <td><?php echo ( substr($t_consumer->key, 0, 10).'...' ) ?></td>
- <td><?php
- //if ( $t_can_manage ) {
- echo ( substr($t_consumer->secret, 0, 10).'...' );
- /*}
- else {
- echo '**************';
- }*/ ?></td>
+ <td><?php echo ( $t_consumer->key) ?></td>
+ <td><?php
+ echo ( $t_consumer->secret);
+ ?></td>
<td class="center">
- <?php
- if ( $t_can_manage ) {
+ <?php
+ if ( $t_can_manage ) {
print util_make_link('/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_consumer->getId() , _('Manage'));
}
?>
</td>
<td class="center">
- <?php
+ <?php
if ( $t_can_manage ) {
print util_make_link('/plugins/'.$pluginname.'/consumer_delete.php?consumer_id=' . $t_consumer->getId() . '&plugin_oauthprovider_consumer_delete_token='.form_generate_key(), _('Delete'));
}
- }
+ }
echo $HTML->listTableBottom();
-
+
echo $HTML->boxBottom();
}
echo '<p>'. _('There are currently no OAuth consumers registered in the database').'</p>';
}
-if ( $t_can_manage ) {
+if ( $t_can_manage ) {
$f_consumer_name = getStringFromPost( 'consumer_name' );
$f_consumer_url = getStringFromPost( 'consumer_url' );
$f_consumer_desc = getStringFromPost( 'consumer_desc' );
$f_consumer_email = getStringFromPost( 'consumer_email' );
-
+
?>
<br/>
<form action="consumer_create.php" method="post">
</table>
</form>
<?php }
-
-
+
+
site_project_footer(array());
// Local Variables:
$pluginname = 'oauthprovider';
-oauthprovider_CheckSiteAdmin();
+oauthprovider_CheckForgeAdminExit();
session_require_global_perm('forge_admin');
$pluginname = 'oauthprovider';
-oauthprovider_CheckSiteAdmin();
+oauthprovider_CheckForgeAdminExit();
session_require_global_perm('forge_admin');
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require_once('../../env.inc.php');
require_once $gfwww.'include/pre.php';
-//require_once 'checks.php';
session_set_for_authplugin('oauthprovider');
$user = $user->getRealName().' ('.$user->getUnixName().')';
echo "Acting on behalf of user : $user\n";
echo "\n";
-
+
echo "Received message : \n";
$message = $_GET['message'];
print_r($message);
require_once 'checks.php';
$pluginname = 'oauthprovider';
-
-oauthprovider_CheckUser();
+if($type == 'group') oauthprovider_CheckGroup();
+else oauthprovider_CheckUser();
?>
<p>The <b>HMAC_SHA1</b> signature method is the only one supported at the moment.</p>
<?php
-//global $plugin_oauthprovider_consumers, _('Request Tokens');
-# Create a basic href link to the manage.php plugin page
-if( forge_check_global_perm ('forge_admin') ){
- echo util_make_link('/plugins/'.$pluginname.'/consumer.php', _('Consumers')). ' <br />';
-}
-
-
-echo '<a href="', '/plugins/'.$pluginname.'/request_tokens.php?type='.$type , '">', _('Request tokens'), '</a><br> ';
-echo util_make_link('/plugins/'.$pluginname.'/access_tokens.php', _('Access tokens')).'<br /> ';
+$link_param = '?type='.$type.'&'.$type_param[0].'='.$type_param[1];
+echo util_make_link('/plugins/'.$pluginname.'/consumer.php', _('Consumers')). ' <br />';
+echo util_make_link('/plugins/'.$pluginname.'/request_tokens.php'.$link_param, _('Request tokens')).'<br /> ';
+echo util_make_link('/plugins/'.$pluginname.'/access_tokens.php'.$link_param, _('Access tokens')).'<br /> ';
//html_page_bottom();
site_project_footer(array());
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require_once('../../env.inc.php');
require_once $gfwww.'include/pre.php';
-require_once 'checks.php';
-
-$pluginname = 'oauthprovider';
-
-/*if($type!=admin)
-{
- exit_error("Only the Project Admin can access this page.", 'oauthprovider');
-}*/
+require_once 'checks.php';
-if(forge_check_global_perm ('forge_admin')) $admin_access=true;
+$user_id = user_getid();
-if($admin_access) {
- oauthprovider_CheckSiteAdmin();
+if(oauthprovider_CheckForgeAdmin()) {
$t_tokens = OauthAuthzRequestToken::load_all();
+}elseif($type=='group') {
+ if(oauthprovider_CheckAdmin()==0) {
+ $proj_admin = true;
+ }else {
+ oauthprovider_CheckGroup();
+ $proj_admin = false;
+ }
+ $temp_tokens = OauthAuthzRequestToken::load_all();
+ foreach($temp_tokens as $temp_token) {
+ $role = RBACEngine::getInstance()->getRoleById($temp_token->getRoleId());
+ if((isset($role))&&($role->getHomeProject()->getID() == $id)) {
+ $t_tokens[] = $temp_token;
+ }
+ }
}else {
oauthprovider_CheckUser();
- $t_tokens = OauthAuthzRequestToken::load_all(user_getid());
+ $t_tokens = OauthAuthzRequestToken::load_all($user_id);
}
$headers = array(
'DELETE'
);
-echo $HTML->boxTop(_('Request Tokens'));
-echo $HTML->listTableTop($headers);
-
-$i=0;
-foreach( $t_tokens as $t_token ) {
- $consumer = OauthAuthzConsumer::load($t_token->getConsumerId());
- echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
- if($admin_access) {
- echo '<td>'.util_make_link('/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_token->getConsumerId(), $consumer->getName()).'</td>';
- }else {
- echo '<td>'.$consumer->getName().'</td>';
- }
- echo '<td>'.$t_token->key.'</td>';
- echo '<td>'.$t_token->secret.'</td>';
- if($t_token->getAuthorized()==1) $auth = 'Yes';
- else $auth = 'No';
- echo '<td>'.$auth.'</td>';
- $role_id =$t_token->getRole();
- if($role_id!=0) {
- //echo 'Roleid: '.$role_id;
- $role = RBACEngine::getInstance()->getRoleById($role_id);
- //print_r($role);
- echo '<td>'.$role->getName().'</td>';
- }else {
- echo '<td>'.'---'.'</td>';
- }
- if($t_token->getUserId() > 0 ) {
- $user_object =& user_get_object($t_token->getUserId());
- $user = $user_object->getRealName().' ('.$user_object->getUnixName().')';
- } else {
- $user = "-";
+if(count($t_tokens)>0) {
+ echo $HTML->boxTop(_('Request Tokens'));
+ echo $HTML->listTableTop($headers);
+
+ $i=0;
+ foreach( $t_tokens as $t_token ) {
+ $consumer = OauthAuthzConsumer::load($t_token->getConsumerId());
+ echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
+ if(forge_check_global_perm ('forge_admin')) {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_token->getConsumerId(), $consumer->getName()).'</td>';
+ }else {
+ echo '<td>'.$consumer->getName().'</td>';
+ }
+ echo '<td>'.$t_token->key.'</td>';
+ echo '<td>'.$t_token->secret.'</td>';
+ if($t_token->getAuthorized()==1) $auth = 'Yes';
+ else $auth = 'No';
+ echo '<td>'.$auth.'</td>';
+ $role_id =$t_token->getRoleId();
+ if($role_id!=0) {
+ //echo 'Roleid: '.$role_id;
+ $role = RBACEngine::getInstance()->getRoleById($role_id);
+ //print_r($role);
+ echo '<td>'.$role->getName().'</td>';
+ }else {
+ echo '<td>'.'---'.'</td>';
+ }
+ if($t_token->getUserId() > 0 ) {
+ $user_object =& user_get_object($t_token->getUserId());
+ $user = $user_object->getRealName().' ('.$user_object->getUnixName().')';
+ } else {
+ $user = "-";
+ }
+ echo '<td>'.$user.'</td>';
+ echo '<td>'.date(DATE_RFC822, $t_token->gettime_stamp()) .'</td>';
+ if(forge_check_global_perm ('forge_admin')) {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=request' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')).'</td>';
+ }elseif($type == 'group') {
+ if(($proj_admin)||($t_token->getUserId() == $user_id)) {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=request' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')).'</td>';
+ }else {
+ echo '<td>'.'</td>';
+ }
+ }else {
+ echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=request' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')).'</td>';
+ }
+ echo '</tr>';
+ $i++;
+
}
- echo '<td>'.$user.'</td>';
- echo '<td>'.date(DATE_RFC822, $t_token->gettime_stamp()) .'</td>';
- echo '<td>'.util_make_link('/plugins/'.$pluginname.'/token_delete.php?token_id=' . $t_token->getId() . '&token_type=request' . '&plugin_oauthprovider_token_delete_token='.form_generate_key(), _('Delete')).'</td>';
- echo '</tr>';
- $i++;
-
+
+ echo $HTML->listTableBottom();
+ echo $HTML->boxBottom();
+}else {
+ echo '<p>'. _('No request tokens were found!').'</p>';
}
-echo $HTML->listTableBottom();
-echo $HTML->boxBottom();
-
-//html_page_bottom1( __FILE__ );
-site_project_footer(array());
+site_project_footer(array());
\ No newline at end of file