From: Olivier Berger Date: Fri, 25 Mar 2011 18:47:42 +0000 (+0000) Subject: Bunch of changes to get rid of mantis related arg passing and stuff X-Git-Tag: v5_2_rc1~1663 X-Git-Url: https://scm.fusionforge.org/anonscm/gitweb?p=fusionforge%2Ffusionforge.git;a=commitdiff_plain;h=11e4cb41a3a0b0f9effa50658122e671c423be35 Bunch of changes to get rid of mantis related arg passing and stuff --- diff --git a/src/plugins/oauthprovider/www/access_tokens.php b/src/plugins/oauthprovider/www/access_tokens.php index 308365e59c..265f9aff1a 100644 --- a/src/plugins/oauthprovider/www/access_tokens.php +++ b/src/plugins/oauthprovider/www/access_tokens.php @@ -29,13 +29,19 @@ require_once $gfwww.'include/pre.php'; require_once 'checks.php'; +$pluginname = 'oauthprovider'; + $user_id = user_getid(); +// TODO : remove $id +$id = $user_id; if(forge_check_global_perm ('forge_admin')) $admin_access=true; if($admin_access) { + oauthprovider_CheckSiteAdmin(); $t_tokens = OauthAuthzAccessToken::load_all(); }else { + oauthprovider_CheckUser(); $t_tokens = OauthAuthzAccessToken::load_all($user_id); } diff --git a/src/plugins/oauthprovider/www/admin/index.php b/src/plugins/oauthprovider/www/admin/index.php index daaab67afc..7f412816fb 100644 --- a/src/plugins/oauthprovider/www/admin/index.php +++ b/src/plugins/oauthprovider/www/admin/index.php @@ -27,7 +27,8 @@ global $gfwww; require_once('../../../env.inc.php'); require_once '../checks.php'; - +oauthprovider_CheckUser(); + ?>

OAuth endpoints

diff --git a/src/plugins/oauthprovider/www/checks.php b/src/plugins/oauthprovider/www/checks.php index 1da68e8d34..0883ea96c7 100644 --- a/src/plugins/oauthprovider/www/checks.php +++ b/src/plugins/oauthprovider/www/checks.php @@ -12,7 +12,7 @@ require_once $gfwww.'include/pre.php'; require $gfconfig.'/plugins/oauthprovider/config.php'; - +require_once $gfwww.'admin/admin_utils.php'; // the header that displays for the project portion of the plugin @@ -38,6 +38,12 @@ function oauthprovider_User_Header($params) { site_user_header($params); } +function oauthprovider_Admin_Header() { + site_admin_header(array('title'=>_('OAuth'))); +} + + +function oauthprovider_CheckGroup() { if (!session_loggedin()) { exit_not_logged_in(); } @@ -47,18 +53,13 @@ function oauthprovider_User_Header($params) { if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) { exit_error("Invalid User, Cannot Process your request for this user.", 'oauthprovider'); } - - $type = getStringFromRequest('type'); - $id = getStringFromRequest('id'); + $name = getStringFromRequest('name'); + if ((!$name)&&(!$id)) { + exit_error("Cannot Process your request: No NAME or ID specified",'oauthprovider'); + } $pluginname = 'oauthprovider'; - if (!$type) { - exit_error("Cannot Process your request: No TYPE specified ",'oauthprovider'); // you can create items in Base.tab and customize this messages - } elseif ((!$name)&&(!$id)) { - exit_error("Cannot Process your request: No NAME or ID specified",'oauthprovider'); - } else { - if ($type == 'group') { if($name) { $group = group_get_object_by_name($name); $id = $group->getID(); @@ -80,8 +81,29 @@ function oauthprovider_User_Header($params) { // DO THE STUFF FOR THE PROJECT PART HERE echo "We are in the Project oauthprovider plugin page for group (project) $id

"; - - } elseif ($type == 'user') { +} + +function oauthprovider_CheckUser() { + if (!session_loggedin()) { + exit_not_logged_in(); + } + + $user = session_get_user(); // get the session user + + if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) { + exit_error("Invalid User, Cannot Process your request for trequire_once $gfwww.'admin/admin_utils.php'; + his user.", 'oauthprovider'); + } + + $name = getStringFromRequest('name'); + //$id = getStringFromRequest('id'); + $id = $user->getID(); + + if ((!$name)&&(!$id)) { + exit_error("Cannot Process your request: No NAME or ID specified",'oauthprovider'); + } + $pluginname = 'oauthprovider'; + if($name) $realuser = user_get_object_by_name($name); else $realuser = user_get_object($id); if (!($realuser) || !($realuser->usesPlugin($pluginname))) { @@ -90,11 +112,70 @@ function oauthprovider_User_Header($params) { if ( (!$user) || ($user->getID() != $id)) { // if someone else tried to access the private oauthprovider part of this user exit_error("Access Denied, You cannot access other user's personal $pluginname", 'oauthprovider'); } - oauthprovider_User_Header(array('title'=>'My '.$pluginname,'pagename'=>"$pluginname",'sectionvals'=>array($realuser->getUnixName()))); + oauthprovider_User_Header(array('title'=>'Personal page for OAuth','pagename'=>"$pluginname",'sectionvals'=>array($realuser->getUnixName()))); // DO THE STUFF FOR THE USER PART HERE echo "We are in the User oauthprovider plugin page for user

"; +} + +function oauthprovider_CheckProjectAdmin() { + + if (!session_loggedin()) { + exit_not_logged_in(); + } + + $user = session_get_user(); // get the session user + + if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) { + exit_error("Invalid User, Cannot Process your request for this user.", 'oauthprovider'); + } + + $name = getStringFromRequest('name'); + $pluginname = 'oauthprovider'; + + if($name) { + $group = group_get_object_by_name($name); + $id = $group->getID(); + } + else $group = group_get_object($id); + + if ( !$group) { + exit_error("Invalid Project", 'oauthprovider'); + } + if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active + exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", 'oauthprovider'); + } - } elseif ($type == 'admin') { + $userperm = $group->getPermission($user);//we'll check if the user belongs to the group + if ( !$userperm->IsMember()) { + exit_error("Access Denied, You are not a member of this project", 'oauthprovider'); + } + + //only project admin can access here + if ( $userperm->isAdmin() ) { + oauthprovider_Project_Header(array('group'=>$id, 'title'=>$pluginname . ' Project Plugin!','pagename'=>"$pluginname",'sectionvals'=>array(group_getname($id)))); + // DO THE STUFF FOR THE PROJECT ADMINISTRATION PART HERE + //echo "We are in the Project oauthprovider plugin page for ADMINISTRATION

"; + + } else { + exit_error("Access Denied, You are not a project Admin", 'oauthprovider'); + } +} + +function oauthprovider_CheckSiteAdmin() { + + if (!session_loggedin()) { + exit_not_logged_in(); + } + + $user = session_get_user(); // get the session user + + if (!$user || !is_object($user) || $user->isError() || !$user->isActive()) { + exit_error("Invalid User, Cannot Process your request for this user.", 'oauthprovider'); + } + + $name = getStringFromRequest('name'); + $pluginname = 'oauthprovider'; + /* if($name) { $group = group_get_object_by_name($name); $id = $group->getID(); @@ -107,10 +188,12 @@ function oauthprovider_User_Header($params) { if ( ! ($group->usesPlugin ( $pluginname )) ) {//check if the group has the oauthprovider plugin active exit_error("Error, First activate the $pluginname plugin through the Project's Admin Interface", 'oauthprovider'); } + $userperm = $group->getPermission($user);//we'll check if the user belongs to the group if ( !$userperm->IsMember()) { exit_error("Access Denied, You are not a member of this project", 'oauthprovider'); } + //only project admin can access here if ( $userperm->isAdmin() ) { oauthprovider_Project_Header(array('group'=>$id, 'title'=>$pluginname . ' Project Plugin!','pagename'=>"$pluginname",'sectionvals'=>array(group_getname($id)))); @@ -120,11 +203,14 @@ function oauthprovider_User_Header($params) { } else { exit_error("Access Denied, You are not a project Admin", 'oauthprovider'); } - } - else { - exit_error("Cannot Process your request: Invalid TYPE specified", 'oauthprovider'); - } + */ + if(! forge_check_global_perm ('forge_admin')) { + exit_error("Access Denied, You are not a site Admin", 'oauthprovider'); } - $i = 0; + oauthprovider_Admin_Header(); + + +} + ?> \ No newline at end of file diff --git a/src/plugins/oauthprovider/www/consumer.php b/src/plugins/oauthprovider/www/consumer.php index 238e4bb52e..b87b9a3a8a 100644 --- a/src/plugins/oauthprovider/www/consumer.php +++ b/src/plugins/oauthprovider/www/consumer.php @@ -1,6 +1,8 @@ boxTop() and likes bellow if(count($t_consumers)>0) { -?> - -
- - - - - - - - - - - - - - - - + echo $HTML->boxTop(_('OAuth consumers')); -listTableTop(array(_('Consumer'), _('URL'), _('Description'), _('Email'), _('Key'), _('Secret'), '', '')); + + $i = 0; foreach( $t_consumers as $t_consumer ) { ?> boxGetAltRowStyle($i++) ?>> @@ -73,65 +62,67 @@ if(count($t_consumers)>0) { }*/ ?> - - + } + echo $HTML->listTableBottom(); + +echo $HTML->boxBottom(); -
getName() ) ?> getId() , $plugin_oauthprovider_manage); + if ( $t_can_manage ) { + print util_make_link('/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_consumer->getId() , _('Manage')); } ?> getId() . '&plugin_oauthprovider_consumer_delete_token='.form_generate_key(), $plugin_oauthprovider_delete); - + print util_make_link('/plugins/'.$pluginname.'/consumer_delete.php?consumer_id=' . $t_consumer->getId() . '&plugin_oauthprovider_consumer_delete_token='.form_generate_key(), _('Delete')); } - ?> -
- -There are currently no customers in the database.

'; + echo '

'. _('There are currently no OAuth consumers registered in the database').'

'; } -if ( $t_can_manage ) { ?> +if ( $t_can_manage ) { + +$f_consumer_name = getStringFromPost( 'consumer_name' ); +$f_consumer_url = getStringFromPost( 'consumer_url' ); +$f_consumer_desc = getStringFromPost( 'consumer_desc' ); +$f_consumer_email = getStringFromPost( 'consumer_email' ); + + ?>
-
+ ' ?> - + -boxGetAltRowStyle($i++) ?>> - - + + + -boxGetAltRowStyle($i++) ?>> - - + + + -boxGetAltRowStyle($i++) ?>> - - + + + -boxGetAltRowStyle($i++) ?>> - - + + + - +
diff --git a/src/plugins/oauthprovider/www/consumer_create.php b/src/plugins/oauthprovider/www/consumer_create.php index 6769ee5bbe..8da8913282 100644 --- a/src/plugins/oauthprovider/www/consumer_create.php +++ b/src/plugins/oauthprovider/www/consumer_create.php @@ -28,6 +28,9 @@ require_once $gfwww.'include/pre.php'; require_once 'checks.php'; +$pluginname = 'oauthprovider'; + +global $feedback; if(!form_key_is_valid(getStringFromRequest('plugin_oauthprovider_consumer_create_token'))) { exit_form_double_submit('admin'); @@ -43,9 +46,12 @@ $f_consumer_email = getStringFromPost( 'consumer_email' ); if (($msg=OauthAuthzConsumer::check_consumer_values($f_consumer_name, $f_consumer_url, $f_consumer_desc, $f_consumer_email))!=null) { //$missing_params[] = _('"Consumer Name"'); - echo "

.$msg.

"; + $feedback .= $msg; //exit_missing_param('', $missing_params,'oauthprovider'); form_release_key(getStringFromRequest('plugin_oauthprovider_consumer_create_token')); + + //site_admin_header(array('title'=>_('Create OAuth consumer'))); + include 'consumer.php'; } else { @@ -60,5 +66,5 @@ $f_consumer_email = getStringFromPost( 'consumer_email' ); form_release_key(getStringFromRequest('plugin_oauthprovider_consumer_create_token')); - session_redirect( '/plugins/'.$pluginname.'/consumer.php?type='.$type.'&id='.$id.'&pluginname='.$pluginname); + session_redirect( '/plugins/'.$pluginname.'/consumer.php'); } \ No newline at end of file diff --git a/src/plugins/oauthprovider/www/consumer_delete.php b/src/plugins/oauthprovider/www/consumer_delete.php index 15d8794b0a..c26fe6dbc3 100644 --- a/src/plugins/oauthprovider/www/consumer_delete.php +++ b/src/plugins/oauthprovider/www/consumer_delete.php @@ -26,6 +26,7 @@ require_once('../../env.inc.php'); require_once $gfwww.'include/pre.php'; require_once 'checks.php'; +$pluginname = 'oauthprovider'; form_key_is_valid(getStringFromRequest('plugin_oauthprovider_consumer_delete_token')); @@ -41,4 +42,4 @@ $t_consumer = OauthAuthzConsumer::load( $f_consumer_id ); $t_consumer->delete(); form_release_key(getStringFromRequest('plugin_oauthprovider_consumer_delete_token')); -session_redirect( '/plugins/'.$pluginname.'/index.php?type='.$type.'&id='.$id.'&pluginname='.$pluginname); +session_redirect( '/plugins/'.$pluginname.'/consumer.php'); diff --git a/src/plugins/oauthprovider/www/consumer_manage.php b/src/plugins/oauthprovider/www/consumer_manage.php index 7660ebf2cc..3f8efd07a1 100644 --- a/src/plugins/oauthprovider/www/consumer_manage.php +++ b/src/plugins/oauthprovider/www/consumer_manage.php @@ -26,6 +26,10 @@ require_once('../../env.inc.php'); require_once $gfwww.'include/pre.php'; require_once 'checks.php'; +$pluginname = 'oauthprovider'; + +oauthprovider_CheckSiteAdmin(); + session_require_global_perm('forge_admin'); $f_consumer_id = getIntFromGet( 'consumer_id' ); @@ -39,41 +43,42 @@ $i = 0; - +boxGetAltRowStyle($i++) ?>> - + +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - + @@ -85,14 +90,14 @@ $i = 0; diff --git a/src/plugins/oauthprovider/www/consumer_update.php b/src/plugins/oauthprovider/www/consumer_update.php index 7ab563508b..75fb218244 100644 --- a/src/plugins/oauthprovider/www/consumer_update.php +++ b/src/plugins/oauthprovider/www/consumer_update.php @@ -27,6 +27,8 @@ require_once('../../env.inc.php'); require_once $gfwww.'include/pre.php'; require_once 'checks.php'; +$pluginname = 'oauthprovider'; + form_key_is_valid(getStringFromRequest( 'plugin_oauthprovider_consumer_update_token' )); //access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); // equivalent function to be added later for ff @@ -59,4 +61,4 @@ $t_consumer->save(); form_release_key(getStringFromRequest( 'plugin_oauthprovider_consumer_update_token' )); -session_redirect( '/plugins/'.$pluginname.'/consumer_manage.php?type='.$type.'&id='.$id.'&pluginname='.$pluginname. '&consumer_id=' . $t_consumer->getId() ); +session_redirect( '/plugins/'.$pluginname.'/consumer_manage.php?consumer_id=' . $t_consumer->getId() ); diff --git a/src/plugins/oauthprovider/www/consumer_update_page.php b/src/plugins/oauthprovider/www/consumer_update_page.php index 6536775587..afdf25d398 100644 --- a/src/plugins/oauthprovider/www/consumer_update_page.php +++ b/src/plugins/oauthprovider/www/consumer_update_page.php @@ -22,11 +22,14 @@ * */ - require_once('../../env.inc.php'); require_once $gfwww.'include/pre.php'; require_once 'checks.php'; +$pluginname = 'oauthprovider'; + +oauthprovider_CheckSiteAdmin(); + session_require_global_perm('forge_admin'); $f_consumer_id = getIntFromGet( 'consumer_id' ); @@ -38,49 +41,49 @@ $i=0; ?>
- +' ?>
getName() ) ?>
getUrl() ) ?>
getDesc() ) ?>
getEmail() ) ?>
key ) ?>
secret ) ?>
- - + + -
+ ' ?> - +
- - + +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - +boxGetAltRowStyle($i++) ?>> - + - - + +
getId(), $plugin_oauthprovider_back_consumer ); ?>getId(), _('Cancel') ); ?>
diff --git a/src/plugins/oauthprovider/www/index.php b/src/plugins/oauthprovider/www/index.php index 431944dddb..7f14280c05 100644 --- a/src/plugins/oauthprovider/www/index.php +++ b/src/plugins/oauthprovider/www/index.php @@ -25,6 +25,10 @@ require_once('../../env.inc.php'); require_once 'checks.php'; +$pluginname = 'oauthprovider'; + +oauthprovider_CheckUser(); + ?>

OAuth endpoints

@@ -59,13 +63,13 @@ require_once 'checks.php'; ', 'Consumers', '
'; +if( forge_check_global_perm ('forge_admin') ){ + echo util_make_link('/plugins/'.$pluginname.'/consumer.php', _('Consumers')). '
'; } -echo '', 'Request tokens', '
'; -echo '', 'Access tokens', '
'; +echo '', 'Request tokens', '
'; +echo util_make_link('/plugins/'.$pluginname.'/access_tokens.php', _('Access tokens')).'
'; //html_page_bottom(); site_project_footer(array());