hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-16 14:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add AuthenticationServiceProvider

Browse Source
This commit is contained in:
Romain Neutron
2013-02-15 11:08:05 +01:00
parent f5c5aebe22
commit d2bc4f4a23
117 changed files with 610 additions and 535 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
lib/Alchemy/Phrasea/Application/Lightbox.php
View File

@@ -29,13 +29,13 @@ class Lightbox implements ControllerProviderInterface
return;
}
if ($app->isAuthenticated()) {
$app->closeAccount();
if ($app['authentication']->isAuthenticated()) {
$app['authentication']->closeAccount();
}
try {
$auth = new \Session_Authentication_Token($app, $request->query->get('LOG'));
$app->openAccount($auth);
$app['authentication']->openAccount($auth);
} catch (Exception $e) {
return $app->redirect("/login/?error=" . urlencode($e->getMessage()));
}
@@ -72,8 +72,8 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketRepository */
$basket_collection = array_merge(
$repository->findActiveByUser($app['phraseanet.user'])
, $repository->findActiveValidationByUser($app['phraseanet.user'])
$repository->findActiveByUser($app['authentication']->getUser())
, $repository->findActiveValidationByUser($app['authentication']->getUser())
);
$template = 'lightbox/index.html.twig';
@@ -97,7 +97,7 @@ class Lightbox implements ControllerProviderInterface
$basketElement = $app['EM']
->getRepository('\Entities\BasketElement')
->findUserElement($sselcont_id, $app['phraseanet.user']);
->findUserElement($sselcont_id, $app['authentication']->getUser());
$parameters = array(
'basket_element' => $basketElement,
@@ -111,7 +111,7 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketElementRepository */
$repository = $app['EM']->getRepository('\Entities\BasketElement');
$BasketElement = $repository->findUserElement($sselcont_id, $app['phraseanet.user']);
$BasketElement = $repository->findUserElement($sselcont_id, $app['authentication']->getUser());
if ($app['browser']->isMobile()) {
$output = $app['twig']->render('lightbox/basket_element.html.twig', array(
@@ -199,12 +199,12 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketRepository */
$basket_collection = $repository->findActiveValidationAndBasketByUser(
$app['phraseanet.user']
$app['authentication']->getUser()
);
$basket = $repository->findUserBasket(
$app, $ssel_id
, $app['phraseanet.user']
, $app['authentication']->getUser()
, false
);
@@ -214,9 +214,9 @@ class Lightbox implements ControllerProviderInterface
$app['EM']->flush();
}
if ($basket->getValidation() && $basket->getValidation()->getParticipant($app['phraseanet.user'], $app)->getIsAware() === false) {
if ($basket->getValidation() && $basket->getValidation()->getParticipant($app['authentication']->getUser(), $app)->getIsAware() === false) {
$basket = $app['EM']->merge($basket);
$basket->getValidation()->getParticipant($app['phraseanet.user'], $app)->setIsAware(true);
$basket->getValidation()->getParticipant($app['authentication']->getUser(), $app)->setIsAware(true);
$app['EM']->flush();
}
@@ -251,12 +251,12 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketRepository */
$basket_collection = $repository->findActiveValidationAndBasketByUser(
$app['phraseanet.user']
$app['authentication']->getUser()
);
$basket = $repository->findUserBasket(
$app, $ssel_id
, $app['phraseanet.user']
, $app['authentication']->getUser()
, false
);
@@ -266,9 +266,9 @@ class Lightbox implements ControllerProviderInterface
$app['EM']->flush();
}
if ($basket->getValidation() && $basket->getValidation()->getParticipant($app['phraseanet.user'])->getIsAware() === false) {
if ($basket->getValidation() && $basket->getValidation()->getParticipant($app['authentication']->getUser())->getIsAware() === false) {
$basket = $app['EM']->merge($basket);
$basket->getValidation()->getParticipant($app['phraseanet.user'], $app)->setIsAware(true);
$basket->getValidation()->getParticipant($app['authentication']->getUser(), $app)->setIsAware(true);
$app['EM']->flush();
}
@@ -334,7 +334,7 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketRepository */
$basket = $repository->findUserBasket(
$app, $ssel_id
, $app['phraseanet.user']
, $app['authentication']->getUser()
, false
);
@@ -357,9 +357,9 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketElementRepository */
$repository = $app['EM']->getRepository('\Entities\BasketElement');
$basket_element = $repository->findUserElement($sselcont_id, $app['phraseanet.user']);
$basket_element = $repository->findUserElement($sselcont_id, $app['authentication']->getUser());
$validationDatas = $basket_element->getUserValidationDatas($app['phraseanet.user'], $app);
$validationDatas = $basket_element->getUserValidationDatas($app['authentication']->getUser(), $app);
$validationDatas->setNote($note);
@@ -405,14 +405,14 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketElementRepository */
$basket_element = $repository->findUserElement(
$sselcont_id
, $app['phraseanet.user']
, $app['authentication']->getUser()
);
/* @var $basket_element \Entities\BasketElement */
$validationDatas = $basket_element->getUserValidationDatas($app['phraseanet.user'], $app);
$validationDatas = $basket_element->getUserValidationDatas($app['authentication']->getUser(), $app);
if (!$basket_element->getBasket()
->getValidation()
->getParticipant($app['phraseanet.user'], $app)->getCanAgree()) {
->getParticipant($app['authentication']->getUser(), $app)->getCanAgree()) {
throw new ControllerException('You can not agree on this');
}
@@ -420,7 +420,7 @@ class Lightbox implements ControllerProviderInterface
$participant = $basket_element->getBasket()
->getValidation()
->getParticipant($app['phraseanet.user'], $app);
->getParticipant($app['authentication']->getUser(), $app);
$app['EM']->merge($basket_element);
@@ -453,7 +453,7 @@ class Lightbox implements ControllerProviderInterface
/* @var $repository \Repositories\BasketRepository */
$basket = $repository->findUserBasket(
$app, $ssel_id
, $app['phraseanet.user']
, $app['authentication']->getUser()
, false
);
@@ -461,7 +461,7 @@ class Lightbox implements ControllerProviderInterface
throw new ControllerException('There is no validation session attached to this basket');
}
if (!$basket->getValidation()->getParticipant($app['phraseanet.user'], $app)->getCanAgree()) {
if (!$basket->getValidation()->getParticipant($app['authentication']->getUser(), $app)->getCanAgree()) {
throw new ControllerException('You have not right to agree');
}
@@ -478,7 +478,7 @@ class Lightbox implements ControllerProviderInterface
}
/* @var $basket \Entities\Basket */
$participant = $basket->getValidation()->getParticipant($app['phraseanet.user'], $app);
$participant = $basket->getValidation()->getParticipant($app['authentication']->getUser(), $app);
$expires = new \DateTime('+10 days');
$url = $app['phraseanet.registry']->get('GV_ServerName')
@@ -492,7 +492,7 @@ class Lightbox implements ControllerProviderInterface
$to = $basket->getValidation()->getInitiator($app)->get_id();
$params = array(
'ssel_id' => $basket->getId(),
'from' => $app['phraseanet.user']->get_id(),
'from' => $app['authentication']->getUser()->get_id(),
'url' => $url,
'to' => $to
);

4
lib/Alchemy/Phrasea/Application/Root.php
View File

@@ -32,10 +32,10 @@ return call_user_func(function($environment = null) {
});
$app->before(function(Request $request) use ($app) {
if ($request->cookies->has('persistent') && !$app->isAuthenticated()) {
if ($request->cookies->has('persistent') && !$app['authentication']->isAuthenticated()) {
try {
$auth = new \Session_Authentication_PersistentCookie($app, $request->cookies->get('persistent'));
$app->openAccount($auth, $auth->getSessionId());
$app['authentication']->openAccount($auth, $auth->getSessionId());
} catch (\Exception $e) {
}

39
lib/Alchemy/Phrasea/Controller/Api/Oauth2.php
View File

@@ -11,6 +11,12 @@
namespace Alchemy\Phrasea\Controller\Api;
use Alchemy\Phrasea\Authentication\Context;
use Alchemy\Phrasea\Application as PhraseaApplication;
use Alchemy\Phrasea\Authentication\Exception\AccountLockedException;
use Alchemy\Phrasea\Authentication\Exception\RequireCaptchaException;
use Alchemy\Phrasea\Core\Event\PreAuthenticate;
use Alchemy\Phrasea\Core\PhraseaEvents;
use Silex\Application;
use Silex\ControllerProviderInterface;
use Symfony\Component\HttpFoundation\Response;
@@ -37,6 +43,9 @@ class Oauth2 implements ControllerProviderInterface
$request = $app['request'];
$oauth2_adapter = $app['oauth'];
$context = new Context(Context::CONTEXT_OAUTH2_NATIVE);
$app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context));
//Check for auth params, send error or redirect if not valid
$params = $oauth2_adapter->getAuthorizationRequestParameters($request);
@@ -65,17 +74,23 @@ class Oauth2 implements ControllerProviderInterface
);
}
if (!$app->isAuthenticated()) {
if (!$app['authentication']->isAuthenticated()) {
if ($action_login !== null) {
try {
$auth = new \Session_Authentication_Native(
$app, $request->get("login"), $request->get("password")
);
$usr_id = $app['auth.native']->isValid($request->get("login"), $request->get("password"), $request);
$app->openAccount($auth);
} catch (\Exception $e) {
return new Response($app['twig']->render($template, array("auth" => $oauth2_adapter)));
if (!$usr_id) {
$app['session']->getFlashBag()->set('error', _('login::erreur: Erreur d\'authentification'));
return $app->redirect($app->path('oauth2_authorize'));
}
} catch (RequireCaptchaException $e) {
return $app->redirect($app->path('oauth2_authorize'), array('error' => 'captcha'));
} catch (AccountLockedException $e) {
return $app->redirect($app->path('oauth2_authorize'), array('error' => 'account-locked'));
}
$app['authentication']->openAccount(\User_Adapter::getInstance($usr_id, $app));
} else {
return new Response($app['twig']->render($template, array("auth" => $oauth2_adapter)));
}
@@ -84,7 +99,7 @@ class Oauth2 implements ControllerProviderInterface
//check if current client is already authorized by current user
$user_auth_clients = \API_OAuth2_Application::load_authorized_app_by_user(
$app
, $app['phraseanet.user']
, $app['authentication']->getUser()
);
foreach ($user_auth_clients as $auth_client) {
@@ -93,7 +108,7 @@ class Oauth2 implements ControllerProviderInterface
}
}
$account = $oauth2_adapter->updateAccount($app['phraseanet.user']->get_id());
$account = $oauth2_adapter->updateAccount($app['authentication']->getUser()->get_id());
$params['account_id'] = $account->get_id();
@@ -119,7 +134,9 @@ class Oauth2 implements ControllerProviderInterface
}
};
$controllers->match('/authorize', $authorize_func)->method('GET|POST');
$controllers->match('/authorize', $authorize_func)
->method('GET|POST')
->bind('oauth2_authorize');
/**
* TOKEN ENDPOINT
@@ -130,7 +147,7 @@ class Oauth2 implements ControllerProviderInterface
throw new HttpException(400, 'This route requires the use of the https scheme', null, array('content-type' => 'application/json'));
}
$app['oauth']->grantAccessToken();
$app['oauth']->grantAccessToken($request);
ob_flush();
flush();

18
lib/Alchemy/Phrasea/Controller/Api/V1.php
View File

@@ -13,6 +13,8 @@ namespace Alchemy\Phrasea\Controller\Api;
use Silex\ControllerProviderInterface;
use Alchemy\Phrasea\Core\PhraseaEvents;
use Alchemy\Phrasea\Authentication\Context;
use Alchemy\Phrasea\Core\Event\PreAuthenticate;
use Alchemy\Phrasea\Core\Event\ApiOAuth2StartEvent;
use Alchemy\Phrasea\Core\Event\ApiOAuth2EndEvent;
use Silex\Application as SilexApplication;
@@ -49,6 +51,9 @@ class V1 implements ControllerProviderInterface
* @ throws \API_V1_exception_forbidden
*/
$controllers->before(function($request) use ($app) {
$context = new Context(Context::CONTEXT_OAUTH2_TOKEN);
$app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context));
$app['dispatcher']->dispatch(PhraseaEvents::API_OAUTH2_START, new ApiOAuth2StartEvent());
$oauth2_adapter = new \API_OAuth2_Adapter($app);
$oauth2_adapter->verifyAccessToken();
@@ -63,16 +68,15 @@ class V1 implements ControllerProviderInterface
throw new \API_V1_exception_forbidden(_('The use of phraseanet Navigator is not allowed'));
}
if ($app->isAuthenticated()) {
if ($app['authentication']->isAuthenticated()) {
$app['dispatcher']->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent());
return;
}
$user = \User_Adapter::getInstance($oauth2_adapter->get_usr_id(), $app);
$auth = new \Session_Authentication_None($user);
$app->openAccount($auth, $oauth2_adapter->get_ses_id());
$app['authentication']->openAccount($user);
$oauth2_adapter->remember_this_ses_id($app['session']->get('session_id'));
$app['dispatcher']->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent());
@@ -646,19 +650,19 @@ class V1 implements ControllerProviderInterface
*/
$controllers->get('/feeds/list/', function(SilexApplication $app) {
return $app['api']
->search_publications($app['request'], $app['phraseanet.user'])
->search_publications($app['request'], $app['authentication']->getUser())
->get_response();
});
$controllers->get('/feeds/content/', function(SilexApplication $app) {
return $app['api']
->get_publications($app['request'], $app['phraseanet.user'])
->get_publications($app['request'], $app['authentication']->getUser())
->get_response();
});
$controllers->get('/feeds/entry/{entry_id}/', function(SilexApplication $app, $entry_id) {
return $app['api']
->get_feed_entry($app['request'], $entry_id, $app['phraseanet.user'])
->get_feed_entry($app['request'], $entry_id, $app['authentication']->getUser())
->get_response();
})->assert('entry_id', '\d+');
@@ -675,7 +679,7 @@ class V1 implements ControllerProviderInterface
*/
$controllers->get('/feeds/{feed_id}/content/', function(SilexApplication $app, $feed_id) {
return $app['api']
->get_publication($app['request'], $feed_id, $app['phraseanet.user'])
->get_publication($app['request'], $feed_id, $app['authentication']->getUser())
->get_response();
})->assert('feed_id', '\d+');

4
lib/Alchemy/Phrasea/Core/PhraseaEvents.php
View File

@@ -14,6 +14,10 @@ namespace Alchemy\Phrasea\Core;
final class PhraseaEvents
{
const LOGOUT = 'phrasea.logout';
const PRE_AUTHENTICATE = 'phrasea.pre-authenticate';
const POST_AUTHENTICATE = 'phrasea.post-authenticate';
const API_OAUTH2_START = 'api.oauth2.start';
const API_OAUTH2_END = 'api.oauth2.end';
const API_LOAD_START = 'api.load.start';

10
lib/Alchemy/Phrasea/Helper/Prod.php
View File

@@ -29,13 +29,13 @@ class Prod extends Helper
$bases = $fields = $dates = array();
if (! $this->app['phraseanet.user'] instanceof \User_Adapter) {
if (! $this->app['authentication']->getUser() instanceof \User_Adapter) {
return $search_datas;
}
$searchSet = json_decode($this->app['phraseanet.user']->getPrefs('search'), true);
$searchSet = json_decode($this->app['authentication']->getUser()->getPrefs('search'), true);
foreach ($this->app['phraseanet.user']->ACL()->get_granted_sbas() as $databox) {
foreach ($this->app['authentication']->getUser()->ACL()->get_granted_sbas() as $databox) {
$sbas_id = $databox->get_sbas_id();
$bases[$sbas_id] = array(
@@ -45,7 +45,7 @@ class Prod extends Helper
'sbas_id' => $sbas_id
);
foreach ($this->app['phraseanet.user']->ACL()->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) {
foreach ($this->app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) {
$selected = (isset($searchSet['bases']) &&
isset($searchSet['bases'][$sbas_id])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbas_id])) : true;
$bases[$sbas_id]['collections'][] =
@@ -83,7 +83,7 @@ class Prod extends Helper
if (! $bases[$sbas_id]['thesaurus']) {
continue;
}
if ( ! $this->app['phraseanet.user']->ACL()->has_right_on_sbas($sbas_id, 'bas_modif_th')) {
if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, 'bas_modif_th')) {
continue;
}

4
lib/Alchemy/Phrasea/Helper/Record/Helper.php
View File

@@ -116,7 +116,7 @@ class Helper extends \Alchemy\Phrasea\Helper\Helper
$repository = $app['EM']->getRepository('\Entities\Basket');
/* @var $$repository \Repositories\BasketRepository */
$Basket = $repository->findUserBasket($this->app, $Request->get('ssel'), $app['phraseanet.user'], false);
$Basket = $repository->findUserBasket($this->app, $Request->get('ssel'), $app['authentication']->getUser(), false);
$this->selection->load_basket($Basket);
@@ -125,7 +125,7 @@ class Helper extends \Alchemy\Phrasea\Helper\Helper
} elseif (trim($Request->get('story')) !== '') {
$repository = $app['EM']->getRepository('\Entities\StoryWZ');
$storyWZ = $repository->findByUserAndId($app, $app['phraseanet.user'], $Request->get('story'));
$storyWZ = $repository->findByUserAndId($app, $app['authentication']->getUser(), $Request->get('story'));
$this->selection->load_list(array($storyWZ->getRecord($this->app)->get_serialize_key()), $this->flatten_groupings);
} else {

14
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -73,7 +73,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
protected function delete_user(\User_Adapter $user)
{
$list = array_keys($this->app['phraseanet.user']->ACL()->get_granted_base(array('canadmin')));
$list = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin')));
$user->ACL()->revoke_access_from_bases($list);
@@ -86,7 +86,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function get_users_rights()
{
$list = array_keys($this->app['phraseanet.user']->ACL()->get_granted_base(array('canadmin')));
$list = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin')));
$sql = "SELECT
b.sbas_id,
@@ -366,7 +366,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function apply_rights()
{
$request = \http_request::getInstance();
$ACL = $this->app['phraseanet.user']->ACL();
$ACL = $this->app['authentication']->getUser()->ACL();
$base_ids = array_keys($ACL->get_granted_base(array('canadmin')));
$update = $create = $delete = $create_sbas = $update_sbas = array();
@@ -570,11 +570,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
{
$template = \User_adapter::getInstance($this->request->get('template'), $this->app);
if ($template->get_template_owner()->get_id() != $this->app['phraseanet.user']->get_id()) {
if ($template->get_template_owner()->get_id() != $this->app['authentication']->getUser()->get_id()) {
throw new \Exception_Forbidden('You are not the owner of the template');
}
$base_ids = array_keys($this->app['phraseanet.user']->ACL()->get_granted_base(array('canadmin')));
$base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin')));
foreach ($this->users as $usr_id) {
$user = \User_adapter::getInstance($usr_id, $this->app);
@@ -642,7 +642,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function resetRights()
{
$base_ids = array_keys($this->app['phraseanet.user']->ACL()->get_granted_base(array('canadmin')));
$base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin')));
foreach ($this->users as $usr_id) {
$user = \User_Adapter::getInstance($usr_id, $this->app);
@@ -651,7 +651,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
if ($user->is_template()) {
$template = $user;
if ($template->get_template_owner()->get_id() !== $this->app['phraseanet.user']->get_id()) {
if ($template->get_template_owner()->get_id() !== $this->app['authentication']->getUser()->get_id()) {
continue;
}
}

8
lib/Alchemy/Phrasea/Helper/User/Manage.php
View File

@@ -71,7 +71,7 @@ class Manage extends Helper
->like($this->query_parms['like_field'], $this->query_parms['like_value'])
->get_inactives($this->query_parms['inactives'])
->include_templates(false)
->on_bases_where_i_am($this->app['phraseanet.user']->ACL(), array('canadmin'))
->on_bases_where_i_am($this->app['authentication']->getUser()->ACL(), array('canadmin'))
->execute();
return $this->results->get_results();
@@ -109,7 +109,7 @@ class Manage extends Helper
->like($this->query_parms['like_field'], $this->query_parms['like_value'])
->get_inactives($this->query_parms['inactives'])
->include_templates(true)
->on_bases_where_i_am($this->app['phraseanet.user']->ACL(), array('canadmin'))
->on_bases_where_i_am($this->app['authentication']->getUser()->ACL(), array('canadmin'))
->limit($offset_start, $results_quantity)
->execute();
@@ -218,8 +218,8 @@ class Manage extends Helper
}
$created_user = \User_Adapter::create($this->app, $name, \random::generatePassword(16), null, false, false);
$created_user->set_template($this->app['phraseanet.user']);
$this->usr_id = $this->app['phraseanet.user']->get_id();
$created_user->set_template($this->app['authentication']->getUser());
$this->usr_id = $this->app['authentication']->getUser()->get_id();
return $created_user;
}

6
lib/Alchemy/Phrasea/Helper/WorkZone.php
View File

@@ -45,13 +45,13 @@ class WorkZone extends Helper
$ret = new \Doctrine\Common\Collections\ArrayCollection();
$baskets = $repo_baskets->findActiveByUser($this->app['phraseanet.user'], $sort);
$validations = $repo_baskets->findActiveValidationByUser($this->app['phraseanet.user'], $sort);
$baskets = $repo_baskets->findActiveByUser($this->app['authentication']->getUser(), $sort);
$validations = $repo_baskets->findActiveValidationByUser($this->app['authentication']->getUser(), $sort);
/* @var $repo_stories \Doctrine\Repositories\StoryWZRepository */
$repo_stories = $this->app['EM']->getRepository('Entities\StoryWZ');
$stories = $repo_stories->findByUser($this->app, $this->app['phraseanet.user'], $sort);
$stories = $repo_stories->findByUser($this->app, $this->app['authentication']->getUser(), $sort);
$ret->set(self::BASKETS, $baskets);
$ret->set(self::VALIDATIONS, $validations);

4
lib/Alchemy/Phrasea/Out/Module/PDF.php
View File

@@ -166,7 +166,7 @@ class PDF
$fimg = $subdef->get_pathfile();
if (!$this->app['phraseanet.user']->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark")
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark")
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) {
$fimg = \recordutils_image::watermark($this->app, $subdef);
}
@@ -430,7 +430,7 @@ class PDF
$f = $subdef->get_pathfile();
if (!$this->app['phraseanet.user']->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark")
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark")
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE)
$f = \recordutils_image::watermark($this->app, $subdef);

8
lib/Alchemy/Phrasea/SearchEngine/Phrasea/PhraseaEngine.php
View File

@@ -184,12 +184,12 @@ class PhraseaEngine implements SearchEngineInterface
*/
private function checkSession()
{
if (!$this->app['phraseanet.user']) {
if (!$this->app['authentication']->getUser()) {
throw new \RuntimeException('Phrasea currently support only authenticated queries');
}
if (!phrasea_open_session($this->app['session']->get('phrasea_session_id'), $this->app['phraseanet.user']->get_id())) {
if (!$ses_id = phrasea_create_session((string) $this->app['phraseanet.user']->get_id())) {
if (!phrasea_open_session($this->app['session']->get('phrasea_session_id'), $this->app['authentication']->getUser()->get_id())) {
if (!$ses_id = phrasea_create_session((string) $this->app['authentication']->getUser()->get_id())) {
throw new \Exception_InternalServerError('Unable to create phrasea session');
}
$this->app['session']->set('phrasea_session_id', $ses_id);
@@ -557,7 +557,7 @@ class PhraseaEngine implements SearchEngineInterface
$stmt->execute($params);
$stmt->closeCursor();
if ($this->app['phraseanet.user']) {
if ($this->app['authentication']->getUser()) {
\User_Adapter::saveQuery($this->app, $query);
}

12
lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php
View File

@@ -623,15 +623,15 @@ class SearchEngineOptions
$bas = array_map(function($base_id) use ($app) {
return \collection::get_from_base_id($app, $base_id);
}, $request->get('bases'));
} elseif (!$app->isAuthenticated()) {
} elseif (!$app['authentication']->isAuthenticated()) {
$bas = $app->getOpenCollections();
} else {
$bas = $app['phraseanet.user']->ACL()->get_granted_base();
$bas = $app['authentication']->getUser()->ACL()->get_granted_base();
}
$bas = array_filter($bas, function($collection) use ($app) {
if ($app->isAuthenticated()) {
return $app['phraseanet.user']->ACL()->has_right_on_base($collection->get_base_id(), 'canmodifrecord');
if ($app['authentication']->isAuthenticated()) {
return $app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'canmodifrecord');
} else {
return in_array($collection, $app->getOpenCollections());
}
@@ -645,9 +645,9 @@ class SearchEngineOptions
}
}
if ($app->isAuthenticated() && $app['phraseanet.user']->ACL()->has_right('modifyrecord')) {
if ($app['authentication']->isAuthenticated() && $app['authentication']->getUser()->ACL()->has_right('modifyrecord')) {
$BF = array_filter($bas, function($collection) use ($app) {
return $app['phraseanet.user']->ACL()->has_right_on_base($collection->get_base_id(), 'canmodifrecord');
return $app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'canmodifrecord');
});
$options->allowBusinessFieldsOn($BF);

22
lib/Alchemy/Phrasea/Security/Firewall.php
View File

@@ -26,7 +26,7 @@ class Firewall
{
$this->requireNotGuest();
if (!$this->app['phraseanet.user']->ACL()->is_admin()) {
if (!$this->app['authentication']->getUser()->ACL()->is_admin()) {
$this->app->abort(403, 'Admin role is required');
}
@@ -37,7 +37,7 @@ class Firewall
{
$this->requireAuthentication();
if (!$this->app['phraseanet.user']->ACL()->has_access_to_module($module)) {
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_module($module)) {
$this->app->abort(403, 'You do not have required rights');
}
@@ -48,7 +48,7 @@ class Firewall
{
$this->requireAuthentication();
if (!$this->app['phraseanet.user']->ACL()->has_access_to_sbas($sbas_id)) {
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_sbas($sbas_id)) {
$this->app->abort(403, 'You do not have required rights');
}
@@ -59,7 +59,7 @@ class Firewall
{
$this->requireAuthentication();
if (!$this->app['phraseanet.user']->ACL()->has_access_to_base($base_id)) {
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) {
$this->app->abort(403, 'You do not have required rights');
}
@@ -70,7 +70,7 @@ class Firewall
{
$this->requireAuthentication();
if (!$this->app['phraseanet.user']->ACL()->has_right($right)) {
if (!$this->app['authentication']->getUser()->ACL()->has_right($right)) {
$this->app->abort(403, 'You do not have required rights');
}
@@ -81,7 +81,7 @@ class Firewall
{
$this->requireAuthentication();
if (!$this->app['phraseanet.user']->ACL()->has_right_on_base($base_id, $right)) {
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) {
$this->app->abort(403, 'You do not have required rights');
}
@@ -92,7 +92,7 @@ class Firewall
{
$this->requireAuthentication();
if (!$this->app['phraseanet.user']->ACL()->has_right_on_sbas($sbas_id, $right)) {
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) {
$this->app->abort(403, 'You do not have required rights');
}
@@ -103,7 +103,7 @@ class Firewall
{
$this->requireAuthentication();
if ($this->app['phraseanet.user']->is_guest()) {
if ($this->app['authentication']->getUser()->is_guest()) {
$this->app->abort(403, 'Guests do not have admin role');
}
@@ -112,7 +112,7 @@ class Firewall
public function requireAuthentication()
{
if (!$this->app->isAuthenticated()) {
if (!$this->app['authentication']->isAuthenticated()) {
$this->app->abort(302, 'You are not authenticated', array('X-Phraseanet-Redirect' => '/login/'));
}
@@ -121,7 +121,7 @@ class Firewall
public function requireNotAuthenticated()
{
if ($this->app->isAuthenticated()) {
if ($this->app['authentication']->isAuthenticated()) {
$this->app->abort(302, 'You are authenticated', array('X-Phraseanet-Redirect' => '/prod/'));
}
@@ -130,7 +130,7 @@ class Firewall
public function requireOrdersAdmin()
{
if (false === !!count($this->app['phraseanet.user']->ACL()->get_granted_base(array('order_master')))) {
if (false === !!count($this->app['authentication']->getUser()->ACL()->get_granted_base(array('order_master')))) {
$this->app->abort(403, 'You are not an order admin');
}

8
lib/Alchemy/Phrasea/Setup/Installer.php
View File

@@ -76,7 +76,7 @@ class Installer
{
$template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml');
$databox = \databox::create($this->app, $dbConn, $template, $this->app['phraseanet.registry']);
$this->app['phraseanet.user']->ACL()
$this->app['authentication']->getUser()->ACL()
->give_access_to_sbas(array($databox->get_sbas_id()))
->update_rights_to_sbas(
$databox->get_sbas_id(), array(
@@ -85,10 +85,10 @@ class Installer
)
);
$collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $this->app['phraseanet.user']);
$collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $this->app['authentication']->getUser());
$this->app['phraseanet.user']->ACL()->give_access_to_base(array($collection->get_base_id()));
$this->app['phraseanet.user']->ACL()->update_rights_to_base($collection->get_base_id(), array(
$this->app['authentication']->getUser()->ACL()->give_access_to_base(array($collection->get_base_id()));
$this->app['authentication']->getUser()->ACL()->update_rights_to_base($collection->get_base_id(), array(
'canpush' => 1, 'cancmd' => 1
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1