projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add the 'user' perm to X.net for users with the 'group' permission.
[platal.git] / classes / xnetsession.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2011 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class XnetSession extends XorgSession
23 {
24 public function __construct()
25 {
26 parent::__construct();
27 }
28
29 public function startAvailableAuth()
30 {
31 if (!S::logged() && Get::has('auth')) {
32 if (!$this->start(AUTH_MDP)) {
33 return false;
34 }
35 }
36
37 if (!S::logged() && Post::has('auth_type') && Post::v('auth_type') == 'xnet' && !Post::has('wait')) {
38 $email = Post::v('username');
39 $type = XDB::fetchOneCell('SELECT type
40 FROM accounts
41 WHERE email = {?}',
42 $email);
43 if ((!is_null($type) && $type != 'xnet') || !User::isForeignEmailAddress($email)) {
44 Platal::page()->trigErrorRedirect('Ce formulaire d\'authentification est réservé aux extérieurs à la communauté polytechnicienne.', '');
45 }
46
47 $user = parent::doAuth(AUTH_MDP);
48 if (is_null($user)) {
49 return false;
50 }
51 if (!parent::checkAuth(AUTH_MDP) || !parent::startSessionAs($user, AUTH_MDP)) {
52 $this->destroy();
53 return false;
54 }
55 }
56
57 global $globals;
58 if (!S::logged() && $globals->xnet->auth_baseurl) {
59 // prevent connection to be linked to disconnection
60 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
61 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
62 else
63 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
64 $url = $globals->xnet->auth_baseurl;
65 $url .= "?session=" . session_id();
66 $url .= "&challenge=" . S::v('challenge');
67 $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
68 $url .= "&url=".urlencode($returl);
69 S::set('loginX', $url);
70 }
71
72 if (S::logged() && $globals->asso()) {
73 $perms = S::v('perms');
74 $perms->rmFlag('groupadmin');
75 $perms->rmFlag('groupmember');
76 $perms->rmFlag('groupannu');
77 if (may_update()) {
78 $perms->addFlag('groupadmin');
79 $perms->addFlag('groupmember');
80 $perms->addFlag('groupannu');
81 }
82 if (is_member()) {
83 $perms->addFlag('groupmember');
84 if ($globals->asso('pub') != 'private') {
85 $perms->addFlag('groupannu');
86 }
87 } else if ($globals->asso('pub') == 'public') {
88 $perms->addFlag('groupannu');
89 }
90 if ($globals->asso('cat') == 'Promotions') {
91 $perms->addFlag('groupannu');
92 }
93 S::set('perms', $perms);
94 }
95 return true;
96 }
97
98 protected function doAuth($level)
99 {
100 if (S::identified()) { // ok, c'est bon, on n'a rien à faire
101 return User::getSilentWithValues(null, array('uid' => S::i('uid')));
102 }
103 if (!Get::has('auth')) {
104 return null;
105 }
106 global $globals;
107 if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
108 return null;
109 }
110 Get::kill('auth');
111 S::set('auth', AUTH_MDP);
112 return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
113 }
114
115 protected function startSessionAs($user, $level)
116 {
117 // The user must have 'groups' permission to access X.net
118 if (!$user->checkPerms('groups')) {
119 return false;
120 }
121 S::v('perms')->addFlag(PERMS_USER);
122 if ($level == AUTH_SUID) {
123 S::set('auth', AUTH_MDP);
124 }
125
126 S::set('uid', $user->uid);
127 S::set('hruid', $user->hruid);
128
129 // XXX: Transition code, should not be in session anymore
130 S::set('display_name', $user->display_name);
131 S::set('full_name', $user->full_name);
132 S::set('femme', $user->isFemale());
133 S::set('email_format', $user->email_format);
134 S::set('token', $user->token);
135 S::set('perms', $user->perms);
136 S::set('is_admin', $user->is_admin);
137
138
139 $this->makePerms($user->perms, $user->is_admin);
140 S::kill('challenge');
141 S::kill('loginX');
142 S::kill('may_update');
143 S::kill('is_member');
144 Get::kill('uid');
145 Get::kill('PHPSESSID');
146
147 $args = array();
148 foreach($_GET as $key => $val) {
149 $args[] = urlencode($key). '=' .urlencode($val);
150 }
151 return true;
152 }
153
154 public function doSelfSuid()
155 {
156 $user =& S::user();
157 if (!$this->startSUID($user)) {
158 return false;
159 }
160 S::set('perms', User::makePerms(PERMS_USER));
161 return true;
162 }
163
164 public function stopSUID()
165 {
166 $perms = S::suid('perms');
167 if (!parent::stopSUID()) {
168 return false;
169 }
170 S::kill('may_update');
171 S::kill('is_member');
172 S::set('perms', $perms);
173 return true;
174 }
175 }
176
177 // {{{ function may_update
178
179 /** Return administration rights for the current asso
180 * @param force Force administration rights to be read from database
181 * @param lose Force administration rights to be false
182 */
183 function may_update($force = false, $lose = false)
184 {
185 if (!isset($_SESSION['may_update'])) {
186 $_SESSION['may_update'] = array();
187 }
188 $may_update =& $_SESSION['may_update'];
189
190 global $globals;
191 $asso_id = $globals->asso('id');
192 if (!$asso_id) {
193 return false;
194 } elseif ($lose) {
195 $may_update[$asso_id] = false;
196 } elseif (S::admin() || (S::suid() && $force)) {
197 $may_update[$asso_id] = true;
198 } elseif (!isset($may_update[$asso_id]) || $force) {
199 $res = XDB::query("SELECT perms
200 FROM group_members
201 WHERE uid={?} AND asso_id={?}",
202 S::v('uid'), $asso_id);
203 $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
204 }
205 return $may_update[$asso_id];
206 }
207
208 // }}}
209 // {{{ function is_member
210
211 /** Get membership informations for the current asso
212 * @param force Force membership to be read from database
213 * @param lose Force membership to be false
214 */
215 function is_member($force = false, $lose = false)
216 {
217 if (!isset($_SESSION['is_member'])) {
218 $_SESSION['is_member'] = array();
219 }
220 $is_member =& $_SESSION['is_member'];
221
222 global $globals;
223 $asso_id = $globals->asso('id');
224 if (!$asso_id) {
225 return false;
226 } elseif ($lose) {
227 $is_member[$asso_id] = false;
228 } elseif (S::suid() && $force) {
229 $is_member[$asso_id] = true;
230 } elseif (!isset($is_member[$asso_id]) || $force) {
231 $res = XDB::query("SELECT COUNT(*)
232 FROM group_members
233 WHERE uid={?} AND asso_id={?}",
234 S::v('uid'), $asso_id);
235 $is_member[$asso_id] = ($res->fetchOneCell() == 1);
236 }
237 return $is_member[$asso_id];
238 }
239
240 // }}}
241 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
242 ?>
plat/al