X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxnetsession.php;h=ceaa331375fed11818cbf514688e90a6b478993c;hb=20b087ff2e4bb918f601a9bcc2c67d1fbc5b2231;hp=3f9dca1ce2788279bc6e05f7917f57520d4b3edd;hpb=d4775fe2dea4db5e6ca3db4a6034bb03a8b711cc;p=platal.git

diff --git a/classes/xnetsession.php b/classes/xnetsession.php
index 3f9dca1..ceaa331 100644
--- a/classes/xnetsession.php
+++ b/classes/xnetsession.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2010 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -19,20 +19,15 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
-class XnetSession extends PlSession
+class XnetSession extends XorgSession
 {
     public function __construct()
     {
         parent::__construct();
-        S::bootstrap('perms_backup', new PlFlagSet());
     }
 
     public function startAvailableAuth()
     {
-        if (!(S::v('perms') instanceof PlFlagSet)) {
-            S::set('perms', S::v('perms_backup'));
-        }
-
         if (!S::logged() && Get::has('auth')) {
             if (!$this->start(AUTH_MDP)) {
                 return false;
@@ -40,13 +35,13 @@ class XnetSession extends PlSession
         }
 
         global $globals;
-        if (!S::logged()) {
+        if (!S::logged() && $globals->xnet->auth_baseurl) {
             // prevent connection to be linked to disconnection
             if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
                 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
             else
                 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
-            $url  = "https://www.polytechnique.org/auth-groupex";
+            $url  = $globals->xnet->auth_baseurl;
             $url .= "?session=" . session_id();
             $url .= "&challenge=" . S::v('challenge');
             $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
@@ -69,12 +64,13 @@ class XnetSession extends PlSession
                 if ($globals->asso('pub') != 'private') {
                     $perms->addFlag('groupannu');
                 }
+            } else if ($globals->asso('pub') == 'public') {
+                $perms->addFlag('groupannu');
             }
             if ($globals->asso('cat') == 'Promotions') {
                 $perms->addFlag('groupannu');
             }
             S::set('perms', $perms);
-            S::set('perms_backup', $perms);
         }
         return true;
     }
@@ -82,7 +78,7 @@ class XnetSession extends PlSession
     protected function doAuth($level)
     {
         if (S::identified()) { // ok, c'est bon, on n'a rien à faire
-            return S::i('uid');
+            return User::getSilentWithValues(null, array('uid' => S::i('uid')));
         }
         if (!Get::has('auth')) {
             return null;
@@ -93,29 +89,33 @@ class XnetSession extends PlSession
         }
         Get::kill('auth');
         S::set('auth', AUTH_MDP);
-        return Get::i('uid');
+        return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
     }
 
     protected function startSessionAs($user, $level)
     {
-        global $globals;
-
-        if ($level == -1) {
+        // The user must have 'groups' permission to access X.net
+        if (!$user->checkPerms('groups')) {
+            return false;
+        }
+        if ($level == AUTH_SUID) {
             S::set('auth', AUTH_MDP);
         }
-        $res  = XDB::query('SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET(\'femme\', u.flags) AS femme,
-                                    a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
-                              FROM  auth_user_md5   AS u
-                        INNER JOIN  auth_user_quick AS q  USING(user_id)
-                        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type = \'a_vie\')
-                        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET(\'bestalias\', a2.flags))
-                             WHERE  u.user_id = {?} AND u.perms IN(\'admin\', \'user\')
-                             LIMIT  1', $user);
-        $sess = $res->fetchOneAssoc();
-        $perms = $sess['perms'];
-        unset($sess['perms']);
-        $_SESSION = array_merge($_SESSION, $sess);
-        $this->makePerms($perms);
+
+        S::set('uid', $user->uid);
+        S::set('hruid', $user->hruid);
+
+        // XXX: Transition code, should not be in session anymore
+        S::set('display_name', $user->display_name);
+        S::set('full_name', $user->full_name);
+        S::set('femme', $user->isFemale());
+        S::set('email_format', $user->email_format);
+        S::set('token', $user->token);
+        S::set('perms', $user->perms);
+        S::set('is_admin', $user->is_admin);
+
+
+        $this->makePerms($user->perms, $user->is_admin);
         S::kill('challenge');
         S::kill('loginX');
         S::kill('may_update');
@@ -130,75 +130,27 @@ class XnetSession extends PlSession
         return true;
     }
 
-    public function tokenAuth($login, $token)
-    {
-        // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
-        // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
-        // be able to return a simple 'PlUser' object here without trying to alterate the
-        // session.
-        $res = XDB::query('SELECT  u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
-                             FROM  aliases         AS a
-                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
-                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
-                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
-        if ($res->numRows() == 1) {
-            $sess = $res->fetchOneAssoc();
-            if (!S::has('uid')) {
-                $_SESSION = $sess;
-                $this->makePerms($sess['perms']);
-                return S::i('uid');
-            } else if (S::i('uid') == $sess['uid']) {
-                return S::i('uid');
-            } else {
-                Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
-            }
-        }
-        return null;
-    }
-
     public function doSelfSuid()
     {
-        if (!$this->startSUID(S::i('uid'))) {
+        $user =& S::user();
+        if (!$this->startSUID($user)) {
             return false;
         }
-        $this->makePerms('user');
+        S::set('perms', User::makePerms(PERMS_USER));
         return true;
     }
 
     public function stopSUID()
     {
-        $suid = S::v('suid');
+        $perms = S::suid('perms');
         if (!parent::stopSUID()) {
             return false;
         }
-        S::kill('suid');
         S::kill('may_update');
         S::kill('is_member');
-        S::set('perms', $suid['perms']);
-        S::set('perms_backup', $suid['perms_backup']);
+        S::set('perms', $perms);
         return true;
     }
-
-    public function makePerms($perm)
-    {
-        $flags = new PlFlagSet();
-        if ($perm == 'disabled' || $perm == 'ext') {
-            S::set('perms', $flags);
-            S::set('perms_backup', $flags);
-            return;
-        }
-        $flags->addFlag(PERMS_USER);
-        if ($perm == 'admin') {
-            $flags->addFlag(PERMS_ADMIN);
-        }
-        S::set('perms', $flags);
-        S::set('perms_backup', $flags);
-    }
-
-    public function sureLevel()
-    {
-        return AUTH_MDP;
-    }
 }
 
 // {{{ function may_update
@@ -220,11 +172,11 @@ function may_update($force = false, $lose = false)
         return false;
     } elseif ($lose) {
         $may_update[$asso_id] = false;
-    } elseif (S::has_perms() || (S::has('suid') && $force)) {
+    } elseif (S::admin() || (S::suid() && $force)) {
         $may_update[$asso_id] = true;
     } elseif (!isset($may_update[$asso_id]) || $force) {
         $res = XDB::query("SELECT  perms
-                             FROM  groupex.membres
+                             FROM  group_members
                             WHERE  uid={?} AND asso_id={?}",
                           S::v('uid'), $asso_id);
         $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
@@ -252,11 +204,11 @@ function is_member($force = false, $lose = false)
         return false;
     } elseif ($lose) {
         $is_member[$asso_id] = false;
-    } elseif (S::has('suid') && $force) {
+    } elseif (S::suid() && $force) {
         $is_member[$asso_id] = true;
     } elseif (!isset($is_member[$asso_id]) || $force) {
         $res = XDB::query("SELECT  COUNT(*)
-                             FROM  groupex.membres
+                             FROM  group_members
                             WHERE  uid={?} AND asso_id={?}",
                 S::v('uid'), $asso_id);
         $is_member[$asso_id] = ($res->fetchOneCell() == 1);