projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove 'user' perm from X.net accounts.
[platal.git] / classes / xnetsession.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2014 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class XnetSession extends XorgSession
23 {
24 public function __construct()
25 {
26 parent::__construct();
27 }
28
29 public function startAvailableAuth()
30 {
31 if (!S::logged() && Get::has('auth')) {
32 if (!$this->start(AUTH_PASSWD)) {
33 return false;
34 }
35 }
36
37 global $globals;
38 if (!S::logged() && $globals->xnet->auth_baseurl) {
39 // prevent connection to be linked to disconnection
40 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
41 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
42 else
43 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
44 $url = $globals->xnet->auth_baseurl;
45 $url .= "?session=" . session_id();
46 $url .= "&challenge=" . S::v('challenge');
47 $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
48 $url .= "&url=".urlencode($returl);
49 S::set('loginX', $url);
50 }
51
52 if (S::logged() && $globals->asso()) {
53 $perms = S::v('perms');
54 $perms->rmFlag('groupadmin');
55 $perms->rmFlag('groupmember');
56 $perms->rmFlag('groupannu');
57 if (may_update()) {
58 $perms->addFlag('groupadmin');
59 $perms->addFlag('groupmember');
60 $perms->addFlag('groupannu');
61 }
62 if (is_member()) {
63 $perms->addFlag('groupmember');
64 if ($globals->asso('pub') != 'private') {
65 $perms->addFlag('groupannu');
66 }
67 } else if ($globals->asso('pub') == 'public') {
68 $perms->addFlag('groupannu');
69 }
70 if ($globals->asso('cat') == 'Promotions') {
71 $perms->addFlag('groupannu');
72 }
73 S::set('perms', $perms);
74 }
75 return true;
76 }
77
78 protected function doAuth($level)
79 {
80 if (S::identified()) { // Nothing to do there
81 return User::getSilentWithValues(null, array('uid' => S::i('uid')));
82 }
83 if (!Get::has('auth')) {
84 return null;
85 }
86 global $globals;
87 if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
88 return null;
89 }
90 Get::kill('auth');
91 S::set('auth', AUTH_PASSWD);
92 return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
93 }
94
95 protected function startSessionAs($user, $level)
96 {
97 // The user must have 'groups' permission to access X.net
98 if (!$user->checkPerms('groups')) {
99 return false;
100 }
101
102 if ($level == AUTH_SUID) {
103 S::set('auth', AUTH_PASSWD);
104 }
105
106 S::set('uid', $user->uid);
107 S::set('hruid', $user->hruid);
108
109 // XXX: Transition code, should not be in session anymore
110 S::set('display_name', $user->display_name);
111 S::set('full_name', $user->full_name);
112 S::set('femme', $user->isFemale());
113 S::set('email_format', $user->email_format);
114 S::set('token', $user->token);
115 S::set('perms', $user->perms);
116 S::set('is_admin', $user->is_admin);
117
118 // Add the 'user' perms to the user.
119 $this->makePerms($user->perms, $user->is_admin);
120 S::kill('challenge');
121 S::kill('loginX');
122 S::kill('may_update');
123 S::kill('is_member');
124 Get::kill('uid');
125 Get::kill('PHPSESSID');
126
127 $args = array();
128 foreach($_GET as $key => $val) {
129 $args[] = urlencode($key). '=' .urlencode($val);
130 }
131 return true;
132 }
133
134 public function doSelfSuid()
135 {
136 $user =& S::user();
137 if (!$this->startSUID($user)) {
138 return false;
139 }
140 S::set('perms', User::makePerms("groups"));
141 return true;
142 }
143
144 public function stopSUID()
145 {
146 $perms = S::suid('perms');
147 if (!parent::stopSUID()) {
148 return false;
149 }
150 S::kill('may_update');
151 S::kill('is_member');
152 S::set('perms', $perms);
153 return true;
154 }
155 }
156
157 // {{{ function may_update
158
159 /** Return administration rights for the current asso
160 * @param force Force administration rights to be read from database
161 * @param lose Force administration rights to be false
162 */
163 function may_update($force = false, $lose = false)
164 {
165 if (!isset($_SESSION['may_update'])) {
166 $_SESSION['may_update'] = array();
167 }
168 $may_update =& $_SESSION['may_update'];
169
170 global $globals;
171 $asso_id = $globals->asso('id');
172 if (!$asso_id) {
173 return false;
174 } elseif ($lose) {
175 $may_update[$asso_id] = false;
176 } elseif (S::admin() || (S::suid() && $force)) {
177 $may_update[$asso_id] = true;
178 } elseif (!isset($may_update[$asso_id]) || $force) {
179 $res = XDB::query("SELECT perms
180 FROM group_members
181 WHERE uid={?} AND asso_id={?}",
182 S::v('uid'), $asso_id);
183 $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
184 }
185 return $may_update[$asso_id];
186 }
187
188 // }}}
189 // {{{ function is_member
190
191 /** Get membership informations for the current asso
192 * @param force Force membership to be read from database
193 * @param lose Force membership to be false
194 */
195 function is_member($force = false, $lose = false)
196 {
197 if (!isset($_SESSION['is_member'])) {
198 $_SESSION['is_member'] = array();
199 }
200 $is_member =& $_SESSION['is_member'];
201
202 global $globals;
203 $asso_id = $globals->asso('id');
204 if (!$asso_id) {
205 return false;
206 } elseif ($lose) {
207 $is_member[$asso_id] = false;
208 } elseif (S::suid() && $force) {
209 $is_member[$asso_id] = true;
210 } elseif (!isset($is_member[$asso_id]) || $force) {
211 $res = XDB::query("SELECT COUNT(*)
212 FROM group_members
213 WHERE uid={?} AND asso_id={?}",
214 S::v('uid'), $asso_id);
215 $is_member[$asso_id] = ($res->fetchOneCell() == 1);
216 }
217 return $is_member[$asso_id];
218 }
219
220 // }}}
221 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
222 ?>
plat/al