From 9ecec3acb3bc035705614b43babf2e5601834793 Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Tue, 17 Mar 2009 14:32:43 +0000
Subject: [PATCH] New parameter secret for the registerResource and
unregisterResource methods that can only be used by CRUD from now on.
git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@3112 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
.../rbacSoap/TgExtra.class.php | 236 ++++++++++--------
.../rbacSoap/wsdl-8082/tgextra.wsdl | 2 +
2 files changed, 132 insertions(+), 106 deletions(-)
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 728496f..23f86a4 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -1143,34 +1143,50 @@ class TgExtra {
$result = new booleanResponse(); // The return-result
- if( $this->rbac->checkAccess( $inRequest->auth, "delete", $inRequest->uri ) ) {
+ if( $inRequest->secret === $this->config->getValue( "crud", "secret" ) ) {
- // The TextGrid-resource naming-attribute
- $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
- $resourceAliasAttribute = $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" );
+ if( $this->rbac->checkAccess( $inRequest->auth, "delete", $inRequest->uri ) ) {
+ // The TextGrid-resource naming-attribute
+ $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
+ $resourceAliasAttribute = $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" );
- $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
- $filter .= "(|(" . $resourceNamingAttribute . "=" . $inRequest->uri . ")";
- $filter .= " (" . $resourceAliasAttribute . "=" . $inRequest->uri . ")))";
- $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub" );
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $resourceNamingAttribute . "=" . $inRequest->uri . ")";
+ $filter .= " (" . $resourceAliasAttribute . "=" . $inRequest->uri . ")))";
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub" );
- if( sizeof( $arrResource ) == 1 ) {
- $result->result = $this->connection['resource']->delete( $arrResource[0]['dn'] );
+ if( sizeof( $arrResource ) == 1 ) {
+
+ $result->result = $this->connection['resource']->delete( $arrResource[0]['dn'] );
+
+ }
+ else {
+
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
}
else {
- return new SoapFault( "unknownResourceFault",
- $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
- get_class( $this ),
- $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+// $result->result = false;
}
+
+ return $result;
+
}
else {
@@ -1178,13 +1194,9 @@ class TgExtra {
$this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
get_class( $this ),
$this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
-// $result->result = false;
}
-
- return $result;
-
}
@@ -1212,134 +1224,146 @@ class TgExtra {
$result = new booleanResponse(); // The return-result
- // The TextGrid-resource naming-attribute
- $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
+ if( $inRequest->secret === $this->config->getValue( "crud", "secret" ) ) {
+ // The TextGrid-resource naming-attribute
+ $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
- // Look for the counter entry for resources.
- $arrCounter = $this->connection['counter']->getEntry( "cn=resource," . $this->config->getValue( "counter", "base" ) );
+ // Look for the counter entry for resources.
+ $arrCounter = $this->connection['counter']->getEntry( "cn=resource," . $this->config->getValue( "counter", "base" ) );
- // If there is a counter entry, use it
- if( isset( $arrCounter['dn'] ) ) {
- $freeNumber = $arrCounter['sn'][0] + 1;
+ // If there is a counter entry, use it
+ if( isset( $arrCounter['dn'] ) ) {
- }
- else {
+ $freeNumber = $arrCounter['sn'][0] + 1;
- $arrResourceName = $this->connection['resource']->search( $this->config->getValue( "textGridResource", "base" ),
- "(objectClass=textGridResource)",
- "one", $resourceNamingAttribute );
+ }
+ else {
+ $arrResourceName = $this->connection['resource']->search( $this->config->getValue( "textGridResource", "base" ),
+ "(objectClass=textGridResource)",
+ "one", $resourceNamingAttribute );
- // Every returned resource has to be examined for
- // its number to get the next free one.
- for( $i = 0; $i < sizeof( $arrResourceName ); $i++ ) {
- $resourceName = preg_replace( "/^TGRS/i", "", $arrResourceName[$i][$resourceNamingAttribute][0] );
- $maxNumber = max( $maxNumber, intval( $resourceName ) );
+ // Every returned resource has to be examined for
+ // its number to get the next free one.
+ for( $i = 0; $i < sizeof( $arrResourceName ); $i++ ) {
- }
+ $resourceName = preg_replace( "/^TGRS/i", "", $arrResourceName[$i][$resourceNamingAttribute][0] );
+ $maxNumber = max( $maxNumber, intval( $resourceName ) );
+ }
- $freeNumber = $maxNumber + 1;
- }
+ $freeNumber = $maxNumber + 1;
+ }
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "create", $inRequest->project ) ) {
+
+ // As long as the resource is not registered and the number
+ // of tries has not been reached, try to register
+ while( !$registered
+ && ($registerTry > 0) ) {
+
+ // This is the resource-entry that will be
+ // added to the directory
+ $arrEntry = Array();
+ $arrEntry['objectclass'][] = "textgridResource";
+ $arrEntry['objectclass'][] = "rbacResource";
+ $arrEntry['rbacoperation'][] = "read";
+ $arrEntry['rbacoperation'][] = "write";
+ $arrEntry['rbacoperation'][] = "delegate";
+ $arrEntry['rbacoperation'][] = "delete";
+ $arrEntry['rbacoperation'][] = "publish";
+ $arrEntry['tgresourceuri'][] = $inRequest->uri;
+ $arrEntry['tgprojectid'][] = $inRequest->project;
+ $arrEntry['tgispublic'][] = "FALSE";
+ $arrEntry[$resourceNamingAttribute][] = "TGRS" . ($freeNumber);
+ $arrEntry['tgresourceowner'][] = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ // Add the default permissions to the resource
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delegate";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:publish";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Administrator,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delete";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:write";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Beobachter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
+
+
+ // Try to add the resource with the appropriate number. If
+ // this fails, we will try again (10 times).
+ $registered = $this->connection['resource']->add( $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=TGRS"
+ . $freeNumber . "," . $this->config->getValue( "textGridResource", "base" ),
+ $arrEntry );
+
+
+ $registerTry--;
+
+
+ $registered ? false : $freeNumber++;
- if( $this->rbac->checkAccess( $inRequest->auth, "create", $inRequest->project ) ) {
+ }
- // As long as the resource is not registered and the number
- // of tries has not been reached, try to register
- while( !$registered
- && ($registerTry > 0) ) {
- // This is the resource-entry that will be
- // added to the directory
+ // This entry will add or modify the directory that way
+ // that there is a counter entry.
$arrEntry = Array();
- $arrEntry['objectclass'][] = "textgridResource";
- $arrEntry['objectclass'][] = "rbacResource";
- $arrEntry['rbacoperation'][] = "read";
- $arrEntry['rbacoperation'][] = "write";
- $arrEntry['rbacoperation'][] = "delegate";
- $arrEntry['rbacoperation'][] = "delete";
- $arrEntry['rbacoperation'][] = "publish";
- $arrEntry['tgresourceuri'][] = $inRequest->uri;
- $arrEntry['tgprojectid'][] = $inRequest->project;
- $arrEntry['tgispublic'][] = "FALSE";
- $arrEntry[$resourceNamingAttribute][] = "TGRS" . ($freeNumber);
- $arrEntry['tgresourceowner'][] = $this->rbac->sessionUser( $inRequest->auth );
-
-
- // Add the default permissions to the resource
- $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
- . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delegate";
- $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
- . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:publish";
- $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Administrator,"
- . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delete";
- $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
- . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
- $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
- . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:write";
- $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Beobachter,"
- . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
-
-
- // Try to add the resource with the appropriate number. If
- // this fails, we will try again (10 times).
- $registered = $this->connection['resource']->add( $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=TGRS"
- . $freeNumber . "," . $this->config->getValue( "textGridResource", "base" ),
- $arrEntry );
-
-
- $registerTry--;
-
-
- $registered ? false : $freeNumber++;
+ $arrEntry['objectclass'][] = "person";
+ $arrEntry['cn'][] = "resource";
+ $arrEntry['sn'][] = $freeNumber;
- }
+ if( !isset( $arrCounter['dn'] ) ) {
+
+ $this->connection['counter']->add( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
- // This entry will add or modify the directory that way
- // that there is a counter entry.
- $arrEntry = Array();
- $arrEntry['objectclass'][] = "person";
- $arrEntry['cn'][] = "resource";
- $arrEntry['sn'][] = $freeNumber;
+ }
+ else {
+ $this->connection['counter']->modify( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+
+ }
- if( !isset( $arrCounter['dn'] ) ) {
- $this->connection['counter']->add( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+ $result->result = $registered;
}
else {
- $this->connection['counter']->modify( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+ $result->result = false;
}
- $result->result = $registered;
+ return $result;
}
else {
- $result->result = false;
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
}
-
- return $result;
-
}
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/tgextra.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/tgextra.wsdl
index 5f6f297..619703b 100644
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/tgextra.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/tgextra.wsdl
@@ -120,6 +120,7 @@
<xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
<xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
<xsd:element name="uri" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="secret" type="xsd:string" minOccurs="1" maxOccurs="1" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
@@ -131,6 +132,7 @@
<xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
<xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
<xsd:element name="uri" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="secret" type="xsd:string" minOccurs="1" maxOccurs="1" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
--
GitLab