From df5d6d70f52cf5d8b294dcce4355675757892c22 Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Tue, 20 May 2008 06:59:44 +0000
Subject: [PATCH] debugged issue #61
git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@1288 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
.../rbac/RBACcore.class.php | 23 +++++++++--
.../rbac/RBAClimitedHirarchical.class.php | 38 ++++++++++++++++++-
.../rbacSoap/TgExtra.class.php | 14 +++----
.../rbacSoap/TgReview.class.php | 3 ++
.../rbacSoap/examples/assignedRoles.php | 20 +++++-----
.../rbacSoap/examples/filterBySid.php | 3 +-
.../tgExtensions/Logger.class.php | 22 ++++++++---
.../tgExtensions/PublicResource.class.php | 5 +++
8 files changed, 100 insertions(+), 28 deletions(-)
diff --git a/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php b/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php
index 608ddba..f91433d 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php
@@ -1,9 +1,9 @@
<?php
// ####################################################################
-// Version: 0.2.3
+// Version: 0.2.5
// Author: Markus Widmer
// Created: 31.07.2007
-// Modified: 15.05.2008
+// Modified: 16.05.2008
// Requiring these interfaces if the RBAC-Framework
@@ -948,8 +948,17 @@ class RBACcore implements iRBACcore {
$i = 0; // Loop
- // Get the users roles
- $arrRole = $this->sessionRoles( $inSession, false );
+ // Get the session's roles
+ try {
+
+ $arrRole = $this->sessionRoles( $inSession, false );
+
+ }
+ catch( Exception $e ) {
+
+ $arrRole = Array();
+
+ }
for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
@@ -1148,6 +1157,12 @@ class RBACcore implements iRBACcore {
}
}
+ else {
+
+ throw new RBACException( $this->conf->getValue( "errorDescription", "SESSION_DOES_NOT_EXISTS" ),
+ $this->conf->getValue( "errorCode", "SESSION_DOES_NOT_EXISTS" ) );
+
+ }
return $arrRoleReturn;
diff --git a/info.textgrid.middleware.tgauth.rbac/rbac/RBAClimitedHirarchical.class.php b/info.textgrid.middleware.tgauth.rbac/rbac/RBAClimitedHirarchical.class.php
index 48e3be9..cdbcb9d 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbac/RBAClimitedHirarchical.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbac/RBAClimitedHirarchical.class.php
@@ -12,6 +12,42 @@
// interfaces.
if( !class_exists( "RBAC" ) ) {
+ if( defined( "RBAC_LIB_PATH" )
+ && defined( "RBAC_PATH" ) ) {
+
+ !interface_exists( "iHelper" ) ? require_once( RBAC_LIB_PATH . "/iHelper.interface.php" ) : false;
+ !interface_exists( "iNode" ) ? require_once( RBAC_LIB_PATH . "/iNode.interface.php" ) : false;
+ !interface_exists( "iXML" ) ? require_once( RBAC_LIB_PATH . "/iXML.interface.php" ) : false;
+ !interface_exists( "iLDAP" ) ? require_once( RBAC_LIB_PATH . "/iLDAP.interface.php" ) : false;
+ !interface_exists( "iCrypto" ) ? require_once( RBAC_LIB_PATH . "/iCrypto.interface.php" ) : false;
+
+ !interface_exists( "iContext" ) ? require_once( RBAC_PATH . "/iContext.interface.php" ) : false;
+ !interface_exists( "iRBACcore" ) ? require_once( RBAC_PATH . "/iRBACcore.interface.php" ) : false;
+ !interface_exists( "iRBAClimitedHirarchical" ) ? require_once( RBAC_PATH . "/iRBAClimitedHirarchical.interface.php" ) : false;
+
+
+ !class_exists( "Helper" ) ? require_once( RBAC_LIB_PATH . "/Helper.class.php" ) : false;
+ !class_exists( "Node" ) ? require_once( RBAC_LIB_PATH . "/Node.class.php" ) : false;
+ !class_exists( "XML" ) ? require_once( RBAC_LIB_PATH . "/XML.class.php" ) : false;
+ !class_exists( "LDAP" ) ? require_once( RBAC_LIB_PATH . "/LDAP.class.php" ) : false;
+ !class_exists( "Crypto" ) ? require_once( RBAC_LIB_PATH . "/Crypto.class.php" ) : false;
+
+ !class_exists( "SimpleConfig" ) ? require_once( RBAC_PATH . "/SimpleConfig.class.php" ) : false;
+ !class_exists( "RBACException" ) ? require_once( RBAC_PATH . "/RBACException.class.php" ) : false;
+ !class_exists( "RBACExtension" ) ? require_once( RBAC_PATH . "/RBACExtension.class.php" ) : false;
+ !class_exists( "Context" ) ? require_once( RBAC_PATH . "/Context.class.php" ) : false;
+ !class_exists( "RBACcore" ) ? require_once( RBAC_PATH . "/RBACcore.class.php" ) : false;
+
+ }
+ else {
+
+ exit( "\nYou have to define the constants RBAC_LIB_PATH and RBAC_PATH.\n" );
+
+ }
+
+
+/*
+
require_once( "iNode.interface.php" );
require_once( "iXML.interface.php" );
require_once( "iLDAP.interface.php" );
@@ -32,7 +68,7 @@ if( !class_exists( "RBAC" ) ) {
require_once( "RBACExtension.class.php" );
require_once( "Context.class.php" );
require_once( "RBACcore.class.php" );
-
+*/
}
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 682058a..6af77aa 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -825,15 +825,14 @@ class TgExtra {
$filter = "(&" . $this->rbac->getConfiguration()->getValue( "role", "filter" );
$filter .= "(rbacPerformer=" . $username . "))";
- $arrRole = $this->connection['role']->search( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
- . $this->config->getValue( "project", "base" ) . ","
- . $this->rbac->getConfiguration()->getValue( "role", "base" ),
- $filter, "sub", Array( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) ) );
+
+ // Get all the roles of the user
+ $arrRole = $this->rbac->assignedRoles( $username );
for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
- $arrSplit = preg_split( "/[,]/", $arrRole[$i]['dn'] );
+ $arrSplit = preg_split( "/[,]/", $arrRole[$i] );
$projectBelong = "";
@@ -1277,10 +1276,11 @@ class TgExtra {
. $this->rbac->getConfiguration()->getValue( "project", "base" ) );
- // Set the project-description
+ // Set the project-description and name
$connection->modify( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
. $this->rbac->getConfiguration()->getValue( "project", "base" ),
- Array( "tgprojectdescription" => Array( $inRequest->description ) ) );
+ Array( "tgprojectdescription" => Array( $inRequest->description ),
+ "tgprojectname" => Array( $inRequest->name ) ) );
$result->projectId = "TGPR" . ($maxNumber + 1);
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php
index ef0c755..63ff097 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php
@@ -109,6 +109,7 @@ class TgReview {
$arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
$userDomain = $arrTmpDomain[1];
+
// Test if the user has apropriate rights
if( $this->rbac->checkAccess( $inRequest->intSid, "review", "user_" . $userDomain )
|| $this->rbac->checkAccess( $inRequest->intSid, "review", "user_base" ) ) {
@@ -503,9 +504,11 @@ class TgReview {
if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
$arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
$userDomain = $arrTmpDomain[1];
+
// Test if the user has apropriate rights
if( $this->rbac->checkAccess( $inRequest->intSid, "review", "user_" . $userDomain )
|| $this->rbac->checkAccess( $inRequest->intSid, "review", "user_base" ) ) {
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php
index 81d5bff..b0d2a30 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php
@@ -14,9 +14,9 @@ require_once( "../soapTypes.inc.php" );
// -----------------------------------------------------
// You'll need these services
// -----------------------------------------------------
-$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
-$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
-$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgreview.wsdl" );
echo "<BODY><HTML>";
@@ -29,7 +29,7 @@ echo "<BODY><HTML>";
// session-ID that you should keep
// -----------------------------------------------------
$authReq = new authenticateRequest();
-$authReq->username = "sp00001@textgrid.de";
+$authReq->username = "shibconnector@application.int";
$authReq->password = "secret";
@@ -59,16 +59,16 @@ catch( SoapFault $f ) {
// Now you can try to add an active role to your session
// -----------------------------------------------------
$addRoleReq = new addActiveRoleRequest();
-$addRoleReq->username = "sp00001@textgrid.de";
-$addRoleReq->role = "serviceProvider";
-$addRoleReq->sid = $authResponse->sid;
+$addRoleReq->username = "shibconnector@application.int";
+$addRoleReq->role = "sessionCreator,Anwendung";
+$addRoleReq->auth = $authResponse->auth;
echo "<HR/>";
echo "Adding active role...<BR/>";
try {
- $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+ $addRoleResponse = $soapExtra->tgAddActiveRole( $addRoleReq );
if( $addRoleResponse->result ) {
@@ -90,8 +90,8 @@ catch( SoapFault $f ) {
// a session for someone else.
// -----------------------------------------------------
$arReq = new assignedRolesRequest();
-$arReq->intSid = $authResponse->sid;
-$arReq->username = "mhaase@uni-tuebingen.de";
+$arReq->intSid = $authResponse->auth;
+$arReq->username = "testuser@textgrid.de";
echo "<HR/>";
echo "The roles of mhaase@uni-tuebingen.de...<BR/>";
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
index 1031036..9cd871c 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
@@ -90,7 +90,8 @@ catch( SoapFault $f ) {
// form the operations a role may do on a resource.
// -----------------------------------------------------
$filterReq = new filterBySidRequest();
-$filterReq->auth = "bLDCUpWHR9aDhqHngQJRod25BLj032tWPWLsuH141zx66LW3wh51MWlYZ0RndZ";
+//$filterReq->auth = "bLDCUpWHR9aDhqHngQJRod25BLj032tWPWLsuH141zx66LW3wh51MWlYZ0RndZ";
+$filterReq->auth = "";
$filterReq->resource = Array( "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134649:xml%2Ftei:1",
"textgrid:TGPR3:TEMPLATE_TITLE+-+aesopus_teilite.xml:20080514T171605:xml%2Ftei:1",
"textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134646:xml%2Ftei:1",
diff --git a/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php b/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php
index b29fb7d..cca2447 100755
--- a/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php
@@ -69,15 +69,27 @@ class Logger extends RBACExtension {
$file = false; // File-handler
+ $file = fopen( "LOG/checkAccess.log", "a+" );
+
+
// The active roles of the session
- $arrSessionRole = $this->rbac->sessionRoles( $inContext->getValue( "sid" ), false );
+ try {
+ $arrSessionRole = $this->rbac->sessionRoles( $arrParameter[0], false );
- $file = fopen( "LOG/checkAccess.log", "a+" );
- fwrite( $file, date( "Y-m-d h:i:s", time() ) . " " );
- fwrite( $file, "Operation: \"" . $arrParameter[1] . "\", Resource: " . $arrParameter[2] . "\"" );
- fwrite( $file, ", SID: \"" . $inContext->getValue( "sid" ) . "\", Result: \"" . serialize( $inContext->getValue( "decision" ) ) . "\"\n---------------\n" );
+ fwrite( $file, date( "Y-m-d h:i:s", time() ) . " " );
+ fwrite( $file, "Operation: \"" . $arrParameter[1] . "\", Resource: " . $arrParameter[2] . "\"" );
+ fwrite( $file, ", SID: \"" . $inContext->getValue( "sid" ) . "\", Result: \"" . serialize( $inContext->getValue( "decision" ) ) . "\"\n---------------\n" );
+
+ }
+ catch( Exception $e ) {
+
+ fwrite( $file, date( "Y-m-d h:i:s", time() ) . " " );
+ fwrite( $file, "Exception: " . $e->__toString() );
+
+ }
+
fclose( $file );
diff --git a/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php b/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php
index 91a280d..da0827f 100755
--- a/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php
@@ -29,6 +29,7 @@ class PublicResource extends RBACExtension {
public function registerEvents( RBAC $inRegistrar ) {
$inRegistrar->registerEventListener( "checkAccess", "finish", $this, "publicCheckAccess" );
+ $inRegistrar->registerEventListener( "checkAccess", "exception", $this, "publicCheckAccess" );
}
@@ -53,6 +54,9 @@ class PublicResource extends RBACExtension {
// Search for the resource
$arrResource = $this->conn['resource']->search( $this->conf->getValue( "resource", "base" ), $filter, "sub", Array( "tgispublic" ) );
+ $file = fopen( "LOG/PublicResource.log", "a+" );
+ fwrite( $file, serialize( $arrResource ) . "\n\n" );
+ fwrite( $file, serialize( $inContext->getValue( "exception" ) ) . "\n\n" );
// Only if the flag "tgIsPublic" is true and the operation
// is "read", we grant access to the resource even if
@@ -68,6 +72,7 @@ class PublicResource extends RBACExtension {
}
else {
+ fwrite( $file, "Decision: " . serialize( $inContext->getValue( "decision" ) ) . "\n" );
$inContext->changeSecurityChain( $inContext->getValue( "decision" ) );
}
--
GitLab