From ee34c7ec72d73ef11b8b65b1d722d503e183a66d Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Thu, 15 May 2008 07:16:10 +0000
Subject: [PATCH] Corrected Bug in FilterBySid
git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@1267 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
.../rbac/RBACcore.class.php | 18 +++--------
.../rbacSoap/TgExtra.class.php | 2 +-
.../rbacSoap/examples/filterBySid.php | 23 +++++++++-----
.../tgExtensions/Logger.class.php | 30 +++----------------
.../tgExtensions/PublicResource.class.php | 9 ++++--
5 files changed, 31 insertions(+), 51 deletions(-)
diff --git a/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php b/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php
index 3be23ea..608ddba 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbac/RBACcore.class.php
@@ -1,9 +1,9 @@
<?php
// ####################################################################
-// Version: 0.2.2
+// Version: 0.2.3
// Author: Markus Widmer
// Created: 31.07.2007
-// Modified: 01.04.2008
+// Modified: 15.05.2008
// Requiring these interfaces if the RBAC-Framework
@@ -1231,7 +1231,7 @@ class RBACcore implements iRBACcore {
// If there is an interceptor, we allow other
// functions to completely decide what to do.
if( $this->interceptor
- && $context->getValue( "decision" ) ) { //$continue ) {
+ && $context->getValue( "decision" ) ) {
return true;
@@ -1789,23 +1789,13 @@ class RBACcore implements iRBACcore {
$roleNamingValue = preg_split( "/[=]/", $roleNamingValue[0] );
$roleNamingValue = $roleNamingValue[1];
-/*
- // Create filter to search for the role.
- $filter = "(&" . $this->conf->getValue( "role", "filter" );
- $filter .= "(" . $this->conf->getValue( "role", "namingattribute" ) . "=" . $roleNamingValue . "))";
-
-
- // Ask the directory
- $arrRoleEntry = $this->conn['role']->search( $this->conf->getValue( "role", "base" ), $filter, "sub" );
-*/
+ // Looking for the role
$arrRoleEntry = $this->conn['role']->getEntry( $inRole );
-// if( sizeof( $arrRoleEntry ) == 1 ) {
if( isset( $arrRoleEntry['dn'] ) ) {
-// $arrRoleEntry = $arrRoleEntry[0];
$roleAssAttr = $this->conf->getValue( "role", "assignedattribute" );
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 599c709..682058a 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -269,7 +269,7 @@ class TgExtra {
for( $i = 0; $i < sizeof( $res ); $i++ ) {
- if( $this->rbac->checkAccess( $inRequest->sid, $inRequest->operation, $res[$i] ) ) {
+ if( $this->rbac->checkAccess( $inRequest->auth, $inRequest->operation, $res[$i] ) ) {
$filterBySidResult[] = $res[$i];
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
index 6936133..1031036 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
@@ -14,14 +14,14 @@ require_once( "../soapTypes.inc.php" );
// -----------------------------------------------------
// You'll need these services
// -----------------------------------------------------
-$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
-$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+//$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
echo "<BODY><HTML>";
-
+/*
// -----------------------------------------------------
// Before you can create a session you have to
// authenticate. If this was successful you get a
@@ -81,6 +81,8 @@ catch( SoapFault $f ) {
echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
}
+*/
+
// -----------------------------------------------------
@@ -88,13 +90,20 @@ catch( SoapFault $f ) {
// form the operations a role may do on a resource.
// -----------------------------------------------------
$filterReq = new filterBySidRequest();
-$filterReq->intSid = $authResponse->sid;
-$filterReq->sid = "ABcDEFG";
-$filterReq->resource = Array( "ingrid.daasi.de//demo/tg-demo.xml", "ingrid.daasi.de//demo/inhaltsverzeichnis.doc" );
+$filterReq->auth = "bLDCUpWHR9aDhqHngQJRod25BLj032tWPWLsuH141zx66LW3wh51MWlYZ0RndZ";
+$filterReq->resource = Array( "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134649:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+aesopus_teilite.xml:20080514T171605:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134646:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+aesopus_teilite.xml:20080514T155649:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+werther1_teilite.xml:20080514T155659:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134648:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+werther1_teilite.xml:20080514T171613:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134530:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T154944:xml%2Ftei:1" );
$filterReq->operation = "read";
echo "<HR/>";
-echo "Filter on resources ingrid.daasi.de//demo/tg-demo.xml...<BR/>";
+echo "Filtering resources...<BR/>";
try {
diff --git a/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php b/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php
index 819d1e9..b29fb7d 100755
--- a/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/tgExtensions/Logger.class.php
@@ -29,13 +29,12 @@ class Logger extends RBACExtension {
public function registerEvents( RBAC $inRegistrar ) {
$inRegistrar->registerEventListener( "addUser", "write", $this, "logAddUserEvent" );
- $inRegistrar->registerEventListener( "checkAccess", "startup", $this, "logCheckAccessEvent" );
+ $inRegistrar->registerEventListener( "checkAccess", "finish", $this, "logCheckAccessEvent" );
$inRegistrar->registerEventListener( "assignUser", "write", $this, "logAssignUserEvent" );
$inRegistrar->registerEventListener( "addAscendant", "finished", $this, "logAddAscendantEvent" );
// These functions for debugging-informations
- $inRegistrar->registerEventListener( "checkAccess", "filter", $this, "debugCheckAccessEvent" );
$inRegistrar->registerEventListener( "checkAccess", "finish", $this, "debugCheckAccessResultEvent" );
$inRegistrar->registerEventListener( "grantPermission", "filter", $this, "debugGrantPermissionEvent" );
$inRegistrar->registerEventListener( "addAscendant", "write", $this, "debugAddAscendantEvent" );
@@ -77,8 +76,8 @@ class Logger extends RBACExtension {
$file = fopen( "LOG/checkAccess.log", "a+" );
fwrite( $file, date( "Y-m-d h:i:s", time() ) . " " );
- fwrite( "Operation: \"" . $inContext->getValue( "operation" ) . "\", Resource: " . $inContext->getValue( "resource" ) . "\"" );
- fwrite( $file, ", SID: \"" . $inContext->getValue( "sid" ) . "\", Roles: \"" . join( "|", $arrSessionRole ) . "\"\n---------------\n" );
+ fwrite( $file, "Operation: \"" . $arrParameter[1] . "\", Resource: " . $arrParameter[2] . "\"" );
+ fwrite( $file, ", SID: \"" . $inContext->getValue( "sid" ) . "\", Result: \"" . serialize( $inContext->getValue( "decision" ) ) . "\"\n---------------\n" );
fclose( $file );
@@ -135,27 +134,6 @@ class Logger extends RBACExtension {
- // ## debugCheckAccessEvent #########################################
- public function debugCheckAccessEvent( Context $inContext ) {
-
- $arrParameter = $inContext->getParameters(); // The parameters of the checkAccess-function
- $file = false; // File-handler
-
-
- $file = fopen( "LOG/checkAccess.debug", "a+" );
-
- fwrite( $file, date( "Y-m-d h:i:s", time() ) . " Filter-string: " . $inContext->getValue( "filter" ) . "\n---------------\n" );
-
- fclose( $file );
-
-
- return $inContext;
-
- }
-
-
-
-
// ## debugCheckAccessResultEvent ###################################
public function debugCheckAccessResultEvent( Context $inContext ) {
@@ -166,7 +144,7 @@ class Logger extends RBACExtension {
$file = fopen( "LOG/checkAccess.debug", "a+" );
fwrite( $file, date( "Y-m-d h:i:s", time() ) . " Unmodified Result: " . serialize( $inContext->getValue( "decision" ) ) . "\n---------------\n" );
- fwrite( $file, date( "Y-m-d h:i:s", time() ) . " Resource-Entry: " . serialize( $inContext->getValue( "resource" ) ) . "\n---------------\n" );
+ fwrite( $file, date( "Y-m-d h:i:s", time() ) . " Parameter 1/2/3: " . serialize( $arrParameter[0] ) . "/" . serialize( $arrParameter[1] ) . "/" . serialize( $arrParameter[2] ) . "\n---------------\n" );
fclose( $file );
diff --git a/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php b/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php
index eebcf2e..91a280d 100755
--- a/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/tgExtensions/PublicResource.class.php
@@ -1,9 +1,9 @@
<?php
// ####################################################################
-// Version: 0.1.0
+// Version: 0.1.1
// Autor: Markus Widmer
// Erstellungsdatum: 12.03.2008
-// Letzte Aenderung: 12.03.2008
+// Letzte Aenderung: 15.05.2008
@@ -50,6 +50,7 @@ class PublicResource extends RBACExtension {
$filter .= " (" . $this->conf->getValue( "resource", "aliasattribute" ) . "=" . $arrParameter[2] . ")))";
+ // Search for the resource
$arrResource = $this->conn['resource']->search( $this->conf->getValue( "resource", "base" ), $filter, "sub", Array( "tgispublic" ) );
@@ -57,10 +58,12 @@ class PublicResource extends RBACExtension {
// is "read", we grant access to the resource even if
// the read-operation would not be granted. Otherwise we
// keep the decision of the checkAccess-function.
- if( preg_match( "/^true$/i", $arrResource[0]['tgispublic'][0] )
+ if( isset( $arrResource[0] )
+ && preg_match( "/^true$/i", $arrResource[0]['tgispublic'][0] )
&& preg_match( "/^read$/", $operation ) ) {
$inContext->changeSecurityChain( true );
+ $inContext->setValue( "decision", true );
}
else {
--
GitLab