diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 9e83eadb801d0ed5dd80f80b28f17c26dff5ad5b..dd596d3ef19f0b082f956ec8655f0460bc271f0a 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -697,13 +697,15 @@ class TgExtra {
. $this->config->getValue( "project", "base" )
. "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
// want to be case-independent
$arrMember = array_map ( "strtolower", $arrMember);
$arrMember = $this->rbac->removeDuplicates($arrMember);
+
// The user has to be in the project to be
// allowed to display all other users
- if( in_array( strtolower($this->rbac->sessionUser( $inRequest->auth )), $arrMember ) ) {
+ if( in_array( strtolower( $this->rbac->sessionUser( $inRequest->auth ) ), $arrMember ) ) {
$result->username = $arrMember;
@@ -874,6 +876,7 @@ class TgExtra {
// Input: auth / xsd:string
// log / xsd:string
// project / xsd:string
+ // file / xsd:string
// Output: result / xsd:string
// Description
// Sets the projectFile of a project
@@ -882,19 +885,33 @@ class TgExtra {
$result = new booleanResponse();
+ $connection = $this->rbac->getConnection( "role" );
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
- $connection = $this->rbac->getConnection( "role" );
+ $projectDn = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ",";
+ $projectDn .= $this->rbac->getConfiguration()->getValue( "project", "base" );
+ if( preg_match( "/.+/", $inRequest->file ) ) {
+ if ( $arrResource = $connection->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ "(tgresourceuri=" . $inRequest->file . ")" ) ) {
+ // register the projectfile
+ $boResult = $connection->modify( $projectDn, Array( "tgprojectfile" => Array( $inRequest->file ) ) );
- if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
+ if( $boResult ) {
+ $this->modifyProjectFilePermissions( $arrResource[0]['dn'], $projectDn );
+ }
+ } else {
+ $boResult = false;
+ }
+ } else { // empty file string: unregister
- // Set the project-description and name
- $boResult = $connection->modify( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
- . $this->rbac->getConfiguration()->getValue( "project", "base" ),
- Array( "tgprojectfile" => Array( $inRequest->file ) ) );
+ $boResult = $connection->modify( $projectDn, Array( "tgprojectfile" => Array( ) ) );
+
+ }
}
- else {
+ else { // not delegate
return new SoapFault( "authenticationFault",
$this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
@@ -906,6 +923,8 @@ class TgExtra {
$result->result = $boResult;
+ return $result;
+
}
@@ -1234,10 +1253,6 @@ class TgExtra {
if( socket_connect( $sock, '127.0.0.1', 6645 ) ) {
- // socket_write( $sock, $arrQuery, strlen( $arrQuery ) );
- // socket_write( $sock, "\r\n", strlen( "\r\n" ) );
-
-
$freeNumber = socket_read( $sock, 1024 );
if( $freeNumber > 0 ) {
@@ -1487,7 +1502,7 @@ class TgExtra {
$result = new createProjectResponse(); // The result
$i = 0; // Loop
$username = ""; // Reply from sessionUser
- $is_autheniticated = false; // test if session exists in rbac
+ $is_authenticated = false; // test if session exists in rbac
try {
$username = $this->rbac->sessionUser($inRequest->auth);
@@ -1521,6 +1536,11 @@ class TgExtra {
}
+ if( ( preg_match( "/.+/", $inRequest->file )
+ && $arrResource = $connection->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ "(tgresourceuri=" . $inRequest->file . ")" ) )
+ || !preg_match( "/.+/", $inRequest->file ) ) {
+
try {
// Create the project-role
@@ -1528,32 +1548,51 @@ class TgExtra {
$this->rbac->getConfiguration()->getValue( "project", "base" ) );
+ // Create the project's DN
+ $projectDn = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR";
+ $projectDn .= ($maxNumber + 1) . "," . $this->rbac->getConfiguration()->getValue( "project", "base" );
+
+
// The user of the session-ID will be the Leader
// of this new project.
$this->rbac->assignUser( $username,
- $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter," . $projectDn );
+/*
. $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
. $this->rbac->getConfiguration()->getValue( "project", "base" ) );
+*/
- // Set the project-description and name
+ // Set the project-description
$arrModify['tgprojectname'][] = $inRequest->name;
preg_match( "/.+/", $inRequest->description ) ? $arrModify['tgprojectdescription'][] = $inRequest->description : false;
- preg_match( "/.+/", $inRequest->file ) ? $arrModify['tgprojectfile'][] = $inRequest->file : false;
+
+ // Set the project-file and modify the
+ // file's permission set
+ if( preg_match( "/.+/", $inRequest->file ) ) {
+
+ $arrModify['tgprojectfile'][] = $inRequest->file;
+
+
+ $this->modifyProjectFilePermissions( $arrResource[0]['dn'], $projectDn );
+
+ }
+
+/*
$connection->modify( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
. $this->rbac->getConfiguration()->getValue( "project", "base" ),
$arrModify );
-/*
- Array( "tgprojectdescription" => Array( $inRequest->description ),
- "tgprojectname" => Array( $inRequest->name ),
- "tgprojectfile" => Array( $inRequest->file ) ) );
*/
+ $connection->modify( $projectDn, $arrModify );
+
$this->rbac->addActiveRole( $username, $inRequest->auth,
- $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter," . $projectDn );
+/*
. $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
. $this->rbac->getConfiguration()->getValue( "project", "base" ) );
+*/
$result->projectId = "TGPR" . ($maxNumber + 1);
@@ -1565,6 +1604,16 @@ class TgExtra {
}
+ }
+ else {
+
+ // The file that had to be set as project file
+ // does not exist. Stop everything and return
+ // an empty projectId.
+ $result->projectId = "";
+
+ }
+
}
else {
@@ -1926,5 +1975,24 @@ class TgExtra {
}
+
+
+
+ private function modifyProjectFilePermissions( $inDn, $inProjectDn ) {
+
+ // The resource-connection is needed.
+ $connection = $this->rbac->getConnection( "resource" );
+
+
+ $arrModify = Array( "rbacpermission" =>
+ Array( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter," . $inProjectDn . ":-:write",
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter," . $inProjectDn . ":-:delete" ),
+ "tgispublic" => "TRUE" );
+
+
+ $connection->modify( $inDn, $arrModify );
+
+ }
+
}
?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/setProjectFile.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/setProjectFile.php
new file mode 100755
index 0000000000000000000000000000000000000000..f043af258afa5ef9c565a9563ffc67d56b2e22d4
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/setProjectFile.php
@@ -0,0 +1,97 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+require_once( "wsdlDefinition.include.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+
+
+echo "<HTML><BODY>";
+echo "<HEAD><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"></HEAD>\n";
+
+
+
+if( isset( $_POST['wsdl'] ) ) {
+
+ $soapExtra = new SoapClient( $arrExtraWsdl[$_POST['wsdl']]['url'] );
+
+}
+else {
+
+ $soapExtra = new SoapClient( $arrExtraWsdl[0]['url'] );
+
+}
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $setPFReq = new setProjectFileRequest();
+ $setPFReq->auth = $_POST['auth'];
+ $setPFReq->log = "";
+ $setPFReq->project = $_POST['project'];
+ $setPFReq->file = $_POST['file'];
+
+
+ echo "<HR/>";
+ echo "Setting project file...<BR/>";
+
+ try {
+
+ $setPFResponse = $soapExtra->setProjectFile( $setPFReq );
+
+ if( $setPFResponse ) {
+
+ echo "DONE.";
+
+ }
+ else {
+
+ echo "UNABLE to register project file!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"setProjectFile.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Target: ";
+echo "<SELECT name=\"wsdl\">\n";
+
+for( $i = 0; $i < sizeof( $arrExtraWsdl ); $i++ ) {
+
+ echo "<OPTION value=\"" . $i . "\">" . $arrExtraWsdl[$i]['name'] . "</OPTION>\n";
+
+}
+
+echo "</SELECT><BR>\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project ID: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "Project File URI: <INPUT type=\"text\" name=\"file\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php
index 18ea51701fb992ca672b2d7d88fe220d4ad0d590..d8405473ea6c4d4f411b61dde31b570aa049b2b6 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php
@@ -405,6 +405,15 @@ class createProjectRequest {
}
+class setProjectFileRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+ public $file;
+
+}
+
class registerResourceRequest {
public $auth;