diff --git a/modules/webaccess/bin/authaction.in b/modules/webaccess/bin/authaction.in index f53e3bad2..14e37a57e 100644 --- a/modules/webaccess/bin/authaction.in +++ b/modules/webaccess/bin/authaction.in @@ -1,105 +1,105 @@ ## $Id$ ## authaction -- CLI interface to Access Control Engine ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## read config variables: #include "config.wml" #include "configbis.wml" #include "cdswmllib.wml" ## start Python: #! ## $Id$ ## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES. """authaction -- CLI interface to Access Control Engine""" __version__ = "<: print generate_pretty_version_string('$Id$'); :>" ## fill config variables: pylibdir = "/python" try: import sys sys.path.append('%s' % pylibdir) from cdsware.config import * from cdsware.access_control_engine import acc_authorize_action from cdsware.access_control_config import cfg_webaccess_warning_msgs except ImportError, e: print "Error: %s" % e import sys sys.exit(1) def usage(code, msg=''): """Print usage info.""" if msg: sys.stderr.write("Error: %s.\n" % msg) sys.stderr.write("authaction -- CLI interface to Access Control Engine\n") sys.stderr.write("Usage: %s [options] [keyword1] [value1] [keyword2] [value2] ...\n" % sys.argv[0]) sys.stderr.write("Command options:\n") sys.stderr.write(" = ID of the user\n") sys.stderr.write(" = action name\n") sys.stderr.write(" [keyword1] = optional first keyword argument\n") sys.stderr.write(" [value1] = its value\n") sys.stderr.write(" [keyword2] = optional second keyword argument\n") sys.stderr.write(" [value2] = its value\n") sys.stderr.write(" ... = et caetera\n") sys.stderr.write("General options:\n") sys.stderr.write(" -h, --help \t\t Print this help.\n") sys.stderr.write(" -V, --version \t\t Print version information.\n") sys.exit(code) def main(): """CLI to acc_authorize_action. The function finds the needed arguments in sys.argv. If the number of arguments is wrong it prints help. Return 0 on success, 9 or higher on failure. """ alen, auth = len(sys.argv), 0 # return ``not permitted'' if wrong arguments if alen > 1 and sys.argv[1] in ["-h", "--help"]: usage(0) elif alen > 1 and sys.argv[1] in ["-V", "--version"]: sys.stderr.write("%s\n" % __version__) sys.exit(0) if alen < 3 or alen % 2 == 0: - print "7 , %s" % cfg_webaccess_warning_msgs[7] - return "7 , %s" % cfg_webaccess_warning_msgs[7] + print "7 - %s" % cfg_webaccess_warning_msgs[7] + return "7 - %s" % cfg_webaccess_warning_msgs[7] # try to authorize else: # get values id_user = sys.argv[1] name_action = sys.argv[2] dict = {} for i in range(3, alen, 2): dict[sys.argv[i]] = sys.argv[i + 1] # run ace-function (auth_code, auth_message) = acc_authorize_action(id_user, name_action, **dict) # print and return - print "%s , %s" % (auth_code, auth_message) - return "%s , %s" % (auth_code, auth_message) + print "%s - %s" % (auth_code, auth_message) + return "%s - %s" % (auth_code, auth_message) if __name__ == '__main__': main() diff --git a/modules/webaccess/bin/authaction.wml b/modules/webaccess/bin/authaction.wml index f53e3bad2..14e37a57e 100644 --- a/modules/webaccess/bin/authaction.wml +++ b/modules/webaccess/bin/authaction.wml @@ -1,105 +1,105 @@ ## $Id$ ## authaction -- CLI interface to Access Control Engine ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## read config variables: #include "config.wml" #include "configbis.wml" #include "cdswmllib.wml" ## start Python: #! ## $Id$ ## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES. """authaction -- CLI interface to Access Control Engine""" __version__ = "<: print generate_pretty_version_string('$Id$'); :>" ## fill config variables: pylibdir = "/python" try: import sys sys.path.append('%s' % pylibdir) from cdsware.config import * from cdsware.access_control_engine import acc_authorize_action from cdsware.access_control_config import cfg_webaccess_warning_msgs except ImportError, e: print "Error: %s" % e import sys sys.exit(1) def usage(code, msg=''): """Print usage info.""" if msg: sys.stderr.write("Error: %s.\n" % msg) sys.stderr.write("authaction -- CLI interface to Access Control Engine\n") sys.stderr.write("Usage: %s [options] [keyword1] [value1] [keyword2] [value2] ...\n" % sys.argv[0]) sys.stderr.write("Command options:\n") sys.stderr.write(" = ID of the user\n") sys.stderr.write(" = action name\n") sys.stderr.write(" [keyword1] = optional first keyword argument\n") sys.stderr.write(" [value1] = its value\n") sys.stderr.write(" [keyword2] = optional second keyword argument\n") sys.stderr.write(" [value2] = its value\n") sys.stderr.write(" ... = et caetera\n") sys.stderr.write("General options:\n") sys.stderr.write(" -h, --help \t\t Print this help.\n") sys.stderr.write(" -V, --version \t\t Print version information.\n") sys.exit(code) def main(): """CLI to acc_authorize_action. The function finds the needed arguments in sys.argv. If the number of arguments is wrong it prints help. Return 0 on success, 9 or higher on failure. """ alen, auth = len(sys.argv), 0 # return ``not permitted'' if wrong arguments if alen > 1 and sys.argv[1] in ["-h", "--help"]: usage(0) elif alen > 1 and sys.argv[1] in ["-V", "--version"]: sys.stderr.write("%s\n" % __version__) sys.exit(0) if alen < 3 or alen % 2 == 0: - print "7 , %s" % cfg_webaccess_warning_msgs[7] - return "7 , %s" % cfg_webaccess_warning_msgs[7] + print "7 - %s" % cfg_webaccess_warning_msgs[7] + return "7 - %s" % cfg_webaccess_warning_msgs[7] # try to authorize else: # get values id_user = sys.argv[1] name_action = sys.argv[2] dict = {} for i in range(3, alen, 2): dict[sys.argv[i]] = sys.argv[i + 1] # run ace-function (auth_code, auth_message) = acc_authorize_action(id_user, name_action, **dict) # print and return - print "%s , %s" % (auth_code, auth_message) - return "%s , %s" % (auth_code, auth_message) + print "%s - %s" % (auth_code, auth_message) + return "%s - %s" % (auth_code, auth_message) if __name__ == '__main__': main() diff --git a/modules/webaccess/doc/hacking/api.html.wml b/modules/webaccess/doc/hacking/api.html.wml index c71eec9e6..fa9d24542 100644 --- a/modules/webaccess/doc/hacking/api.html.wml +++ b/modules/webaccess/doc/hacking/api.html.wml @@ -1,160 +1,160 @@ ## $Id$ ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. #include "cdspage.wml" \ title="Access Control Engine API" \ navbar_name="hacking-webaccess" \ navtrail_previous_links="/hacking/>Hacking CDSware > /hacking/webaccess/index.html>WebAccess Internals " \ navbar_select="hacking-webaccess-engine-api"

Version <: print generate_pretty_revision_date_string('$Id$'); :> 

 CDSware Access Control Engine can be called from within your Python programs
 via both a regular Python API and CLI.
 In addition the you get an explanation of the program flow.
 
 Contents:
  1. Regular API
  2. Command Line Interface
  3. Program Flow
 
 1. Regular API
 
    Description:
 
       There is not very much information in the database at the moment.
       More can be added on demand.
 
       Information on these will be added when time allows it.
 
    Signature:
 
       def acc_authorize_action(id_user, name_action, dict={}, **arguments):
           """ Check if user is allowed to perform action
 	  with given list of arguments.
 	  Return (0, message) if authentication succeeds, (error_code, error_message) if it fails.
 
 	  The arguments are as follows:
     
                   id_user - id of the user to be authorized in the database
                             
               name_action - the name of the action
 
                 arguments - dictionary with keyword=value pairs created automatically
                             by python on the extra arguments. these depend on the
                             given action. """
 
    Examples:
 
 >>> # import the functions from module
 >>> # change this to your local settings...
 >>> pylibdir = '/log/cdsware-DEMODEV/lib/python/cdsware/'
 >>> import sys
 >>> sys.path.append('%s' % pylibdir)
 >>> from access_control_engine import *
 >>> # authorize user 109 for action WebSearch_search with collection="LHC"
 >>> acc_authorize_action(109, 'cfgwebsearch', collection="LHC")
       (0, "User authorized")
 >>> # authorize user 109 for action WebSearch_search with collection="fail this"
 >>> acc_authorize_action(109, 'cfgwebsearch', collection="fail this")
       (8, "Error (8): Incorrect keyword given for specified action.")
 >>> # authorize user 109 for action BibFormat_modify with format="htmlbrief"
 >>> acc_authorize_action(109, 'cfgbibformat', format="htmlbrief")
       (0, "User authorized")
 
 2. Command Line Interface
 
    Description:
 
       The Command Line Interface uses the regular API of acc_authorize_action.
       
    Signature:
 
       authaction id_user name_action keyword1 value1 keyword2 value2 ...
           """ See description from function acc_authorize_action.
                   id_user - id of user to be authorized
  
 	      name_action - name of the action
  
 	         keyword1 - first keyword like in the keyword=value pairs,
                             same rules for the following ones.
 			    always one word.
  
 	           value1 - value that belongs in a pair with the corresponding keyword,
                             same rules for the following ones.
 			    add quotes if it is more that one word.
  
               the keyword=value pairs are collected in a dictionary
           """
    
    Examples:
 
       These are the same ones as for the regular API:
       $ authaction 109 cfgwebsearch collection LHC
-        0 , User authorized
+        0 - User authorized
       $ authaction 109 cfgwebsearch collection 'fail this'
-        8 , Error (8): Incorrect keyword given for specified action.
+        8 - Error (8): Incorrect keyword given for specified action.
       $ authaction 109 cfgbibformat format htmlbrief
-        0 , User authorized
+        0 - User authorized
 
 
 3. Program Flow
 
    this is a quick explanation of the different tasks
    performed by the authorization engine.
    
    I. find information for the action
      use admin API to find info. 
    
    II. see if user is a superadmin
      query the database for connection between user and role superadmin.
      -> authorize if yes
    
    III. find all of the users roles and create string with the ids
      query the database and build string of ids
      -> don't authorize if no roles
    
    IV. try to authorize without arguments
      action without arguments: query database
      -> authorize if yes
      action with optional arguments
      -> authorize if yes
    
    V. create list of keyword=value pairs to query the database
      run through dictionary and create string for adding to database query
    
    VI. find all table entries from the database
      query the database for table entries
      create list of the tuples and sort it
      -> don't authorize if no entries
      -> authorize if only 1 argument and result
    
    VII. combine entries and try to satisfy authorization
      dictionary with the arguments as keys, all values 0
      run throught the list created in VI
        if moving on to new authorization
          check dictionary values
          -> authorize if combination found
          reset values to 0 if not found
        set dictionary[keyword] to 1.
        (countinue loop)
 
    VIII. all the above failed
      -> authorization failed
diff --git a/modules/webaccess/lib/access_control_config.py b/modules/webaccess/lib/access_control_config.py index 636827466..eb53c8a3a 100644 --- a/modules/webaccess/lib/access_control_config.py +++ b/modules/webaccess/lib/access_control_config.py @@ -1,112 +1,112 @@ ## $Id$ ## CDSware Access Control Config in mod_python. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. #include "config.wml" #include "configbis.wml" supportemail = "" """CDSware Access Control Config. """ ## okay, rest of the Python code goes below ####### __version__ = "$Id$" from config import * # VALUES TO BE EXPORTED # CURRENTLY USED BY THE FILES access_control_engine.py access_control_admin.py webaccessadmin_lib.py # name of the role giving superadmin rights SUPERADMINROLE = 'superadmin' # name of the webaccess webadmin role WEBACCESSADMINROLE = 'webaccessadmin' # name of the action allowing roles to access the web administrator interface WEBACCESSACTION = 'cfgwebaccess' # name of the action allowing roles to delegate the rights to other roles # ex: libraryadmin to delegate libraryworker DELEGATEADDUSERROLE = 'accdelegaterole' # max number of users to display in the drop down selects MAXSELECTUSERS = 25 # max number of users to display in a page (mainly for user area) MAXPAGEUSERS = 25 # default data for the add_default_settings function # roles # name description def_roles = ((SUPERADMINROLE, 'superuser with all rights'), ('photoadmin', 'Photo collection administrator'), (WEBACCESSADMINROLE, 'WebAccess administrator')) # users # list of e-mail addresses def_users = [] # actions # name desc allowedkeywords optional def_actions = ( ('cfgwebsearch', 'configure WebSearch', '', 'no'), ('cfgbibformat', 'configure BibFormat', '', 'no'), ('cfgwebsubmit', 'configure WebSubmit', '', 'no'), ('runbibindex', 'run BibIndex', '', 'no'), ('runbibupload', 'run BibUpload', '', 'no'), ('runwebcoll', 'run webcoll', 'collection', 'yes'), ('runbibformat', 'run BibFormat', 'format', 'yes'), (WEBACCESSACTION, 'configure WebAccess', '', 'no'), (DELEGATEADDUSERROLE, 'delegate subroles inside WebAccess', 'role', 'no'), ('runbibtaskex', 'run BibTaskEx example', '', 'no'), ('referee', 'referee document type doctype/category categ', 'doctype,categ', 'yes'), ('submit', 'use webSubmit', 'doctype,act', 'yes'), ('runbibrank', 'run BibRank', '', 'no'), ('cfgbibrank', 'configure BibRank', '', 'no'), ) # authorizations # role action arglistid optional arguments def_auths = ( (SUPERADMINROLE, 'cfgwebsearch', -1, 0, {}), (SUPERADMINROLE, 'cfgbibformat', -1, 0, {}), (SUPERADMINROLE, 'cfgwebsubmit', -1, 0, {}), (SUPERADMINROLE, 'runbibindex', -1, 0, {}), (SUPERADMINROLE, 'runbibupload', -1, 0, {}), (SUPERADMINROLE, 'runbibformat', -1, 1, {}), (SUPERADMINROLE, WEBACCESSACTION, -1, 0, {}), ('photoadmin', 'runwebcoll', -1, 0, {'collection': 'Pictures'}), (WEBACCESSADMINROLE,WEBACCESSACTION, -1, 0, {}), (SUPERADMINROLE, 'runtaskex', -1, 0, {}), (SUPERADMINROLE, 'referee', -1, 1, {}), (SUPERADMINROLE, 'submit', -1, 1, {}), (SUPERADMINROLE, 'runbibrank', -1, 0, {}), (SUPERADMINROLE, 'cfgbibrank', -1, 0, {}), ) cfg_webaccess_msgs = { 0: 'Try to login as another user.' % (weburl, weburl, "%s"), 1: '
If you think this is not correct, please contact: %s' % (supportemail, supportemail) } cfg_webaccess_warning_msgs = { - 0: 'Authentication granted' , - 1: 'Error (1): You are not authorized to perform this administrative task.', - 2: 'Error (2): You are not authorized to perform administrative tasks.', - 3: 'Error (3): The administrative task specified (%s) is not known.', - 4: 'Error (4): An unexpected error occured when checking username/password.', - 5: 'Error (5): Missing keywords necessary for authorization to this administrative task to be possible.', - 6: 'Error (6): Problems connecting to database. Check that a valid integer value is given as user id.', - 7: 'Error (7): Not enough arguments given, id_user and name_action required.', - 8: 'Error (8): Incorrect keyword given for specified administrative task.' + 0: 'Authorization granted', + 1: 'Error(1): You are not authorized to perform this action.', + 2: 'Error(2): You are not authorized to perform any action.', + 3: 'Error(3): The action %s does not exist.', + 4: 'Error(4): Unexpected error occurred.', + 5: 'Error(5): Missing mandatory keyword argument(s) for this action.', + 6: 'Error(6): Wrong user ID.', + 7: 'Error(7): Not enough arguments, user ID and action name required.', + 8: 'Error(8): Incorrect keyword argument(s) for this action.' } \ No newline at end of file diff --git a/modules/webaccess/lib/access_control_config.py.wml b/modules/webaccess/lib/access_control_config.py.wml index 636827466..eb53c8a3a 100644 --- a/modules/webaccess/lib/access_control_config.py.wml +++ b/modules/webaccess/lib/access_control_config.py.wml @@ -1,112 +1,112 @@ ## $Id$ ## CDSware Access Control Config in mod_python. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. #include "config.wml" #include "configbis.wml" supportemail = "" """CDSware Access Control Config. """ ## okay, rest of the Python code goes below ####### __version__ = "$Id$" from config import * # VALUES TO BE EXPORTED # CURRENTLY USED BY THE FILES access_control_engine.py access_control_admin.py webaccessadmin_lib.py # name of the role giving superadmin rights SUPERADMINROLE = 'superadmin' # name of the webaccess webadmin role WEBACCESSADMINROLE = 'webaccessadmin' # name of the action allowing roles to access the web administrator interface WEBACCESSACTION = 'cfgwebaccess' # name of the action allowing roles to delegate the rights to other roles # ex: libraryadmin to delegate libraryworker DELEGATEADDUSERROLE = 'accdelegaterole' # max number of users to display in the drop down selects MAXSELECTUSERS = 25 # max number of users to display in a page (mainly for user area) MAXPAGEUSERS = 25 # default data for the add_default_settings function # roles # name description def_roles = ((SUPERADMINROLE, 'superuser with all rights'), ('photoadmin', 'Photo collection administrator'), (WEBACCESSADMINROLE, 'WebAccess administrator')) # users # list of e-mail addresses def_users = [] # actions # name desc allowedkeywords optional def_actions = ( ('cfgwebsearch', 'configure WebSearch', '', 'no'), ('cfgbibformat', 'configure BibFormat', '', 'no'), ('cfgwebsubmit', 'configure WebSubmit', '', 'no'), ('runbibindex', 'run BibIndex', '', 'no'), ('runbibupload', 'run BibUpload', '', 'no'), ('runwebcoll', 'run webcoll', 'collection', 'yes'), ('runbibformat', 'run BibFormat', 'format', 'yes'), (WEBACCESSACTION, 'configure WebAccess', '', 'no'), (DELEGATEADDUSERROLE, 'delegate subroles inside WebAccess', 'role', 'no'), ('runbibtaskex', 'run BibTaskEx example', '', 'no'), ('referee', 'referee document type doctype/category categ', 'doctype,categ', 'yes'), ('submit', 'use webSubmit', 'doctype,act', 'yes'), ('runbibrank', 'run BibRank', '', 'no'), ('cfgbibrank', 'configure BibRank', '', 'no'), ) # authorizations # role action arglistid optional arguments def_auths = ( (SUPERADMINROLE, 'cfgwebsearch', -1, 0, {}), (SUPERADMINROLE, 'cfgbibformat', -1, 0, {}), (SUPERADMINROLE, 'cfgwebsubmit', -1, 0, {}), (SUPERADMINROLE, 'runbibindex', -1, 0, {}), (SUPERADMINROLE, 'runbibupload', -1, 0, {}), (SUPERADMINROLE, 'runbibformat', -1, 1, {}), (SUPERADMINROLE, WEBACCESSACTION, -1, 0, {}), ('photoadmin', 'runwebcoll', -1, 0, {'collection': 'Pictures'}), (WEBACCESSADMINROLE,WEBACCESSACTION, -1, 0, {}), (SUPERADMINROLE, 'runtaskex', -1, 0, {}), (SUPERADMINROLE, 'referee', -1, 1, {}), (SUPERADMINROLE, 'submit', -1, 1, {}), (SUPERADMINROLE, 'runbibrank', -1, 0, {}), (SUPERADMINROLE, 'cfgbibrank', -1, 0, {}), ) cfg_webaccess_msgs = { 0: 'Try to login as another user.' % (weburl, weburl, "%s"), 1: '
If you think this is not correct, please contact: %s' % (supportemail, supportemail) } cfg_webaccess_warning_msgs = { - 0: 'Authentication granted' , - 1: 'Error (1): You are not authorized to perform this administrative task.', - 2: 'Error (2): You are not authorized to perform administrative tasks.', - 3: 'Error (3): The administrative task specified (%s) is not known.', - 4: 'Error (4): An unexpected error occured when checking username/password.', - 5: 'Error (5): Missing keywords necessary for authorization to this administrative task to be possible.', - 6: 'Error (6): Problems connecting to database. Check that a valid integer value is given as user id.', - 7: 'Error (7): Not enough arguments given, id_user and name_action required.', - 8: 'Error (8): Incorrect keyword given for specified administrative task.' + 0: 'Authorization granted', + 1: 'Error(1): You are not authorized to perform this action.', + 2: 'Error(2): You are not authorized to perform any action.', + 3: 'Error(3): The action %s does not exist.', + 4: 'Error(4): Unexpected error occurred.', + 5: 'Error(5): Missing mandatory keyword argument(s) for this action.', + 6: 'Error(6): Wrong user ID.', + 7: 'Error(7): Not enough arguments, user ID and action name required.', + 8: 'Error(8): Incorrect keyword argument(s) for this action.' } \ No newline at end of file diff --git a/modules/websession/web/sessinit.inc.php.wml b/modules/websession/web/sessinit.inc.php.wml index 3e1bf2e71..043c2e505 100644 --- a/modules/websession/web/sessinit.inc.php.wml +++ b/modules/websession/web/sessinit.inc.php.wml @@ -1,330 +1,330 @@ ## $Id$ ## Purpose: initializes CDS session management ## ## Note: based on the "PHP4 MySQL Session Handler" code from Ying ## Zhang . His code was modified to ## suit our needs. ## ## Note: for good session management operation, you need to set up in ## the 'php.ini' file the variables `session.gc_maxlifetime' ## (e.g. 86400 to mean 1 day) and `session.cookie_lifetime' to ## zero (session holds until user closes his browser). In ## adddition, the garbage collector should be called explicitely ## via `admin/gc.shtml' if you choose `session.gc_probability' ## to be zero in the `php.ini' file. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## read config variables: #include "config.wml" #include "configbis.wml" "; $DBUSER = ""; $DBPASS = ""; $DBNAME = ""; $WEBDIR = ""; $WEBURL = ""; $BINDIR = ""; $ADMINEMAIL = ""; $IMAGES = "/img"; ### okay, config read, from now on the script can continue ### $SESS_DBHOST = $DBHOST; /* database server hostname */ $SESS_DBNAME = $DBNAME; /* database name */ $SESS_DBUSER = $DBUSER; /* database user */ $SESS_DBPASS = $DBPASS; /* database password */ $SESS_DBH = ""; ## open_db_connection(): function open_db_connection() { ## Open persistent connection to the database. global $SESS_DBHOST, $SESS_DBNAME, $SESS_DBUSER, $SESS_DBPASS, $SESS_DBH; if (! $SESS_DBH = mysql_pconnect($SESS_DBHOST, $SESS_DBUSER, $SESS_DBPASS)) { echo "
  • Can't connect to $SESS_DBHOST as $SESS_DBUSER"; echo "
  • MySQL Error: ", mysql_error(); die; } if (! mysql_select_db($SESS_DBNAME, $SESS_DBH)) { echo "
  • Unable to select database $SESS_DBNAME"; die; } return true; } ## getUid($cookie_string): function getUid($cookie_string) { ## Read cookie string, look up the session table, and return userID. ## If this cookie is not found, then return 0. global $SESS_DBH; $uid = 0; $query = "SELECT uid FROM session WHERE session_key='$cookie_string'"; $res = mysql_perform_query($query, $SESS_DBH); if ($row = mysql_fetch_row($res)) { if ($row[0]) { $uid = $row[0]; } } mysql_free_result($res); return($uid); } ## getEmail(): function getEmail($uid) { ## Return user email out of his UID. global $SESS_DBH; $uid_email = "guest"; $query = "SELECT email FROM user WHERE id='$uid'"; $res = mysql_perform_query($query, $SESS_DBH); if ($row = mysql_fetch_row($res)) { if ($row[0]) { $uid_email = $row[0]; } } mysql_free_result($res); return($uid_email); } function acc_authorize_action($uid, $action) { ## Authorize where $uid can perform $action by calling external ## Python CLI API of WebAccess. ## Return 1 when allowed, 0 otherwise. global $BINDIR; $auth = exec($BINDIR."/authaction ". escapeshellarg($uid) . " " . escapeshellarg($action)); - return split(" , ",$auth, 2); + return split(" - ",$auth, 2); } function authenticate($email,$rule,$doctype="*",$action="*") { global $ADMINEMAIL; if (eregi($ADMINEMAIL,"$email")) return true; $res = mysql_query("select id from rules where name='superuser'"); $row = mysql_fetch_row($res); $id_superuser = $row[0]; $res = mysql_query("select id_user from user_rule where id_rule='${id_superuser}' and (param1='$doctype' or param1='*') and (param2 LIKE '$action' or param2='*')"); while ($row = mysql_fetch_row($res)) { $iduser = $row[0]; $emailuser = getEmail($iduser); if (eregi("$email","$emailuser")) return true; } $res = mysql_query("select id from rules where name='$rule'"); if (mysql_num_rows($res) == 0) return false; else { $row = mysql_fetch_row($res); $idrule = $row[0]; $res = mysql_query("select id_user from user_rule where id_rule='$idrule' and (param1 LIKE '$doctype' or param1='*') and (param2 LIKE '$action' or param2='*')"); while ($row = mysql_fetch_row($res)) { $iduser = $row[0]; $emailuser = getEmail($iduser); if (eregi("$email","$emailuser")) return true; } return false; } } function getRuleID($rule) { //////////////////////////// // get the id of the rule // //////////////////////////// $res = mysql_query(" SELECT id FROM rules WHERE name='$rule'"); if (mysql_num_rows($res) == 0) { // if it does not exist, attempt to create it $res = mysql_query(" INSERT INTO rules (name,description) VALUES ('$rule','')"); $idrule = mysql_insert_id(); } else { $row = mysql_fetch_row($res); $idrule = $row[0]; } return $idrule; } function mysql_perform_query($query, $link_identifier, $behaviour="die") { ## Function to call as an alternative to mysql_query. The function ## stops the execution if the query couldn't be executed and ## prints an error message (HTML formatted) (default behaviour). If ## behaviour is set to 'continue', then the function just goes on. if($behaviour == "continue") $result = mysql_query($query, $link_identifier); else { $result = mysql_query($query, $link_identifier) or die ("

    MySQL: could not execute your query
    $query" . "
    Contact the " . "CDS Support Team.
    " . "Error " . mysql_errno($link_identifier) . ": " . mysql_error($link_identifier) . ".

    "); } return $result; } ## displayLoginMenu() function displayLoginMenu($type) { global $WEBDIR,$WEBURL,$uid_email,$doctypes; print ''; print ''; if ($uid_email != "" && $uid_email != "guest") { print ''; if (authenticate($uid_email,'superuser')) { print ''; print ''; } if ($type == "search") { print ''; print ''; print ''; print ''; } if ($type == "submit") { $res = mysql_query(" SELECT * FROM sbmSUBMISSIONS WHERE email='$uid_email' and status='pending'"); $numpending = mysql_num_rows($res); $res = mysql_query(" SELECT * FROM sbmSUBMISSIONS WHERE email='$uid_email' and status='finished'"); $numfinished = mysql_num_rows($res); if ($doctypes != "account" || $numpending != 0 || $numfinished != 0) print ''; if ($doctypes != "account") print ''; if ($numpending != 0) print ''; if ($numfinished != 0) print ''; $res = mysql_query(" SELECT * FROM sbmDOCTYPE WHERE sdocname='$doctypes'"); if ($doctypes != "Main" && mysql_num_rows($res) != 0 && authenticate("$uid_email","canView","$doctypes")) print ''; // Simple approval process if (authenticate("$uid_email","referee","%","%")) print ''; } print ''; } else { if (isset($SuE)) $initialEmail = $SuE; else $initialEmail = "$uid_email"; print ''; } print '
     PERSONALIZE
    ' . '
       logged in as:' . '
        '.$uid_email.'' . '
       superuser: ' . '
        ' . '' . 'administrative area
        ' . '' . 'Your Alerts
        ' . '' . 'Your Baskets
        ' . '' . 'Your Searches
        ' . '' . 'Your Settings
       view: ' . '
        ' . 'your account' . '
        ' . 'your pending' . ' submissions
        ' . 'your completed' . ' submissions
        ' . '' . 'all completed submissions
        ' . 'the documents I referee
    ' . 'Email:'; print '
    '; print '
    Password:'; print '
    '; print '
    '; print ' (new user?)'; print '
    '; } ## okay, helper functions defined, set up user ID variables now... ## do not create new sessions from PHP; only analyze the cookie already set open_db_connection(); $uid = getUid($_COOKIE["CDSSESSION"]); $uid_email = getEmail($uid); ?>