1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
<?php
/**
*
* Root class for external authorizaton plugins
*
* @author Stephen Billard (sbillard)
* @package core
*/
class external_auth {
var $auth='external';
/**
* returns an array with the user details from the external authorization
*/
protected function user() {
return NULL;
}
/**
* This is the cookie processor filter handler
* it invokes the child class check() method to see if there is a valid visitor to the site
* The check() method should return "false" if there is no valid visitor or an array of
* User information if there is one.
*
* If there is a valid user, the user name is checked against Zenphoto users. If such user exists
* he will be automatically logged in. If no user by that userid exists a transient user will be
* created and logged in. User details are filled in from the user information in the passed array.
*
* Most enteries in the result array are simply stored into the user property of the same name. However,
* there are some special handling items that may be present:
* <ul>
* <li>groups: an array of the user's group membership</li>
* <li>objects: a Zenphoto "managed object list" array</li>
* <li>album: the name of the user's primary album</li>
* <li>logout_link: information that the plugin can use when a user loggs out</li>
* </ul>
*
* All the above may be missing. However, if there is no groups entry, there needs to be an
* entry for the user's rights otherwise he will have none. There should not be both a rights entry
* and a groups entry as they are mutually exclusive.
*
* album and objects entries should come last in the list so all other properties are processed first as
* these methods may modify other properties.
*
* @param BIT $authorized
*/
function check($authorized) {
global $_zp_current_admin_obj;
if (!$authorized) { // not logged in via normal Zenphoto handling
if ($result = $this->user()) {
$user = $result['user'];
$searchfor = array('`user`=' => $user, '`valid`=' => 1);
$userobj = Zenphoto_Authority::getAnAdmin($searchfor);
if (!$userobj) {
unset($result['id']);
unset($result['user']);
$authority = '';
// create a transient user
$userobj = new Zenphoto_Administrator('', 1);
$userobj->setUser($user);
$userobj->setRights(NO_RIGHTS); // just incase none get set
// Flag as external credentials for completeness
$properties = array_keys($result); // the list of things we got from the external authority
array_unshift($properties, $this->auth);
$userobj->setCredentials($properties);
// populate the user properties
$member = false; // no group membership (yet)
foreach ($result as $key=>$value) {
switch ($key) {
case 'authority':
$authority = '::'.$value;
unset($result['authority']);
break;
case 'groups':
// find the corresponding Zenphoto group (if it exists)
$rights = NO_RIGHTS;
$objects = array();
$groups = $value;
foreach ($groups as $key=>$group) {
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $group,'`valid`=' => 0));
if ($groupobj) {
$member = true;
$rights = $groupobj->getRights() | $rights;
$objects = array_merge($groupobj->getObjects(), $objects);
if ($groupobj->getName() == 'template') {
unset($groups[$key]);
}
} else {
unset($groups[$key]);
}
}
if ($member) {
$userobj->setGroup(implode(',',$groups));
$userobj->setRights($rights);
$userobj->setObjects($objects);
}
break;
case 'defaultgroup':
if (!$member && isset($result['defaultgroup'])) {
// No Zenphoto group, use the default group
$group = $result['defaultgroup'];
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $group,'`valid`=' => 0));
if ($groupobj) {
$rights = $groupobj->getRights();
$objects = $groupobj->getObjects();
if ($groupobj->getName() != 'template') {
$group = NULL;
}
$userobj->setGroup($group);
$userobj->setRights($rights);
$userobj->setObjects($objects);
}
}
break;
case 'objects':
$userobj->setObjects($objects);
break;
case 'album':
$userobj->createPrimealbum(false, $value);
break;
default:
$userobj->set($key,$value);
break;
}
}
$properties = array_keys($result); // the list of things we got from the external authority
array_unshift($properties, $this->auth.$authority);
$userobj->setCredentials($properties);
}
if (isset($result['logout_link'])) {
$userobj->logout_link = $result['logout_link'];
}
$_zp_current_admin_obj = $userobj;
$authorized = $_zp_current_admin_obj->getRights();
}
}
return $authorized;
}
}
?>
|