1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2013 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class identity_Core {
protected static $available;
/**
* Return a list of installed Identity Drivers.
*
* @return boolean true if the driver supports updates; false if read only
*/
static function providers() {
if (empty(self::$available)) {
$drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS);
foreach (module::available() as $module_name => $module) {
if (file_exists(MODPATH . "{$module_name}/config/identity.php")) {
$drivers->$module_name = $module->description;
}
}
self::$available = $drivers;
}
return self::$available;
}
/**
* Frees the current instance of the identity provider so the next call to instance will reload
*
* @param string configuration
* @return Identity_Core
*/
static function reset() {
IdentityProvider::reset();
}
/**
* Make sure that we have a session and group_ids cached in the session.
*/
static function load_user() {
try {
// Call IdentityProvider::instance() now to force the load of the user interface classes.
// We are about to load the active user from the session and which needs the user definition
// class, which can't be reached by Kohana's heiracrchical lookup.
IdentityProvider::instance();
$session = Session::instance();
if (!($user = $session->get("user"))) {
identity::set_active_user($user = identity::guest());
}
// The installer cannot set a user into the session, so it just sets an id which we should
// upconvert into a user.
// @todo set the user name into the session instead of 2 and then use it to get the
// user object
if ($user === 2) {
$session->delete("user"); // delete it so that identity code isn't confused by the integer
auth::login(IdentityProvider::instance()->admin_user());
}
// Cache the group ids for a day to trade off performance for security updates.
if (!$session->get("group_ids") || $session->get("group_ids_timeout", 0) < time()) {
$ids = array();
foreach ($user->groups() as $group) {
$ids[] = $group->id;
}
$session->set("group_ids", $ids);
$session->set("group_ids_timeout", time() + 86400);
}
} catch (Exception $e) {
// Log it, so we at least have so notification that we swallowed the exception.
Kohana_Log::add("error", "load_user Exception: " .
$e->getMessage() . "\n" . $e->getTraceAsString());
try {
Session::instance()->destroy();
} catch (Exception $e) {
// We don't care if there was a problem destroying the session.
}
url::redirect(item::root()->abs_url());
}
}
/**
* Return the array of group ids this user belongs to
*
* @return array
*/
static function group_ids_for_active_user() {
return Session::instance()->get("group_ids", array(1));
}
/**
* Return the active user. If there's no active user, return the guest user.
*
* @return User_Definition
*/
static function active_user() {
// @todo (maybe) cache this object so we're not always doing session lookups.
$user = Session::instance()->get("user", null);
if (!isset($user)) {
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
// work.
$user = identity::guest();
}
return $user;
}
/**
* Change the active user.
* @param User_Definition $user
*/
static function set_active_user($user) {
$session = Session::instance();
$session->set("user", $user);
$session->delete("group_ids");
identity::load_user();
}
/**
* Determine if if the current driver supports updates.
*
* @return boolean true if the driver supports updates; false if read only
*/
static function is_writable() {
return IdentityProvider::instance()->is_writable();
}
/**
* @see IdentityProvider_Driver::guest.
*/
static function guest() {
return IdentityProvider::instance()->guest();
}
/**
* @see IdentityProvider_Driver::admin_user.
*/
static function admin_user() {
return IdentityProvider::instance()->admin_user();
}
/**
* @see IdentityProvider_Driver::create_user.
*/
static function create_user($name, $full_name, $password, $email) {
return IdentityProvider::instance()->create_user($name, $full_name, $password, $email);
}
/**
* @see IdentityProvider_Driver::is_correct_password.
*/
static function is_correct_password($user, $password) {
return IdentityProvider::instance()->is_correct_password($user, $password);
}
/**
* @see IdentityProvider_Driver::lookup_user.
*/
static function lookup_user($id) {
return IdentityProvider::instance()->lookup_user($id);
}
/**
* @see IdentityProvider_Driver::lookup_user_by_name.
*/
static function lookup_user_by_name($name) {
return IdentityProvider::instance()->lookup_user_by_name($name);
}
/**
* @see IdentityProvider_Driver::create_group.
*/
static function create_group($name) {
return IdentityProvider::instance()->create_group($name);
}
/**
* @see IdentityProvider_Driver::everybody.
*/
static function everybody() {
return IdentityProvider::instance()->everybody();
}
/**
* @see IdentityProvider_Driver::registered_users.
*/
static function registered_users() {
return IdentityProvider::instance()->registered_users();
}
/**
* @see IdentityProvider_Driver::lookup_group.
*/
static function lookup_group($id) {
return IdentityProvider::instance()->lookup_group($id);
}
/**
* @see IdentityProvider_Driver::lookup_group_by_name.
*/
static function lookup_group_by_name($name) {
return IdentityProvider::instance()->lookup_group_by_name($name);
}
/**
* @see IdentityProvider_Driver::get_user_list.
*/
static function get_user_list($ids) {
return IdentityProvider::instance()->get_user_list($ids);
}
/**
* @see IdentityProvider_Driver::groups.
*/
static function groups() {
return IdentityProvider::instance()->groups();
}
/**
* @see IdentityProvider_Driver::add_user_to_group.
*/
static function add_user_to_group($user, $group) {
return IdentityProvider::instance()->add_user_to_group($user, $group);
}
/**
* @see IdentityProvider_Driver::remove_user_to_group.
*/
static function remove_user_from_group($user, $group) {
return IdentityProvider::instance()->remove_user_from_group($user, $group);
}
}
|
