1: <?php
2: /**
3: *
4: * Root class for external authorizaton plugins
5: *
6: * @author Stephen Billard (sbillard)
7: * @package core
8: */
9:
10: class external_auth {
11:
12: var $auth='external';
13:
14: /**
15: * returns an array with the user details from the external authorization
16: */
17: protected function user() {
18: return NULL;
19: }
20:
21: /**
22: * This is the cookie processor filter handler
23: * it invokes the child class check() method to see if there is a valid visitor to the site
24: * The check() method should return "false" if there is no valid visitor or an array of
25: * User information if there is one.
26: *
27: * If there is a valid user, the user name is checked against Zenphoto users. If such user exists
28: * he will be automatically logged in. If no user by that userid exists a transient user will be
29: * created and logged in. User details are filled in from the user information in the passed array.
30: *
31: * Most enteries in the result array are simply stored into the user property of the same name. However,
32: * there are some special handling items that may be present:
33: * <ul>
34: * <li>groups: an array of the user's group membership</li>
35: * <li>objects: a Zenphoto "managed object list" array</li>
36: * <li>album: the name of the user's primary album</li>
37: * <li>logout_link: information that the plugin can use when a user loggs out</li>
38: * </ul>
39: *
40: * All the above may be missing. However, if there is no groups entry, there needs to be an
41: * entry for the user's rights otherwise he will have none. There should not be both a rights entry
42: * and a groups entry as they are mutually exclusive.
43: *
44: * album and objects entries should come last in the list so all other properties are processed first as
45: * these methods may modify other properties.
46: *
47: * @param BIT $authorized
48: */
49: function check($authorized) {
50: global $_zp_current_admin_obj;
51: if (!$authorized) { // not logged in via normal Zenphoto handling
52: if ($result = $this->user()) {
53: $user = $result['user'];
54: $searchfor = array('`user`=' => $user, '`valid`=' => 1);
55: $userobj = Zenphoto_Authority::getAnAdmin($searchfor);
56: if (!$userobj) {
57: unset($result['id']);
58: unset($result['user']);
59: $authority = '';
60: // create a transient user
61: $userobj = new Zenphoto_Administrator('', 1);
62: $userobj->setUser($user);
63: $userobj->setRights(NO_RIGHTS); // just incase none get set
64: // Flag as external credentials for completeness
65: $properties = array_keys($result); // the list of things we got from the external authority
66: array_unshift($properties, $this->auth);
67: $userobj->setCredentials($properties);
68: // populate the user properties
69: $member = false; // no group membership (yet)
70: foreach ($result as $key=>$value) {
71: switch ($key) {
72: case 'authority':
73: $authority = '::'.$value;
74: unset($result['authority']);
75: break;
76: case 'groups':
77: // find the corresponding Zenphoto group (if it exists)
78: $rights = NO_RIGHTS;
79: $objects = array();
80: $groups = $value;
81: foreach ($groups as $key=>$group) {
82: $groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $group,'`valid`=' => 0));
83: if ($groupobj) {
84: $member = true;
85: $rights = $groupobj->getRights() | $rights;
86: $objects = array_merge($groupobj->getObjects(), $objects);
87: if ($groupobj->getName() == 'template') {
88: unset($groups[$key]);
89: }
90: } else {
91: unset($groups[$key]);
92: }
93: }
94: if ($member) {
95: $userobj->setGroup(implode(',',$groups));
96: $userobj->setRights($rights);
97: $userobj->setObjects($objects);
98: }
99: break;
100: case 'defaultgroup':
101: if (!$member && isset($result['defaultgroup'])) {
102: // No Zenphoto group, use the default group
103: $group = $result['defaultgroup'];
104: $groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $group,'`valid`=' => 0));
105: if ($groupobj) {
106: $rights = $groupobj->getRights();
107: $objects = $groupobj->getObjects();
108: if ($groupobj->getName() != 'template') {
109: $group = NULL;
110: }
111: $userobj->setGroup($group);
112: $userobj->setRights($rights);
113: $userobj->setObjects($objects);
114: }
115: }
116: break;
117: case 'objects':
118: $userobj->setObjects($objects);
119: break;
120: case 'album':
121: $userobj->createPrimealbum(false, $value);
122: break;
123: default:
124: $userobj->set($key,$value);
125: break;
126: }
127: }
128: $properties = array_keys($result); // the list of things we got from the external authority
129: array_unshift($properties, $this->auth.$authority);
130: $userobj->setCredentials($properties);
131: }
132: if (isset($result['logout_link'])) {
133: $userobj->logout_link = $result['logout_link'];
134: }
135: $_zp_current_admin_obj = $userobj;
136: $authorized = $_zp_current_admin_obj->getRights();
137: }
138: }
139: return $authorized;
140: }
141:
142:
143: }
144: ?>