1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144:
<?php
/**
*
* Root class for external authorizaton plugins
*
* @author Stephen Billard (sbillard)
* @package core
*/
class external_auth {
var $auth='external';
/**
* returns an array with the user details from the external authorization
*/
protected function user() {
return NULL;
}
/**
* This is the cookie processor filter handler
* it invokes the child class check() method to see if there is a valid visitor to the site
* The check() method should return "false" if there is no valid visitor or an array of
* User information if there is one.
*
* If there is a valid user, the user name is checked against Zenphoto users. If such user exists
* he will be automatically logged in. If no user by that userid exists a transient user will be
* created and logged in. User details are filled in from the user information in the passed array.
*
* Most enteries in the result array are simply stored into the user property of the same name. However,
* there are some special handling items that may be present:
* <ul>
* <li>groups: an array of the user's group membership</li>
* <li>objects: a Zenphoto "managed object list" array</li>
* <li>album: the name of the user's primary album</li>
* <li>logout_link: information that the plugin can use when a user loggs out</li>
* </ul>
*
* All the above may be missing. However, if there is no groups entry, there needs to be an
* entry for the user's rights otherwise he will have none. There should not be both a rights entry
* and a groups entry as they are mutually exclusive.
*
* album and objects entries should come last in the list so all other properties are processed first as
* these methods may modify other properties.
*
* @param BIT $authorized
*/
function check($authorized) {
global $_zp_current_admin_obj;
if (!$authorized) { // not logged in via normal Zenphoto handling
if ($result = $this->user()) {
$user = $result['user'];
$searchfor = array('`user`=' => $user, '`valid`=' => 1);
$userobj = Zenphoto_Authority::getAnAdmin($searchfor);
if (!$userobj) {
unset($result['id']);
unset($result['user']);
$authority = '';
// create a transient user
$userobj = new Zenphoto_Administrator('', 1);
$userobj->setUser($user);
$userobj->setRights(NO_RIGHTS); // just incase none get set
// Flag as external credentials for completeness
$properties = array_keys($result); // the list of things we got from the external authority
array_unshift($properties, $this->auth);
$userobj->setCredentials($properties);
// populate the user properties
$member = false; // no group membership (yet)
foreach ($result as $key=>$value) {
switch ($key) {
case 'authority':
$authority = '::'.$value;
unset($result['authority']);
break;
case 'groups':
// find the corresponding Zenphoto group (if it exists)
$rights = NO_RIGHTS;
$objects = array();
$groups = $value;
foreach ($groups as $key=>$group) {
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $group,'`valid`=' => 0));
if ($groupobj) {
$member = true;
$rights = $groupobj->getRights() | $rights;
$objects = array_merge($groupobj->getObjects(), $objects);
if ($groupobj->getName() == 'template') {
unset($groups[$key]);
}
} else {
unset($groups[$key]);
}
}
if ($member) {
$userobj->setGroup(implode(',',$groups));
$userobj->setRights($rights);
$userobj->setObjects($objects);
}
break;
case 'defaultgroup':
if (!$member && isset($result['defaultgroup'])) {
// No Zenphoto group, use the default group
$group = $result['defaultgroup'];
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $group,'`valid`=' => 0));
if ($groupobj) {
$rights = $groupobj->getRights();
$objects = $groupobj->getObjects();
if ($groupobj->getName() != 'template') {
$group = NULL;
}
$userobj->setGroup($group);
$userobj->setRights($rights);
$userobj->setObjects($objects);
}
}
break;
case 'objects':
$userobj->setObjects($objects);
break;
case 'album':
$userobj->createPrimealbum(false, $value);
break;
default:
$userobj->set($key,$value);
break;
}
}
$properties = array_keys($result); // the list of things we got from the external authority
array_unshift($properties, $this->auth.$authority);
$userobj->setCredentials($properties);
}
if (isset($result['logout_link'])) {
$userobj->logout_link = $result['logout_link'];
}
$_zp_current_admin_obj = $userobj;
$authorized = $_zp_current_admin_obj->getRights();
}
}
return $authorized;
}
}
?>