From a2c082b135509b0b0dfe1b24b4d2abf2f9cf2f60 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Tue, 2 May 2017 16:42:03 -0500 Subject: [PATCH] Progress: standard path design, database accounts, database logging, and other fixes Move all of the execute parameters into the c_standard_path class so that it does not have to be passed to every function. - Down the road, I may just have the execution function without parameters and use a separate function for assigning the parameters to the class. Make sure the database accounts exist in the user table. - Ldap synchronization on login is now functioning. - Non-LDAP does not synchronize or change account settings on login. - There is currently no 3rd-party database/structure/design to use as a basis for auto-assigning roles, therefore roles must be manually assigned to the each user. - This manual assignment will still auto-update the postgresql roles, so only the is_* columns need to be altered and postgresql roles will automatically follow via triggers. The first part of the database logging is setup and working. - There is much more work to do. Other fixes and changes. --- common/standard/classes/standard_index.php | 4 ++ common/standard/classes/standard_path.php | 84 ++++++++++++++------------ common/standard/internal/access_denied.php | 4 +- common/standard/internal/bad_method.php | 4 +- common/standard/internal/index.php | 4 +- common/standard/internal/not_found.php | 4 +- common/standard/internal/server_error.php | 4 +- common/standard/paths/u/dashboard.php | 12 ++-- common/standard/paths/u/login.php | 80 ++++++++++++++++++++---- common/standard/paths/u/logout.php | 3 +- database/sql/reservation/reservation-users.sql | 8 ++- database/sql/standard/standard-users.sql | 6 ++ program/reservation/index.php | 3 + 13 files changed, 150 insertions(+), 70 deletions(-) diff --git a/common/standard/classes/standard_index.php b/common/standard/classes/standard_index.php index 26473f0..79f37f9 100644 --- a/common/standard/classes/standard_index.php +++ b/common/standard/classes/standard_index.php @@ -85,6 +85,10 @@ class c_standard_index extends c_base_return { $this->settings['base_scheme'] = 'http'; } + // theme information + $this->settings['system_name'] = $this->settings['session_system']; + $this->settings['base_css'] = 'standard-'; + // The HTML tag

, represents a paragraph. // However, many sites, services, and developers incorrectly use it to represent text. // The definition of the word 'paragraph' contradicts this current usage of the HTML tag

. diff --git a/common/standard/classes/standard_path.php b/common/standard/classes/standard_path.php index 973f345..410ad1c 100644 --- a/common/standard/classes/standard_path.php +++ b/common/standard/classes/standard_path.php @@ -12,7 +12,6 @@ require_once('common/base/classes/base_markup.php'); * Provides standard extensions to base paths. */ class c_standard_path extends c_base_path { - protected const CSS_BASE = 'standard-'; protected const CSS_NAME = 'content-wrapper'; protected const CSS_AS_TITLE = 'as-title'; @@ -36,8 +35,10 @@ class c_standard_path extends c_base_path { protected const CSS_PATH_PART = 'path-part-'; protected const CSS_PATH_FULL = 'path-full-'; - protected $use_p_tags = NULL; - protected $base_path = NULL; + protected $http; + protected $database; + protected $session; + protected $settings; /** @@ -46,16 +47,20 @@ class c_standard_path extends c_base_path { public function __construct() { parent::__construct(); - $this->use_p_tags = FALSE; - $this->base_path = ''; + $this->http = NULL; + $this->database = NULL; + $this->session = NULL; + $this->settings = array(); } /** * Class destructor. */ public function __destruct() { - unset($this->use_p_tags); - unset($this->base_path); + unset($this->http); + unset($this->database); + unset($this->session); + unset($this->settings); parent::__destruct(); } @@ -63,17 +68,20 @@ class c_standard_path extends c_base_path { /** * Load any default settings. * + * @param c_base_http $http + * The entire HTTP information to allow for the execution to access anything that is necessary. + * @param c_base_database $database + * The database object, which is usually used by form and ajax paths. + * @param c_base_session &$session + * The current session. * @param array $settings - * The array containing all of the settings to parse. + * (optional) An array of additional settings that are usually site-specific. */ - protected function pr_assign_defaults($settings) { - if (isset($settings['standards_issue-use_p_tags']) && is_bool($settings['standards_issue-use_p_tags'])) { - $this->use_p_tags = $settings['standards_issue-use_p_tags']; - } - - if (isset($settings['base_path']) && is_string($settings['base_path'])) { - $this->base_path = $settings['base_path']; - } + protected function pr_assign_defaults(&$http, &$database, &$session, &$settings) { + $this->http = $http; + $this->database = $database; + $this->session = $session; + $this->settings = $settings; } /** @@ -83,7 +91,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_wrapper() { - return c_theme_html::s_create_tag(c_base_markup_tag::TYPE_SECTION, self::CSS_BASE . self::CSS_NAME, array(self::CSS_BASE . self::CSS_NAME, self::CSS_NAME)); + return c_theme_html::s_create_tag(c_base_markup_tag::TYPE_SECTION, $this->settings['base_css'] . self::CSS_NAME, array($this->settings['base_css'] . self::CSS_NAME, self::CSS_NAME)); } /** @@ -128,7 +136,7 @@ class c_standard_path extends c_base_path { */ protected function pr_create_tag_text($text, $arguments = array()) { $type = c_base_markup_tag::TYPE_SPAN; - if ($this->use_p_tags) { + if (isset($this->settings['standards_issue-use_p_tags']) && $this->settings['standards_issue-use_p_tags']) { $type = c_base_markup_tag::TYPE_PARAGRAPH; } @@ -152,7 +160,7 @@ class c_standard_path extends c_base_path { */ protected function pr_create_tag_paragraph($text, $arguments = array()) { $type = c_base_markup_tag::TYPE_SPAN; - if ($this->use_p_tags) { + if (isset($this->settings['standards_issue-use_p_tags']) && $this->settings['standards_issue-use_p_tags']) { $type = c_base_markup_tag::TYPE_PARAGRAPH; } @@ -180,7 +188,7 @@ class c_standard_path extends c_base_path { if (!is_null($text)) { $type = c_base_markup_tag::TYPE_SPAN; - if ($this->use_p_tags) { + if (isset($this->settings['standards_issue-use_p_tags']) && $this->settings['standards_issue-use_p_tags']) { $type = c_base_markup_tag::TYPE_PARAGRAPH; } @@ -216,7 +224,7 @@ class c_standard_path extends c_base_path { if (!is_null($text)) { $type = c_base_markup_tag::TYPE_SPAN; - if ($this->use_p_tags) { + if (isset($this->settings['standards_issue-use_p_tags']) && $this->settings['standards_issue-use_p_tags']) { $type = c_base_markup_tag::TYPE_PARAGRAPH; } @@ -266,37 +274,28 @@ class c_standard_path extends c_base_path { /** * Create a new HTML markup class with default settings populated. * - * @param c_base_http $http - * The entire HTTP information to allow for the execution to access anything that is necessary. - * @param c_base_database $database - * The database object, which is usually used by form and ajax paths. - * @param c_base_session &$session - * The current session. - * @param array $settings - * An array of additional settings that are usually site-specific. - * * @return c_base_html * The generated html is returned on success. * The generated html with error bit set is returned on error. */ - protected function pr_create_html(&$http, &$database, &$session, $settings) { + protected function pr_create_html() { $title = $this->pr_get_title(); $html = new c_base_html(); - $request_uri = $http->get_request(c_base_http::REQUEST_URI)->get_value_exact(); + $request_uri = $this->http->get_request(c_base_http::REQUEST_URI)->get_value_exact(); if (isset($request_uri['data']) && is_string($request_uri['data'])) { $request_uri = $request_uri['data']; unset($request_uri['current']); unset($request_uri['invalid']); - $request_path = $http->get_request_uri_relative($settings['base_path'])->get_value_exact(); + $request_path = $this->http->get_request_uri_relative($this->settings['base_path'])->get_value_exact(); } else { $request_uri = array( - 'scheme' => $settings['base_scheme'], - 'authority' => $settings['base_host'], - 'path' => $settings['base_path'], + 'scheme' => $this->settings['base_scheme'], + 'authority' => $this->settings['base_host'], + 'path' => $this->settings['base_path'], 'query' => NULL, 'fragment' => NULL, 'url' => TRUE, @@ -317,7 +316,7 @@ class c_standard_path extends c_base_path { unset($instance); // add path classes - $path = $http->get_request_uri_relative($request_uri['path'])->get_value_exact(); + $path = $this->http->get_request_uri_relative($request_uri['path'])->get_value_exact(); $path_parts = explode('/', $path); if (is_array($path_parts)) { @@ -338,18 +337,23 @@ class c_standard_path extends c_base_path { } unset($path_parts); + $class[] = self::CSS_IS_CONTENT_TYPE; + $class[] = self::CSS_IS_JAVASCRIPT_DISABLED; + $html->set_attribute_body(c_base_markup_attributes::ATTRIBUTE_CLASS, $class); unset($class); // assign id attribute - #$html->set_attribute(c_base_markup_attributes::ATTRIBUTE_ID, 'example-system'); - #$html->set_attribute_body(c_base_markup_attributes::ATTRIBUTE_ID, 'example-system-body'); + $id = $html->sanitize_css('system-' . $this->settings['session_system'])->get_value_exact(); + #$html->set_attribute(c_base_markup_attributes::ATTRIBUTE_ID, $id); + $html->set_attribute_body(c_base_markup_attributes::ATTRIBUTE_ID, $id); + unset($id); // assign language attribute. $language = i_base_languages::ENGLISH_US; - $languages = $http->get_response_content_language()->get_value_exact(); + $languages = $this->http->get_response_content_language()->get_value_exact(); if (is_array($languages) && !empty($languages)) { $language = reset($languages); } diff --git a/common/standard/internal/access_denied.php b/common/standard/internal/access_denied.php index 4ad079c..f970501 100644 --- a/common/standard/internal/access_denied.php +++ b/common/standard/internal/access_denied.php @@ -23,7 +23,7 @@ class c_standard_path_access_denied extends c_standard_path { return $executed; } - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); $wrapper = $this->pr_create_tag_wrapper(); $wrapper->set_tag($this->pr_create_tag_title(0)); @@ -31,7 +31,7 @@ class c_standard_path_access_denied extends c_standard_path { // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); unset($wrapper); diff --git a/common/standard/internal/bad_method.php b/common/standard/internal/bad_method.php index 5ab2554..8c580c3 100644 --- a/common/standard/internal/bad_method.php +++ b/common/standard/internal/bad_method.php @@ -25,7 +25,7 @@ class c_standard_path_bad_method extends c_standard_path { return $executed; } - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); $wrapper = $this->pr_create_tag_wrapper(); $wrapper->set_tag($this->pr_create_tag_title(0)); @@ -33,7 +33,7 @@ class c_standard_path_bad_method extends c_standard_path { // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); unset($wrapper); diff --git a/common/standard/internal/index.php b/common/standard/internal/index.php index a487f04..fed9814 100644 --- a/common/standard/internal/index.php +++ b/common/standard/internal/index.php @@ -24,7 +24,7 @@ class c_standard_path_index extends c_standard_path { return $executed; } - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); $wrapper = $this->pr_create_tag_wrapper(); $wrapper->set_tag($this->pr_create_tag_title(0)); @@ -32,7 +32,7 @@ class c_standard_path_index extends c_standard_path { // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); unset($wrapper); diff --git a/common/standard/internal/not_found.php b/common/standard/internal/not_found.php index b51b38b..73533e4 100644 --- a/common/standard/internal/not_found.php +++ b/common/standard/internal/not_found.php @@ -23,7 +23,7 @@ class c_standard_path_not_found extends c_standard_path { return $executed; } - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); $wrapper = $this->pr_create_tag_wrapper(); $wrapper->set_tag($this->pr_create_tag_title(0)); @@ -31,7 +31,7 @@ class c_standard_path_not_found extends c_standard_path { // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); unset($wrapper); diff --git a/common/standard/internal/server_error.php b/common/standard/internal/server_error.php index 4c3d52d..25a484a 100644 --- a/common/standard/internal/server_error.php +++ b/common/standard/internal/server_error.php @@ -23,7 +23,7 @@ class c_standard_path_server_error extends c_standard_path { return $executed; } - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); $wrapper = $this->pr_create_tag_wrapper(); $wrapper->set_tag($this->pr_create_tag_title(0)); @@ -31,7 +31,7 @@ class c_standard_path_server_error extends c_standard_path { // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); unset($wrapper); diff --git a/common/standard/paths/u/dashboard.php b/common/standard/paths/u/dashboard.php index caf7b7c..12e3819 100644 --- a/common/standard/paths/u/dashboard.php +++ b/common/standard/paths/u/dashboard.php @@ -22,9 +22,9 @@ class c_standard_path_user_dashboard extends c_standard_path { $executed = parent::do_execute($http, $database, $session, $settings); if (c_base_return::s_has_error($executed)) { return $executed; - } + }; - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); $wrapper = $this->pr_create_tag_wrapper(); $wrapper->set_tag($this->pr_create_tag_title(0)); @@ -36,9 +36,11 @@ class c_standard_path_user_dashboard extends c_standard_path { $roles = array(); - if ($current_user instanceof c_base_users) { - $roles = $current_user->get_roles(); + if ($current_user instanceof c_base_users_user) { + $roles = $current_user->get_roles()->get_value_exact(); } + unset($current_user); + #unset($session_user); $wrapper->set_tag($this->pr_create_tag_text_block($this->pr_get_text(2, array('@{user}' => $session->get_name()->get_value_exact())))); @@ -101,7 +103,7 @@ class c_standard_path_user_dashboard extends c_standard_path { unset($block); // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); $executed->set_output($html); diff --git a/common/standard/paths/u/login.php b/common/standard/paths/u/login.php index 5ebab10..09e17f0 100644 --- a/common/standard/paths/u/login.php +++ b/common/standard/paths/u/login.php @@ -40,10 +40,10 @@ class c_standard_path_user_login extends c_standard_path { return $executed; } - $this->pr_assign_defaults($settings); + $this->pr_assign_defaults($http, $database, $session, $settings); // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $wrapper = $this->pr_create_tag_wrapper(); $logged_in = $session->is_logged_in()->get_value_exact(); @@ -79,7 +79,7 @@ class c_standard_path_user_login extends c_standard_path { $href = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_A); $href->set_text($this->pr_get_text(6)); - $href->set_attribute(c_base_markup_attributes::ATTRIBUTE_HREF, $this->base_path . self::PATH_LOGOUT); + $href->set_attribute(c_base_markup_attributes::ATTRIBUTE_HREF, $settings['base_path'] . self::PATH_LOGOUT); $block->set_tag($href); unset($href); @@ -440,6 +440,16 @@ class c_standard_path_user_login extends c_standard_path { else { c_standard_index::s_do_initialize_database($database); + // if LDAP is available, make sure the account information exists. + $ldap = $this->pr_load_ldap_data($settings, $_POST['login_form-username']); + if ($ldap['status']) { + $this->pr_update_user_data($database, $ldap); + } + else { + $this->pr_update_user_data($database); + } + unset($ldap); + if ($database instanceof c_standard_database) { $database->do_log_user(c_base_log::TYPE_CONNECT, c_base_http_status::OK, array('expires' => $session->get_timeout_expire()->get_value_exact())); } @@ -682,16 +692,6 @@ class c_standard_path_user_login extends c_standard_path { * FALSE with error bit set is returned on error. */ protected function pr_do_ensure_user_account($settings, $user_name) { - if (!is_array($settings)) { - $error = c_base_error::s_log(NULL, array('arguments' => array(':{argument_name}' => 'settings', ':{function_name}' => __FUNCTION__)), i_base_error_messages::INVALID_ARGUMENT); - return c_base_return_error::s_false($error); - } - - if (!is_string($user_name)) { - $error = c_base_error::s_log(NULL, array('arguments' => array(':{argument_name}' => 'user_name', ':{function_name}' => __FUNCTION__)), i_base_error_messages::INVALID_ARGUMENT); - return c_base_return_error::s_false($error); - } - $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if (!is_resource($socket)) { unset($socket); @@ -814,6 +814,60 @@ class c_standard_path_user_login extends c_standard_path { } /** + * Ensure that the user data exists and is up to date. + * + * @param c_base_database &$database + * The database object. + * @param array|null $ldap + * (optional) When NULL, the user data is only ensure to exist. + * When an array, the given ldap information is used to update the account. + * + * @return c_base_return_status + * TRUE on success, FALSE otherwise. + */ + protected function pr_update_user_data(&$database, $ldap = NULL) { + $query_result = $database->do_query('select id from v_users_self_exists'); + if ($query_result instanceof c_base_database_result) { + if (is_array($ldap)) { + $query_arguments = array(); + + $email = explode('@', $ldap['data']['mail']); + if (count($email) != 2) { + $email[0] = NULL; + $email[1] = NULL; + } + + $query_arguments[] = isset($ldap['data']['employeenumber']) && is_numeric($ldap['data']['employeenumber']) ? (int) $ldap['data']['employeenumber'] : NULL;; + $query_arguments[] = isset($ldap['data']['givenname']) && is_string($ldap['data']['givenname']) ? $ldap['data']['givenname'] : NULL; + $query_arguments[] = isset($ldap['data']['sn']) && is_string($ldap['data']['sn']) ? $ldap['data']['sn'] : NULL; + $query_arguments[] = isset($ldap['data']['gecos']) && is_string($ldap['data']['gecos']) ? $ldap['data']['gecos'] : NULL; + $query_arguments[] = $email[0]; + $query_arguments[] = $email[1]; + unset($email); + + // if the user account does not exist, then create it. + if ($query_result->fetch_row()->get_value() === FALSE) { + $query_string = 'insert into v_users_self_insert (id_external, name_human.first, name_human.last, name_human.complete, address_email.name, address_email.domain, address_email.private) values ($1, $2, $3, $4, $5, $6, $7)'; + $query_arguments[] = 't'; + } + else { + $query_string = 'update v_users_self_update set id_external = $1, name_human.first = $2, name_human.last = $3, name_human.complete = $4, address_email.name = $5, address_email.domain = $6'; + } + + $database->do_query($query_string, $query_arguments); + unset($query_string); + unset($query_arguments); + } + else { + if ($query_result->fetch_row()->get_value() === FALSE) { + $database->do_query('insert into v_users_self_insert (id_external, name_human.first, name_human.last, name_human.complete, address_email.name, address_email.domain, address_email.private) values (null, null, null, null, null, null, true)'); + } + } + } + unset($query_result); + } + + /** * Implements pr_get_text(). */ protected function pr_get_text($code, $arguments = array()) { diff --git a/common/standard/paths/u/logout.php b/common/standard/paths/u/logout.php index 25d3cfe..f700090 100644 --- a/common/standard/paths/u/logout.php +++ b/common/standard/paths/u/logout.php @@ -9,6 +9,7 @@ require_once('common/base/classes/base_return.php'); require_once('common/base/classes/base_path.php'); require_once('common/base/classes/base_http_status.php'); require_once('common/base/classes/base_cookie.php'); +require_once('common/base/classes/base_log.php'); require_once('common/standard/classes/standard_path.php'); require_once('common/standard/classes/standard_database.php'); @@ -40,7 +41,7 @@ class c_standard_path_user_logout extends c_standard_path { // initialize the content as HTML. - $html = $this->pr_create_html($http, $database, $session, $settings); + $html = $this->pr_create_html(); $html->set_tag($wrapper); unset($wrapper); diff --git a/database/sql/reservation/reservation-users.sql b/database/sql/reservation/reservation-users.sql index 7ec5db5..0f4ad01 100644 --- a/database/sql/reservation/reservation-users.sql +++ b/database/sql/reservation/reservation-users.sql @@ -130,6 +130,12 @@ create view public.v_users_self_locked_not with (security_barrier=true) as grant select on public.v_users_self_locked_not to r_reservation, r_reservation_system, r_reservation_public; +create view public.v_users_self_exists with (security_barrier=true) as + select id, name_machine, is_system, is_public, is_locked, is_deleted from s_tables.t_users + where (name_machine)::text = (current_user)::text; + +grant select on public.v_users_self_exists to r_reservation, r_reservation_system, r_reservation_public; + create view s_users.v_users_self_insert with (security_barrier=true) as select id_external, name_human, address_email, is_private, settings from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public and (name_machine)::text = (current_user)::text @@ -138,7 +144,7 @@ create view s_users.v_users_self_insert with (security_barrier=true) as grant insert on s_users.v_users_self_insert to r_reservation, r_reservation_system; create view s_users.v_users_self_update with (security_barrier=true) as - select address_email, is_private, settings from s_tables.t_users + select id_external, name_human, address_email, is_private, settings from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public and (name_machine)::text = (current_user)::text with check option; diff --git a/database/sql/standard/standard-users.sql b/database/sql/standard/standard-users.sql index 827142a..0f6353d 100644 --- a/database/sql/standard/standard-users.sql +++ b/database/sql/standard/standard-users.sql @@ -130,6 +130,12 @@ create view public.v_users_self_locked_not with (security_barrier=true) as grant select on public.v_users_self_locked_not to r_standard, r_standard_system, r_standard_public; +create view public.v_users_self_exists with (security_barrier=true) as + select id, name_machine, is_system, is_public, is_locked, is_deleted from s_tables.t_users + where (name_machine)::text = (current_user)::text; + +grant select on public.v_users_self_exists to r_standard, r_standard_system, r_standard_public; + create view s_users.v_users_self_insert with (security_barrier=true) as select id_external, name_human, address_email, is_private, settings from s_tables.t_users where not is_deleted and not is_locked and not is_system and not is_public and (name_machine)::text = (current_user)::text diff --git a/program/reservation/index.php b/program/reservation/index.php index 478ac8a..98a65c3 100644 --- a/program/reservation/index.php +++ b/program/reservation/index.php @@ -25,6 +25,9 @@ class c_reservation_index extends c_standard_index { $this->settings['session_system'] = 'reservation'; $this->settings['cookie_name'] = 'reservation-session'; + + $this->settings['system_name'] = $this->settings['session_system']; + $this->settings['base_css'] = 'reservation-'; } } -- 1.8.3.1