Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 54 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 1 |
DynamicRoleProviderFactory | |
0.00% |
0 / 54 |
|
0.00% |
0 / 4 |
420 | |
0.00% |
0 / 1 |
__invoke | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
2 | |||
getPermissionConfiguration | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
12 | |||
addLegacySettings | |
0.00% |
0 / 37 |
|
0.00% |
0 / 1 |
156 | |||
permissionDefined | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
20 |
1 | <?php |
2 | |
3 | /** |
4 | * VuFind dynamic role provider factory. |
5 | * |
6 | * PHP version 8 |
7 | * |
8 | * Copyright (C) Villanova University 2007. |
9 | * |
10 | * This program is free software; you can redistribute it and/or modify |
11 | * it under the terms of the GNU General Public License version 2, |
12 | * as published by the Free Software Foundation. |
13 | * |
14 | * This program is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17 | * GNU General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU General Public License |
20 | * along with this program; if not, write to the Free Software |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
22 | * |
23 | * @category VuFind |
24 | * @package Authorization |
25 | * @author Demian Katz <demian.katz@villanova.edu> |
26 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License |
27 | * @link https://vufind.org Main Page |
28 | */ |
29 | |
30 | namespace VuFind\Role; |
31 | |
32 | use Laminas\ServiceManager\Config; |
33 | use Laminas\ServiceManager\Factory\FactoryInterface; |
34 | use Psr\Container\ContainerInterface; |
35 | |
36 | use function in_array; |
37 | |
38 | /** |
39 | * VuFind dynamic role provider factory. |
40 | * |
41 | * @category VuFind |
42 | * @package Authorization |
43 | * @author Demian Katz <demian.katz@villanova.edu> |
44 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License |
45 | * @link https://vufind.org Main Page |
46 | */ |
47 | class DynamicRoleProviderFactory implements FactoryInterface |
48 | { |
49 | /** |
50 | * Create service |
51 | * |
52 | * @param ContainerInterface $container Service container |
53 | * @param string $name Requested service name (unused) |
54 | * @param array $options Extra options (unused) |
55 | * |
56 | * @return object |
57 | * |
58 | * @SuppressWarnings(PHPMD.UnusedFormalParameter) |
59 | */ |
60 | public function __invoke(ContainerInterface $container, $name, array $options = null) |
61 | { |
62 | $config = $container->get('config'); |
63 | return new $name( |
64 | $container->get(PermissionProvider\PluginManager::class), |
65 | $this->getPermissionConfiguration($container, $config['lmc_rbac']) |
66 | ); |
67 | } |
68 | |
69 | /** |
70 | * Get a configuration array. |
71 | * |
72 | * @param ContainerInterface $container Service container |
73 | * @param array $rbacConfig LmcRbacMvc configuration |
74 | * |
75 | * @return array |
76 | */ |
77 | protected function getPermissionConfiguration( |
78 | ContainerInterface $container, |
79 | array $rbacConfig |
80 | ) { |
81 | // Get role provider settings from the LmcRbacMvc configuration: |
82 | $config = $rbacConfig['role_provider']['VuFind\Role\DynamicRoleProvider']; |
83 | |
84 | // Load the permissions: |
85 | $configLoader = $container->get(\VuFind\Config\PluginManager::class); |
86 | $permissions = $configLoader->get('permissions')->toArray(); |
87 | |
88 | // If we're configured to map legacy settings, do so now: |
89 | if ( |
90 | isset($config['map_legacy_settings']) |
91 | && $config['map_legacy_settings'] |
92 | ) { |
93 | $permissions = $this->addLegacySettings($configLoader, $permissions); |
94 | } |
95 | |
96 | return $permissions; |
97 | } |
98 | |
99 | /** |
100 | * Map legacy VuFind settings into the permissions.ini setup. |
101 | * |
102 | * @param \VuFind\Config\PluginManager $loader Config loader |
103 | * @param array $permissions Permissions to update |
104 | * |
105 | * @return array |
106 | */ |
107 | protected function addLegacySettings( |
108 | \VuFind\Config\PluginManager $loader, |
109 | array $permissions |
110 | ) { |
111 | // Add admin settings if they are absent: |
112 | if (!$this->permissionDefined($permissions, 'access.AdminModule')) { |
113 | $config = $loader->get('config')->toArray(); |
114 | $permissions['legacy.AdminModule'] = []; |
115 | if (isset($config['AdminAuth']['ipRegEx'])) { |
116 | $permissions['legacy.AdminModule']['ipRegEx'] |
117 | = $config['AdminAuth']['ipRegEx']; |
118 | } |
119 | if (isset($config['AdminAuth']['userWhitelist'])) { |
120 | $permissions['legacy.AdminModule']['username'] |
121 | = $config['AdminAuth']['userWhitelist']; |
122 | } |
123 | // If no settings exist in config.ini, we grant access to everyone |
124 | // by allowing both logged-in and logged-out roles. |
125 | if (empty($permissions['legacy.AdminModule'])) { |
126 | $permissions['legacy.AdminModule']['role'] = ['guest', 'loggedin']; |
127 | } |
128 | $permissions['legacy.AdminModule']['permission'] = 'access.AdminModule'; |
129 | } |
130 | |
131 | // Add staff view setting it they are absent: |
132 | if (!$this->permissionDefined($permissions, 'access.StaffViewTab')) { |
133 | $permissions['legacy.StaffViewTab']['role'] = ['guest', 'loggedin']; |
134 | $permissions['legacy.StaffViewTab']['permission'] |
135 | = 'access.StaffViewTab'; |
136 | } |
137 | |
138 | // Add EIT settings if they are absent: |
139 | if (!$this->permissionDefined($permissions, 'access.EITModule')) { |
140 | $permissions['legacy.EITModule'] = [ |
141 | 'role' => 'loggedin', |
142 | 'permission' => 'access.EITModule', |
143 | ]; |
144 | } |
145 | |
146 | // Add Summon settings if they are absent: |
147 | // Check based on login status |
148 | $defined = $this |
149 | ->permissionDefined($permissions, 'access.SummonExtendedResults'); |
150 | if (!$defined) { |
151 | $config = $loader->get('Summon'); |
152 | $permissions['legacy.SummonExtendedResults'] = []; |
153 | if (isset($config->Auth->check_login) && $config->Auth->check_login) { |
154 | $permissions['legacy.SummonExtendedResults']['role'] = ['loggedin']; |
155 | } |
156 | if (isset($config->Auth->ip_range)) { |
157 | $permissions['legacy.SummonExtendedResults']['ipRegEx'] |
158 | = $config->Auth->ip_range; |
159 | } |
160 | if (!empty($permissions['legacy.SummonExtendedResults'])) { |
161 | $permissions['legacy.SummonExtendedResults']['require'] = 'ANY'; |
162 | $permissions['legacy.SummonExtendedResults']['permission'] |
163 | = 'access.SummonExtendedResults'; |
164 | } else { |
165 | unset($permissions['legacy.SummonExtendedResults']); |
166 | } |
167 | } |
168 | |
169 | return $permissions; |
170 | } |
171 | |
172 | /** |
173 | * Is the specified permission already defined in the provided configuration? |
174 | * |
175 | * @param array $config Configuration |
176 | * @param string $permission Permission to check |
177 | * |
178 | * @return bool |
179 | */ |
180 | protected function permissionDefined(array $config, $permission) |
181 | { |
182 | foreach ($config as $current) { |
183 | if ( |
184 | isset($current['permission']) |
185 | && in_array($permission, (array)$current['permission']) |
186 | ) { |
187 | return true; |
188 | } |
189 | } |
190 | return false; |
191 | } |
192 | } |