[geeklog-cvs] geeklog-2/lib/A_and_A/client AAServiceInterface.class.php,NONE,1.1 AAUser.class.php,NONE,1.1
tony at geeklog.net
tony at geeklog.net
Sat Jan 11 01:08:00 EST 2003
Update of /usr/cvs/geeklog/geeklog-2/lib/A_and_A/client
In directory internal.geeklog.net:/tmp/cvs-serv32709
Added Files:
AAServiceInterface.class.php AAUser.class.php
Log Message:
Initial import into Geeklog
--- NEW FILE: AAServiceInterface.class.php ---
<?php
/**
* This is the service interface. The only method any application should use
* directly is the authenticate() method. That method will return a user object
* that will let you perform all other authentication and authorization functions.
* Additionally, this is the only file you should need to include as this file
* includes all other required files.
*
* @author Tony Bibbs <tony AT geeklog DOT com>
* @package net.geeklog.enterprise.aa.client
*/
/**
* PEAR's XML tree builder
*/
require_once('XML/Tree.php');
/**
* A&A User Class
*/
require_once('AAUser.class.php');
/**
* Constants for the Enterprise A&A services and client
*/
require_once(dirname(__FILE__) . '/../common/AAConstants.php');
/**
* Privilege class for the A&A Service
*/
require_once(dirname(__FILE__) . '/../common/AAPrivilege.class.php');
/**
* Group class for the A&A Service
*/
require_once(dirname(__FILE__) . '/../common/AAGroup.class.php');
class AAServiceInterface {
// Public Methods
/**
* Authenticates a user to an application
*
* This moethod authenticates the userId and password for the specified
* application. It returns an AAUser object which holds authorization
* privieges for that user and any exeptions that may have occured
* during authentication
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* @param string $aaServer A&A Server to connect to
* @param string $appId Application to authenticate to
* @param string $userId User to authenticate
* @param string $password Password to authenticate with
* @param integer $aaPort Port on A&A server to connect ot
* @return AAUser Object containinga list of authorization levels
*
*/
function &authenticate($aaServer, $aaPath, $appId, $userName, $password, $aaPort=80)
{
// Build and send XML request
$requestXML = AAServiceInterface::_buildAuthenticateRequest($appId, $userName, $password);
$responseXML = AAServiceInterface::_request($aaServer,'POST',$aaPath,$requestXML,$aaPort);
$user = &AAServiceInterface::_handleAuthenticateResponse($responseXML, $aaServer, $aaPort);
if (get_class($user) == 'aaexception') {
// Doing this just to make it obvious that we got an exception, not a valid user object
$exception = &$user;
// Need to log this problem at some point, until then just return false
return false;
}
$user->setAppId($appId);
$user->setUserName($userName);
$user->setPassword($password);
return $user;
}
/**
* Changes a password for a user
*
* This method changes the password for the given userId, password and
* application ID combination.
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* @param string $aaServer A&A Server to execute against
* @param string $appId Application to change password for
* @param string $userId User to change password for
* @param string $password Current password
* @param string $newPassword New password
* @param string $aaPort Port on A&A server to execute against
* @return boolean True if change worked, otherwise false
*
*/
function changePassword($aaServer, $appId, $userName, $password, $newPassword, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildChangePasswordRequest($appId, $userName, $password, $newPassword);
$responseXML = AAServiceInterface::_request($aaServer,'POST','/~tony/server/A_and_A/',$requestXML,$aaPort);
$error = AAServiceInterface::_handleResponse($responseXML);
if ($error) {
return false;
}
return true;
}
/**
* Allows admin to change a user's password
*
* This method allows an admin user ot change the password of a user to a
* particular value.
*
* @param string $aaServer A&A Server to execute against
* @param string $appId Application to change password for
* @param string $adminUserId User to change password for
* @param string $adminPassword Current password
* @param string $userId User to change password for
* @param string $newPassword New password
* @param string $aaPort Port on A&A server to execute against
*
*/
function changePasswordByAdmin($aaServer, $appId, $adminUserName, $adminPassword, $userName, $newPassword, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildChangePasswordByAdminRequest($appId, $adminUserName, $adminPassword, $userName, $newPassword);
$responseXML = AAServiceInterface::_request($aaServer,'POST','/~tony/server/A_and_A/',$requestXML,$aaPort);
$error = AAServiceInterface::_handleResponse($responseXML);
if ($error) {
return false;
}
return true;
}
function resetPassword($aaServer, $appId, $adminUserName, $adminPassword, $userName, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildResetPasswordRequest($appId, $adminUserName, $adminPassword, $userName);
$responseXML = AAServiceInterface::_request($aaServer, 'POST', '/~tony/server/A_and_A/', $requestXML, $aaPort);
$newPassword = AAServiceInterface::_handleResetPasswordResponse($responseXML);
if (get_class($newPassword) == 'aaexception') {
return false;
}
return $newPassword;
}
/**
* Gets application priveliges for specified user
*
* This method retrieves the privilges of the specified user
*
* @param string $appId Application to get privilegs for
* @param string $adminUserId Admin making the request
* @param string $adminPassword Admin's password
* @param string $userId User to get privileges for
* @return AAPrivilegeInterface Object holding the user's privileges
*
*/
function getUserPrivileges($aaServer, $appId, $adminUserId, $adminPassword, $userId, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildGetUserPrivilegesRequest($appId, $adminUserId, $adminPassword, $userId);
$responseXML = AAServiceInterface::_request($aaServer, 'POST', '/entaaa/', $requestXML, $aaPort);
$privArray= AAServiceInterface::_handleGetUserPrivilegesResponse($responseXML);
if (get_class($privArray) == 'aaexception') {
return false;
}
return $privArray;
}
/**
* Sets the privileges for a given user and application
*
* @param string $appId App to set privileges for
* @param string $adminUserId Admin making the request
* @param string $adminPassword Admin's password
* @param string $userId User to set privileges for
* @param AAPrivilege[] $privileges Privileges to give to the user
*
*/
function setUserPrivileges($aaServer, $appId, $adminUserId, $adminPassword, $userId, $privArray, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildSetUserPrivilegesRequest($appId, $adminUserId, $adminPassword, $userId, $privArray);
$responseXML = AAServiceInterface::_request($aaServer, 'POST', '/~tony/server/A_and_A/', $requestXML, $aaPort);
$error = AAServiceInterface::_handleResponse($responseXML);
if ($error) {
return false;
}
return true;
}
/**
* Lists all available privileges for a given application
*
* @param string $appId App to set privileges for
* @param string $adminUserId Admin making the request
* @param string $adminPassword Admin's password
* @return AAPrivilegeInterface Complete list of privileges
*
*/
function listAppPrivileges($aaServer, $appId, $adminUserName, $adminPassword, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildListAppPrivilegesRequest($appId, $adminUserName, $adminPassword);
$responseXML = AAServiceInterface::_request($aaServer, 'POST', '/~tony/server/A_and_A/', $requestXML, $aaPort);
$privArray = AAServiceInterface::_handleListAppPrivilegesResponse($responseXML);
if (get_class($privArray) == 'aaexception') {
return false;
}
return $privArray;
}
function listAppGroups($aaServer, $appId, $adminUserName, $adminPassword, $aaPort=80)
{
$requestXML = AAServiceInterface::_buildListAppGroupsRequest($appId, $adminUserName, $adminPassword);
$responseXML = AAServiceInterface::_request($aaServer, 'POST', '/~tony/server/A_and_A/', $requestXML, $aaPort);
$groupArray = AAServiceInterface::_handleListAppGroupsResponse($responseXML);
if (get_class($groupArray) == 'aaexception') {
return false;
}
return $groupArray;
}
// Private Methods
/**
* Makes HTTP resquests and returns the results. Code take from
* http://dodds.net/~cardinal/sentohost.txt
*
* Examples: $this->_request('localhost','post','/search','q=php_imlib');
*
* @access private
* @param string $host Host to make request to
* @param string $method Method of request (POST or GET)
* @param string $data
* @param integer $port Port to connect to
* @param string $useragent
* @return string Response from the request
*
*/
function _request($host, $method, $path, $data, $port=80, $useragent=0)
{
// The following two lines are for testing only. This will test all methods against
// a mock server. The mock server makes no attempts to validate the incoming
// XML nor use any real provider. It simply prints a valid response for the
// method called. It is meant for regressing testing the client separate from
// the server.
//$host = 'localhost';
//$path = '/A_and_A/client/testscripts/mockserver.php';
//print "host: $host, method = $method, path = $path, port = $port";
//exit;
// We are doing a form post and this variable is always expected
$data = 'xmlInParam=' . $data;
// Xerces can't seem to handle any sort of whitespace
$data = str_replace("|",'',$data);
$data = str_replace("\n",'',$data);
$data = str_replace(' ','',$data);
$data = str_replace('> <','><',$data);
$data = stripslashes($data);
// Supply a default method of GET if the one passed was empty
if (empty($method)) {
$method = 'GET';
}
// Open the socket
$method = strtoupper($method);
$fp = fsockopen($host,$port);
if (!$fp) {
print 'error connect to A&A server in _request';
exit;
}
if ($method == 'GET') {
$path .= '?' . $data;
}
// Post the request
fputs($fp, "$method $path HTTP/1.1\n");
fputs($fp, "Host: $host\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\n");
fputs($fp, "Content-length: " . strlen($data) . "\n");
if ($useragent) {
fputs($fp, "User-Agent: MSIE\n");
}
fputs($fp, "Connection: close\n\n");
if ($method == 'POST') {
fputs($fp, $data);
}
$response = '';
// Get the response
while (!feof($fp)) {
$response .= fgets($fp,128);
}
fclose($fp);
// Since we are reading from the socket let's get rid of any header
// info
$startPos = strpos($response,'<');
$endPos = strrpos($response,'>') + 1;
$length = ($endPos - $startPos) + 1;
$response = substr($response, $startPos, $length);
// Now we have just the XML
return $response;
}
/**
* Builds an XML request string for the A&A service
*
* @access private
* @param string $host Hostname or IP for A&A Server
* @param string $appId ID of application making the request
* @param string $userID ID of user to authenticate
* @param string $password Password to use
* @return string XML request is outputed.
*
*/
function _buildAuthenticateRequest($appId, $userId, $password)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$authNode = &$root->addChild('Authenticate');
$appIDNode = &$authNode->addChild(APPLICATION_ID_TAG,'',array('value'=>"$appId"));
$userIDNode = &$authNode->addChild(USER_NAME_TAG,'',array('value'=>"$userId"));
$passwordNode = &$authNode->addChild(PASSWORD_TAG,'',array('value'=>"$password"));
return $tree->get();
}
/**
* Parses a XML response from the authenticate service method* and builds
* a user object
*
* @param string $responseXML XML returned from authenticate()
* @return AAUser User object
*
*/
function &_handleAuthenticateResponse($responseXML, $aaServer, $aaPort='80')
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return $error;
}
$user = new AAUser($aaServer, $aaPort);
$user->setEmpId($vals[$index['EMPID'][0]]);
$groupIndexes = $index['GROUP'];
$privIndexes = $index['PRIVILEGE'];
// Get all the groups
foreach ($groupIndexes as $curIndex) {
$curGroup = $vals[$curIndex];
$user->_groups[] = &AAServiceInterface::_buildGroup($curGroup);
}
// Get all the privileges
foreach ($privIndexes as $curIndex) {
$curPriv = $vals[$curIndex];
$user->_privileges[] = &AAServiceInterface::_buildPrivilege($curPriv);
}
return $user;
}
/**
* Generic response handler.
*
* This handles all responses from A&A server. This is called by all commands
* except for authenticate and privilege-related calls.
*
* @access private
* @param string $responseXML XML returned from changePasswordByAdmin()
*
*/
function _handleResponse($responseXML)
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return $error;
}
return false;
}
/**
* Builds XML request string for A&A Service to change a user's password
*
* @access private
* @param string $appId Applicatoin ID
* @param string $userId User ID
* @param string $oldPassword Old password
* @param string $newPassword NewPassword
* @return string XML request
*
*/
function _buildChangePasswordRequest($appId, $userId, $oldPassword, $newPassword)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$changePasswordNode = &$root->addChild('ChangePassword');
$tmpNode = &$changePasswordNode->addChild(APPLICATION_ID_TAG, '', array('value'=>$appId));
$tmpNode = &$changePasswordNode->addChild(USER_NAME_TAG, '', array('value'=>$userId));
$tmpNode = &$changePasswordNode->addChild(OLD_PASSWORD_TAG, '', array('value'=>"$oldPassword"));
$tmpNode = &$changePasswordNode->addChild(NEW_PASSWORD_TAG, '', array('value'=>"$newPassword"));
return $tree->get();
}
/**
* Builds an XML request for A&A Service to call changePasswordByAdmin on server
*
* @access private
* @param string $appId Application ID
* @param string $userId User ID
* @param string $password Old password
* @param string $newPassword New Password
* @return string XML request
*
*/
function _buildChangePasswordByAdminRequest($appId, $adminUserId, $adminPassword, $userId, $newPassword)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$changePassNode = &$root->addChild('ChangePasswordByAdmin');
$tmpNode = &$changePassNode->addChild(APPLICATION_ID_TAG, '', array('value'=>"$appId"));
$tmpNode = &$changePassNode->addChild(ADMIN_USER_NAME_TAG, '', array('value'=>"$adminUserId"));
$tmpNode = &$changePassNode->addChild(ADMIN_PASSWORD_TAG, '', array('value'=>"$adminPassword"));
$tmpNode = &$changePassNode->addChild(USER_NAME_TAG, '', array('value'=>"$userId"));
$tmpNode = &$changePassNode->addChild(NEW_PASSWORD_TAG, '', array('value'=>"$newPassword"));
return $tree->get();
}
/**
* Handles the response from the A&A server to our request to changePasswordByAdmin
*
* @access private
* @param string $responseXML XML returned from changePasswordByAdmin
*
*/
function _handleChangePasswordByAdminResponse($responseXML)
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return true;
}
return false;
}
/**
* Builds an XML request for A&A Service to call resetPassword on server
*
* @access private
* @param string $appId Application ID
* @param string $adminUserName Admin's username
* @param string $adminPassword Admin's password
* @param string $userName username of user to reset password for
* return string XML request
*
*/
function _buildResetPasswordRequest($appId, $adminUserName, $adminPassword, $userName)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$resetPassNode = &$root->addChild('ResetPassword');
$tmpNode = &$resetPassNode->addChild(APPLICATION_ID_TAG, '', array('value'=>"$appId"));
$tmpNode = &$resetPassNode->addChild(ADMIN_USER_NAME_TAG, '', array('value'=>"$adminUserName"));
$tmpNode = &$resetPassNode->addChild(ADMIN_PASSWORD_TAG, '', array('value'=>"$adminPassword"));
$tmpNode = &$resetPassNode->addChild(USER_NAME_TAG, '', array('value'=>"$userName"));
return $tree->get();
}
function _handleResetPasswordResponse($responseXML)
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return $error;
}
return $vals[$index['NEWPASSWORD'][0]];
}
/**
* Builds an XML request for A&A Service to call getUserPrivilges on server
*
* @access private
* @param string $appId Application ID
* @param string $adminUserId Admin's user ID
* @param string $adminPassword Admin's password
* @param string $userId User to get privileges for
* @return string XML request
*
*/
function _buildGetUserPrivilegesRequest($appId, $adminUserName, $adminPassword, $userName)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$getUserPrivilegesNode = &$root->addChild('GetUserPrivileges');
$tmpNode = &$getUserPrivilegesNode->addChild(APPLICATION_ID_TAG, '', array('value'=>"$appId"));
$tmpNode = &$getUserPrivilegesNode->addChild(ADMIN_USER_NAME_TAG, '', array('value'=>"$adminUserName"));
$tmpNode = &$getUserPrivilegesNode->addChild(ADMIN_PASSWORD_TAG, '', array('value'=>"$adminPassword"));
$tmpNode = &$getUserPrivilegesNode->addChild(USER_NAME_TAG, '', array('value'=>"$userName"));
return $tree->get();
}
function _handleGetUserPrivilegesResponse($responseXML)
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return $error;
}
$privIndexes = $index['PRIVILEGE'];
$privArray = array();
// Get all the privileges
foreach ($privIndexes as $curIndex) {
$curPriv = $vals[$curIndex];
$privArray[] = &AAServiceInterface::_buildPrivilege($curPriv);
}
return $privArray;
}
/**
* Builds an XML request for A&A Service to call setUserPrivileges on server
*
* @access private
* @param string $appId Application ID
* @param string $adminUserId Admin's user ID
* @param string $adminPassword Admin's password
* @param string $userId User to set privileges for
* @param AAPrivilege[] $privileges Array of privileges to give user
* @return string XML request
*
*/
function _buildSetUserPrivilegesRequest($appId, $adminUserId, $adminPassword, $userId, $privileges)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$setUserPrivilegesNode = &$root->addChild('SetUserPrivileges');
$tmpNode = &$setUserPrivilegesNode->addChild(APPLICATION_ID_TAG, '', array('value'=>$appId));
$tmpNode = &$setUserPrivilegesNode->addChild(ADMIN_USER_ID_TAG, '', array('value'=>$adminUserId));
$tmpNode = &$setUserPrivilegesNode->addChild(ADMIN_PASSWORD_TAG, '', array('value'=>$adminPassword));
$tmpNode = &$setUserPrivilegesNode->addChild(USER_ID_TAG, '', array('value'=>$userId));
$privilegeListNode = &$setUserPrivilegesNode->addChild(PRIVILEGE_LIST_TAG);
foreach ($privileges as $curPriv) {
$tmpNode = &$privilegeListNode->addChild(PRIVILEGE_TAG, $curPriv->getPrivilegeDesc(), array('value'=>$curPriv->getPrivilegeCode()));
}
return $tree->get();
}
function _handleSetUserPrivilegesResponse($responseXML)
{
}
/**
* Builds an XML request for A&A Service to call listAllPrivileges on server
*
* @access private
* @param string $appId Application ID
* @param string $adminUserId Admin's user ID
* @param string $adminPassword Admin's password
* @return AAPrivilege[] Array of privileges
*
*/
function _buildListAppPrivilegesRequest($appId, $adminUserName, $adminPassword)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$listAppPrivilegesNode = &$root->addChild('ListAppPrivileges');
$tmpNode = &$listAppPrivilegesNode->addChild(APPLICATION_ID_TAG, '', array('value'=>"$appId"));
$tmpNode = &$listAppPrivilegesNode->addChild(ADMIN_USER_NAME_TAG, '', array('value'=>"$adminUserName"));
$tmpNode = &$listAppPrivilegesNode->addChild(ADMIN_PASSWORD_TAG, '', array('value'=>"$adminPassword"));
return $tree->get();
}
function _handleListAppPrivilegesResponse($responseXML)
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return $error;
}
$privIndexes = $index['PRIVILEGE'];
$privArray = array();
// Get all the privileges
foreach ($privIndexes as $curIndex) {
$curPriv = $vals[$curIndex];
$privArray[] = &AAServiceInterface::_buildPrivilege($curPriv);
}
return $privArray;
}
/**
* Builds an XML request for A&A Service to call listAllPrivileges on server
*
* @access private
* @param string $appId Application ID
* @param string $adminUserId Admin's user ID
* @param string $adminPassword Admin's password
* @return AAPrivilege[] Array of privileges
*
*/
function _buildListAppGroupsRequest($appId, $adminUserName, $adminPassword)
{
$tree = new XML_Tree;
$root = &$tree->addRoot(AA_SERVICE_TAG);
$listAppGroupNode = &$root->addChild('ListAppGroups');
$tmpNode = &$listAppGroupNode->addChild(APPLICATION_ID_TAG, '', array('value'=>"$appId"));
$tmpNode = &$listAppGroupNode->addChild(ADMIN_USER_NAME_TAG, '', array('value'=>"$adminUserName"));
$tmpNode = &$listAppGroupNode->addChild(ADMIN_PASSWORD_TAG, '', array('value'=>"$adminPassword"));
return $tree->get();
}
function _handleListAppGroupsResponse($responseXML)
{
$p = xml_parser_create();
xml_parse_into_struct($p,$responseXML,$vals,$index) or die(xml_error_string(xml_get_error_code($p)));
xml_parser_free($p);
$error = AAServiceInterface::_exceptionCheck($index, $vals);
if ($error) {
return $error;
}
$groupArray = array();
$groupIndexes = $index['GROUP'];
// Get all the groups
foreach ($groupIndexes as $curIndex) {
$curGroupVals = $vals[$curIndex];
$curGroup = &AAServiceInterface::_buildGroup($curGroupVals);
$privIndexes = $index['PRIVILEGE'];
// Get all the privileges
foreach ($privIndexes as $curIndex) {
$curPriv = $vals[$curIndex];
$curGroup->_privileges[] = &AAServiceInterface::_buildPrivilege($curPriv);
}
$groupArray[] = $curGroup;
}
return $groupArray;
}
/**
* Return a group object built from a string array
*
* @access private
* @param string[] String array to create group from
* @return AAGroup Group object
*
*/
function &_buildGroup($groupArray)
{
// Make sure we got a good array
is_array($groupArray) or die ('_buildGroup did not get a valid array sent to it');
$curGroup = new AAGroup();
$curGroup->setGroupId($groupArray['attributes']['ID']);
$curGroup->setGroupLogicalName($groupArray['attributes']['LOGICAL']);
$curGroup->setGroupId($groupArray['attributes']['DISPLAY']);
$curGroup->setGroupDesc($groupArray['value']);
/*$privIndexes = $index['PRIVILEGE'];
// Get all the privileges
foreach ($privIndexes as $curIndex) {
$curPriv = $vals[$curIndex];
$user->_privileges[] = &AAServiceInterface::_buildPrivilege($curPriv);
}*/
return $curGroup;
}
/**
* Return a privilige object built from a string array
*
* @access private
* @param string[] String array to create privilege from
* @return AAPrivilege Privilege object
*
*/
function &_buildPrivilege($privilegeArray)
{
// Make sure we got a good array
is_array($privilegeArray) or die ('_buildPrivilege did not get a valid array sent to it');
$privilege = new AAPrivilege();
$privilege->setPrivilegeCode($privilegeArray['attributes']['CODE']);
$privilege->setPrivilegeDesc($privilegeArray['value']);
return $privilege;
}
/**
* Checks to see if we received some sort of exception
*
* @access private
* @param string $responseXML
* @return object|boolean returns an exception object, otherwise false
*
*/
function _exceptionCheck($index, $vals)
{
$retval = $vals[$index['RESULT'][0]]['attributes']['VALUE'];
if ($retval == 0) {
return false;
}
$exception = new AAException($retval);
$exception->message = $vals[$index['RESULT'][0]]['value'];
return $exception;
}
}
?>
--- NEW FILE: AAUser.class.php ---
<?php
require_once(DIRNAME(__FILE__) . '/../common/AAPrivilege.class.php');
require_once(DIRNAME(__FILE__) . '/../common/AAGroup.class.php');
/**
* This is the A&A user object. This object is responsible for handling
* all authentication and authorization functions for a user. If you are
* using this service in an application you would be wise to extend this
* functionality. This object was kept as small as possible to allow it
* to be put into a session.
*
* @access public
* @author Tony Bibbs <tony at tonybibbs.com>
* @package net.geeklog.enterprise.aa.client
*
*/
class AAUser {
// Private properties
/**
* A&A server to connect to
* @access private
* @var string
*/
var $_aaServer = '';
/**
* Port on A&A server to connect to
* @access private
* @var integer
*/
var $_aaPort;
/**
* Application Identifier
* @access private
* @var string
*/
var $_appId = '';
/**
* User ID
* @access private
* @var string
*/
var $_userId = '';
/**
* User Name
* @access private
* @var string
*/
var $_userName = '';
/**
* Employee Id
* @access private
* @var string
*/
var $_empId = '';
/**
* User's password
* @access private
* @var string
*/
var $_password = '';
/**
* @access private
*/
var $_aaResponseCode = '';
/**
* Privileges user has
* @access private
* @var array
*/
var $_privileges = array();
/**
* Groups user belongs to
* @access private
* @var array
*/
var $_groups = array();
// Public methods
/**
* Constructuor
*
* Sets the A&A Server and port for this user
*
* @param string $aaServer Hostname or IP of A&A server
* @param integer $aaPort Port number to send A&A requests to
*
*/
function AAUser($aaServer, $aaPort=80)
{
$this->_aaServer = $aaServer;
$this->_aaPort = $aaPort;
$this->_privileges = array();
}
/**
* Get the response code from the last A&A operation
*
* @return string Code from last operation
*
*/
function getResponseCode()
{
return $this->_aaResponseCode;
}
/**
* Set the response code of the last A&A operation
*
* @param string $responseCode Code from last operation
*
*/
function setResponseCode($responseCode)
{
$this->_aaResponseCode = $responseCode;
}
/**
* This method determines if user has privilege to the given
* authorization code
*
* @param string $authCode Authorization code to verify
* @return boolean true if user has access, otherwise false
*
*/
function authorize($authCode)
{
foreach ($this->_privileges as $curPriv) {
if ($curPriv->getPrivilegeCode() == $authCode) {
return true;
}
}
return false;
}
/**
* This method changes the password for the user
*
* @access public
* @param string $newPassword New password
* @return integer Response Code
*/
function changePassword($newPassword)
{
$this->_aaResponseCode = AAServiceInterface::changePassword($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword(), $newPassword, $this->_aaPort);
if ($this->_aaResponseCode) {
$this->setPassword($newPassword);
}
return $this->_aaResponseCode;
}
/**
* This method allows an admin user to change the password for the
* given user. This assumes the current user is the admin
*
* @access public
* @param string $userID ID for user to change password for
* @param string $newPassword New Password
* @return interger Response Code
*
*/
function changePasswordByAdmin($userName, $newPassword)
{
$this->_aaResponseCode = AAServiceInterface::changePasswordByAdmin($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword(), $userName, $newPassword);
return $this->_aaResponseCode;
}
function resetPassword($userName)
{
$this->_aaResponseCode = AAServiceInterface::resetPassword($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword(), $userName);
return $this->_aaResponseCode;
}
/**
* Gets the application ID for this user object
*
* @return string Application ID
*
*/
function getAppId()
{
return $this->_appId;
}
/**
* Gets the user ID for this user
*
* @return string User Id
*
*/
function getUserId()
{
return $this->_userId;
}
function getUserName()
{
return $this->_userName;
}
/**
* Gets the employeed ID for this user
*
* @return string Employee ID
*
*/
function getEmpId()
{
return $this->_empId;
}
/**
* Gets the passworf for this user
*
*/
function getPassword()
{
return $this->_password;
}
/**
* This method returns the list of all allowed privileges for this user
* for the current application
*
* @return AAPrivilege Privileges for this user
*/
function getPrivileges()
{
}
/**
* This method returns a list of all the allowed privileges for the
* specified user
*
* @param string $userId ID of user to get privileges for
* @return AAPrivilege Privileges for specified user
*
*/
function getUserPrivileges($userId)
{
return AAServiceInterface::getUserPrivileges($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword(), $userId);
}
/**
* Sets the privileges a user has for an application
*
* @param string $userId ID of user to set privileges for
* @param AAPrivilege[] $privArray Array of privileges to give to the user
* @return boolean true on success otherwise false
*
*/
function setUserPrivileges($userId, $privArray)
{
return AAServiceInterface::setUserPrivileges($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword(), $userId, $privArray);
}
/**
* This method returns a list of all privileges for the application. This
* method is allowed only for admin users.
*
* @return AAPrivilege Privileges for current application
*
*/
function listAppPrivileges()
{
return AAServiceInterface::listAppPrivileges($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword());
}
function listAppGroups()
{
return AAServiceInterface::listAppGroups($this->_aaServer, $this->getAppId(), $this->getUserName(), $this->getPassword());
}
/**
* Sets the A&A Server for this user
*
* @param string $aaServer Server to send A&A requests to
*
*/
function setAAServer($aaServer)
{
$this->_aaServer = $aaServer;
}
/**
* Sets the A&A port for this user
*
* @param integer $aaPort Port to send A&A requests to
*
*/
function setAAPort($aaPort)
{
$this->_aaPort = $aaPort;
}
/**
* Sets the application ID for this instance
*
* @param string $appId Application Id
* @return boolean True if successful, otherwise false
*
*/
function setAppId($appId)
{
if (!empty($appId)) {
$this->_appId = $appId;
return true;
} else {
return false;
}
}
/**
* Sets the user ID for this instance
*
* @param string $userId User Id
* @return boolean True if successful, otherwise false
*
*/
function setUserId($userId)
{
if (!empty($userId)) {
$this->_userId = $userId;
return true;
} else {
return false;
}
}
function setUserName($userName)
{
if (!empty($userName)) {
$this->_userName = $userName;
return true;
} else {
return false;
}
}
/**
* Sets the employee ID for this instance
*
* @param string $empId Employee ID
* @return boolean True if successful, otherwise false
*
*/
function setEmpId($empId)
{
if (!empty($userId)) {
$this->_empId = $empId;
return true;
} else {
return false;
}
}
/**
* Sets the password for this instance
*
* @param string $password The password to set to
* @return boolean True if successful, otherwise false
*
*/
function setPassword($password)
{
if (!empty($password)) {
$this->_password = $password;
return true;
} else {
return false;
}
}
/**
* Determins is user is in a group or not
*
* @param mixed $group Either the group's logical name or group ID
* @param string $method Type of look up either 'logcial' or 'id'
* @return boolean true if user is in group, otherwise false
*
*/
function inGroup($group, $method='logical')
{
$group = strtoupper($group);
foreach ($this->_groups as $curGroup) {
if ($method == 'logical') {
if ($curGroup->getGroupLogicalName() == $group) {
return true;
}
} else {
if ($curGroup->getGroupId() == $group) {
return true;
}
}
}
return false;
}
}
?>
More information about the geeklog-cvs
mailing list