Skip to Content.
Sympa Menu

comanage-dev - [comanage-dev] r119 - in trunk/app: . controllers libs models vendors/shells views/co_people views/co_person_roles views/pages

Subject: COmanage Developers List

List archive

[comanage-dev] r119 - in trunk/app: . controllers libs models vendors/shells views/co_people views/co_person_roles views/pages


Chronological Thread 
  • From:
  • To:
  • Subject: [comanage-dev] r119 - in trunk/app: . controllers libs models vendors/shells views/co_people views/co_person_roles views/pages
  • Date: Sun, 27 Nov 2011 23:12:55 -0500
Author: benno
Date: 2011-11-27 23:12:55 -0500 (Sun, 27 Nov 2011)
New Revision: 119

Modified:
trunk/app/app_controller.php
trunk/app/controllers/co_people_controller.php
trunk/app/controllers/co_person_roles_controller.php
trunk/app/controllers/cos_controller.php
trunk/app/controllers/identifiers_controller.php
trunk/app/controllers/org_identities_controller.php
trunk/app/controllers/users_controller.php
trunk/app/libs/lang.php
trunk/app/models/org_identity.php
trunk/app/models/user.php
trunk/app/vendors/shells/setup.php
trunk/app/views/co_people/fields.inc
trunk/app/views/co_person_roles/fields.inc
trunk/app/views/pages/menu.ctp
Log:
Fix login handling of multiple identities [CO-199]

Modified: trunk/app/app_controller.php
===================================================================
--- trunk/app/app_controller.php 2011-11-21 19:32:27 UTC (rev 118)
+++ trunk/app/app_controller.php 2011-11-28 04:12:55 UTC (rev 119)
@@ -406,17 +406,17 @@
if($this->Session->check('Auth.User.name'))
$ret['user'] = true;

- // API user?
+ // API user or Org Person?
if($this->Session->check('Auth.User.api_user_id'))
{
$ret['apiuser'] = true;
$ret['cmadmin'] = true; // API users are currently platform admins
}
+ else
+ {
+ $ret['orgidentities'] =
$this->Session->read('Auth.User.org_identities');
+ }

- // Org Person?
- if($this->Session->check('Auth.User.org_identity_id'))
- $ret['orgidentityid'] =
$this->Session->read('Auth.User.org_identity_id');
-
return($ret);
}


Modified: trunk/app/controllers/co_people_controller.php
===================================================================
--- trunk/app/controllers/co_people_controller.php 2011-11-21 19:32:27
UTC (rev 118)
+++ trunk/app/controllers/co_people_controller.php 2011-11-28 04:12:55
UTC (rev 119)
@@ -23,10 +23,16 @@

class CoPeopleController extends StandardController {
var $name = "CoPeople";
+
var $components = array('RequestHandler', // For REST
'Security',
'Session');
+
var $helpers = array('Time');
+
+ // When using additional controllers, we must also specify our own
+ var $uses = array('CoPerson', 'CmpEnrollmentConfiguration');
+
var $paginate = array(
'limit' => 25,
'order' => array(
@@ -43,7 +49,35 @@
var $view_recursion = 2;
// We also need Name on delete
var $delete_recursion = 2;
-
+
+ function beforeFilter()
+ {
+ // Callback before other controller methods are invoked or views are
rendered.
+ //
+ // Parameters:
+ // None
+ //
+ // Preconditions:
+ // None
+ //
+ // Postconditions:
+ // (1) Parent called
+ //
+ // Returns:
+ // Nothing
+
+ // This controller may or may not require a CO, depending on how
+ // the CMP Enrollment Configuration is set up. Check and adjust before
+ // beforeFilter is called.
+
+ // We need this to render links to the org identity (which may or may
+ // not need the co id carried).
+
+ $this->set('pool_org_identities',
$this->CmpEnrollmentConfiguration->orgIdentitiesPooled());
+
+ parent::beforeFilter();
+ }
+
function checkDeleteDependencies($curdata)
{
// Perform any dependency checks required prior to a delete operation.
@@ -163,33 +197,6 @@
}
}

- function editself()
- {
- // Determine our CO Person ID and redirect to edit.
- //
- // Parameters:
- // None
- //
- // Preconditions:
- // (1) User must be authenticated.
- //
- // Postconditions:
- // (1) Redirect issued.
- //
- // Returns:
- // Nothing
-
- $cmr = $this->calculateCMRoles();
-
- if(isset($cmr['copersonid']))
- $this->redirect(array('action' => 'edit', $cmr['copersonid'], 'co'
=> $this->cur_co['Co']['id']));
- else
- {
- $this->Session->setFlash(_txt('er.cop.none'), '', array(), 'error');
- $this->redirect(array('action' => 'index', 'co' =>
$this->cur_co['Co']['id']));
- }
- }
-
function generateDisplayKey($c = null)
{
// Generate a display key to be used in messages such as "Item Added".
@@ -315,16 +322,9 @@
// Edit an existing CO Person?
$p['edit'] = ($cmr['cmadmin'] || $cmr['coadmin'] || $cmr['subadmin']
|| $self);

- // Are we trying to edit our own record? If so, we need to track
- // both permission for the controller to invoke the method
('editself'),
- // and pass a hint to the view to tell it that an admin should be able
- // to edit their own fields anyway ('editselfv'). Kind of confusing.
- // Hopefully this can go away with a proper implementation of ACLs on
- // fields.
-
+ // Are we allowed to edit our own record?
// If we're an admin, we act as an admin, not self.
- $p['editself'] = $self;
- $p['editselfv'] = $self && !$cmr['cmadmin'] && !$cmr['coadmin'] &&
!$cmr['subadmin'];
+ $p['editself'] = $self && !$cmr['cmadmin'] && !$cmr['coadmin'] &&
!$cmr['subadmin'];

// View all existing CO People (or a COU's worth)?
$p['index'] = ($cmr['cmadmin'] || $cmr['coadmin'] || $cmr['subadmin']);

Modified: trunk/app/controllers/co_person_roles_controller.php
===================================================================
--- trunk/app/controllers/co_person_roles_controller.php 2011-11-21
19:32:27 UTC (rev 118)
+++ trunk/app/controllers/co_person_roles_controller.php 2011-11-28
04:12:55 UTC (rev 119)
@@ -97,7 +97,7 @@

parent::beforeFilter();

- if(!$this->restful && $this->action != 'editself')
+ if(!$this->restful)
{
// We need CO Person information for the view as well. We also want
Name,
// so we increase recursion.
@@ -302,17 +302,9 @@
// Edit an existing CO Person Role?
$p['edit'] = ($cmr['cmadmin'] || $cmr['coadmin'] || $self);

- // Are we trying to edit our own record? If so, we need to track
- // both permission for the controller to invoke the method
('editself'),
- // and pass a hint to the view to tell it that an admin should be able
- // to edit their own fields anyway ('editselfv'). Kind of confusing.
- // Hopefully this can go away with a proper implementation of ACLs on
- // fields.
-
+ // Are we trying to edit our own record?
// If we're an admin, we act as an admin, not self.
- // XXX Unclear that we still need these
- $p['editself'] = $self;
- $p['editselfv'] = $self && !$cmr['cmadmin'] && !$cmr['coadmin'] &&
!$cmr['subadmin'];
+ $p['editself'] = $self && !$cmr['cmadmin'] && !$cmr['coadmin'] &&
!$cmr['subadmin'];

// View all existing CO Person Roles (or a COU's worth)?
$p['index'] = ($cmr['cmadmin'] || $cmr['coadmin'] || $cmr['subadmin']);

Modified: trunk/app/controllers/cos_controller.php
===================================================================
--- trunk/app/controllers/cos_controller.php 2011-11-21 19:32:27 UTC (rev
118)
+++ trunk/app/controllers/cos_controller.php 2011-11-28 04:12:55 UTC (rev
119)
@@ -245,7 +245,7 @@
// Set page title
$this->set('title_for_layout', _txt('op.select-a',
array(_txt('ct.cos.1'))));

- if($this->Session->check('Auth.User.org_identity_id'))
+ if($this->Session->check('Auth.User.cos'))
{
// Retrieve the list of the user's COs, but for admins we want all
COs

@@ -253,27 +253,25 @@
$ucos = $this->Co->find('all');
else
{
- $dbo = $this->Co->getDataSource();
-
- $params = array(
- 'joins' => array(0 => array('table' =>
$dbo->fullTableName($this->Co->CoPerson),
- 'alias' => 'CoPerson',
- 'type' => 'INNER',
- 'conditions' =>
array('Co.id=CoPerson.co_id')),
- 1 => array('table' =>
$dbo->fullTableName($this->Co->CoPerson->CoOrgIdentityLink),
- 'alias' => 'CoOrgIdentityLink',
- 'type' => 'INNER',
- 'conditions' =>
array('CoPerson.id=CoOrgIdentityLink.co_person_id'))),
- 'conditions' => array('CoOrgIdentityLink.org_identity_id' =>
$this->Session->read('Auth.User.org_identity_id'))
- );
+ // Grab the COs from the session. We can't just use the session
variable
+ // because it's not a complete retrieval of CO data.

- $ucos = $this->Co->find('all', $params);
+ $cos = $this->Session->read('Auth.User.cos');
+ $coIds = array();
+
+ foreach($cos as $co)
+ {
+ $coIds[] = $co['co_id'];
+ }
+
+ $args['conditions']['id'] = $coIds;
+ $ucos = $this->Co->find('all', $args);
}

if(count($ucos) == 0)
{
// No memberships... could be because there are no COs
-
+
$cos = $this->Co->find('all');

if(count($cos) == 0)

Modified: trunk/app/controllers/identifiers_controller.php
===================================================================
--- trunk/app/controllers/identifiers_controller.php 2011-11-21 19:32:27
UTC (rev 118)
+++ trunk/app/controllers/identifiers_controller.php 2011-11-28 04:12:55
UTC (rev 119)
@@ -38,48 +38,6 @@
)
);

- function checkWriteDependencies($curdata = null)
- {
- // Perform any dependency checks required prior to a write (add/edit)
operation.
- // This method is intended to be overridden by model-specific
controllers.
- //
- // Parameters:
- // - For edit operations, $curdata will hold current data
- //
- // Preconditions:
- // (1) $this->data holds request data
- //
- // Postconditions:
- // (1) Session flash message updated (HTML) or HTTP status returned
(REST) on error
- //
- // Returns:
- // - true if dependency checks succeed, false otherwise.
-
- // Get a pointer to our model
- $req = $this->modelClass;
- $model = $this->$req;
-
- // Check that identifier isn't already in use
-
- if(!isset($curdata)
- || ($curdata[$req]['identifier'] !=
$this->data[$req]['identifier']))
- {
- $x = $model->findByIdentifier($this->data[$req]['identifier']);
-
- if(!empty($x))
- {
- if($this->restful)
- $this->restResultHeader(403, "Identifier In Use");
- else
- $this->Session->setFlash("The identifier '" .
$this->data[$req]['identifier'] . "' already exists (ID: " . $x[$req]['id'] .
")", '', array(), 'error');
-
- return(false);
- }
- }
-
- return(true);
- }
-
function isAuthorized()
{
// Authorization for this Controller, called by Auth component

Modified: trunk/app/controllers/org_identities_controller.php
===================================================================
--- trunk/app/controllers/org_identities_controller.php 2011-11-21 19:32:27
UTC (rev 118)
+++ trunk/app/controllers/org_identities_controller.php 2011-11-28 04:12:55
UTC (rev 119)
@@ -301,9 +301,19 @@
// Is this our own record?
$self = false;

- if($cmr['user'] && $cmr['orgidentityid'] &&
isset($this->params['pass'][0])
- && ($cmr['orgidentityid'] == $this->params['pass'][0]))
- $self = true;
+ if($cmr['user'] && $cmr['orgidentities'] &&
isset($this->params['pass'][0]))
+ {
+ // Walk through the list of org identities and see if this one
matches
+
+ foreach($cmr['orgidentities'] as $o)
+ {
+ if($o['org_id'] == $this->params['pass'][0])
+ {
+ $self = true;
+ break;
+ }
+ }
+ }

// Construct the permission set for this user, which will also be
passed to the view.
$p = array();

Modified: trunk/app/controllers/users_controller.php
===================================================================
--- trunk/app/controllers/users_controller.php 2011-11-21 19:32:27 UTC (rev
118)
+++ trunk/app/controllers/users_controller.php 2011-11-28 04:12:55 UTC (rev
119)
@@ -53,52 +53,79 @@

if($this->Auth->login($data))
{
- // We're logged in
- // We need to know if the user is an admin, or a collabmin for one
or more COs.
+ // We're logged in. Retrieve some information about the user and
stuff it
+ // into the session.

- // Add more retrieval so we can get CO name
- $this->User->OrgIdentity->recursive = 2;
- $orgp =
$this->User->OrgIdentity->findById($this->Session->read('Auth.User.org_identity_id'));
-
- $this->Session->write('Auth.User.name', $orgp['Name']);
-
- $cos = array();
-
- foreach($orgp['CoOrgIdentityLink'] as $c)
+ if(!$this->Session->check('Auth.User.api_user_id'))
{
- // Create an entry in the session information for each CO the
user is a member of
+ // This is an Org Identity. Figure out which Org Identities this
username
+ // (identifier) is associated with. First, pull the identifiers.

- $co =
$this->User->OrgIdentity->CoOrgIdentityLink->CoPerson->Co->findById($c['CoPerson']['co_id']);
-
- $cos[ $co['Co']['name'] ] = array(
- 'co_id' => $co['Co']['id'],
- 'co_name' => $co['Co']['name'],
- 'co_person_id' => $c['co_person_id']
- );
+ $this->loadModel('OrgIdentity');
+ $dbo = $this->OrgIdentity->getDataSource();

- // Retrieve group memberships and attach them as well
- $grps =
$this->User->OrgIdentity->CoOrgIdentityLink->CoPerson->CoGroupMember->findAllByCoPersonId($c['co_person_id']);
+ $args['joins'][0]['table'] =
$dbo->fullTableName($this->OrgIdentity->Identifier);
+ $args['joins'][0]['alias'] = 'Identifier';
+ $args['joins'][0]['type'] = 'INNER';
+ $args['joins'][0]['conditions'][0] =
'OrgIdentity.id=Identifier.org_identity_id';
+ $args['conditions']['Identifier.identifier'] = $u;
+ $args['conditions']['Identifier.login'] = true;
+ // Through the magic of containable behaviors, we can get all
the associated
+ // data we need in one clever find
+ $args['contain'][] = 'Name';
+ $args['contain']['CoOrgIdentityLink']['CoPerson'][0] = 'Co';
+
$args['contain']['CoOrgIdentityLink']['CoPerson']['CoGroupMember'] =
'CoGroup';

- foreach($grps as $g)
+ $orgIdentities = $this->OrgIdentity->find('all', $args);
+
+ // Grab the org IDs and CO information
+ $orgs = array();
+ $cos = array();
+
+ foreach($orgIdentities as $o)
{
- $cos[ $co['Co']['name'] ]['groups'][ $g['CoGroup']['name'] ] =
array(
- 'co_group_id' => $g['CoGroup']['id'],
- 'name' => $g['CoGroup']['name'],
- 'member' => $g['CoGroupMember']['member'],
- 'owner' => $g['CoGroupMember']['owner']
+ $orgs[] = array(
+ 'org_id' => $o['OrgIdentity']['id'],
+ 'co_id' => $o['OrgIdentity']['co_id']
);
+
+ foreach($o['CoOrgIdentityLink'] as $l)
+ {
+ // If org identities are pooled, OrgIdentity:co_id will be
null, so look at
+ // the identity links to get the COs (via CO Person).
+
+ $cos[ $l['CoPerson']['Co']['name'] ] = array(
+ 'co_id' => $l['CoPerson']['Co']['id'],
+ 'co_name' => $l['CoPerson']['Co']['name'],
+ 'co_person_id' => $l['co_person_id']
+ );
+
+ // And assemble the Group Memberships
+
+ foreach($l['CoPerson']['CoGroupMember'] as $gm)
+ {
+ $cos[ $l['CoPerson']['Co']['name'] ]['groups'][
$gm['CoGroup']['name'] ] = array(
+ 'co_group_id' => $gm['co_group_id'],
+ 'name' => $gm['CoGroup']['name'],
+ 'member' => $gm['member'],
+ 'owner' => $gm['owner']
+ );
+ }
+ }
}
+
+ $this->Session->write('Auth.User.org_identities', $orgs);
+ $this->Session->write('Auth.User.cos', $cos);

- $this->Session->write('Auth.User.cos', $cos);
+ // Pick a name. We don't really have a good heuristic for this,
so for now we'll
+ // go with the first one returned, which was probably added
first.
+
+ $this->Session->write('Auth.User.name',
$orgIdentities[0]['Name']);
}
-
- // Auth.User.org_person_id
-
- // XXX get rid of this hardcoding
- if($u == 'rest')
- $this->Session->write('Auth.User.role', 'admin');
else
- $this->Session->write('Auth.User.role', 'member');
+ {
+ // This is an API user. We don't do anything special at the
moment.
+ }

$this->redirect($this->Auth->redirect());
}

Modified: trunk/app/libs/lang.php
===================================================================
--- trunk/app/libs/lang.php 2011-11-21 19:32:27 UTC (rev 118)
+++ trunk/app/libs/lang.php 2011-11-28 04:12:55 UTC (rev 119)
@@ -155,7 +155,6 @@
'er.co.unk' => 'Unknown CO',
'er.comember' => '%1$s is a member of one or more COs (%2$s) and
cannot be removed.',
'er.coumember' => '%1$s is a member of one or more COUs that you do
not manage (%2$s) and cannot be removed.',
- 'er.cop.none' => 'CO Person Not Provided',
'er.cop.unk' => 'Unknown CO Person',
'er.cop.unk-a' => 'Unknown CO Person "%1$s"',
// XXX These should become er.copr (or tossed if not needed)

Modified: trunk/app/models/org_identity.php
===================================================================
--- trunk/app/models/org_identity.php 2011-11-21 19:32:27 UTC (rev 118)
+++ trunk/app/models/org_identity.php 2011-11-28 04:12:55 UTC (rev 119)
@@ -23,6 +23,9 @@
// Define class name for cake
var $name = "OrgIdentity";

+ // Add behaviors
+ var $actsAs = array('Containable');
+
// Association rules from this model to other models
var $hasOne = array("Name" => // A person can have
one (preferred) name per Org
array('dependent' => true)); // This could change
if Name became an MVPA

Modified: trunk/app/models/user.php
===================================================================
--- trunk/app/models/user.php 2011-11-21 19:32:27 UTC (rev 118)
+++ trunk/app/models/user.php 2011-11-28 04:12:55 UTC (rev 119)
@@ -27,8 +27,7 @@
var $name = "User";

// Association rules from this model to other models
- var $belongsTo = array("OrgIdentity"); // A user may be attached to
an Org Identity
- // XXX User also belongsTo ApiUser, but that isn't a formal model yet
+ // XXX User belongsTo ApiUser, but that isn't a formal model yet

// Default display field for cake generated views
var $displayField = "username";

Modified: trunk/app/vendors/shells/setup.php
===================================================================
--- trunk/app/vendors/shells/setup.php 2011-11-21 19:32:27 UTC (rev 118)
+++ trunk/app/vendors/shells/setup.php 2011-11-28 04:12:55 UTC (rev 119)
@@ -42,9 +42,9 @@

$this->out("- " . _txt('se.users.view'));
$this->Identifier->query("CREATE VIEW " . $prefix . "users AS
-SELECT a.username as username, a.password as password, a.id as api_user_id,
null as org_identity_id
+SELECT a.username as username, a.password as password, a.id as api_user_id
FROM cm_api_users a
-UNION SELECT i.identifier as username, '*' as password, null as api_user_id,
i.org_identity_id as org_identity_id
+UNION SELECT i.identifier as username, '*' as password, null as api_user_id
as org_identity_id
FROM cm_identifiers i
WHERE i.login=true;
");

Modified: trunk/app/views/co_people/fields.inc
===================================================================
--- trunk/app/views/co_people/fields.inc 2011-11-21 19:32:27 UTC (rev
118)
+++ trunk/app/views/co_people/fields.inc 2011-11-28 04:12:55 UTC (rev
119)
@@ -28,7 +28,7 @@
|| ($this->action == "edit" && $permissions['edit']))
$e = true;

- if($this->action == "edit" && $permissions['editselfv'])
+ if($this->action == "edit" && $permissions['editself'])
$es = true;

// We shouldn't get here if we don't have at least read permission, but
check just in case
@@ -45,7 +45,10 @@
if($this->action != "invite")
{
echo $html->link(_txt('ct.org_identities.1'),
- array('controller' => 'org_identities', 'action' => ($e
&& !$es ? 'edit' : 'view'),
$co_people[0]['CoOrgIdentityLink'][0]['org_identity_id']),
+ array('controller' => 'org_identities',
+ 'action' => ($e && !$es ? 'edit' : 'view'),
+
$co_people[0]['CoOrgIdentityLink'][0]['org_identity_id'],
+ 'co' => ($pool_org_identities ? false :
$cur_co['Co']['id'])),
array('class' => 'linkbutton'));
}


Modified: trunk/app/views/co_person_roles/fields.inc
===================================================================
--- trunk/app/views/co_person_roles/fields.inc 2011-11-21 19:32:27 UTC (rev
118)
+++ trunk/app/views/co_person_roles/fields.inc 2011-11-28 04:12:55 UTC (rev
119)
@@ -28,7 +28,7 @@
|| ($this->action == "edit" && $permissions['edit']))
$e = true;

- if($this->action == "edit" && $permissions['editselfv'])
+ if($this->action == "edit" && $permissions['editself'])
$es = true;

// We shouldn't get here if we don't have at least read permission, but
check just in case

Modified: trunk/app/views/pages/menu.ctp
===================================================================
--- trunk/app/views/pages/menu.ctp 2011-11-21 19:32:27 UTC (rev 118)
+++ trunk/app/views/pages/menu.ctp 2011-11-28 04:12:55 UTC (rev 119)
@@ -27,18 +27,19 @@
<!-- Person Operations -->
<td width="33%" valign="top">
<?php
- if(isset($permissions['menu']['orgprofile']) &&
$permissions['menu']['orgprofile'])
- {
- echo $html->link("View My Home Identity",
- array('controller' => 'org_identities',
'action' => 'view', $this->Session->read('Auth.User.org_identity_id')),
- array('class' => 'menuitembutton'));
- }
-
+ $cos = $this->Session->read('Auth.User.cos');
+
if(isset($permissions['menu']['coprofile']) &&
$permissions['menu']['coprofile'])
{
- echo $html->link("Manage My CO Identity",
- array('controller' => 'co_people', 'action' =>
'editself'),
- array('class' => 'menuitembutton'));
+ foreach($cos as $co)
+ {
+ echo $html->link("Manage My " . $co['co_name'] . " Identity",
+ array('controller' => 'co_people',
+ 'action' => 'edit',
+ $co['co_person_id'],
+ 'co' => $co['co_id']),
+ array('class' => 'menuitembutton'));
+ }
}

if(isset($permissions['menu']['cogroups']) &&
$permissions['menu']['cogroups'])
@@ -47,6 +48,47 @@
array('controller' => 'co_groups', 'action' =>
'index'),
array('class' => 'menuitembutton'));
}
+
+ if(isset($permissions['menu']['orgprofile']) &&
$permissions['menu']['orgprofile'])
+ {
+ // A user can have more than one org identity (keyed to their
COs) if pooling is
+ // disabled, so loop through as appropriate.
+
+ $orgIdentities =
$this->Session->read('Auth.User.org_identities');
+
+ foreach($orgIdentities as $o)
+ {
+ if(isset($o['co_id']))
+ {
+ // Figure out the name of the CO
+ $coName = '?';
+
+ foreach($cos as $co)
+ {
+ if($co['co_id'] == $o['co_id'])
+ {
+ $coName = $co['co_name'];
+ break;
+ }
+ }
+
+ echo $html->link("View My Home Identity As Known To " .
$coName,
+ array('controller' => 'org_identities',
+ 'action' => 'view',
+ $o['org_id'],
+ 'co' => $o['co_id']),
+ array('class' => 'menuitembutton'));
+ }
+ else
+ {
+ echo $html->link("View My Home Identity",
+ array('controller' => 'org_identities',
+ 'action' => 'view',
+ $o['org_id']),
+ array('class' => 'menuitembutton'));
+ }
+ }
+ }
?>
</td>



  • [comanage-dev] r119 - in trunk/app: . controllers libs models vendors/shells views/co_people views/co_person_roles views/pages, benno, 11/27/2011

Archive powered by MHonArc 2.6.16.

Top of Page