From 43b6da8afc223d1eefa74d390b09b7a4381ee734 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 13:34:06 +0000 Subject: Created separate objects for receive actions --- plugins/Realtime/realtimeupdate.js | 44 +++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 15 deletions(-) (limited to 'plugins') diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index d1cf1d507..6404cf896 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -36,6 +36,7 @@ RealtimeUpdate = { _updatecounter: 0, _maxnotices: 50, _windowhasfocus: true, + _documenttitle: '', init: function(userid, replyurl, favorurl, deleteurl) { @@ -44,7 +45,7 @@ RealtimeUpdate = { RealtimeUpdate._favorurl = favorurl; RealtimeUpdate._deleteurl = deleteurl; - DT = document.title; + RealtimeUpdate._documenttitle = document.title; $(window).bind('focus', function(){ RealtimeUpdate._windowhasfocus = true; }); @@ -54,7 +55,7 @@ RealtimeUpdate = { $('#notices_primary .notice:first').addClass('mark-top'); RealtimeUpdate._updatecounter = 0; - document.title = DT; + document.title = RealtimeUpdate._documenttitle; RealtimeUpdate._windowhasfocus = false; return false; @@ -70,24 +71,37 @@ RealtimeUpdate = { return; } - var noticeItem = RealtimeUpdate.makeNoticeItem(data); - $("#notices_primary .notices").prepend(noticeItem); - $("#notices_primary .notice:first").css({display:"none"}); - $("#notices_primary .notice:first").fadeIn(1000); + RealtimeUpdate.purgeLastNoticeItem(); - if ($('#notices_primary .notice').length > RealtimeUpdate._maxnotices) { - $("#notices_primary .notice:last .form_disfavor").unbind('submit'); - $("#notices_primary .notice:last .form_favor").unbind('submit'); - $("#notices_primary .notice:last .notice_reply").unbind('click'); - $("#notices_primary .notice:last").remove(); - } + RealtimeUpdate.insertNoticeItem(data); + + RealtimeUpdate.updateWindowCounter(); + + }, - SN.U.NoticeReply(); - SN.U.NoticeFavor(); + insertNoticeItem: function(data) { + var noticeItem = RealtimeUpdate.makeNoticeItem(data); + $("#notices_primary .notices").prepend(noticeItem); + $("#notices_primary .notice:first").css({display:"none"}); + $("#notices_primary .notice:first").fadeIn(1000); + + SN.U.NoticeReply(); + SN.U.NoticeFavor(); + }, + + purgeLastNoticeItem: function() { + if ($('#notices_primary .notice').length > RealtimeUpdate._maxnotices) { + $("#notices_primary .notice:last .form_disfavor").unbind('submit'); + $("#notices_primary .notice:last .form_favor").unbind('submit'); + $("#notices_primary .notice:last .notice_reply").unbind('click'); + $("#notices_primary .notice:last").remove(); + } + }, + updateWindowCounter: function() { if (RealtimeUpdate._windowhasfocus === false) { RealtimeUpdate._updatecounter += 1; - document.title = '('+RealtimeUpdate._updatecounter+') ' + DT; + document.title = '('+RealtimeUpdate._updatecounter+') ' + RealtimeUpdate._documenttitle; } }, -- cgit v1.2.3-54-g00ecf From 5014b748e486f46a8653d1609479f8f64dc24722 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 15:41:07 +0000 Subject: Added play/pause button for realtime notices. While on pause, it will store the notices and on play it will add them to the notice list --- plugins/Realtime/RealtimePlugin.php | 4 +- plugins/Realtime/icon_pause.gif | Bin 0 -> 75 bytes plugins/Realtime/icon_play.gif | Bin 0 -> 75 bytes plugins/Realtime/realtimeupdate.js | 91 +++++++++++++++++++++++++++++++++--- 4 files changed, 87 insertions(+), 8 deletions(-) create mode 100644 plugins/Realtime/icon_pause.gif create mode 100644 plugins/Realtime/icon_play.gif (limited to 'plugins') diff --git a/plugins/Realtime/RealtimePlugin.php b/plugins/Realtime/RealtimePlugin.php index 0c7c1240c..6d59bd1b1 100644 --- a/plugins/Realtime/RealtimePlugin.php +++ b/plugins/Realtime/RealtimePlugin.php @@ -101,8 +101,8 @@ class RealtimePlugin extends Plugin $realtimeUI = ' RealtimeUpdate.initPopupWindow();'; } else { - $iconurl = common_path('plugins/Realtime/icon_external.gif'); - $realtimeUI = ' RealtimeUpdate.addPopup("'.$url.'", "'.$timeline.'", "'. $iconurl .'");'; + $pluginPath = common_path('plugins/Realtime/'); + $realtimeUI = ' RealtimeUpdate.initActions("'.$url.'", "'.$timeline.'", "'. $pluginPath .'");'; } $action->elementStart('script', array('type' => 'text/javascript')); diff --git a/plugins/Realtime/icon_pause.gif b/plugins/Realtime/icon_pause.gif new file mode 100644 index 000000000..ced0b6440 Binary files /dev/null and b/plugins/Realtime/icon_pause.gif differ diff --git a/plugins/Realtime/icon_play.gif b/plugins/Realtime/icon_play.gif new file mode 100644 index 000000000..794ec85b6 Binary files /dev/null and b/plugins/Realtime/icon_play.gif differ diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index 6404cf896..4352b45d9 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -37,6 +37,8 @@ RealtimeUpdate = { _maxnotices: 50, _windowhasfocus: true, _documenttitle: '', + _paused:false, + _queuedNotices:[], init: function(userid, replyurl, favorurl, deleteurl) { @@ -71,12 +73,16 @@ RealtimeUpdate = { return; } - RealtimeUpdate.purgeLastNoticeItem(); + if (RealtimeUpdate._paused === false) { + RealtimeUpdate.purgeLastNoticeItem(); - RealtimeUpdate.insertNoticeItem(data); - - RealtimeUpdate.updateWindowCounter(); + RealtimeUpdate.insertNoticeItem(data); + RealtimeUpdate.updateWindowCounter(); + } + else { + RealtimeUpdate._queuedNotices.push(data); + } }, insertNoticeItem: function(data) { @@ -183,7 +189,80 @@ RealtimeUpdate = { return dl; }, - addPopup: function(url, timeline, iconurl) + initActions: function(url, timeline, path) + { + var NP = $('#notices_primary'); + NP.prepend(''); + + RealtimeUpdate._pluginPath = path; + + RealtimeUpdate.initPlayPause(); + RealtimeUpdate.initAddPopup(url, timeline, RealtimeUpdate._pluginPath); + }, + + initPlayPause: function() + { + RealtimeUpdate.showPause(); + }, + + showPause: function() + { + RT_PP = $('#realtime_pauseplay'); + RT_PP.empty(); + RT_PP.append(''); + + RT_P = $('#realtime_pause'); + $('#realtime_pause').css({ + 'background':'url('+RealtimeUpdate._pluginPath+'icon_pause.gif) no-repeat 47% 47%', + 'width':'16px', + 'height':'16px', + 'text-indent':'-9999px', + 'border':'none', + 'cursor':'pointer' + }); + RT_P.bind('click', function() { + RealtimeUpdate._paused = true; + + RealtimeUpdate.showPlay(); + return false; + }); + }, + + showPlay: function() + { + RT_PP = $('#realtime_pauseplay'); + RT_PP.empty(); + RT_PP.append(''); + + RT_P = $('#realtime_play'); + RT_P.css({ + 'background':'url('+RealtimeUpdate._pluginPath+'icon_play.gif) no-repeat 47% 47%', + 'width':'16px', + 'height':'16px', + 'text-indent':'-9999px', + 'border':'none', + 'cursor':'pointer' + }); + RT_P.bind('click', function() { + RealtimeUpdate._paused = false; + + RealtimeUpdate.showPause(); + + RealtimeUpdate.showQueuedNotices(); + + return false; + }); + }, + + showQueuedNotices: function() { + $.each(RealtimeUpdate._queuedNotices, function(i, n) { + RealtimeUpdate.insertNoticeItem(n); + }); + + RealtimeUpdate._queuedNotices = []; + }, + + initAddPopup: function(url, timeline, path) { var NP = $('#notices_primary'); NP.css({'position':'relative'}); @@ -192,7 +271,7 @@ RealtimeUpdate = { var RT = $('#realtime_timeline'); RT.css({ 'margin':'0 0 11px 0', - 'background':'transparent url('+ iconurl + ') no-repeat 0 30%', + 'background':'transparent url('+ path + 'icon_external.gif) no-repeat 0 30%', 'padding':'0 0 0 20px', 'display':'block', 'position':'absolute', -- cgit v1.2.3-54-g00ecf From 6d3d78c793594f3737718f24a461710e278f3022 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 15:57:45 +0000 Subject: Styled realtime_actions --- plugins/Realtime/realtimeupdate.js | 55 ++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 23 deletions(-) (limited to 'plugins') diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index 4352b45d9..28cd59028 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -192,7 +192,20 @@ RealtimeUpdate = { initActions: function(url, timeline, path) { var NP = $('#notices_primary'); - NP.prepend('
'); + NP.prepend('
'); + + $('#realtime_actions').css({ + 'position':'absolute', + 'top':'-20px', + 'right':'0', + 'margin':'0 0 11px 0' + }); + + $('#realtime_actions li').css({ + 'margin-left':'18px', + 'list-style-type':'none', + 'float':'left' + }); RealtimeUpdate._pluginPath = path; @@ -214,11 +227,12 @@ RealtimeUpdate = { RT_P = $('#realtime_pause'); $('#realtime_pause').css({ 'background':'url('+RealtimeUpdate._pluginPath+'icon_pause.gif) no-repeat 47% 47%', - 'width':'16px', - 'height':'16px', - 'text-indent':'-9999px', + 'width':'16px', + 'height':'16px', + 'display':'block', 'border':'none', - 'cursor':'pointer' + 'cursor':'pointer', + 'text-indent':'-9999px' }); RT_P.bind('click', function() { RealtimeUpdate._paused = true; @@ -237,11 +251,12 @@ RealtimeUpdate = { RT_P = $('#realtime_play'); RT_P.css({ 'background':'url('+RealtimeUpdate._pluginPath+'icon_play.gif) no-repeat 47% 47%', - 'width':'16px', - 'height':'16px', - 'text-indent':'-9999px', + 'width':'16px', + 'height':'16px', + 'display':'block', 'border':'none', - 'cursor':'pointer' + 'cursor':'pointer', + 'text-indent':'-9999px' }); RT_P.bind('click', function() { RealtimeUpdate._paused = false; @@ -264,28 +279,22 @@ RealtimeUpdate = { initAddPopup: function(url, timeline, path) { - var NP = $('#notices_primary'); - NP.css({'position':'relative'}); - NP.prepend(''); + var NP = $('#realtime_timeline'); + NP.append(''); - var RT = $('#realtime_timeline'); - RT.css({ - 'margin':'0 0 11px 0', + var PP = $('#realtime_popup'); + PP.css({ 'background':'transparent url('+ path + 'icon_external.gif) no-repeat 0 30%', - 'padding':'0 0 0 20px', + 'width':'16px', + 'height':'16px', 'display':'block', - 'position':'absolute', - 'top':'-20px', - 'right':'0', 'border':'none', 'cursor':'pointer', - 'color':$('a').css('color'), - 'font-weight':'bold', - 'font-size':'1em' + 'text-indent':'-9999px' }); $('#showstream #notices_primary').css({'margin-top':'18px'}); - RT.bind('click', function() { + PP.bind('click', function() { window.open(url, '', 'toolbar=no,resizable=yes,scrollbars=yes,status=yes,width=500,height=550'); -- cgit v1.2.3-54-g00ecf From 4823463e3f397ddfc44e6455ff6fcdb32cbf9809 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 16:00:40 +0000 Subject: Relatively positioning notice_primary --- plugins/Realtime/realtimeupdate.js | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index 28cd59028..e2bd8daea 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -193,6 +193,7 @@ RealtimeUpdate = { { var NP = $('#notices_primary'); NP.prepend('
'); + NP.css({'position':'relative'}); $('#realtime_actions').css({ 'position':'absolute', -- cgit v1.2.3-54-g00ecf From ef542afbe5f6aec04f7c72d71fb613265e794f95 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 17:23:04 +0000 Subject: Added counter beside the play button. When paused, it will update the counter on new received notices. Counter is removed when play is clicked --- plugins/Realtime/realtimeupdate.js | 44 +++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 10 deletions(-) (limited to 'plugins') diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index e2bd8daea..8e3052dfc 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -77,12 +77,14 @@ RealtimeUpdate = { RealtimeUpdate.purgeLastNoticeItem(); RealtimeUpdate.insertNoticeItem(data); - - RealtimeUpdate.updateWindowCounter(); } else { RealtimeUpdate._queuedNotices.push(data); + + RealtimeUpdate.updateQueuedCounter(); } + + RealtimeUpdate.updateWindowCounter(); }, insertNoticeItem: function(data) { @@ -192,7 +194,7 @@ RealtimeUpdate = { initActions: function(url, timeline, path) { var NP = $('#notices_primary'); - NP.prepend('
'); + NP.prepend('
'); NP.css({'position':'relative'}); $('#realtime_actions').css({ @@ -221,7 +223,7 @@ RealtimeUpdate = { showPause: function() { - RT_PP = $('#realtime_pauseplay'); + RT_PP = $('#realtime_playpause'); RT_PP.empty(); RT_PP.append(''); @@ -233,7 +235,8 @@ RealtimeUpdate = { 'display':'block', 'border':'none', 'cursor':'pointer', - 'text-indent':'-9999px' + 'text-indent':'-9999px', + 'float':'left' }); RT_P.bind('click', function() { RealtimeUpdate._paused = true; @@ -245,9 +248,14 @@ RealtimeUpdate = { showPlay: function() { - RT_PP = $('#realtime_pauseplay'); + RT_PP = $('#realtime_playpause'); RT_PP.empty(); - RT_PP.append(''); + RT_PP.append(' '); + + $('#queued_counter').css({ + 'float':'left', + 'line-height':'1.2' + }); RT_P = $('#realtime_play'); RT_P.css({ @@ -257,7 +265,9 @@ RealtimeUpdate = { 'display':'block', 'border':'none', 'cursor':'pointer', - 'text-indent':'-9999px' + 'text-indent':'-9999px', + 'float':'left', + 'margin-left':'4px' }); RT_P.bind('click', function() { RealtimeUpdate._paused = false; @@ -270,12 +280,25 @@ RealtimeUpdate = { }); }, - showQueuedNotices: function() { + showQueuedNotices: function() + { $.each(RealtimeUpdate._queuedNotices, function(i, n) { RealtimeUpdate.insertNoticeItem(n); }); RealtimeUpdate._queuedNotices = []; + + RealtimeUpdate.removeQueuedCounter(); + }, + + updateQueuedCounter: function() + { + QC = $('#realtime_playpause #queued_counter').html('('+RealtimeUpdate._queuedNotices.length+')'); + }, + + removeQueuedCounter: function() + { + $('#realtime_playpause #queued_counter').empty(); }, initAddPopup: function(url, timeline, path) @@ -291,7 +314,8 @@ RealtimeUpdate = { 'display':'block', 'border':'none', 'cursor':'pointer', - 'text-indent':'-9999px' + 'text-indent':'-9999px', + 'float':'left' }); $('#showstream #notices_primary').css({'margin-top':'18px'}); -- cgit v1.2.3-54-g00ecf From 1d6bacc681eca89b7c20bb96fbacf5bcb8434d88 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 12:57:37 -0500 Subject: Improved parameter checking --- plugins/Authentication/AuthenticationPlugin.php | 2 +- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/Authentication/AuthenticationPlugin.php b/plugins/Authentication/AuthenticationPlugin.php index 1b9084187..cd1de1149 100644 --- a/plugins/Authentication/AuthenticationPlugin.php +++ b/plugins/Authentication/AuthenticationPlugin.php @@ -2,7 +2,7 @@ /** * StatusNet, the distributed open-source microblogging tool * - * Superclass for plugins that do authentication and/or authorization + * Superclass for plugins that do authentication * * PHP version 5 * diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index ad5dd3a02..664529497 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -63,6 +63,8 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin if(!isset($this->attributes['username'])){ throw new Exception("must specify a username attribute"); } + if($this->password_changeable && (! isset($this->attributes['password']) || !isset($this->password_encoding))){ + throw new Exception("if password_changeable is set, the password attribute and password_encoding must also be specified"); } //---interface implementation---// -- cgit v1.2.3-54-g00ecf From c1efb8aa7fc429c6885cb6337e141e32847d34e9 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 17:59:44 +0000 Subject: Took out CSS from JS and placed it in its own file. --- plugins/Realtime/RealtimePlugin.php | 7 +++++ plugins/Realtime/realtimeupdate.css | 49 ++++++++++++++++++++++++++++++++++ plugins/Realtime/realtimeupdate.js | 52 ------------------------------------- 3 files changed, 56 insertions(+), 52 deletions(-) create mode 100644 plugins/Realtime/realtimeupdate.css (limited to 'plugins') diff --git a/plugins/Realtime/RealtimePlugin.php b/plugins/Realtime/RealtimePlugin.php index 6d59bd1b1..2cff03d6c 100644 --- a/plugins/Realtime/RealtimePlugin.php +++ b/plugins/Realtime/RealtimePlugin.php @@ -118,6 +118,13 @@ class RealtimePlugin extends Plugin return true; } + function onEndShowStatusNetStyles($action) + { + $action->cssLink(common_path('plugins/Realtime/realtimeupdate.css'), + null, 'screen, projection, tv'); + return true; + } + function onEndNoticeSave($notice) { $paths = array(); diff --git a/plugins/Realtime/realtimeupdate.css b/plugins/Realtime/realtimeupdate.css new file mode 100644 index 000000000..0ab5dd32b --- /dev/null +++ b/plugins/Realtime/realtimeupdate.css @@ -0,0 +1,49 @@ +#notices_primary { +position:relative; +} + +#realtime_actions { +position: absolute; +top: -20px; +right: 0; +margin: 0 0 11px 0; +} + +#realtime_actions li { +margin-left: 18px; +list-style-type: none; +float: left; +} + +#realtime_actions button { +width: 16px; +height: 16px; +display: block; +border: none; +cursor: pointer; +text-indent: -9999px; +float: left; +} + +#realtime_play { +background: url(icon_play.gif) no-repeat 47% 47%; +margin-left: 4px; +} + +#realtime_pause { +background: url(icon_pause.gif) no-repeat 47% 47%; +} + +#realtime_popup { +background: url(icon_external.gif) no-repeat 0 30%; +} + +#queued_counter { +float:left; +line-height:1.2; +} + +#showstream #notices_primary { +margin-top: 18px; +} + diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index 8e3052dfc..9030ad551 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -195,20 +195,6 @@ RealtimeUpdate = { { var NP = $('#notices_primary'); NP.prepend('
'); - NP.css({'position':'relative'}); - - $('#realtime_actions').css({ - 'position':'absolute', - 'top':'-20px', - 'right':'0', - 'margin':'0 0 11px 0' - }); - - $('#realtime_actions li').css({ - 'margin-left':'18px', - 'list-style-type':'none', - 'float':'left' - }); RealtimeUpdate._pluginPath = path; @@ -228,16 +214,6 @@ RealtimeUpdate = { RT_PP.append(''); RT_P = $('#realtime_pause'); - $('#realtime_pause').css({ - 'background':'url('+RealtimeUpdate._pluginPath+'icon_pause.gif) no-repeat 47% 47%', - 'width':'16px', - 'height':'16px', - 'display':'block', - 'border':'none', - 'cursor':'pointer', - 'text-indent':'-9999px', - 'float':'left' - }); RT_P.bind('click', function() { RealtimeUpdate._paused = true; @@ -252,23 +228,7 @@ RealtimeUpdate = { RT_PP.empty(); RT_PP.append(' '); - $('#queued_counter').css({ - 'float':'left', - 'line-height':'1.2' - }); - RT_P = $('#realtime_play'); - RT_P.css({ - 'background':'url('+RealtimeUpdate._pluginPath+'icon_play.gif) no-repeat 47% 47%', - 'width':'16px', - 'height':'16px', - 'display':'block', - 'border':'none', - 'cursor':'pointer', - 'text-indent':'-9999px', - 'float':'left', - 'margin-left':'4px' - }); RT_P.bind('click', function() { RealtimeUpdate._paused = false; @@ -307,18 +267,6 @@ RealtimeUpdate = { NP.append(''); var PP = $('#realtime_popup'); - PP.css({ - 'background':'transparent url('+ path + 'icon_external.gif) no-repeat 0 30%', - 'width':'16px', - 'height':'16px', - 'display':'block', - 'border':'none', - 'cursor':'pointer', - 'text-indent':'-9999px', - 'float':'left' - }); - $('#showstream #notices_primary').css({'margin-top':'18px'}); - PP.bind('click', function() { window.open(url, '', -- cgit v1.2.3-54-g00ecf From 63d3e07ce4b12a0a06d74730ff4c938ace519517 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 18 Nov 2009 19:15:55 +0000 Subject: Check for dupe from insertNoticeItem() --- plugins/Realtime/realtimeupdate.js | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'plugins') diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index 9030ad551..a2c4da113 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -66,13 +66,6 @@ RealtimeUpdate = { receive: function(data) { - id = data.id; - - // Don't add it if it already exists - if ($("#notice-"+id).length > 0) { - return; - } - if (RealtimeUpdate._paused === false) { RealtimeUpdate.purgeLastNoticeItem(); @@ -88,6 +81,11 @@ RealtimeUpdate = { }, insertNoticeItem: function(data) { + // Don't add it if it already exists + if ($("#notice-"+data.id).length > 0) { + return; + } + var noticeItem = RealtimeUpdate.makeNoticeItem(data); $("#notices_primary .notices").prepend(noticeItem); $("#notices_primary .notice:first").css({display:"none"}); @@ -253,7 +251,7 @@ RealtimeUpdate = { updateQueuedCounter: function() { - QC = $('#realtime_playpause #queued_counter').html('('+RealtimeUpdate._queuedNotices.length+')'); + $('#realtime_playpause #queued_counter').html('('+RealtimeUpdate._queuedNotices.length+')'); }, removeQueuedCounter: function() -- cgit v1.2.3-54-g00ecf From d07df8a7964e08d1af9e7bd762f2ac07035d9856 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 14:19:43 -0500 Subject: Added Authorization plugin Added LDAPAuthorization plugin --- EVENTS.txt | 22 ++++ classes/Profile.php | 11 +- lib/apiauth.php | 6 +- lib/util.php | 13 ++- plugins/Authorization/AuthorizationPlugin.php | 112 ++++++++++++++++++ .../LdapAuthenticationPlugin.php | 3 +- .../LdapAuthorization/LdapAuthorizationPlugin.php | 129 +++++++++++++++++++++ plugins/LdapAuthorization/README | 84 ++++++++++++++ 8 files changed, 371 insertions(+), 9 deletions(-) create mode 100644 plugins/Authorization/AuthorizationPlugin.php create mode 100644 plugins/LdapAuthorization/LdapAuthorizationPlugin.php create mode 100644 plugins/LdapAuthorization/README (limited to 'plugins') diff --git a/EVENTS.txt b/EVENTS.txt index c788a9215..34a222e8f 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -535,6 +535,28 @@ StartChangePassword: Before changing a password EndChangePassword: After changing a password - $user: user +StartSetUser: Before setting the currently logged in user +- $user: user + +EndSetUser: After setting the currently logged in user +- $user: user + +StartSetApiUser: Before setting the current API user +- $user: user + +EndSetApiUser: After setting the current API user +- $user: user + +StartHasRole: Before determing if the a profile has a given role +- $profile: profile in question +- $name: name of the role in question +- &$has_role: does this profile have the named role? + +EndHasRole: Before determing if the a profile has a given role +- $profile: profile in question +- $name: name of the role in question +- $has_role: does this profile have the named role? + UserDeleteRelated: Specify additional tables to delete entries from when deleting users - $user: User object - &$related: array of DB_DataObject class names to delete entries on matching user_id. diff --git a/classes/Profile.php b/classes/Profile.php index 1b9cdb52f..4b2e09006 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -594,9 +594,14 @@ class Profile extends Memcached_DataObject function hasRole($name) { - $role = Profile_role::pkeyGet(array('profile_id' => $this->id, - 'role' => $name)); - return (!empty($role)); + $has_role = false; + if (Event::handle('StartHasRole', array($this, $name, &$has_role))) { + $role = Profile_role::pkeyGet(array('profile_id' => $this->id, + 'role' => $name)); + $has_role = !empty($role); + Event::handle('EndHasRole', array($this, $name, $has_role)); + } + return $has_role; } function grantRole($name) diff --git a/lib/apiauth.php b/lib/apiauth.php index 2f2e44a26..0d1613d38 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -110,7 +110,11 @@ class ApiAuthAction extends ApiAction } else { $nickname = $this->auth_user; $password = $this->auth_pw; - $this->auth_user = common_check_user($nickname, $password); + $user = common_check_user($nickname, $password); + if (Event::handle('StartSetApiUser', array(&$user))) { + $this->auth_user = $user; + Event::handle('EndSetApiUser', array($user)); + } if (empty($this->auth_user)) { diff --git a/lib/util.php b/lib/util.php index 68f3520db..5bf4f6091 100644 --- a/lib/util.php +++ b/lib/util.php @@ -196,10 +196,15 @@ function common_set_user($user) } if ($user) { - common_ensure_session(); - $_SESSION['userid'] = $user->id; - $_cur = $user; - return $_cur; + if (Event::handle('StartSetUser', array(&$user))) { + if($user){ + common_ensure_session(); + $_SESSION['userid'] = $user->id; + $_cur = $user; + Event::handle('EndSetUser', array($user)); + return $_cur; + } + } } return false; } diff --git a/plugins/Authorization/AuthorizationPlugin.php b/plugins/Authorization/AuthorizationPlugin.php new file mode 100644 index 000000000..be39aedd2 --- /dev/null +++ b/plugins/Authorization/AuthorizationPlugin.php @@ -0,0 +1,112 @@ +. + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Superclass for plugins that do authorization + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +abstract class AuthorizationPlugin extends Plugin +{ + //is this plugin authoritative for authorization? + public $authoritative = false; + + //------------Auth plugin should implement some (or all) of these methods------------\\ + + /** + * Is a user allowed to log in? + * @param user + * @return boolean true if the user is allowed to login, false if explicitly not allowed to login, null if we don't explicitly allow or deny login + */ + function loginAllowed($user) { + return null; + } + + /** + * Does a profile grant the user a named role? + * @param profile + * @return boolean true if the profile has the role, false if not + */ + function hasRole($profile, $name) { + return false; + } + + //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\ + function onInitializePlugin(){ + + } + + function onStartSetUser(&$user) { + $loginAllowed = $this->loginAllowed($user); + if($loginAllowed === true){ + if($this->authoritative) { + return false; + }else{ + return; + } + }else if($loginAllowed === false){ + $user = null; + return false; + }else{ + if($this->authoritative) { + $user = null; + return false; + }else{ + return; + } + } + } + + function onStartSetApiUser(&$user) { + return onStartSetUser(&$user); + } + + function onStartHasRole($profile, $name, &$has_role) { + if($this->hasRole($profile, $name)){ + $has_role = true; + return false; + }else{ + if($this->authoritative) { + $has_role = false; + return false; + }else{ + return; + } + } + } +} + diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 664529497..555dabf78 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -2,7 +2,7 @@ /** * StatusNet, the distributed open-source microblogging tool * - * Plugin to enable LDAP Authentication and Authorization + * Plugin to enable LDAP Authentication * * PHP version 5 * @@ -65,6 +65,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin } if($this->password_changeable && (! isset($this->attributes['password']) || !isset($this->password_encoding))){ throw new Exception("if password_changeable is set, the password attribute and password_encoding must also be specified"); + } } //---interface implementation---// diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php new file mode 100644 index 000000000..20bbd2562 --- /dev/null +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -0,0 +1,129 @@ +. + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews + * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/plugins/Authorization/AuthorizationPlugin.php'; +require_once 'Net/LDAP2.php'; + +class LdapAuthorizationPlugin extends AuthorizationPlugin +{ + public $host=null; + public $port=null; + public $version=null; + public $starttls=null; + public $binddn=null; + public $bindpw=null; + public $basedn=null; + public $options=null; + public $filter=null; + public $scope=null; + public $provider_name = null; + public $uniqueMember_attribute = null; + public $roles_to_groups = null; + + function onInitializePlugin(){ + parent::onInitializePlugin(); + if(!isset($this->host)){ + throw new Exception("must specify a host"); + } + if(!isset($this->basedn)){ + throw new Exception("must specify a basedn"); + } + if(!isset($this->provider_name)){ + throw new Exception("provider_name must be set. Use the provider_name from the LDAP Authentication plugin."); + } + if(!isset($this->uniqueMember_attribute)){ + throw new Exception("uniqueMember_attribute must be set."); + } + if(!isset($this->roles_to_groups)){ + throw new Exception("roles_to_groups must be set."); + } + } + + //---interface implementation---// + function loginAllowed($user) { + $user_username = new User_username(); + $user_username->user_id=$user->id; + $user_username->provider_name=$this->provider_name; + if($user_username->find() && $user_username->fetch()){ + $entry = $this->ldap_get_user($user_username->username); + if($entry){ + //if a user exists, we can assume he's allowed to login + return true; + }else{ + return null; + } + }else{ + return null; + } + } + + function hasRole($profile, $name) { + $user_username = new User_username(); + $user_username->user_id=$profile->id; + $user_username->provider_name=$this->provider_name; + if($user_username->find() && $user_username->fetch()){ + $entry = $this->ldap_get_user($user_username->username); + if($entry){ + if(isset($this->roles_to_groups[$name])){ + if(is_array($this->roles_to_groups[$name])){ + foreach($this->roles_to_groups[$name] as $group){ + if($this->isMemberOfGroup($entry->dn(),$group)){ + return true; + } + } + }else{ + if($this->isMemberOfGroup($entry->dn(),$this->roles_to_groups[$name])){ + return true; + } + } + } + } + } + return false; + } + + function isMemberOfGroup($userDn, $groupDn) + { + $ldap = ldap_get_connection(); + $link = $ldap->getLink(); + $r = ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); + if ($r === true){ + return true; + }else if($r === false){ + return false; + }else{ + common_log(LOG_ERR, ldap_error($r)); + return false; + } + } +} diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README new file mode 100644 index 000000000..2ca33f653 --- /dev/null +++ b/plugins/LdapAuthorization/README @@ -0,0 +1,84 @@ +The LDAP Authorization plugin allows for StatusNet to handle authorization +through LDAP. + +Installation +============ +add "addPlugin('ldapAuthorization', + array('setting'=>'value', 'setting2'=>'value2', ...);" +to the bottom of your config.php + +You *cannot* use this plugin without the LDAP Authentication plugin + +Settings +======== +provider_name*: name of the LDAP authentication provider that this plugin works with. +authoritative (false): should this plugin be authoritative for + authorization? +uniqueMember_attribute ('uniqueMember')*: the attribute of a group + that lists the DNs of its members +roles_to_groups*: array that maps StatusNet roles to LDAP groups + some StatusNet roles are: moderator, administrator, sandboxed, silenced + +The below settings must be exact copies of the settings used for the + corresponding LDAP Authentication plugin. + +host*: LDAP server name to connect to. You can provide several hosts in an + array in which case the hosts are tried from left to right. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +port: Port on the server. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +version: LDAP version. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +starttls: TLS is started after connecting. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +binddn: The distinguished name to bind as (username). + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +bindpw: Password for the binddn. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +basedn*: LDAP base name (root directory). + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +filter: Default search filter. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +scope: Default search scope. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php + +* required +default values are in (parenthesis) + +Example +======= +Here's an example of an LDAP plugin configuration that connects to + Microsoft Active Directory. + +addPlugin('ldapAuthentication', array( + 'provider_name'=>'Example', + 'authoritative'=>true, + 'autoregistration'=>true, + 'binddn'=>'username', + 'bindpw'=>'password', + 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', + 'host'=>array('server1', 'server2'), + 'password_encoding'=>'ad', + 'attributes'=>array( + 'username'=>'sAMAccountName', + 'nickname'=>'sAMAccountName', + 'email'=>'mail', + 'fullname'=>'displayName', + 'password'=>'unicodePwd') +)); +addPlugin('ldapAuthorization', array( + 'provider_name'=>'Example', + 'authoritative'=>false, + 'uniqueMember_attribute'=>'uniqueMember', + 'roles_to_groups'=> array( + 'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', + 'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', + 'CN=SN-Administrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc') + ), + 'binddn'=>'username', + 'bindpw'=>'password', + 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', + 'host'=>array('server1', 'server2') +)); + -- cgit v1.2.3-54-g00ecf From 44c7813ac1c8941f0cb7ebfc6e3ccc860f2c5c45 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 14:35:44 -0500 Subject: Add login_group configuration option so only members of a certain group can login --- .../LdapAuthorization/LdapAuthorizationPlugin.php | 20 ++++++++++++++++++-- plugins/LdapAuthorization/README | 2 ++ 2 files changed, 20 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 20bbd2562..5173781f9 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -49,6 +49,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $provider_name = null; public $uniqueMember_attribute = null; public $roles_to_groups = null; + public $login_group = null; function onInitializePlugin(){ parent::onInitializePlugin(); @@ -77,8 +78,23 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if($user_username->find() && $user_username->fetch()){ $entry = $this->ldap_get_user($user_username->username); if($entry){ - //if a user exists, we can assume he's allowed to login - return true; + if(isset($this->login_group)){ + if(is_array($this->login_group)){ + foreach($this->login_group as $group){ + if($this->isMemberOfGroup($entry->dn(),$group)){ + return true; + } + } + }else{ + if($this->isMemberOfGroup($entry->dn(),login_group)){ + return true; + } + } + return null; + }else{ + //if a user exists, we can assume he's allowed to login + return true; + } }else{ return null; } diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index 2ca33f653..2166b2726 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -18,6 +18,8 @@ uniqueMember_attribute ('uniqueMember')*: the attribute of a group that lists the DNs of its members roles_to_groups*: array that maps StatusNet roles to LDAP groups some StatusNet roles are: moderator, administrator, sandboxed, silenced +login_group: if this is set to a group DN, only members of that group will be + allowed to login The below settings must be exact copies of the settings used for the corresponding LDAP Authentication plugin. -- cgit v1.2.3-54-g00ecf From 9ed70a5b111c57923eff46da84c8f6e3167eb01e Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 14:49:42 -0500 Subject: Add some functions that were previously undefined --- .../LdapAuthorization/LdapAuthorizationPlugin.php | 65 ++++++++++++++++++++++ 1 file changed, 65 insertions(+) (limited to 'plugins') diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 5173781f9..98f4034d2 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -142,4 +142,69 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } } + + function ldap_get_config(){ + $config = array(); + $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); + foreach($keys as $key){ + $value = $this->$key; + if($value!==null){ + $config[$key]=$value; + } + } + return $config; + } + + //-----the below function were copied from LDAPAuthenticationPlugin. They will be moved to a utility class soon.----\\ + function ldap_get_connection($config = null){ + if($config == null){ + $config = $this->ldap_get_config(); + } + + //cannot use Net_LDAP2::connect() as StatusNet uses + //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); + //PEAR handling can be overridden on instance objects, so we do that. + $ldap = new Net_LDAP2($config); + $ldap->setErrorHandling(PEAR_ERROR_RETURN); + $err=$ldap->bind(); + if (Net_LDAP2::isError($err)) { + common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); + return false; + } + return $ldap; + } + + /** + * get an LDAP entry for a user with a given username + * + * @param string $username + * $param array $attributes LDAP attributes to retrieve + * @return string DN + */ + function ldap_get_user($username,$attributes=array(),$ldap=null){ + if($ldap==null) { + $ldap = $this->ldap_get_connection(); + } + $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); + $options = array( + 'scope' => 'sub', + 'attributes' => $attributes + ); + $search = $ldap->search(null,$filter,$options); + + if (PEAR::isError($search)) { + common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); + return false; + } + + if($search->count()==0){ + return false; + }else if($search->count()==1){ + $entry = $search->shiftEntry(); + return $entry; + }else{ + common_log(LOG_WARNING, 'Found ' . $search->count() . ' ldap user with the username: ' . $username); + return false; + } + } } -- cgit v1.2.3-54-g00ecf From 297f320e6f30aa973b275efc4aed59bf8c45fc0a Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 15:40:27 -0500 Subject: attributes['username'] is required --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 1 - plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 11 +++++++---- plugins/LdapAuthorization/README | 9 +++++++-- 3 files changed, 14 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 555dabf78..25531a811 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -189,7 +189,6 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( - 'scope' => 'sub', 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 98f4034d2..91ee9b1ab 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -50,6 +50,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $uniqueMember_attribute = null; public $roles_to_groups = null; public $login_group = null; + public $attributes = array(); function onInitializePlugin(){ parent::onInitializePlugin(); @@ -68,6 +69,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(!isset($this->roles_to_groups)){ throw new Exception("roles_to_groups must be set."); } + if(!isset($this->attributes['username'])){ + throw new Exception("username attribute must be set."); + } } //---interface implementation---// @@ -86,7 +90,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } } }else{ - if($this->isMemberOfGroup($entry->dn(),login_group)){ + if($this->isMemberOfGroup($entry->dn(),$this->login_group)){ return true; } } @@ -142,8 +146,8 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } } - - function ldap_get_config(){ + + function ldap_get_config(){ $config = array(); $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); foreach($keys as $key){ @@ -187,7 +191,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( - 'scope' => 'sub', 'attributes' => $attributes ); $search = $ldap->search(null,$filter,$options); diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index 2166b2726..fcf1efa47 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -45,6 +45,9 @@ filter: Default search filter. scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +attributes: an array that relates StatusNet user attributes to LDAP ones + username*: LDAP attribute value entered when authenticating to StatusNet + * required default values are in (parenthesis) @@ -72,7 +75,7 @@ addPlugin('ldapAuthentication', array( addPlugin('ldapAuthorization', array( 'provider_name'=>'Example', 'authoritative'=>false, - 'uniqueMember_attribute'=>'uniqueMember', + 'uniqueMember_attribute'=>'member', 'roles_to_groups'=> array( 'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', @@ -81,6 +84,8 @@ addPlugin('ldapAuthorization', array( 'binddn'=>'username', 'bindpw'=>'password', 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', - 'host'=>array('server1', 'server2') + 'host'=>array('server1', 'server2'), + 'attributes'=>array( + 'username'=>'sAMAccountName') )); -- cgit v1.2.3-54-g00ecf From a215ce6ed6d3a0eb9bb29db5ebe103e28f2ff95e Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 15:53:07 -0500 Subject: correct login checking logic --- plugins/Authorization/AuthorizationPlugin.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/Authorization/AuthorizationPlugin.php b/plugins/Authorization/AuthorizationPlugin.php index be39aedd2..6f21c9310 100644 --- a/plugins/Authorization/AuthorizationPlugin.php +++ b/plugins/Authorization/AuthorizationPlugin.php @@ -73,11 +73,7 @@ abstract class AuthorizationPlugin extends Plugin function onStartSetUser(&$user) { $loginAllowed = $this->loginAllowed($user); if($loginAllowed === true){ - if($this->authoritative) { - return false; - }else{ - return; - } + return; }else if($loginAllowed === false){ $user = null; return false; -- cgit v1.2.3-54-g00ecf From b417e4d24f2c4c13439c01f9f664bf6090c99016 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 15:53:22 -0500 Subject: rename isMemberOfGroup to be more consistent with other LDAP functions --- plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 91ee9b1ab..cf1347bed 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -85,12 +85,12 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(isset($this->login_group)){ if(is_array($this->login_group)){ foreach($this->login_group as $group){ - if($this->isMemberOfGroup($entry->dn(),$group)){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->isMemberOfGroup($entry->dn(),$this->login_group)){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$this->login_group)){ return true; } } @@ -117,12 +117,12 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(isset($this->roles_to_groups[$name])){ if(is_array($this->roles_to_groups[$name])){ foreach($this->roles_to_groups[$name] as $group){ - if($this->isMemberOfGroup($entry->dn(),$group)){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->isMemberOfGroup($entry->dn(),$this->roles_to_groups[$name])){ + if($this->ldap_is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){ return true; } } @@ -132,9 +132,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } - function isMemberOfGroup($userDn, $groupDn) + function ldap_is_dn_member_of_group($userDn, $groupDn) { - $ldap = ldap_get_connection(); + $ldap = $this->ldap_get_connection(); $link = $ldap->getLink(); $r = ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); if ($r === true){ -- cgit v1.2.3-54-g00ecf From a882d093bc99d1162dac29c161253dc037c314b9 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 16:12:55 -0500 Subject: Blasted missing a $this! --- plugins/Authorization/AuthorizationPlugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/Authorization/AuthorizationPlugin.php b/plugins/Authorization/AuthorizationPlugin.php index 6f21c9310..e4e046d08 100644 --- a/plugins/Authorization/AuthorizationPlugin.php +++ b/plugins/Authorization/AuthorizationPlugin.php @@ -88,7 +88,7 @@ abstract class AuthorizationPlugin extends Plugin } function onStartSetApiUser(&$user) { - return onStartSetUser(&$user); + return $this->onStartSetUser(&$user); } function onStartHasRole($profile, $name, &$has_role) { -- cgit v1.2.3-54-g00ecf From 6a505da981c47057a2d8e65e1a208b9aad35dc73 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 16:41:38 -0500 Subject: do not required that roles_to_groups be specified --- plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 5 +---- plugins/LdapAuthorization/README | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index cf1347bed..69357f8aa 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -48,7 +48,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin public $scope=null; public $provider_name = null; public $uniqueMember_attribute = null; - public $roles_to_groups = null; + public $roles_to_groups = array(); public $login_group = null; public $attributes = array(); @@ -66,9 +66,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if(!isset($this->uniqueMember_attribute)){ throw new Exception("uniqueMember_attribute must be set."); } - if(!isset($this->roles_to_groups)){ - throw new Exception("roles_to_groups must be set."); - } if(!isset($this->attributes['username'])){ throw new Exception("username attribute must be set."); } diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index fcf1efa47..44239d8e0 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -16,7 +16,7 @@ authoritative (false): should this plugin be authoritative for authorization? uniqueMember_attribute ('uniqueMember')*: the attribute of a group that lists the DNs of its members -roles_to_groups*: array that maps StatusNet roles to LDAP groups +roles_to_groups: array that maps StatusNet roles to LDAP groups some StatusNet roles are: moderator, administrator, sandboxed, silenced login_group: if this is set to a group DN, only members of that group will be allowed to login -- cgit v1.2.3-54-g00ecf From 6d69d89cfea15e2a626cdf9378b75a3dfae65d4a Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 16:46:16 -0500 Subject: Reuse ldap connections for the default config --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 4 ++++ plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'plugins') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 25531a811..9e089485c 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -160,6 +160,10 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin function ldap_get_connection($config = null){ if($config == null){ + static $ldap = null; + if($ldap != null){ + return $ldap; + } $config = $this->ldap_get_config(); } diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 69357f8aa..91a343f40 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -159,6 +159,10 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin //-----the below function were copied from LDAPAuthenticationPlugin. They will be moved to a utility class soon.----\\ function ldap_get_connection($config = null){ if($config == null){ + static $ldap = null; + if($ldap != null){ + return $ldap; + } $config = $this->ldap_get_config(); } -- cgit v1.2.3-54-g00ecf From a00141a180d54cbcc244e0157c72f53ac53779b3 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 18 Nov 2009 16:58:06 -0500 Subject: You cannot use static that way - using another approach to save reuse the default ldap connection --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 11 ++++------- plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 11 ++++------- 2 files changed, 8 insertions(+), 14 deletions(-) (limited to 'plugins') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 9e089485c..8caacff46 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -159,24 +159,21 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin } function ldap_get_connection($config = null){ - if($config == null){ - static $ldap = null; - if($ldap != null){ - return $ldap; - } - $config = $this->ldap_get_config(); + if($config == null && isset($this->default_ldap)){ + return $this->default_ldap; } //cannot use Net_LDAP2::connect() as StatusNet uses //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2($config); + $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config()); $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); return false; } + if($config == null) $this->default_ldap=$ldap; return $ldap; } diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 91a343f40..5e759c379 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -158,24 +158,21 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin //-----the below function were copied from LDAPAuthenticationPlugin. They will be moved to a utility class soon.----\\ function ldap_get_connection($config = null){ - if($config == null){ - static $ldap = null; - if($ldap != null){ - return $ldap; - } - $config = $this->ldap_get_config(); + if($config == null && isset($this->default_ldap)){ + return $this->default_ldap; } //cannot use Net_LDAP2::connect() as StatusNet uses //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2($config); + $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config()); $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); return false; } + if($config == null) $this->default_ldap=$ldap; return $ldap; } -- cgit v1.2.3-54-g00ecf