add inventory service; add school role and attach after login via cas; load...

add inventory service; add school role and attach after login via cas; load role from database and add to session
parent 7bb4c62f
...@@ -13,10 +13,10 @@ return [ ...@@ -13,10 +13,10 @@ return [
'module/assets_manager/bootstrap.php', 'module/assets_manager/bootstrap.php',
'module/authentication/bootstrap.php', 'module/authentication/bootstrap.php',
'module/authorization/bootstrap.php', 'module/authorization/bootstrap.php',
// 'module/sch_ldap/bootstrap.php', 'module/sch_ldap/bootstrap.php',
'module/sch_sso/bootstrap.php', 'module/sch_sso/bootstrap.php',
'module/sch_mm/bootstrap.php', 'module/sch_mm/bootstrap.php',
// 'module/sch_auto_create/bootstrap.php', 'module/sch_inventory/bootstrap.php',
'module/schools/bootstrap.php', 'module/schools/bootstrap.php',
'module/application/bootstrap.php', 'module/application/bootstrap.php',
], ],
......
...@@ -11,9 +11,10 @@ return [ ...@@ -11,9 +11,10 @@ return [
'acl' => [ 'acl' => [
'default_role' => 'guest', 'default_role' => 'guest',
'roles' => [ 'roles' => [
'guest' => [], 'guest' => [],
'user' => [], 'user' => [],
'admin' => ['user'], 'school' => ['user'],
'admin' => ['user'],
], ],
'resoures' => [], 'resoures' => [],
'guards' => [ 'guards' => [
......
<?php return [
'inventory' => [
'base_uri' => '',
],
];
\ No newline at end of file
...@@ -11,10 +11,10 @@ return [ ...@@ -11,10 +11,10 @@ return [
'acl' => [ 'acl' => [
'guards' => [ 'guards' => [
'routes' => [ 'routes' => [
['/school', ['user'], ['get']], ['/school', ['school'], ['get']],
['/school/labs', ['user'], ['get']], ['/school/labs', ['school'], ['get']],
['/school/staff', ['user'], ['get']], ['/school/staff', ['school'], ['get']],
['/school/assets', ['user'], ['get']], ['/school/assets', ['school'], ['get']],
], ],
], ],
], ],
......
...@@ -22,6 +22,10 @@ return function (Slim\App $app) { ...@@ -22,6 +22,10 @@ return function (Slim\App $app) {
return new GrEduLabs\Authorization\Acl($settings['acl'], $c); return new GrEduLabs\Authorization\Acl($settings['acl'], $c);
}; };
$container['acl'] = $container->protect(function () use ($container) {
return $container[GrEduLabs\Authorization\Acl::class];
});
$container['current_role'] = $container->protect(function () use ($container) { $container['current_role'] = $container->protect(function () use ($container) {
$settings = $container['settings']; $settings = $container['settings'];
$defaultRole = $settings['acl']['default_role']; $defaultRole = $settings['acl']['default_role'];
...@@ -40,14 +44,17 @@ return function (Slim\App $app) { ...@@ -40,14 +44,17 @@ return function (Slim\App $app) {
return new GrEduLabs\Authorization\RouteGuard($c[GrEduLabs\Authorization\Acl::class], $role); return new GrEduLabs\Authorization\RouteGuard($c[GrEduLabs\Authorization\Acl::class], $role);
}; };
$container[GrEduLabs\Authorization\RoleListener::class] = function ($c) { $container[GrEduLabs\Authorization\Listener\RoleProvider::class] = function ($c) {
return new GrEduLabs\Authorization\RoleListener($c['authentication_storage']); return new GrEduLabs\Authorization\Listener\RoleProvider(
$c['authentication_storage'],
$c[GrEduLabs\Authorization\Acl::class]
);
}; };
$events = $container['events']; $events = $container['events'];
$events('on', 'authenticate.success', function ($stop, $identity) use ($container) { $events('on', 'authenticate.success', function ($stop, $identity) use ($container) {
$listener = $container[GrEduLabs\Authorization\RoleListener::class]; $listener = $container[GrEduLabs\Authorization\Listener\RoleProvider::class];
$listener($stop, $identity); $listener($stop, $identity);
}); });
......
...@@ -8,22 +8,32 @@ ...@@ -8,22 +8,32 @@
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html * @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/ */
namespace GrEduLabs\Authorization; namespace GrEduLabs\Authorization\Listener;
use GrEduLabs\Authorization\RoleAwareInterface;
use RedBeanPHP\R;
use Zend\Authentication\Storage\StorageInterface; use Zend\Authentication\Storage\StorageInterface;
use Zend\Permissions\Acl\AclInterface;
class RoleListener class RoleProvider
{ {
private $session; private $session;
public function __construct(StorageInterface $session) private $acl;
public function __construct(StorageInterface $session, AclInterface $acl)
{ {
$this->session = $session; $this->session = $session;
$this->acl = $acl;
} }
public function __invoke(callable $stop, RoleAwareInterface $identity) public function __invoke(callable $stop, RoleAwareInterface $identity)
{ {
$identity->setRole('user'); $user = R::findOne('user', 'mail = ?', [$identity->mail]);
$role = ($user && isset($user->role)) ? $user->role : 'user';
$validRoles = $this->acl->getRoles();
$role = (in_array($role, $validRoles)) ? $role : 'user';
$identity->setRole($role);
$this->session->write($identity); $this->session->write($identity);
} }
} }
...@@ -12,17 +12,13 @@ return function (Slim\App $app) { ...@@ -12,17 +12,13 @@ return function (Slim\App $app) {
$container = $app->getContainer(); $container = $app->getContainer();
$container['autoloader']->addPsr4('SchAutoCreate\\', __DIR__ . '/src'); $container['autoloader']->addPsr4('SchInventory\\', __DIR__ . '/src/');
$events = $container['events']; $container['SchInventory\\Service'] = function ($c) {
$settings = $c['settings'];
$container[SchAutoCreate\Listener\User::class] = function ($c) { return new SchInventory\GuzzleHttpService(
return new SchAutoCreate\Listener\User($c['logger']); new GuzzleHttp\Client($settings['inventory'])
);
}; };
$events('on', 'authenticate.success', function ($stop, $identity) use ($container) {
$listener = $container[SchAutoCreate\Listener\User::class];
return $listener($stop, $identity);
});
}; };
<?php
/**
* gredu_labs
*
* @link https://github.com/eellak/gredu_labs for the canonical source repository
* @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/
namespace SchInventory;
class Equipment
{
protected $id;
protected $category;
protected $description;
protected $location;
protected $manufacturer;
protected $propertyNumber;
public function __construct($id, $category, $description, $location, $manufacturer, $propertyNumber)
{
$this->id = $id;
$this->category = $category;
$this->description = $description;
$this->location = $location;
$this->manufacturer = $manufacturer;
$this->propertyNumber = $propertyNumber;
}
public function __get($name)
{
if (property_exists($this, $name)) {
return $this->{$name};
}
return;
}
public function toArray()
{
return [
'id' => $this->id,
'category' => $this->category,
'description' => $this->description,
'location' => $this->location,
'manufacturer' => $this->manufacturer,
'propertyNumber' => $this->propertyNumber,
];
}
}
<?php
/**
* gredu_labs
*
* @link https://github.com/eellak/gredu_labs for the canonical source repository
* @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/
namespace SchInventory;
use CallbackFilterIterator;
use InvalidArgumentException;
use Traversable;
class EquipmentCollection extends ImmutableArrayObject
{
/**
* Collection constructor
*
* @param array|Traversable
*/
public function __construct($equipmentObjects)
{
if ($equipmentObjects instanceof Traversable) {
$equipmentObjects = iterator_to_array($equipmentObjects);
}
$previousHandler = set_error_handler(['self', 'handleErrors']);
parent::__construct(array_map(function (Equipment $equipment) {
return $equipment;
}, $equipmentObjects));
set_error_handler($previousHandler);
}
/**
* Returns a new Equipment collection with equimpment matching the given location
*
* @param string $location
* @retun EquipmentCollection
*/
public function withLocation($location)
{
return new self(new CallbackFilterIterator($this->getIterator(), function (Equipment $equipment) use ($location) {
return $equipment->location === $location;
}));
}
/**
* Returns a new Equipment collection with equimpment matching the given category
*
* @param string $category
* @retun EquipmentCollection
*/
public function withCategory($category)
{
return new self(new CallbackFilterIterator($this->getIterator(), function (Equipment $equipment) use ($category) {
return $equipment->category === $category;
}));
}
private static function handleErrors($severity, $message, $file, $line)
{
throw new InvalidArgumentException($message);
}
}
<?php
/**
* gredu_labs
*
* @link https://github.com/eellak/gredu_labs for the canonical source repository
* @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/
namespace SchInventory;
use GuzzleHttp\ClientInterface;
/**
* Inventory service implementation using GuzzleHttp library
*/
class GuzzleHttpService implements ServiceInterface
{
/**
* @var ClientInterface
*/
protected $httpClient;
/**
* Class constructor
*
* @param ClientInterface $httpClient
*/
public function __construct(ClientInterface $httpClient)
{
$this->httpClient = $httpClient;
}
/**
* Retrieves all equipment data for unit
*
* @param mixed $unit
* @return EquipmentCollection
*/
public function getUnitEquipment($unit)
{
$response = $this->httpClient->request('GET', $this->createBaseUri($unit));
$responseData = json_decode($response->getBody()->getContents(), true);
return new EquipmentCollection(
array_map([$this, 'hydrateEquipment'], $responseData['flat_results'])
);
}
/**
* Creates the uri with the unit query parameter
*
* @param mixed $unit
* @return Psr\Http\Message\UriInterface
*/
private function createBaseUri($unit)
{
$config = $this->httpClient->getConfig();
$baseUri = $config['base_uri'];
return $baseUri->withQueryValue($baseUri, 'unit', $unit);
}
private function hydrateEquipment(array $data)
{
return new Equipment(
(isset($data['id']) ? $data['id'] : null),
(isset($data['item_template.category.name']) ? $data['item_template.category.name'] : null),
(isset($data['item_template.description']) ? $data['item_template.description'] : null),
(isset($data['location.name']) ? $data['location.name'] : null),
(isset($data['item_template.manufacturer.name']) ? $data['item_template.manufacturer.name'] : null),
(isset($data['property_number']) ? $data['property_number'] : null)
);
}
}
<?php
/**
* gredu_labs
*
* @link https://github.com/eellak/gredu_labs for the canonical source repository
* @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/
namespace SchInventory;
use ArrayObject;
use LogicException;
class ImmutableArrayObject extends ArrayObject
{
public function append($value)
{
throw new LogicException('Attempting to write to an immutable array');
}
public function exchangeArray($input)
{
throw new LogicException('Attempting to write to an immutable array');
}
public function offsetSet($index, $newval)
{
throw new LogicException('Attempting to write to an immutable array');
}
public function offsetUnset($index)
{
throw new LogicException('Attempting to write to an immutable array');
}
}
<?php
/**
* gredu_labs
*
* @link https://github.com/eellak/gredu_labs for the canonical source repository
* @copyright Copyright (c) 2008-2015 Greek Free/Open Source Software Society (https://gfoss.ellak.gr/)
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/
namespace SchInventory;
/**
* Inventory service interface
*/
interface ServiceInterface
{
/**
* Retrieves all equipment data for unit
*
* @param mixed $unit
* @return EquipmentCollection
*/
public function getUnitEquipment($unit);
}
...@@ -73,6 +73,11 @@ return function (Slim\App $app) { ...@@ -73,6 +73,11 @@ return function (Slim\App $app) {
); );
}; };
$container[SchSSO\Listener\User::class] = function ($c) {
return new SchSSO\Listener\User($c['logger']);
};
$container[SchSSO\Action\Login::class] = function ($c) { $container[SchSSO\Action\Login::class] = function ($c) {
$authService = $c['authentication_service']; $authService = $c['authentication_service'];
$authService->setAdapter($c[SchSSO\Adapter\Cas::class]); $authService->setAdapter($c[SchSSO\Adapter\Cas::class]);
...@@ -114,6 +119,13 @@ return function (Slim\App $app) { ...@@ -114,6 +119,13 @@ return function (Slim\App $app) {
} }
}); });
$events('on', 'authenticate.success', function ($stop, $identity) use ($container) {
$listener = $container[SchSSO\Listener\User::class];
return $listener($stop, $identity);
}, 1000);
$app->get('/user/login/sso', SchSSO\Action\Login::class)->setName('user.login.sso'); $app->get('/user/login/sso', SchSSO\Action\Login::class)->setName('user.login.sso');
$app->get('/user/logout/sso', SchSSO\Action\Logout::class)->setName('user.logout.sso'); $app->get('/user/logout/sso', SchSSO\Action\Logout::class)->setName('user.logout.sso');
}; };
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html * @license GNU GPLv3 http://www.gnu.org/licenses/gpl-3.0-standalone.html
*/ */
namespace SchAutoCreate\Listener; namespace SchSSO\Listener;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use RedBeanPHP\R; use RedBeanPHP\R;
...@@ -34,7 +34,8 @@ class User ...@@ -34,7 +34,8 @@ class User
$user->authentication_source = $identity->authenticationSource; $user->authentication_source = $identity->authenticationSource;
$user->password = ''; $user->password = '';
$user->created = time(); $user->created = time();
$this->logger->info(sprintf('User %s added to database after login', $identity->mail)); $user->role = 'school';
$this->logger->info(sprintf('User %s imported from sso.sch.gr to database', $identity->mail));
} }
$user->last_login = time(); $user->last_login = time();
R::store($user); R::store($user);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment