283 lines
8.2 KiB
PHP
283 lines
8.2 KiB
PHP
<?php defined("SYSPATH") or die("No direct script access.");
|
|
/**
|
|
* Gallery - a web based photo album viewer and editor
|
|
* Copyright (C) 2000-2012 Bharat Mediratta
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or (at
|
|
* your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*/
|
|
|
|
/**
|
|
* Provides a driver-based interface for managing users and groups.
|
|
*/
|
|
class IdentityProvider_Core {
|
|
protected static $instance;
|
|
|
|
// Configuration
|
|
protected $config;
|
|
|
|
// Driver object
|
|
protected $driver;
|
|
|
|
/**
|
|
* Returns a singleton instance of Identity.
|
|
* There can only be one Identity driver configured at a given point
|
|
*
|
|
* @param string configuration
|
|
* @return Identity_Core
|
|
*/
|
|
static function &instance() {
|
|
if (empty(self::$instance)) {
|
|
// Create a new instance
|
|
self::$instance = new IdentityProvider();
|
|
}
|
|
|
|
return self::$instance;
|
|
}
|
|
|
|
/**
|
|
* Frees the current instance of the identity provider so the next call to instance will reload
|
|
*
|
|
* @param string configuration
|
|
* @return Identity_Core
|
|
*/
|
|
static function reset() {
|
|
self::$instance = null;
|
|
Kohana_Config::instance()->clear("identity");
|
|
}
|
|
|
|
/**
|
|
* Return a commen confirmation message
|
|
*/
|
|
static function confirmation_message() {
|
|
return t("Are you sure you want to change your Identity Provider? Continuing will delete all existing users.");
|
|
}
|
|
|
|
static function change_provider($new_provider) {
|
|
if (!identity::active_user()->admin && PHP_SAPI != "cli") {
|
|
// Below, the active user is set to the primary admin.
|
|
access::forbidden();
|
|
}
|
|
|
|
$current_provider = module::get_var("gallery", "identity_provider");
|
|
if (!empty($current_provider)) {
|
|
module::uninstall($current_provider);
|
|
}
|
|
|
|
try {
|
|
IdentityProvider::reset();
|
|
$provider = new IdentityProvider($new_provider);
|
|
|
|
module::set_var("gallery", "identity_provider", $new_provider);
|
|
|
|
if (method_exists("{$new_provider}_installer", "initialize")) {
|
|
call_user_func("{$new_provider}_installer::initialize");
|
|
}
|
|
|
|
if (!$provider->admin_user()) {
|
|
throw new Exception("IdentityProvider $new_provider: Couldn't find the admin user!");
|
|
}
|
|
|
|
module::event("identity_provider_changed", $current_provider, $new_provider);
|
|
|
|
identity::set_active_user($provider->admin_user());
|
|
Session::instance()->regenerate();
|
|
} catch (Exception $e) {
|
|
static $restore_already_running;
|
|
|
|
// In case of error, make an attempt to restore the old provider. Since that's calling into
|
|
// this function again and can fail, we should be sure not to get into an infinite recursion.
|
|
if (!$restore_already_running) {
|
|
$restore_already_running = true;
|
|
|
|
// Make sure new provider is not in the database
|
|
try {
|
|
module::uninstall($new_provider);
|
|
} catch (Exception $e2) {
|
|
Kohana_Log::add("error", "Error uninstalling failed new provider\n" .
|
|
$e2->getMessage() . "\n" . $e2->getTraceAsString());
|
|
}
|
|
|
|
try {
|
|
// Lets reset to the current provider so that the gallery installation is still
|
|
// working.
|
|
module::set_var("gallery", "identity_provider", null);
|
|
IdentityProvider::change_provider($current_provider);
|
|
module::activate($current_provider);
|
|
} catch (Exception $e2) {
|
|
Kohana_Log::add("error", "Error restoring original identity provider\n" .
|
|
$e2->getMessage() . "\n" . $e2->getTraceAsString());
|
|
}
|
|
|
|
message::error(
|
|
t("Error attempting to enable \"%new_provider\" identity provider, reverted to \"%old_provider\" identity provider",
|
|
array("new_provider" => $new_provider, "old_provider" => $current_provider)));
|
|
|
|
$restore_already_running = false;
|
|
}
|
|
throw $e;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Loads the configured driver and validates it.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function __construct($config=null) {
|
|
if (empty($config)) {
|
|
$config = module::get_var("gallery", "identity_provider", "user");
|
|
}
|
|
|
|
// Test the config group name
|
|
if (($this->config = Kohana::config("identity." . $config)) === NULL) {
|
|
throw new Exception("@todo NO_USER_LIBRARY_CONFIGURATION_FOR: $config");
|
|
}
|
|
|
|
// Set driver name
|
|
$driver = "IdentityProvider_" . ucfirst($this->config["driver"]) ."_Driver";
|
|
|
|
// Load the driver
|
|
if ( ! Kohana::auto_load($driver)) {
|
|
throw new Kohana_Exception("core.driver_not_found", $this->config["driver"],
|
|
get_class($this));
|
|
}
|
|
|
|
// Initialize the driver
|
|
$this->driver = new $driver($this->config["params"]);
|
|
|
|
// Validate the driver
|
|
if ( !($this->driver instanceof IdentityProvider_Driver)) {
|
|
throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
|
|
get_class($this), "IdentityProvider_Driver");
|
|
}
|
|
|
|
Kohana_Log::add("debug", "Identity Library initialized");
|
|
}
|
|
|
|
/**
|
|
* Determine if if the current driver supports updates.
|
|
*
|
|
* @return boolean true if the driver supports updates; false if read only
|
|
*/
|
|
public function is_writable() {
|
|
return !empty($this->config["allow_updates"]);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::guest.
|
|
*/
|
|
public function guest() {
|
|
return $this->driver->guest();
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::admin_user.
|
|
*/
|
|
public function admin_user() {
|
|
return $this->driver->admin_user();
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::create_user.
|
|
*/
|
|
public function create_user($name, $full_name, $password, $email) {
|
|
return $this->driver->create_user($name, $full_name, $password, $email);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::is_correct_password.
|
|
*/
|
|
public function is_correct_password($user, $password) {
|
|
return $this->driver->is_correct_password($user, $password);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::lookup_user.
|
|
*/
|
|
public function lookup_user($id) {
|
|
return $this->driver->lookup_user($id);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::lookup_user_by_name.
|
|
*/
|
|
public function lookup_user_by_name($name) {
|
|
return $this->driver->lookup_user_by_name($name);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::create_group.
|
|
*/
|
|
public function create_group($name) {
|
|
return $this->driver->create_group($name);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::everybody.
|
|
*/
|
|
public function everybody() {
|
|
return $this->driver->everybody();
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::registered_users.
|
|
*/
|
|
public function registered_users() {
|
|
return $this->driver->registered_users();
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::lookup_group.
|
|
*/
|
|
public function lookup_group($id) {
|
|
return $this->driver->lookup_group($id);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::lookup_group_by_name.
|
|
*/
|
|
public function lookup_group_by_name($name) {
|
|
return $this->driver->lookup_group_by_name($name);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::get_user_list.
|
|
*/
|
|
public function get_user_list($ids) {
|
|
return $this->driver->get_user_list($ids);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::groups.
|
|
*/
|
|
public function groups() {
|
|
return $this->driver->groups();
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::add_user_to_group.
|
|
*/
|
|
public function add_user_to_group($user, $group) {
|
|
return $this->driver->add_user_to_group($user, $group);
|
|
}
|
|
|
|
/**
|
|
* @see IdentityProvider_Driver::remove_user_to_group.
|
|
*/
|
|
public function remove_user_from_group($user, $group) {
|
|
return $this->driver->remove_user_from_group($user, $group);
|
|
}
|
|
} // End Identity
|