array(
'className' => 'SecureAuth',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'authError' => 'Did you really think you are allowed to see that?',
'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller') // Added this line
)
);
public function isAuthorized($user) {
if (self::_isAdmin()) {
return true; // admin can access every action on every controller
}
return false; // The rest don't
}
function beforeFilter() {
// REST things
if ($this->_isRest()) {
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
$this->Security->csrfCheck = false;
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$authkey = $_SERVER['HTTP_AUTHORIZATION'];
$this->loadModel('User');
$params = array(
'conditions' => array('User.authkey' => $authkey),
'recursive' => 0,
);
$user = $this->User->find('first', $params);
if ($user) {
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
throw new ForbiddenException('Incorrect authentication key');
}
}
}
// These variables are required for every view
$this->set('me', $this->Auth->user());
$this->set('isAdmin', $this->_isAdmin());
}
protected function _isRest() {
return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
}
/**
* Convert an array to the same array but with the values also as index instead of an interface_exists
*/
function _arrayToValuesIndexArray($old_array) {
$new_array = Array();
foreach ($old_array as $value)
$new_array[$value] = $value;
return $new_array;
}
/**
* checks if the currently logged user is an administrator
*/
public function _isAdmin() {
$org = $this->Auth->user('org');
if (isset($org) && $org === 'ADMIN') {
return true;
}
return false;
}
/**
* Refreshes the Auth session with new/updated data
* @return void
*/
function _refreshAuth() {
if (isset($this->User)) {
$user = $this->User->read(false, $this->Auth->user('id'));
} else {
$user= ClassRegistry::init('User')->findById($this->Auth->user('id'));
}
$this->Auth->login($user['User']);
}
/**
* Updates the missing fields from v0.1 to v0.2 of CyDefSIG
* First you will need to manually update the database to the new schema.
* Log in as admin user and
* Then run this function by setting debug = 1 (or more) and call /events/migrate01to02
*/
function migrate01to02() {
if (!self::_isAdmin()) throw new NotFoundException();
// generate uuids for events who have no uuid
$this->loadModel('Event');
$params = array(
'conditions' => array('Event.uuid' => ''),
'recursive' => 0,
'fields' => array('Event.id'),
);
$events = $this->Event->find('all', $params);
echo 'Generating UUID for events: ';
foreach ($events as $event) {
$this->Event->id = $event['Event']['id'];
$this->Event->saveField('uuid', String::uuid());
echo $event['Event']['id'].' ';
}
echo "
";
// generate uuids for attributes who have no uuid
$this->loadModel('Attribute');
$params = array(
'conditions' => array('Attribute.uuid' => ''),
'recursive' => 0,
'fields' => array('Attribute.id'),
);
$attributes = $this->Attribute->find('all', $params);
echo 'Generating UUID for attributes: ';
foreach ($attributes as $attribute) {
$this->Attribute->id = $attribute['Attribute']['id'];
$this->Attribute->saveField('uuid', String::uuid());
echo $attribute['Attribute']['id'].' ';
}
echo "
";
}
/**
* Updates the missing fields from v0.2 to v0.2.1 of CyDefSIG
* First you will need to manually update the database to the new schema.
* Log in as admin user and
* Then run this function by setting debug = 1 (or more) and call /events/migrate02to021
*/
function migrate02to021() {
if (!self::_isAdmin()) throw new NotFoundException();
// search for composite value1 fields and explode it to value1 and value2
$this->loadModel('Attribute');
$params = array(
'conditions' => array(
'OR' => array(
'Attribute.type' => $this->Attribute->getCompositeTypes()
)
),
'recursive' => 0,
'fields' => array('Attribute.id', 'Attribute.value1'),
);
$attributes = $this->Attribute->find('all', $params);
echo 'Exploding composite fields in 2 columns:
';
foreach ($attributes as $attribute) {
$pieces = explode('|', $attribute['Attribute']['value1']);
if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
$this->Attribute->id = $attribute['Attribute']['id'];
echo '- '.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'
';
$this->Attribute->saveField('value1', $pieces[0]);
$this->Attribute->id = $attribute['Attribute']['id'];
$this->Attribute->saveField('value2', $pieces[1]);
}
echo "
DONE";
}
function migrate021to022() {
if (!self::_isAdmin()) throw new NotFoundException();
// replace description by comment
// replace empty category
// not easy as we have to guess the category from the type
// $this->loadModel('Attribute');
// $params = array(
// 'conditions' => array('Attribute.type' => ''),
// 'recursive' => 0,
// 'fields' => array('Attribute.id'),
// );
// $attributes = $this->Attribute->find('all', $params);
// echo 'Replacing empty categories by OtherExploding composite fields in 2 columns:
';
// foreach ($attributes as $attribute) {
// $pieces = explode('|', $attribute['Attribute']['value1']);
// if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
// $this->Attribute->id = $attribute['Attribute']['id'];
// echo '- '.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'
';
// $this->Attribute->saveField('value1', $pieces[0]);
// $this->Attribute->id = $attribute['Attribute']['id'];
// $this->Attribute->saveField('value2', $pieces[1]);
// }
// echo "
DONE";
// search for incompatible combination of category / type
}
}