Changeset 2249 for sandbox/workflow
- Timestamp:
- 03/15/10 14:41:49 (14 years ago)
- Location:
- sandbox/workflow/branches/609
- Files:
-
- 1 added
- 2 deleted
- 9 edited
-
inc/class.factory.inc.php (deleted)
-
inc/class.process_factory.inc.php (deleted)
-
inc/class.run_activity.inc.php (modified) (6 diffs)
-
inc/local/classes/class.JobBase.php (modified) (2 diffs)
-
inc/local/classes/class.wf_ldap.php (modified) (1 diff)
-
inc/local/classes/class.wf_role.php (modified) (3 diffs)
-
inc/smarty/wf_plugins/function.wf_redir_menu.php (modified) (1 diff)
-
lib/factory/Factory.php (modified) (1 diff)
-
lib/factory/ProcessFactory.php (modified) (1 diff)
-
lib/factory/ProcessWrapperFactory.php (added)
-
lib/factory/WorkflowFactory.php (modified) (1 diff)
-
lib/security/Security.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
sandbox/workflow/branches/609/inc/class.run_activity.inc.php
r2235 r2249 13 13 require_once(dirname(__FILE__) . SEP . 'class.basecontroller.inc.php' ); /* module controller */ 14 14 require_once(dirname(__FILE__) . SEP . 'class.basemodel.inc.php' ); /* module logic */ 15 require_once(dirname(__FILE__) . SEP . 'class.process_factory.inc.php'); /* module process factory class */15 //require_once(dirname(__FILE__) . SEP . 'class.process_factory.inc.php'); /* module process factory class */ 16 16 require_once(dirname(__FILE__) . SEP . 'class.utils.security.php' ); /* sanitizes input data */ 17 17 … … 301 301 $this->process_version = $this->process->getVersion(); 302 302 $this->activity_name = $activity->getName(); 303 $this->user_name = Factory::getForeignInstance('phpgwapi', 'phpgw')->accounts->id2name($GLOBALS['user']);303 $this->user_name = $GLOBALS['phpgw']->accounts->id2name($GLOBALS['user']); 304 304 $this->view_activity = $this->GUI->gui_get_process_view_activity($this->process_id); 305 305 … … 440 440 $security =& new SecurityUtils(); //input sanitizer class 441 441 $env['request'] =& $security->process($_REQUEST); //sanitizes input data from client 442 $env['factory'] =& new ProcessFactory(); //instantiation controller class 442 //$env['factory'] =& new ProcessFactory(); //instantiation controller class 443 $env['factory'] =& Factory::getInstance('ProcessWrapperFactory'); //instantiation controller class 443 444 $env['natural'] =& wf_create_object('wf_natural'); //data access object instance for mainframe 444 445 /* END WORKFLOW MVC SETTINGS */ … … 473 474 /* activate the security policy */ 474 475 Factory::getInstance('WorkflowSecurity')->enableSecurityPolicy(); 476 477 /** 478 * XXX 479 * here we are going to use our new Security static class. 480 * From now, the factory frontend (static) will forward 481 * the messages for the process factory instead of Workflow 482 * factory. 483 * XXX 484 */ 485 Security::enable(); 475 486 476 487 /* include the files */ … … 701 712 $security =& new SecurityUtils(); //input sanitizer class 702 713 $env['request'] =& $security->process($_REQUEST); //sanitizes input data from client 703 $env['factory'] =& new ProcessFactory(); //instantiation controller class 714 //$env['factory'] =& new ProcessFactory(); //instantiation controller class 715 $env['factory'] =& Factory::newInstance('ProcessWrapperFactory'); //instantiation controller class 704 716 $env['natural'] =& wf_create_object('wf_natural'); //data access object instance for mainframe 705 717 /* END WORKFLOW MVC SETTINGS */ … … 713 725 /* activate the security policy */ 714 726 Factory::getInstance('WorkflowSecurity')->enableSecurityPolicy(); 727 728 /** 729 * XXX 730 * here we are going to use our new Security static class. 731 * From now, the factory frontend (static) will forward 732 * the messages for the process factory instead of Workflow 733 * factory. Note that this is the same comment as the previous 734 * function... boooring.. =} 735 * XXX 736 */ 737 Security::enable(); 715 738 716 739 $GLOBALS['workflow_env'] = &$env; -
sandbox/workflow/branches/609/inc/local/classes/class.JobBase.php
r1437 r2249 89 89 { 90 90 require_once 'common.inc.php'; 91 $GLOBALS['workflow']['factory']->getInstance('WorkflowMacro')->prepareEnvironment();91 Factory::getInstance('WorkflowMacro')->prepareEnvironment(); 92 92 $this->jobID = $jobID; 93 93 $this->processID = $processID; 94 94 $this->currentDate = $currentDate; 95 $this->jobManager = &$GLOBALS['workflow']['factory']->getInstance('WorkflowJobManager');95 $this->jobManager = Factory::getInstance('WorkflowJobManager'); 96 96 $this->testMode = $testMode; 97 97 $this->maximumExecutionTime = $maximumExecutionTime; … … 148 148 final private function prepareEnvironment() 149 149 { 150 $GLOBALS['workflow']['factory']->getInstance('WorkflowMacro')->prepareProcessEnvironment($this->processID); 151 152 require_once PHPGW_SERVER_ROOT . '/workflow/inc/class.process_factory.inc.php'; 150 Factory::getInstance('WorkflowMacro')->prepareProcessEnvironment($this->processID); 153 151 154 152 $this->environment = array(); 155 $this->environment['factory'] = & new ProcessFactory();153 $this->environment['factory'] = &Factory::newInstance('ProcessWrapperFactory'); 156 154 } 157 155 -
sandbox/workflow/branches/609/inc/local/classes/class.wf_ldap.php
r1067 r2249 41 41 function wf_ldap() 42 42 { 43 $tmpLDAP = &$GLOBALS['workflow']['factory']->getInstance('WorkflowLDAP');43 $tmpLDAP = Factory::getInstance('WorkflowLDAP'); 44 44 $this->user_context = $tmpLDAP->getUserContext(); 45 45 $this->group_context = $tmpLDAP->getGroupContext(); -
sandbox/workflow/branches/609/inc/local/classes/class.wf_role.php
r1048 r2249 186 186 $users = array((int) $users); 187 187 $roleID = $this->roleManager->get_role_id($this->processID, $roleName); 188 $ldap = &$GLOBALS['workflow']['factory']->getInstance('WorkflowLDAP');188 $ldap = Factory::getInstance('WorkflowLDAP'); 189 189 foreach ($users as $user) 190 190 { … … 212 212 $users = $this->roleManager->list_mapped_users($this->processID, false, array('wf_role_name' => $roleName)); 213 213 214 $ldap = &$GLOBALS['workflow']['factory']->getInstance('WorkflowLDAP');214 $ldap = Factory::getInstance('WorkflowLDAP'); 215 215 $output = array(); 216 216 foreach ($users as $id => $login) … … 367 367 368 368 /* get the roles */ 369 $userGroups = $GLOBALS['workflow']['factory']->getInstance('WorkflowLDAP')->getUserGroups($userID);369 $userGroups = Factory::getInstance('WorkflowLDAP')->getUserGroups($userID); 370 370 $query = 'SELECT DISTINCT role.wf_role_id, role.wf_name, role.wf_description FROM egw_wf_roles role, egw_wf_user_roles user_role WHERE (user_role.wf_role_id = role.wf_role_id) AND (role.wf_p_id = ?) AND (role.wf_role_id = ANY (?))'; 371 371 $query .= ' AND (((user_role.wf_user = ?) AND (user_role.wf_account_type = ?))'; -
sandbox/workflow/branches/609/inc/smarty/wf_plugins/function.wf_redir_menu.php
r2233 r2249 54 54 55 55 $user_is_admin = Factory::getInstance('workflow_acl')->checkWorkflowAdmin($GLOBALS['phpgw_info']['user']['account_id']); 56 $phpgw =& Factory::getForeignInstance('phpgwapi','phpgw'); 57 if ($user_is_admin || ($phpgw->acl->check('admin_workflow',1,'workflow'))) { 56 if ($user_is_admin || ($GLOBALS['phpgw']->acl->check('admin_workflow',1,'workflow'))) { 58 57 $select_tag .= "<option value=\"ad\">Administração</option>"; 59 58 } 60 if ($user_is_admin || ($ phpgw->acl->check('monitor_workflow',1,'workflow'))) {59 if ($user_is_admin || ($GLOBALS['phpgw']->acl->check('monitor_workflow',1,'workflow'))) { 61 60 $select_tag .= "<option value=\"mo\">Monitoramento</option>"; 62 61 } -
sandbox/workflow/branches/609/lib/factory/Factory.php
r2233 r2249 58 58 59 59 /** 60 * Just forward this call to the correct class.60 * Just forward this call. 61 61 * 62 62 * @access public 63 * @retu n object63 * @return object 64 64 * @static 65 65 */ 66 66 public static function &getInstance() { 67 67 68 /* oops. we are in the process space. */ 69 if (Security::isEnabled()) { 70 71 /* must instatiate it */ 72 if (is_null(self::$_securedFactory)) 73 self::$_securedFactory = new ProcessFactory(); 74 75 $args = func_get_args(); 76 return call_user_func_array(array(self::$_securedFactory, "getInstance"), $args); 77 78 } 79 /* regular module space */ 80 else { 81 82 /* must instatiate it */ 83 if (is_null(self::$_unsecuredFactory)) 84 self::$_unsecuredFactory = new WorkflowFactory(); 85 86 $args = func_get_args(); 87 return call_user_func_array(array(self::$_unsecuredFactory, "getInstance"), $args); 88 } 68 $args = func_get_args(); 69 return self::_callMethod(__FUNCTION__, $args); 89 70 } 90 71 91 72 92 73 /** 93 * Just forward this call to the correct class.74 * Just forward this call. 94 75 * 95 76 * @access public 96 * @retu n object77 * @return object 97 78 * @static 98 79 */ 99 80 public static function &newInstance() { 100 81 101 /* oops. we are in the process space. */ 102 if (Security::isEnabled()) { 82 $args = func_get_args(); 83 return self::_callMethod(__FUNCTION__, $args); 84 } 103 85 104 /* must instatiate it */ 86 87 /** 88 * Selecting the proper factory to call. This function 89 * should never be called with a random $methodName. Allowed 90 * values are 'getInstance' and 'newInstance'. 91 * 92 * @access private 93 * @return object 94 * @static 95 */ 96 private static function &_callMethod($methodName, $args) { 97 98 /* security off (module space) */ 99 if (!Security::isEnabled()) { 100 101 /* it must be instatiated */ 102 if (is_null(self::$_unsecuredFactory)) 103 self::$_unsecuredFactory = new WorkflowFactory(); 104 105 return call_user_func_array(array(self::$_unsecuredFactory, $methodName), $args); 106 } 107 /* oops. we are in the process space (restricted). */ 108 else { 109 110 /* it must be instatiated */ 105 111 if (is_null(self::$_securedFactory)) 106 112 self::$_securedFactory = new ProcessFactory(); 107 113 108 $args = func_get_args(); 109 return call_user_func_array(array(self::$_securedFactory, "newInstance"), $args); 114 /** 115 * If the class is not allowed, we must check who is trying 116 * to instantiate it. If it's a module guy, let's allow him. 117 * Throw up the exception otherwise. 118 */ 119 try { 120 $obj = call_user_func_array(array(self::$_securedFactory, $methodName), $args); 121 } 110 122 111 } 112 /* regular module space */ 113 else { 123 /** 124 * We are erroneously catching any exceptions. We should catch only the 'class not allowed' 125 * types of exceptions. To do so, a custom exception class must be defined. 126 */ 127 catch(Exception $e) { 114 128 115 /* must instatiate it */ 116 if (is_null(self::$_unsecuredFactory)) 117 self::$_unsecuredFactory = new WorkflowFactory(); 129 /** 130 * Here we are using depth 2 in isSafeDir method, because we are on a private 131 * method. Thus, we need to know if the "caller's caller's" function is on a 132 * safe dir, instead of the direct caller's method. 133 */ 134 if (Security::isSafeDir(2)) 135 $obj = call_user_func_array(array(self::$_unsecuredFactory, $methodName), $args); 118 136 119 $args = func_get_args(); 120 return call_user_func_array(array(self::$_unsecuredFactory, "newInstance"), $args); 137 /* nasty one. take this... */ 138 else 139 throw($e); 140 } 141 142 // finally 143 return $obj; 121 144 } 122 145 } -
sandbox/workflow/branches/609/lib/factory/ProcessFactory.php
r2222 r2249 48 48 49 49 /* registering allowed classes */ 50 //$this->registerFileInfo('WorkflowObjects', 'class.WorkflowObjects.inc.php', 'inc'); 50 $this->registerFileInfo('wf_orgchart', 'class.wf_orgchart.php', 'inc/local/classes'); 51 $this->registerFileInfo('wf_ldap', 'class.wf_ldap.php', 'inc/local/classes'); 52 $this->registerFileInfo('wf_engine', 'class.wf_engine.php', 'inc/local/classes'); 53 $this->registerFileInfo('wf_role', 'class.wf_role.php', 'inc/local/classes'); 54 $this->registerFileInfo('wf_instance', 'class.wf_instance.php', 'inc/local/classes'); 55 $this->registerFileInfo('wf_location', 'class.wf_location.php', 'inc/local/classes'); 56 $this->registerFileInfo('wf_db', 'class.wf_db.php', 'inc/local/classes'); 57 $this->registerFileInfo('wf_fpdf', 'class.wf_fpdf.php', 'inc/local/classes'); 58 $this->registerFileInfo('wf_paging', 'class.wf_paging.php', 'inc/local/classes'); 51 59 52 60 /* ok. no more instances of this class.. */ -
sandbox/workflow/branches/609/lib/factory/WorkflowFactory.php
r2233 r2249 68 68 $this->registerFileInfo('accounts', 'class.accounts.inc.php', '', EGW_INC_ROOT); 69 69 70 71 /** 72 * TODO - This is a veeery big workaround to maintain compatibility with 73 * processes that uses the old not-static factory. So, we made this wrapper 74 * (adapter) that just calls the new and cute static factory class in the 75 * right way. It should be removed as soon as possible. 76 */ 77 $this->registerFileInfo('ProcessWrapperFactory', 'ProcessWrapperFactory.php', 'lib/factory/'); 78 79 70 80 /* ok. no more instances of this class.. */ 71 81 self::$_instantiated = true; -
sandbox/workflow/branches/609/lib/security/Security.php
r2222 r2249 16 16 * executing process code. 17 17 * 18 * @package Factory18 * @package Security 19 19 * @license http://www.gnu.org/copyleft/gpl.html GPL 20 20 * @author Pedro Eugênio Rocha - pedro.eugenio.rocha@gmail.com … … 43 43 * Returns the current security mode. 44 44 * @access public 45 * @return boolean 45 * @return boolea 46 * @static 46 47 */ 47 48 public static function isEnabled() { … … 58 59 public static function enable() { 59 60 60 if (self:: _isAllowed())61 if (self::isSafeDir()) 61 62 self::$_protection = true; 62 63 else 63 throw new Exception('You are not allowed to change security mode.');64 throw new Exception('You are not allowed to change the security mode.'); 64 65 return true; 65 66 } … … 73 74 public static function disable() { 74 75 75 if (self:: _isAllowed())76 if (self::isSafeDir()) 76 77 self::$_protection = false; 77 78 else 78 throw new Exception('You are not allowed to change security mode.');79 throw new Exception('You are not allowed to change the security mode.'); 79 80 return true; 81 } 82 83 84 /** 85 * Implements the security validation. 86 * This function tell us if a fileName is on a safe directory. 87 * For safe dir we mean that no process code exists under it. 88 * The 'depth' parameter specifies the deepness of the file that 89 * we are validate. Default value is to validate the imediate 90 * previous function. 91 * 92 * @access public 93 * @return boolean 94 * @static 95 */ 96 public static function isSafeDir($depth = 1) { 97 98 /* our backtrace based policy */ 99 $backtrace = debug_backtrace(); 100 $originFile = $backtrace[$depth]['file']; 101 102 if (empty($originFile)) 103 return false; 104 105 /* if $fileName is a file under our server root, then it's safe. */ 106 if (substr_compare($originFile, EGW_SERVER_ROOT, 0, strlen(EGW_SERVER_ROOT)) == 0) 107 return true; 108 return false; 80 109 } 81 110 … … 93 122 $backtrace = debug_backtrace(); 94 123 95 /* TODO - These are not definitive validations */ 124 96 125 /* $backtrace[1] specifies the imediate antecessor function */ 97 $ basedir = dirname($backtrace[1]['file']);126 $originFile = basename($backtrace[1]['file']); 98 127 99 if ($basedir == dirname(__FILE__)) 128 129 /** 130 * TODO - TODO - TODO - TODO 131 * We all know that compare file names is a awful thing.. 132 * what makes it even worse is the fact that the file name 133 * could contain double slashes (e.g. //) caused by wrong 134 * concatenations. So we cannot compare the whole file path. 135 * Moreover, if the process has a file named $allowedFile, 136 * our security will eventually fail.. 137 * 138 * Anyway, we should think in a better way to validate this... 139 */ 140 if (basename($originFile) == basename($allowedFile)) 100 141 return true; 101 142 return false; 102 143 } 103 144 } 104 105 145 ?>
Note: See TracChangeset
for help on using the changeset viewer.
