statistics: Combine access control in a single file.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2596 44740490-163a-0410-bde0-09ae8108e29a

statistics: Combine access control in a single file.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2596 44740490-163a-0410-bde0-09ae8108e29a
02d0c23f · Olav Morken · a779ac6c · 02d0c23f · 02d0c23f · 02d0c23f
Commit 02d0c23f authored 14 years ago by Olav Morken
--- a/modules/statistics/lib/AccessCheck.php
+++ b/modules/statistics/lib/AccessCheck.php
+<?php
+
+/**
+ * Class implementing the access checker function for the statistics module.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_statistics_AccessCheck {
+
+
+	/**
+	 * Check that the user has access to the statistics.
+	 *
+	 * If the user doesn't have access, send the user to the login page.
+	 */
+	public static function checkAccess(SimpleSAML_Configuration $statconfig) {
+		$session = SimpleSAML_Session::getInstance();
+		$protected = $statconfig->getBoolean('protected', FALSE);
+		$authsource = $statconfig->getString('auth', NULL);
+		$allowedusers = $statconfig->getValue('allowedUsers', NULL);
+		$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
+
+		$acl = $statconfig->getValue('acl', NULL);
+		if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
+			throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
+		}
+
+		if ($protected) {
+
+			if (SimpleSAML_Utilities::isAdmin()) {
+				// User logged in as admin. OK.
+				SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
+
+			} elseif(isset($authsource) && $session->isValid($authsource) ) {
+
+				// User logged in with auth source.
+				SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
+
+				// Retrieving attributes
+				$attributes = $session->getAttributes();
+
+				$allow = FALSE;
+				if (!empty($allowedusers)) {
+					// Check if userid exists
+					if (!isset($attributes[$useridattr][0]))
+						throw new Exception('User ID is missing');
+
+					// Check if userid is allowed access..
+					if (!in_array($attributes[$useridattr][0], $allowedusers)) {
+						SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
+					} else {
+						SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
+						$allow = TRUE;
+					}
+				} else {
+					SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
+				}
+
+				if (!$allow && !is_null($acl)) {
+					$acl = new sspmod_core_ACL($acl);
+					if (!$acl->allows($attributes)) {
+						SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
+					} else {
+						SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
+						$allow = TRUE;
+					}
+				} else {
+					SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
+				}
+
+				if (!$allow) {
+					throw new SimpleSAML_Error_Exception('Access denied to the current user.');
+				}
+
+			} elseif(isset($authsource)) {
+				// If user is not logged in init login with authrouce if authsousrce is defined.
+				SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
+
+			} else {
+				// If authsource is not defined, init admin login.
+				SimpleSAML_Utilities::requireAdmin();
+			}
+		}
+	}
+
+}
\ No newline at end of file
--- a/modules/statistics/www/showstats.php
+++ b/modules/statistics/www/showstats.php
@@ -5,79 +5,7 @@ $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
 $session = SimpleSAML_Session::getInstance();


-/**
- * AUTHENTICATION and Authorization for access to the statistics.
- */
-$protected = $statconfig->getBoolean('protected', FALSE);
-$authsource = $statconfig->getString('auth', NULL);
-$allowedusers = $statconfig->getValue('allowedUsers', NULL);
-$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
-
-$acl = $statconfig->getValue('acl', NULL);
-if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
-	throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
-}
-
-if ($protected) {
-
-	if (SimpleSAML_Utilities::isAdmin()) {
-		// User logged in as admin. OK.
-		SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
-		
-	} elseif(isset($authsource) && $session->isValid($authsource) ) {
-	
-		// User logged in with auth source.
-		SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
-		
-		// Retrieving attributes
-		$attributes = $session->getAttributes();
-
-		$allow = FALSE;
-		if (!empty($allowedusers)) {
-			// Check if userid exists
-			if (!isset($attributes[$useridattr][0]))
-				throw new Exception('User ID is missing');
-
-			// Check if userid is allowed access..
-			if (!in_array($attributes[$useridattr][0], $allowedusers)) {
-				SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
-			} else {
-				SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
-				$allow = TRUE;
-			}
-		} else {
-			SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
-		}
-
-		if (!$allow && !is_null($acl)) {
-			$acl = new sspmod_core_ACL($acl);
-			if (!$acl->allows($attributes)) {
-				SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
-			} else {
-				SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
-				$allow = TRUE;
-			}
-		} else {
-			SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
-		}
-
-		if (!$allow) {
-			throw new SimpleSAML_Error_Exception('Access denied to the current user.');
-		}
-
-	} elseif(isset($authsource)) {
-		// If user is not logged in init login with authrouce if authsousrce is defined.
-		SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
-		
-	} else {
-		// If authsource is not defined, init admin login.
-		SimpleSAML_Utilities::requireAdmin();
-	}
-}
-/**
- * AUTHENTICATION and Authorization for access to the statistics.  ------
- */
-
+sspmod_statistics_AccessCheck::checkAccess($statconfig);


 /*

--- a/modules/statistics/www/statmeta.php
+++ b/modules/statistics/www/statmeta.php
@@ -2,61 +2,13 @@

 $config = SimpleSAML_Configuration::getInstance();
 $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
-$session = SimpleSAML_Session::getInstance();

-
-/**
- * AUTHENTICATION and Authorization for access to the statistics.
- */
-$protected = $statconfig->getBoolean('protected', FALSE);
-$authsource = $statconfig->getString('auth', NULL);
-$allowedusers = $statconfig->getValue('allowedUsers', NULL);
-$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
-
-if ($protected) {
-
-	if (SimpleSAML_Utilities::isAdmin()) {
-		// User logged in as admin. OK.
-		SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
-		
-	} elseif(isset($authsource) && $session->isValid($authsource) ) {
-	
-		// User logged in with auth source.
-		SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
-		
-		// Retrieving attributes
-		$attributes = $session->getAttributes();
-		
-		// Check if userid exists
-		if (!isset($attributes[$useridattr])) 
-			throw new Exception('User ID is missing');
-		
-		// Check if userid is allowed access..
-		if (!in_array($attributes[$useridattr][0], $allowedusers)) {
-			SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
-			throw new Exception('Access denied for this user.');
-		}
-		SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');		
-		
-	} elseif(isset($authsource)) {
-		// If user is not logged in init login with authrouce if authsousrce is defined.
-		SimpleSAML_Auth_Default::initLogin($authsource, SimpleSAML_Utilities::selfURL());
-		
-	} else {
-		// If authsource is not defined, init admin login.
-		SimpleSAML_Utilities::requireAdmin();
-	}
-}
+sspmod_statistics_AccessCheck::checkAccess($statconfig);

 $aggr = new sspmod_statistics_Aggregator();
 $aggr->loadMetadata();
 $metadata = $aggr->getMetadata();

-// echo('<pre>'); print_r($metadata);
-
-/**
- * AUTHENTICATION and Authorization for access to the statistics.  ------
- */

 $t = new SimpleSAML_XHTML_Template($config, 'statistics:statmeta-tpl.php');
 $t->data['metadata'] =  $metadata;