PHP identity::set_active_user方法代码示例

 static function login($user)
 {
     if (identity::is_writable()) {
         $user->login_count += 1;
         $user->last_login = time();
         $user->save();
     }
     identity::set_active_user($user);
     log::info("user", t("User %name logged in", array("name" => $user->name)));
     module::event("user_login", $user);
 }

 static function gallery_ready()
 {
     $sso_username = Input::instance()->server("REMOTE_USER");
     $user = Session::instance()->get("user");
     if (empty($user) || $user->name != $sso_username) {
         try {
             identity::set_active_user(identity::lookup_user_by_name($sso_username));
         } catch (Exception $e) {
             Kohana_Log::add("error", "Couldn't authenticate as {$sso_username}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
         }
     }
 }

 public function viewable_test()
 {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $item = self::_create_random_item($album);
     identity::set_active_user(identity::guest());
     // We can see the item when permissions are granted
     access::allow(identity::everybody(), "view", $album);
     $this->assert_equal(1, ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all());
     // We can't see the item when permissions are denied
     access::deny(identity::everybody(), "view", $album);
     $this->assert_equal(0, ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all());
 }

 public function viewable_test()
 {
     $album = test::random_album();
     $item = test::random_photo($album);
     $album->reload();
     identity::set_active_user(identity::guest());
     // We can see the item when permissions are granted
     access::allow(identity::everybody(), "view", $album);
     $this->assert_equal(1, ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all());
     // We can't see the item when permissions are denied
     access::deny(identity::everybody(), "view", $album);
     $this->assert_equal(0, ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all());
 }

 public function cant_view_comments_for_unviewable_items_test()
 {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $comment = comment::create($album, identity::guest(), "text", "name", "email", "url");
     identity::set_active_user(identity::guest());
     // We can see the comment when permissions are granted on the album
     access::allow(identity::everybody(), "view", $album);
     $this->assert_equal(1, ORM::factory("comment")->viewable()->where("comments.id", "=", $comment->id)->count_all());
     // We can't see the comment when permissions are denied on the album
     access::deny(identity::everybody(), "view", $album);
     $this->assert_equal(0, ORM::factory("comment")->viewable()->where("comments.id", "=", $comment->id)->count_all());
 }

 public function post_fails_without_permissions_test()
 {
     access::deny(identity::everybody(), "edit", item::root());
     identity::set_active_user(identity::guest());
     try {
         $request->params->name = "test tag";
         tags_rest::post($request);
     } catch (Exception $e) {
         $this->assert_equal(403, $e->getCode());
         return;
     }
     $this->assert_true(false, "Shouldnt get here");
 }

 static function change_provider($new_provider)
 {
     if (!identity::active_user()->admin && PHP_SAPI != "cli") {
         // Below, the active user is set to the primary admin.
         access::forbidden();
     }
     $current_provider = module::get_var("gallery", "identity_provider");
     if (!empty($current_provider)) {
         module::uninstall($current_provider);
     }
     try {
         IdentityProvider::reset();
         $provider = new IdentityProvider($new_provider);
         module::set_var("gallery", "identity_provider", $new_provider);
         if (class_exists("{$new_provider}_installer") && method_exists("{$new_provider}_installer", "initialize")) {
             call_user_func("{$new_provider}_installer::initialize");
         }
         if (!$provider->admin_user()) {
             throw new Exception("IdentityProvider {$new_provider}: Couldn't find the admin user!");
         }
         module::event("identity_provider_changed", $current_provider, $new_provider);
         identity::set_active_user($provider->admin_user());
         Session::instance()->regenerate();
     } catch (Exception $e) {
         static $restore_already_running;
         // In case of error, make an attempt to restore the old provider.  Since that's calling into
         // this function again and can fail, we should be sure not to get into an infinite recursion.
         if (!$restore_already_running) {
             $restore_already_running = true;
             // Make sure new provider is not in the database
             try {
                 module::uninstall($new_provider);
             } catch (Exception $e2) {
                 Kohana_Log::add("error", "Error uninstalling failed new provider\n" . $e2->getMessage() . "\n" . $e2->getTraceAsString());
             }
             try {
                 // Lets reset to the current provider so that the gallery installation is still
                 // working.
                 module::set_var("gallery", "identity_provider", null);
                 IdentityProvider::change_provider($current_provider);
                 module::activate($current_provider);
             } catch (Exception $e2) {
                 Kohana_Log::add("error", "Error restoring original identity provider\n" . $e2->getMessage() . "\n" . $e2->getTraceAsString());
             }
             message::error(t("Error attempting to enable \"%new_provider\" identity provider, reverted to \"%old_provider\" identity provider", array("new_provider" => $new_provider, "old_provider" => $current_provider)));
             $restore_already_running = false;
         }
         throw $e;
     }
 }

 public function post_fails_without_permissions_test()
 {
     // We have to remove edit permissions from everywhere
     Database::instance()->query("UPDATE {access_caches} SET edit_1=0");
     identity::set_active_user(identity::guest());
     try {
         $request = new stdClass();
         $request->params = new stdClass();
         $request->params->name = "test tag";
         tags_rest::post($request);
     } catch (Exception $e) {
         $this->assert_equal(403, $e->getCode());
         return;
     }
     $this->assert_true(false, "Shouldnt get here");
 }

 public function cant_view_comments_for_unviewable_items_test()
 {
     $album = test::random_album();
     $comment = ORM::factory("comment");
     $comment->item_id = $album->id;
     $comment->author_id = identity::admin_user()->id;
     $comment->text = "text";
     $comment->save();
     identity::set_active_user(identity::guest());
     // We can see the comment when permissions are granted on the album
     access::allow(identity::everybody(), "view", $album);
     $this->assert_true(ORM::factory("comment")->viewable()->where("comments.id", "=", $comment->id)->count_all());
     // We can't see the comment when permissions are denied on the album
     access::deny(identity::everybody(), "view", $album);
     $this->assert_false(ORM::factory("comment")->viewable()->where("comments.id", "=", $comment->id)->count_all());
 }

 static function set_active_user($access_token)
 {
     if (empty($access_token)) {
         identity::set_active_user(identity::guest());
         return;
     }
     $key = ORM::factory("user_access_token")->where("access_key", "=", $access_token)->find();
     if (!$key->loaded()) {
         throw new Rest_Exception("Forbidden", 403);
     }
     $user = identity::lookup_user($key->user_id);
     if (empty($user)) {
         throw new Rest_Exception("Forbidden", 403);
     }
     identity::set_active_user($user);
 }

 private function _authenticate()
 {
     $auth = new Sabre_HTTP_BasicAuth();
     $auth->setRealm(item::root()->title);
     $authResult = $auth->getUserPass();
     list($username, $password) = $authResult;
     if (!$username || !$password) {
         $auth->requireLogin();
         return false;
     }
     $user = identity::lookup_user_by_name($username);
     if (empty($user) || !identity::is_correct_password($user, $password)) {
         $auth->requireLogin();
         return false;
     }
     identity::set_active_user($user);
     return true;
 }

 public function illegal_access_test()
 {
     $album = test::random_album();
     $photo = test::random_photo($album);
     $album->reload();
     access::deny(identity::everybody(), "view", $album);
     identity::set_active_user(identity::guest());
     $request = new stdClass();
     $request->url = rest::url("data", $photo, "thumb");
     $request->params = new stdClass();
     $request->params->size = "thumb";
     try {
         data_rest::get($request);
         $this->assert_true(false);
     } catch (Kohana_404_Exception $e) {
         // pass
     }
 }

 static function set_active_user($access_key)
 {
     if (empty($access_key)) {
         if (module::get_var("rest", "allow_guest_access")) {
             identity::set_active_user(identity::guest());
             return;
         } else {
             throw new Rest_Exception("Forbidden", 403);
         }
     }
     $key = ORM::factory("user_access_key")->where("access_key", "=", $access_key)->find();
     if (!$key->loaded()) {
         throw new Rest_Exception("Forbidden", 403);
     }
     $user = identity::lookup_user($key->user_id);
     if (empty($user)) {
         throw new Rest_Exception("Forbidden", 403);
     }
     identity::set_active_user($user);
 }

 /**
  * Make sure that we have a session and group_ids cached in the session.
  */
 static function load_user()
 {
     try {
         // Call IdentityProvider::instance() now to force the load of the user interface classes.
         // We are about to load the active user from the session and which needs the user definition
         // class, which can't be reached by Kohana's heiracrchical lookup.
         IdentityProvider::instance();
         $session = Session::instance();
         if (!($user = $session->get("user"))) {
             identity::set_active_user($user = identity::guest());
         }
         // The installer cannot set a user into the session, so it just sets an id which we should
         // upconvert into a user.
         // @todo set the user name into the session instead of 2 and then use it to get the
         //       user object
         if ($user === 2) {
             $session->delete("user");
             // delete it so that identity code isn't confused by the integer
             auth::login(IdentityProvider::instance()->admin_user());
         }
         // Cache the group ids for a day to trade off performance for security updates.
         if (!$session->get("group_ids") || $session->get("group_ids_timeout", 0) < time()) {
             $ids = array();
             foreach ($user->groups() as $group) {
                 $ids[] = $group->id;
             }
             $session->set("group_ids", $ids);
             $session->set("group_ids_timeout", time() + 86400);
         }
     } catch (Exception $e) {
         // Log it, so we at least have so notification that we swallowed the exception.
         Kohana_Log::add("error", "load_user Exception: " . $e->getMessage() . "\n" . $e->getTraceAsString());
         try {
             Session::instance()->destroy();
         } catch (Exception $e) {
             // We don't care if there was a problem destroying the session.
         }
         url::redirect(item::root()->abs_url());
     }
 }

 public function delete_album_fails_without_permission_test()
 {
     $album1 = test::random_album();
     access::deny(identity::everybody(), "edit", $album1);
     identity::set_active_user(identity::guest());
     $request->url = rest::url("item", $album1);
     try {
         item_rest::delete($request);
     } catch (Exception $e) {
         $this->assert_equal("@todo FORBIDDEN", $e->getMessage());
         return;
     }
     $this->assert_true(false, "Shouldn't get here");
 }