authority-procs.tcl
Does not contain a contract.
- Location:
- /packages/acs-authentication/tcl/authority-procs.tcl
Related Files
- packages/acs-authentication/tcl/authority-procs.xql
- packages/acs-authentication/tcl/authority-procs.tcl
- packages/acs-authentication/tcl/authority-procs-postgresql.xql
- packages/acs-authentication/tcl/authority-procs-oracle.xql
[ hide source ] | [ make this the default ]
File Contents
ad_library { Procs for authority management. @author Lars Pind (lars@collaobraid.biz) @creation-date 2003-05-14 @cvs-id $Id: authority-procs.tcl,v 1.39.2.8 2022/08/29 14:17:23 antoniop Exp $ } namespace eval auth {} namespace eval auth::authority {} ##### # # auth::authority # ##### d_proc -public auth::authority::create { {-authority_id ""} {-array:required} } { Create a new authentication authority. @option authority_id Authority_id, or blank if you want one generated for you. @param array Name of an array containing the column values. The entries are: <ul> <li> short_name Short name for authority. Used as a key by applications to identify this authority. <li> pretty_name Label for the authority to be shown in a list to users picking an authority. <li> enabled_p 't' if this authority available, 'f' if it's disabled. Defaults to 'f'. <li> sort_order Sort ordering determines the order in which authorities are listed in the user interface. Defaults to the currently highest sort order plus one. <li> auth_impl_id The ID of the implementation of the 'auth_authentication' service contract. Defaults to none. <li> pwd_impl_id The ID of the implementation of the 'auth_password' service contract. Defaults to none. <li> forgotten_pwd_url An alternative URL to redirect to when the user has forgotten his/her password. Defaults to none. <li> change_pwd_url An alternative URL to redirect to when the user wants to change his/her password. Defaults to none. <li> register_impl_id The ID of the implementation of the 'auth_registration' service contract. Defaults to none. <li> register_url An alternative URL to redirect to when the user wants to register for an account. Defaults to none. <li> user_info_impl_id The ID of the implementation of the 'auth_user_info' service contract. Defaults to none. <li> get_doc_impl_id Id of the 'auth_sync_retrieve' service contract implementation <li> process_doc_impl_id Id of the 'auth_sync_process' service contract implementation <li> batch_sync_enabled_p Is batch sync enabled for the authority? </ul> @author Lars Pind (lars@collaboraid.biz) } { upvar $array row db_transaction { if { $authority_id eq "" } { set authority_id [db_nextval "acs_object_id_seq"] } set names [array names row] array set column_defaults [get_column_defaults] set all_columns [array names column_defaults] # Check that the columns provided in the array are all valid # Set array entries as local variables foreach name $names { if {$name ni $all_columns} { error "Attribute '$name' isn't valid for auth_authorities." } set $name $row($name) } # Check that the required columns are there foreach name [get_required_columns] { if { ![info exists $name] } { error "Required column '$name' missing for auth_authorities." } } # Set default values for columns not provided foreach column $all_columns { if { $column ni $names } { set $column $column_defaults($column) } } if {[ns_conn isconnected]} { set context_id [ad_conn package_id] set creation_user [ad_conn user_id] set creation_ip [ad_conn peeraddr] } else { set context_id "" set creation_user "" set creation_ip "" } # Auto generate short name if not provided and make # sure it's unique # TODO: check for max length 255? if { $short_name eq "" } { set existing_short_names [db_list select_short_names { select short_name from auth_authorities }] set short_name [util_text_to_url \ -replacement "_" \ -existing_urls $existing_short_names \ -text $pretty_name] } db_transaction { set authority_id [db_exec_plsql create_authority {}] # Set the arguments not taken by the new function with an update statement # LARS: Great, we had a nice abstraction going, so you only had to add a new column in # one place, now that abstraction is broken, because you have to add it here as well foreach column { user_info_impl_id get_doc_impl_id process_doc_impl_id batch_sync_enabled_p help_contact_text_format } { set edit_columns($column) [set $column] } edit -authority_id $authority_id -array edit_columns } } # Flush the cache, so that if we've tried to request this short_name while it didn't exist, we will now find it if { [info exists row(short_name)] && $row(short_name) ne "" } { get_id_flush -short_name $row(short_name) } return $authority_id } d_proc -public auth::authority::get { {-authority_id ""} {-array} } { Get info about an authority and return the authority_id. If no authority is specified, then return @param authority_id The authority you want to get. If not specified, return the default authority @param array Name of an array into which the detailed attributes should be delivered @return authority_id @author Lars Pind (lars@collaboraid.biz) } { if {$authority_id eq ""} { # # Get the default authority (in future probably for the # specified or current subsite). # set authority_id [lindex [auth::authority::get_authority_options] 0 1] } if {[info exists array]} { upvar $array row array set row [util_memoize [list auth::authority::get_not_cached $authority_id]] } return $authority_id } d_proc -public auth::authority::get_element { {-authority_id ""} {-element:required} } { Return a specific element of the auth_authority data table. @see auth::authority::get } { if { $element ni [get_select_columns] } { error "Column '$element' not found in the auth_authority data source." } get -authority_id $authority_id -array row return $row($element) } d_proc -public auth::authority::get_id { {-short_name:required} } { Get authority_id by short_name. @param short_name The short_name of the authority you wish to get information for. @return authority_id or the empty string if short_name doesn't exist. @author Lars Pind (lars@collaboraid.biz) } { return [util_memoize [list auth::authority::get_id_not_cached -short_name $short_name]] } d_proc -public auth::authority::edit { {-authority_id:required} {-array:required} } { Edit info about an authority. Note that there's no checking that the columns you name exist. @param authority_id The authority you want to get. @param array Name of an array with column values to update. @author Lars Pind (lars@collaboraid.biz) } { # We need this to flush the cache later set old_short_name [get_element -authority_id $authority_id -element short_name] upvar $array row set names [array names row] # Construct clauses for the update statement set set_clauses [list] foreach name $names { lappend set_clauses "$name = :$name" } if { [llength $set_clauses] == 0 } { # No rows to update return } set columns [get_columns] # Check that the columns provided in the array are all valid # Set array entries as local variables foreach name $names { if {$name ni $columns} { error "Attribute '$name' isn't valid for auth_authorities." } if {$name eq "authority_id"} { error "Attribute '$name' is the primary key for auth_authorities, and thus cannot be edited." } set $name $row($name) } db_dml update_authority " update auth_authorities set [join $set_clauses ", "] where authority_id = :authority_id " get_flush -authority_id $authority_id get_id_flush -short_name $old_short_name # check if we need to update the object title set new_short_name [get_element -authority_id $authority_id -element short_name] if {$old_short_name ne $new_short_name } { db_dml update_object_title {} } } d_proc -public auth::authority::delete { {-authority_id:required} } { Delete an authority. } { db_exec_plsql delete_authority {} auth::authority::get_id_flush } ad_proc -public auth::authority::get_authority_options {} { Returns options (value label pairs) for building the authority HTML select box. @author Simon Carstensen } { return [db_list_of_lists select_authorities {}] } d_proc -public auth::authority::batch_sync { -authority_id:required } { Execute batch synchronization for this authority now. @param authority_id @return job_id } { set job_id [auth::sync::job::start \ -authority_id $authority_id] get -authority_id $authority_id -array authority set message {} # Verify that we have implementations if { $authority(get_doc_impl_id) eq "" } { set message "No Get Document implementation" } elseif { $authority(process_doc_impl_id) eq "" } { set message "No Process Document implementation" } else { auth::sync::job::start_get_document -job_id $job_id array set doc_result { doc_status failed_to_connect doc_message {} document {} snapshot_p f } ad_try { array set doc_result [auth::sync::GetDocument -authority_id $authority_id] } on error {errorMsg} { ad_log Error "Error getting sync document: errorMsg" set doc_result(doc_status) failed_to_connect set doc_result(doc_message) $errorMsg } set snapshot_p [string is true -strict $doc_result(snapshot_p)] auth::sync::job::end_get_document \ -job_id $job_id \ -doc_status $doc_result(doc_status) \ -doc_message $doc_result(doc_message) \ -document $doc_result(document) \ -snapshot=$snapshot_p if { $doc_result(doc_status) eq "ok" && $doc_result(document) ne "" } { ad_try { auth::sync::ProcessDocument \ -authority_id $authority_id \ -job_id $job_id \ -document $doc_result(document) set ack_doc [auth::sync::GetAcknowledgementDocument \ -authority_id $authority_id \ -job_id $job_id \ -document $doc_result(document)] set ack_file_name [parameter::get_from_package_key \ -parameter AcknowledgementFileName \ -package_key acs-authentication \ -default {}] if { $ack_file_name ne "" } { # Interpolate set pairs [list \ acs_root_dir $::acs::rootdir \ ansi_date [clock format [clock seconds] -format %Y-%m-%d] \ authority $authority(short_name)] foreach { var value } $pairs { regsub -all "{$var}" $ack_file_name $value ack_file_name } template::util::write_file \ $ack_file_name \ $ack_doc } } on error {errorMsg} { ad_log Error "Error processing sync document: $errorMsg" set message "Error processing sync document: $errorMsg" } } else { if { $message eq "" } { set message $doc_result(doc_message) } } if { $snapshot_p } { # If this is a snapshot, we need to delete all the users belonging to this authority # that weren't included in the snapshot. auth::sync::job::snapshot_delete_remaining \ -job_id $job_id } } auth::sync::job::end \ -job_id $job_id \ -message $message return $job_id } ad_proc -public auth::authority::get_short_names {} { Return a list of authority short names. @author Peter Marklund } { return [db_list select_authority_short_names { select short_name from auth_authorities }] } ##### # # Private # ##### ad_proc -private auth::authority::get_columns {} { Get a list of the columns in the auth_authorities table. @author Lars Pind (lars@collaboraid.biz) } { array set column_defaults [get_column_defaults] return [array names column_defaults] } ad_proc -private auth::authority::get_column_defaults {} { Get an array list with column names as keys and their default value as values. Note however that required columns are not defaulted. @author Peter Marklund } { set columns { authority_id "" short_name "" pretty_name "" help_contact_text "" help_contact_text_format "text/enhanced" enabled_p "f" sort_order "" auth_impl_id "" pwd_impl_id "" forgotten_pwd_url "" change_pwd_url "" register_impl_id "" register_url "" user_info_impl_id "" get_doc_impl_id "" process_doc_impl_id "" batch_sync_enabled_p "f" } if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} { lappend columns allow_user_entered_info_p "f" search_impl_id "" } return $columns } ad_proc -private auth::authority::get_required_columns {} { Get a list of the required columns in the auth_authorities table. @author Lars Pind (lars@collaboraid.biz) } { return { authority_id short_name pretty_name } } ad_proc -public auth::authority::get_sc_impl_columns {} { Get a list of column names for storing service contract implementation ids of the authority. @author Peter Marklund } { # DAVEB set columns {auth_impl_id pwd_impl_id register_impl_id user_info_impl_id get_doc_impl_id process_doc_impl_id} if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} { lappend columns search_impl_id } return $columns } ad_proc -private auth::authority::get_select_columns {} { Get a list of the columns which can be selected from auth_authorities table. @author Lars Pind (lars@collaboraid.biz) } { set columns [concat [get_columns] auth_impl_name pwd_impl_name register_impl_name user_info_impl_name get_doc_impl_name process_doc_impl_name] if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} { lappend columns get_search_impl_name } return $columns } d_proc -private auth::authority::get_flush { {-authority_id ""} } { Flush the cache for auth::authority::get. @see auth::authority::get } { if { $authority_id ne "" } { util_memoize_flush [list auth::authority::get_not_cached $authority_id] } else { util_memoize_flush_regexp [list auth::authority::get_not_cached .*] } } d_proc -private auth::authority::get_not_cached { authority_id } { Get info about an authority, either by authority_id, user_id, or authority short_name. Not cached @see auth::authority::get } { set columns [get_columns] lappend columns \ "(select impl_pretty_name from acs_sc_impls where impl_id = auth_impl_id) as auth_impl_name" \ "(select impl_pretty_name from acs_sc_impls where impl_id = pwd_impl_id) as pwd_impl_name" \ "(select impl_pretty_name from acs_sc_impls where impl_id = register_impl_id) as register_impl_name" \ "(select impl_pretty_name from acs_sc_impls where impl_id = user_info_impl_id) as user_info_impl_name" if {[apm_version_names_compare [ad_acs_version] 5.5.0] > -1} { lappend columns "(select impl_pretty_name from acs_sc_impls where impl_id = search_impl_id) as search_impl_name" } lappend columns \ "(select impl_pretty_name from acs_sc_impls where impl_id = get_doc_impl_id) as get_doc_impl_name" \ "(select impl_pretty_name from acs_sc_impls where impl_id = process_doc_impl_id) as process_doc_impl_name" db_1row select_authority [subst { select [join $columns ",\n "] from auth_authorities where authority_id = :authority_id }] -column_array row return [array get row] } d_proc -private auth::authority::get_id_flush { {-short_name ""} } { Flush the cache for auth::authority::get_id by short_name. } { if { $short_name eq "" } { util_memoize_flush_regexp [list auth::authority::get_id_not_cached .*] } else { util_memoize_flush [list auth::authority::get_id_not_cached -short_name $short_name] } } d_proc -private auth::authority::get_id_not_cached { {-short_name:required} } { Get authority_id by short_name. Not cached. } { return [db_string select_authority_id { select authority_id from auth_authorities where short_name = :short_name } -default {}] } ad_proc -public auth::authority::local {} { Returns the authority_id of the local authority. } { return [auth::authority::get_id -short_name "local"] } # Local variables: # mode: tcl # tcl-indent-level: 4 # indent-tabs-mode: nil # End: