Roles Folder
This commit is contained in:
parent
4979ec6ca5
commit
3ab65d1c51
5 changed files with 97 additions and 27 deletions
19
index.php
19
index.php
|
|
@ -1,6 +1,8 @@
|
|||
<?php
|
||||
|
||||
use Collections\HomeCollection;
|
||||
use Collections\RolesCollection;
|
||||
use Principal\RolesBackend;
|
||||
use Sabre\DAV;
|
||||
use Dotenv\Dotenv;
|
||||
|
||||
|
|
@ -10,18 +12,17 @@ require 'vendor/autoload.php';
|
|||
$dotenv = Dotenv::createImmutable(__DIR__);
|
||||
$dotenv->load();
|
||||
|
||||
|
||||
$aclPlugin = new \Sabre\DAVACL\Plugin();
|
||||
|
||||
$principalBackend = new RolesBackend();
|
||||
|
||||
// Set Auth
|
||||
$authBackend = new Keycloak\KeycloakAuth($aclPlugin,$_ENV['client_id'], $_ENV['client_secret'], $_ENV['keycloak_token_url'] );
|
||||
$authBackend = new Keycloak\KeycloakAuth($principalBackend,$_ENV['client_id'], $_ENV['client_secret'], $_ENV['keycloak_token_url'] );
|
||||
$authBackend->setRealm($_ENV['realm']);
|
||||
$authPlugin = new DAV\Auth\Plugin($authBackend);
|
||||
|
||||
$path = $_ENV['users_path'];
|
||||
|
||||
// The server object is responsible for making sense out of the WebDAV protocol
|
||||
$server = new DAV\Server([new HomeCollection($authPlugin, $_ENV['users_path'])]);
|
||||
$server = new DAV\Server([new HomeCollection($authPlugin, $path), new RolesCollection($principalBackend, $path)]);
|
||||
|
||||
// If your server is not on your webroot, make sure the following line has the
|
||||
// correct information
|
||||
|
|
@ -34,12 +35,12 @@ $lockPlugin = new DAV\Locks\Plugin($lockBackend);
|
|||
$server->addPlugin($lockPlugin);
|
||||
|
||||
|
||||
$principalPlugin = new Sabre\DAVACL\Plugin($principalBackend);
|
||||
|
||||
// This ensures that we get a pretty index in the browser, but it is
|
||||
// optional.
|
||||
$server->addPlugin(new DAV\Browser\Plugin());
|
||||
$server->addPlugin($authPlugin);
|
||||
$server->addPlugin($aclPlugin);
|
||||
$server->addPlugin($principalPlugin);
|
||||
$server->addPlugin(new DAV\Browser\Plugin());
|
||||
|
||||
|
||||
// All we need to do now, is to fire up the server
|
||||
$server->start();
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@ class HomeCollection extends Collection
|
|||
private $userPath;
|
||||
|
||||
|
||||
public function __construct(AuthPlugin $authPlugin, $userPath)
|
||||
public function __construct(AuthPlugin $authPlugin, string $userPath)
|
||||
{
|
||||
$this->plugin = $authPlugin;
|
||||
$this->userPath = $userPath;
|
||||
}
|
||||
|
||||
public function getChildren()
|
||||
public function getChildren(): array
|
||||
{
|
||||
$principal = $this->plugin->getCurrentPrincipal();
|
||||
$username = explode("/", $principal)[1];
|
||||
|
|
@ -31,7 +31,7 @@ class HomeCollection extends Collection
|
|||
return [new Directory($path.$username, $username)];
|
||||
}
|
||||
|
||||
public function getName()
|
||||
public function getName(): string
|
||||
{
|
||||
return "Home";
|
||||
}
|
||||
|
|
|
|||
38
src/Collections/RolesCollection.php
Normal file
38
src/Collections/RolesCollection.php
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
|
||||
namespace Collections;
|
||||
|
||||
use Principal\RolesBackend;
|
||||
use Sabre\DAV\Collection;
|
||||
use Sabre\DAV\FSExt\Directory as SabreDirectory;
|
||||
|
||||
class RolesCollection extends Collection {
|
||||
|
||||
private RolesBackend $principalBackend;
|
||||
private $dataRoot;
|
||||
|
||||
public function __construct(RolesBackend $principal_backend, string $dataRoot)
|
||||
{
|
||||
$this->$dataRoot = $dataRoot;
|
||||
$this->principalBackend = $principal_backend;
|
||||
}
|
||||
|
||||
public function getChildren() : array {
|
||||
$path = $this->dataRoot;
|
||||
$dirs = [];
|
||||
foreach ($this->principalBackend->roles as $role) {
|
||||
if (!is_dir($path . 'public/' . $role)){
|
||||
mkdir($path . 'public/' . $role, 0777, true);
|
||||
}
|
||||
$dirs[] = new SabreDirectory($path . 'public/' . $role, $role);
|
||||
}
|
||||
|
||||
return $dirs;
|
||||
}
|
||||
|
||||
public function getName() : string
|
||||
{
|
||||
return "Groups";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -2,19 +2,21 @@
|
|||
|
||||
namespace Keycloak;
|
||||
|
||||
use Principal\RolesBackend;
|
||||
use Sabre\DAV\Auth\Backend\AbstractBasic;
|
||||
use Sabre\DAVACL\Plugin as AclPlugin;
|
||||
|
||||
class KeycloakAuth extends AbstractBasic
|
||||
{
|
||||
private $aclPlugin;
|
||||
private $client_id;
|
||||
private $client_secret;
|
||||
private $keycloakTokenUrl;
|
||||
|
||||
public function __construct(AclPlugin $plugin, string $client_id, string $client_secret, string $keycloakTokenUrl)
|
||||
private RolesBackend $principal_backend;
|
||||
private string $client_id;
|
||||
private string $client_secret;
|
||||
private string $keycloakTokenUrl;
|
||||
|
||||
public function __construct(RolesBackend $principal_backend, string $client_id,
|
||||
string $client_secret, string $keycloakTokenUrl)
|
||||
{
|
||||
$this->aclPlugin = $plugin;
|
||||
$this->principal_backend = $principal_backend;
|
||||
$this->client_id = $client_id;
|
||||
$this->client_secret = $client_secret;
|
||||
$this->keycloakTokenUrl = $keycloakTokenUrl;
|
||||
|
|
@ -38,17 +40,32 @@ class KeycloakAuth extends AbstractBasic
|
|||
],
|
||||
]);
|
||||
|
||||
curl_exec($curl);
|
||||
$body = curl_exec($curl);
|
||||
|
||||
$err = curl_error($curl);
|
||||
|
||||
$data = curl_getinfo($curl);
|
||||
|
||||
|
||||
curl_close($curl);
|
||||
|
||||
if ($err || $data['http_code'] != 200) {
|
||||
return false;
|
||||
} else {
|
||||
$x = json_decode($body);
|
||||
$user_data = json_decode(base64_decode(explode(".",$x->access_token)[1]), true);
|
||||
|
||||
$resource_data = $user_data["resource_access"];
|
||||
if (is_null($resource_data) || !array_key_exists($this->client_id, $resource_data)) return true;
|
||||
|
||||
$client_data = $resource_data[$this->client_id];
|
||||
if (is_null($client_data)) return true;
|
||||
|
||||
$roles = $client_data["roles"];
|
||||
if (is_null($client_data)) return true;
|
||||
|
||||
$this->principal_backend->setPrincipals($roles);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,17 +4,21 @@ namespace Principal;
|
|||
|
||||
use Sabre\DAVACL\PrincipalBackend\AbstractBackend;
|
||||
|
||||
class CustomBackend extends AbstractBackend
|
||||
class RolesBackend extends AbstractBackend
|
||||
{
|
||||
public array $roles = [];
|
||||
public array $principals = [];
|
||||
|
||||
public function getPrincipalsByPrefix($prefixPath)
|
||||
{
|
||||
// TODO: Implement getPrincipalsByPrefix() method.
|
||||
return array_filter(array: $this->principals, callback: function($k) use($prefixPath) {
|
||||
return str_starts_with($prefixPath, $k);
|
||||
});
|
||||
}
|
||||
|
||||
public function getPrincipalByPath($path)
|
||||
{
|
||||
// TODO: Implement getPrincipalByPath() method.
|
||||
return $path;
|
||||
}
|
||||
|
||||
public function updatePrincipal($path, \Sabre\DAV\PropPatch $propPatch)
|
||||
|
|
@ -34,11 +38,21 @@ class CustomBackend extends AbstractBackend
|
|||
|
||||
public function getGroupMembership($principal)
|
||||
{
|
||||
// TODO: Implement getGroupMembership() method.
|
||||
if (!str_contains("groups")) {
|
||||
return $this->principals;
|
||||
}
|
||||
else return [$principal];
|
||||
}
|
||||
|
||||
public function setGroupMemberSet($principal, array $members)
|
||||
{
|
||||
// TODO: Implement setGroupMemberSet() method.
|
||||
}
|
||||
|
||||
public function setPrincipals(array $roles) {
|
||||
$this->roles = $roles;
|
||||
$this->principals = array_map(array: $roles, callback: function($r) {
|
||||
return "/principals/groups/" . $r;
|
||||
});
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue