summaryrefslogtreecommitdiff
path: root/manager/application
diff options
context:
space:
mode:
authorMarkus Warg <markus@mawaunix.mawa.sls>2010-03-31 16:43:49 +0200
committerMarkus Warg <markus@mawaunix.mawa.sls>2010-03-31 16:43:49 +0200
commit4f4c5ce3ccf0370f926d75e700e8b0bd2208f3f6 (patch)
tree82cb017ac68772ea36c0f522ec019bf14fbdc77a /manager/application
parent8398c9048d34a1f51212ae770998fc082fc93b69 (diff)
downloadcacert-mgr-4f4c5ce3ccf0370f926d75e700e8b0bd2208f3f6.tar.gz
cacert-mgr-4f4c5ce3ccf0370f926d75e700e8b0bd2208f3f6.tar.xz
cacert-mgr-4f4c5ce3ccf0370f926d75e700e8b0bd2208f3f6.zip
initial setup of framework code
enabled features * login * crt login * top / left menu * logging * db layer
Diffstat (limited to 'manager/application')
-rw-r--r--manager/application/Bootstrap.php154
-rw-r--r--manager/application/configs/application.ini56
-rw-r--r--manager/application/controllers/ErrorController.php35
-rw-r--r--manager/application/controllers/IndexController.php28
-rw-r--r--manager/application/controllers/LoginController.php260
-rw-r--r--manager/application/controllers/LogoutController.php27
-rw-r--r--manager/application/layouts/scripts/layout.phtml32
-rw-r--r--manager/application/views/helpers/LeftNav.php96
-rw-r--r--manager/application/views/helpers/TopNav.php99
-rw-r--r--manager/application/views/helpers/UserInfo.php95
-rw-r--r--manager/application/views/scripts/error/error.phtml28
-rw-r--r--manager/application/views/scripts/error/permissiondenied.phtml8
-rw-r--r--manager/application/views/scripts/index/index.phtml7
-rw-r--r--manager/application/views/scripts/login/index.phtml16
-rw-r--r--manager/application/views/scripts/login/loginresult.phtml16
-rw-r--r--manager/application/views/scripts/logout/index.phtml7
16 files changed, 964 insertions, 0 deletions
diff --git a/manager/application/Bootstrap.php b/manager/application/Bootstrap.php
new file mode 100644
index 0000000..664d5e2
--- /dev/null
+++ b/manager/application/Bootstrap.php
@@ -0,0 +1,154 @@
+<?php
+require_once('plugins/plugin.charsetheader.php');
+require_once('plugins/plugin.forceauth.php');
+require_once('plugins/plugin.loginlogout.php');
+require_once('plugins/plugin.buildmenu.php');
+require_once('config/Config.php');
+require_once('log/Log.php');
+require_once('l10n/L10n.php');
+require_once('i18n/I18n.php');
+
+class Bootstrap extends Zend_Application_Bootstrap_Bootstrap {
+ protected function _initAutoload() {
+ $autoloader = new Zend_Application_Module_Autoloader(array(
+ 'namespace' => 'Default_',
+ 'basePath' => dirname(__FILE__)
+ ));
+ return $autoloader;
+ }
+
+ protected function _initPlugins() {
+ $this->bootstrap('session');
+
+ $fc = Zend_Controller_Front::getInstance();
+
+ $charset_header = new CharsetHeader();
+ $fc->registerPlugin($charset_header);
+
+ $force_auth = new ForceAuth();
+ $fc->registerPlugin($force_auth);
+
+ $buildmenu = new BuildMenu();
+ $fc->registerPlugin($buildmenu);
+
+ $loginlogout = new LoginLogout();
+ $fc->registerPlugin($loginlogout);
+ }
+
+ protected function _initDoctype() {
+ $this->bootstrap('view');
+ $this->bootstrap('log');
+ $this->bootstrap('I18n');
+ $this->bootstrap('session');
+
+ $view = $this->getResource('view');
+ Zend_Registry::set('view', $view);
+ $view->doctype('XHTML1_STRICT');
+ $view->addHelperPath(APPLICATION_PATH . '/views/helpers/');
+ $view->headTitle = I18n::_('CACert Test Manager');
+ }
+
+ /**
+ * @todo expireSessionCookie()
+ * @todo rememberMe(xx)
+ * @todo forgetMe()
+ * @see Zend_Registry::get('session');
+ * @return Zend_Session_Namespace
+ */
+ protected function _initSession() {
+ $options = $this->getOption('ca_mgr');
+
+ $db = Zend_Db::factory($options['db']['session']['pdo'], $options['db']['session']);
+
+ /**
+ * automatically clean up expired session entries from session cache
+ * use the modified and lifetime stamps to calculate expire time
+ */
+ if ($options['db']['session']['autocleanup'] == '1') {
+ $stmt = $db->query('delete from front_session where (modified + lifetime * 2) < unix_timestamp()');
+ # $stmt->execute();
+ }
+
+ //you can either set the Zend_Db_Table default adapter
+ //or you can pass the db connection straight to the save handler $config
+ // @see lifetimeColumn / lifetime / overrideLifetime, lifetime defaults to php.ini: session.gc_maxlifetime
+ Zend_Db_Table_Abstract::setDefaultAdapter($db);
+ $config = array(
+ 'name' => 'front_session',
+ 'primary' => 'id',
+ 'modifiedColumn' => 'modified',
+ 'dataColumn' => 'data',
+ 'lifetimeColumn' => 'lifetime'
+ );
+
+ //create your Zend_Session_SaveHandler_DbTable and
+ //set the save handler for Zend_Session
+ Zend_Session::setSaveHandler(new Zend_Session_SaveHandler_DbTable($config));
+
+ // Zend_Session::rememberMe(7200);
+
+ //start your session!
+ Zend_Session::start();
+
+ $session = new Zend_Session_Namespace();
+ if (!isset($session->started))
+ $session->started = time();
+ if (!isset($session->authdata))
+ $session->authdata = array('authed' => false);
+
+ Zend_Registry::set('session', $session);
+ return $session;
+ }
+
+ /**
+ * get the basic system config from database, store the config object in the bootstrap registry
+ * @see Zend_Registry::get('config');
+ * @return Config
+ */
+ protected function _initConfig() {
+ $options = $this->getOption('ca_mgr');
+ $db = Zend_Db::factory($options['db']['config']['pdo'], $options['db']['config']);
+ $config = Config::getInstance(SYSTEM_CONFIG, $db);
+
+ Zend_Registry::set('config', $config);
+ Zend_Registry::set('config_dbc', $db);
+
+ return $config;
+ }
+
+ /**
+ * make singleton system logger
+ * @see Zend_Registry::get('log');
+ * @return Log
+ */
+ public function _initLog() {
+ $this->bootstrap('Config');
+
+ $op = $this->getOption('log');
+ $log = Log::getInstance(SYSTEM_LOG, $op['application']);
+
+ Zend_Registry::set('log', $log);
+ return $log;
+ }
+
+ /**
+ * make singleton I18n (internationalization) object (translation)
+ */
+ public function _initI18n() {
+ $this->bootstrap('Config');
+ // need existing L10n object for initialization
+ $this->bootstrap('L10n');
+
+ $I18n = I18n::getInstance(L10n::getInstance()->getLanguage());
+ }
+
+ /**
+ * make singleton L10n (localization) object (set locale, convert date and
+ * number formats)
+ */
+ public function _initL10n() {
+ $this->bootstrap('Config');
+
+ $L10n = L10n::getInstance();
+ }
+}
diff --git a/manager/application/configs/application.ini b/manager/application/configs/application.ini
new file mode 100644
index 0000000..61edc99
--- /dev/null
+++ b/manager/application/configs/application.ini
@@ -0,0 +1,56 @@
+[production]
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1
+includePaths.library = LIBRARY_PATH
+bootstrap.path = APPLICATION_PATH "/Bootstrap.php"
+bootstrap.class = "Bootstrap"
+resources.frontController.controllerDirectory = APPLICATION_PATH "/controllers"
+resources.frontController.noViewRenderer = 0
+resources.frontController.noErrorHandler = 0
+resources.frontController.useDefaultControllerAlways = 0
+resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts"
+resources.view[] =
+
+; Database settings for Session DB
+ca_mgr.db.session.pdo = "Pdo_Mysql"
+ca_mgr.db.session.autocleanup = 1
+ca_mgr.db.session.host = "localhost"
+ca_mgr.db.session.username = "front_session"
+ca_mgr.db.session.password = "laskdsfzrwethv45"
+ca_mgr.db.session.dbname = "ca_mgr"
+
+; Database settings for Auth DB (CACert User Table)
+ca_mgr.db.auth.pdo = "Pdo_Mysql"
+ca_mgr.db.auth.host = "localhost"
+ca_mgr.db.auth.username = "ca_mgr"
+ca_mgr.db.auth.password = "jsdfhsd47534hsdf7"
+ca_mgr.db.auth.dbname = "cacert"
+ca_mgr.db.auth.tablename = "users"
+
+; Database settings for Auth DB (Manager User Table)
+ca_mgr.db.auth2.pdo = "Pdo_Mysql"
+ca_mgr.db.auth2.host = "localhost"
+ca_mgr.db.auth2.username = "ca_mgr"
+ca_mgr.db.auth2.password = "jsdfhsd47534hsdf7"
+ca_mgr.db.auth2.dbname = "ca_mgr"
+ca_mgr.db.auth2.tablename = "system_user"
+
+; Database settings for Config DB (access to system_config and dnssecme data tables)
+ca_mgr.db.config.pdo = "Pdo_Mysql"
+ca_mgr.db.config.host = "localhost"
+ca_mgr.db.config.username = "ca_mgr"
+ca_mgr.db.config.password = "jsdfhsd47534hsdf7"
+ca_mgr.db.config.dbname = "ca_mgr"
+
+; Application name for logger
+log.application = "web"
+
+[staging : production]
+
+[testing : production]
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1
+
+[development : production]
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1 \ No newline at end of file
diff --git a/manager/application/controllers/ErrorController.php b/manager/application/controllers/ErrorController.php
new file mode 100644
index 0000000..806565d
--- /dev/null
+++ b/manager/application/controllers/ErrorController.php
@@ -0,0 +1,35 @@
+<?php
+
+class ErrorController extends Zend_Controller_Action
+{
+
+ public function errorAction()
+ {
+ $errors = $this->_getParam('error_handler');
+
+ switch ($errors->type) {
+ case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_CONTROLLER:
+ case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION:
+
+ // 404 error -- controller or action not found
+ $this->getResponse()->setHttpResponseCode(404);
+ $this->view->message = 'Page not found';
+ break;
+ default:
+ // application error
+ $this->getResponse()->setHttpResponseCode(500);
+ $this->view->message = 'Application error';
+ break;
+ }
+
+ $this->view->exception = $errors->exception;
+ $this->view->request = $errors->request;
+
+ Log::Log()->emerg($errors->exception);
+ }
+
+ public function permissiondeniedAction() {
+
+ }
+}
+
diff --git a/manager/application/controllers/IndexController.php b/manager/application/controllers/IndexController.php
new file mode 100644
index 0000000..8b185e2
--- /dev/null
+++ b/manager/application/controllers/IndexController.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * @author markus
+ * $Id: IndexController.php 6 2009-11-18 14:52:50Z markus $
+ */
+
+class IndexController extends Zend_Controller_Action
+{
+
+ public function init()
+ {
+ /* Initialize action controller here */
+ /**
+ * get bootstrap, get resource from bootstrap
+ * resources are created when an bootstrap _init method returns an object
+ $bootstrap = $this->getInvokeArg('bootstrap');
+ $view = $bootstrap->getResource('view');
+ */
+ }
+
+ public function indexAction()
+ {
+ // action body
+ }
+
+
+}
+
diff --git a/manager/application/controllers/LoginController.php b/manager/application/controllers/LoginController.php
new file mode 100644
index 0000000..e007e05
--- /dev/null
+++ b/manager/application/controllers/LoginController.php
@@ -0,0 +1,260 @@
+<?php
+/**
+ * @author markus
+ * $Id: LoginController.php 75 2010-02-25 14:40:10Z markus $
+ */
+
+require_once('helpers/GetEnv.php');
+require_once('config/Config.php');
+
+class LoginController extends Zend_Controller_Action
+{
+
+ public function init() {
+ /* Initialize action controller here */
+ }
+
+ public function indexAction() {
+ $this->view->form = $this->getForm();
+ $this->render('index');
+ }
+
+ public function loginAction() {
+ $form = $this->getForm();
+ if ($form->isValid($_POST)) {
+ $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+
+ $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
+ Zend_Registry::set('auth_dbc', $db);
+ $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
+ Zend_Registry::set('auth2_dbc', $db2);
+
+ $auth = new Zend_Auth_Adapter_DbTable($db);
+
+ $auth->setTableName($config->ca_mgr->db->auth->tablename)
+ ->setIdentityColumn('email')
+ ->setCredentialColumn('password');
+
+ $auth->setIdentity( $this->getRequest()->getParam('login_name'))
+ ->setCredential( sha1($this->getRequest()->getParam('login_password')))
+ ->setCredentialTreatment('?');
+
+ $result = $auth->authenticate();
+
+ $code = $result->getCode();
+ switch ($code) {
+ case Zend_Auth_Result::FAILURE:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE) to log in ' . $this->getRequest()->getParam('login_name'));
+ throw new Exception(__METHOD__ . ': unknown error');
+ case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND) to log in ' . $this->getRequest()->getParam('login_name'));
+ throw new Exception(__METHOD__ . ': ID unknown');
+ case Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS) to log in ' . $this->getRequest()->getParam('login_name'));
+ throw new Exception(__METHOD__ . ': ID not unique');
+ case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID) to log in ' . $this->getRequest()->getParam('login_name'));
+ throw new Exception(__METHOD__ . ': ID unknown'); // to prevent brute force password attachs
+ case Zend_Auth_Result::FAILURE_UNCATEGORIZED:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_UNCATEGORIZED) to log in ' . $this->getRequest()->getParam('login_name'));
+ throw new Exception(__METHOD__ . ': unknown error');
+ }
+
+ $this->getAuthDetailsIntoSession($auth, false);
+
+ Log::Log()->info(__METHOD__ . ' user logged in ' . $this->view->session->authdata['authed_username'] .
+ ' (' . $this->getRequest()->getParam('login_name') . ')');
+
+ #$this->_forward('index', 'index'); // only "soft" forward, we need to change the url in browser
+ $this->_redirect($this->view->url(array('controller' => 'index', 'action' => 'index'), 'default', true));
+
+ /*
+ $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
+ $viewRenderer->setRender('loginresult');
+ $this->view->request = $this->getRequest();
+ */
+ }
+ else {
+ $this->view->form = $form;
+ return $this->render('index');
+ }
+ }
+
+ public function crtAction() {
+ $ssl_client_s_dn = GetEnv::getEnvVar('SSL_CLIENT_S_DN');
+ $ssl_client_i_dn = GetEnv::getEnvVar('SSL_CLIENT_I_DN');
+
+ $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+
+ $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
+ Zend_Registry::set('auth_dbc', $db);
+ $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
+ Zend_Registry::set('auth2_dbc', $db2);
+
+ $auth = new Zend_Auth_Adapter_DbTable($db);
+
+ $auth->setTableName($config->ca_mgr->db->auth->tablename)
+ ->setIdentityColumn('user_client_crt_s_dn_i_dn')
+ ->setCredentialColumn('user_client_crt_s_dn_i_dn');
+
+ $auth->setIdentity( $ssl_client_s_dn . '//' . $ssl_client_i_dn)
+ ->setCredential($ssl_client_s_dn . '//' . $ssl_client_i_dn)
+ ->setCredentialTreatment('?');
+
+ $result = $auth->authenticate();
+
+ $code = $result->getCode();
+ switch ($code) {
+ case Zend_Auth_Result::FAILURE:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+ throw new Exception(__METHOD__ . ': unknown error');
+ case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+ throw new Exception(__METHOD__ . ': ID unknown');
+ case Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+ throw new Exception(__METHOD__ . ': ID not unique');
+ case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+ throw new Exception(__METHOD__ . ': ID unknown'); // to prevent brute force password attachs
+ case Zend_Auth_Result::FAILURE_UNCATEGORIZED:
+ Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_UNCATEGORIZED) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+ throw new Exception(__METHOD__ . ': unknown error');
+ }
+
+ $this->getAuthDetailsIntoSession($auth, true);
+
+ /*
+ $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
+ $viewRenderer->setRender('loginresult');
+ */
+
+ Log::Log()->info(__METHOD__ . ' user logged in ' . $this->view->session->authdata['authed_username'] .
+ ' (' . $ssl_client_s_dn . '//' . $ssl_client_i_dn . ')');
+
+ #$this->_forward('index', 'index'); // only "soft" forward, we need to change the url in browser
+ $this->_redirect($this->view->url(array('controller' => 'index', 'action' => 'index'), 'default', true));
+ }
+
+ /**
+ * get user data from Zend_Auth result and store data in session
+ * @param Zend_Auth_Result $auth
+ */
+ protected function getAuthDetailsIntoSession($auth, $crt) {
+ $session = Zend_Registry::get('session');
+
+ /**
+ * non existent in our case, look up a 2nd table (ca_mgr.system_user by login name (email)) and
+ * get id from there, defaulting to User (1) when no db entry exists
+ */
+ $auth_res = $auth->getResultRowObject();
+ $system_roles_id = 1;
+
+ $session->authdata['authed'] = true;
+ $session->authdata['authed_id'] = $auth_res->id;
+ $session->authdata['authed_username'] = $auth_res->email;
+ $session->authdata['authed_fname'] = $auth_res->fname;
+ $session->authdata['authed_lname'] = $auth_res->lname;
+ $session->authdata['authed_by_crt'] = $crt;
+ $session->authdata['authed_by_cli'] = true;
+
+ $db = Zend_Registry::get('auth2_dbc');
+ $res = $db->query('select * from system_role where id=?', array($system_roles_id));
+ $res_ar = $res->fetch();
+ $session->authdata['authed_role'] = $res_ar['role'];
+
+ $acl = $this->makeAcl($db);
+
+ $session->authdata['authed_permissions'] = $acl;
+
+ /* test cases
+ Log::Log()->debug(($acl->isAllowed('User', 'Administration', 'view') == true)?'true':'false');
+ Log::Log()->debug(($acl->isAllowed('User', 'Administration', 'edit') == true)?'true':'false');
+ Log::Log()->debug(($acl->isAllowed('User', 'Account', 'view') == true)?'true':'false');
+ Log::Log()->debug(($acl->isAllowed('User', 'Account', 'edit') == true)?'true':'false');
+ Log::Log()->debug(($acl->isAllowed('Admin', 'Administration', 'view') == true)?'true':'false');
+ Log::Log()->debug(($acl->isAllowed('Admin', 'Account', 'view') == true)?'true':'false');
+ */
+
+ $this->view->session = $session;
+ }
+
+ /**
+ * build login form and return to requesting method
+ * @return Zend_Form
+ */
+ protected function getForm() {
+ $form = new Zend_Form();
+ $form->setAction('/login/login')
+ ->setMethod('post');
+ #$form->setAttrib('id', 'loginform');
+ $al = new Zend_Validate_Alnum();
+ $al->setDefaultTranslator(I18n::getTranslate());
+ $al->setDisableTranslator(false);
+ $username = new Zend_Form_Element_Text('login_name');
+ $username->addValidator(new Zend_Validate_StringLength(2,20))
+ ->setRequired(true)
+ ->addFilter('StringToLower')
+ ->setLabel(I18n::_('User Name'));
+ $password = new Zend_Form_Element_Password('login_password');
+ $password->addValidator(new Zend_Validate_Alnum())
+ ->addValidator(new Zend_Validate_StringLength(8,20))
+ ->setRequired(true)
+ ->setLabel(I18n::_('Password'));
+ $submit = new Zend_Form_Element_Submit('submit');
+ $submit->setLabel(I18n::_('Login'));
+ $form->addElement($username)
+ ->addElement($password)
+ ->addElement($submit);
+
+ return $form;
+ }
+
+ /**
+ * get roles and resources from db, build Zend_Acl structure and add permissions
+ * @param Zend_Db $db
+ */
+ protected function makeAcl($db) {
+ $acl = new Zend_Acl();
+
+ $res = $db->fetchAll('select * from system_role');
+ foreach ($res as $obj) {
+ if ($obj['inherit_role'] != '') {
+ if ($acl->hasRole($obj['inherit_role'])) {
+ $acl->addRole(new Zend_Acl_Role($obj['role']), $obj['inherit_role']);
+ }
+ else {
+ /**
+ * @todo very simply system to order roles, add role before inherited role
+ */
+ $res[] = $obj;
+ continue;
+ }
+ }
+ else {
+ $acl->addRole(new Zend_Acl_Role($obj['role']));
+ }
+ }
+
+ $res = $db->fetchAll('select * from system_resource');
+ foreach ($res as $obj) {
+ $acl->addResource(new Zend_Acl_Resource($obj['resource']));
+ }
+
+ $res = $db->fetchAll('select r.role as role, rs.resource as resource, permission, privilege '.
+ 'from system_role as r join system_role_has_system_resource as m on ' .
+ '(r.id = m.system_role_id) join system_resource as rs on (m.system_resource_id = rs.id)');
+
+ foreach ($res as $obj) {
+ $privilege = explode(',', $obj['privilege']);
+ if ($obj['permission'] == 'allow') {
+ $acl->allow($obj['role'], $obj['resource'], $privilege);
+ }
+ else {
+ $acl->deny($obj['role'], $obj['resource'], $privilege);
+ }
+ }
+
+ return $acl;
+ }
+}
diff --git a/manager/application/controllers/LogoutController.php b/manager/application/controllers/LogoutController.php
new file mode 100644
index 0000000..83859d4
--- /dev/null
+++ b/manager/application/controllers/LogoutController.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * @author markus
+ * $Id: LogoutController.php 12 2009-11-24 13:35:16Z markus $
+ */
+
+require_once('helpers/GetEnv.php');
+require_once('config/Config.php');
+
+class LogoutController extends Zend_Controller_Action
+{
+
+ public function init() {
+ /* Initialize action controller here */
+ }
+
+ public function indexAction() {
+ $session = Zend_Registry::get('session');
+
+ Log::Log()->info(__METHOD__ . ' user logged out ' . $this->view->session->authdata['authed_username']);
+
+ unset($session->authdata);
+ $session->authdata['authed'] = false;
+
+ Zend_Session::destroy();
+ }
+}
diff --git a/manager/application/layouts/scripts/layout.phtml b/manager/application/layouts/scripts/layout.phtml
new file mode 100644
index 0000000..44f59cf
--- /dev/null
+++ b/manager/application/layouts/scripts/layout.phtml
@@ -0,0 +1,32 @@
+<?php
+// application/layouts/scripts/layout.phtml
+
+print $this->doctype(); ?>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title><?php print $this->headTitle; ?></title>
+ <?php print $this->headLink()->prependStylesheet('/css/global.css'); ?>
+ <?php print $this->headScript()->appendFile('/js/positionUserInfo.js'); // ->appendFile('/js/center.js'); ?>
+</head>
+<body>
+ <div id="center">
+ <div id="header">
+ <div id="header-logo">
+ <img src="/img/cacert4.png" border="0" alt="CACert Logo" width="100px" height="30px">
+ </div>
+ <div id="header-navigation">
+ <?php print $this->topNav(); ?>
+ </div>
+ </div>
+
+ <div id="left-navigation">
+ <?php print $this->leftNav(); ?>
+ </div>
+ <div id="content">
+ <?php print $this->layout()->content; ?>
+ </div>
+ </div>
+ <? print $this->userInfo(); ?>
+</body>
+</html> \ No newline at end of file
diff --git a/manager/application/views/helpers/LeftNav.php b/manager/application/views/helpers/LeftNav.php
new file mode 100644
index 0000000..7523d6e
--- /dev/null
+++ b/manager/application/views/helpers/LeftNav.php
@@ -0,0 +1,96 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_View
+ * @subpackage Helper
+ * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version $Id: LeftNav.php 8 2009-11-24 10:32:47Z markus $
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+/** Zend_View_Helper_Placeholder_Container_Standalone */
+require_once 'Zend/View/Helper/Placeholder/Container/Standalone.php';
+
+/**
+ * Helper for building an applications top navigation bar
+ *
+ * @uses Zend_View_Helper_Placeholder_Container_Standalone
+ * @package Zend_View
+ * @subpackage Helper
+ * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_View_Helper_LeftNav extends Zend_View_Helper_Placeholder_Container_Standalone
+{
+ /**
+ * Registry key for placeholder
+ * @var string
+ */
+ protected $_regKey = 'Zend_View_Helper_LeftNav';
+
+ protected $items = array();
+
+ /**
+ * Retrieve placeholder for navigation element and optionally set state
+ *
+ * Single Link elements to be made with $this->url(array('controller'=>'<controller>'), 'default', true);
+ *
+ * @param string $link
+ * @param string $setType
+ * @param string $setPos
+ * @return Zend_View_Helper_LeftNav
+ */
+ public function leftNav($link = null, $setType = Zend_View_Helper_Placeholder_Container_Abstract::APPEND, $setPos = 0)
+ {
+ $link = (string) $link;
+ if ($link !== '') {
+ if ($setType == Zend_View_Helper_Placeholder_Container_Abstract::SET) {
+ if ($setPos != 0)
+ $this->items[$setPos] = $link;
+ else
+ $this->items[] = $link;
+ } elseif ($setType == Zend_View_Helper_Placeholder_Container_Abstract::PREPEND) {
+ $this->items = array_merge(array($link), $this->items);
+ } else {
+ $this->items[] = $link;
+ }
+ }
+
+ return $this;
+ }
+
+ /**
+ * Turn helper into string
+ *
+ * @param string|null $indent
+ * @param string|null $locale
+ * @return string
+ */
+ public function __toString($indent = null, $locale = null)
+ {
+ $output = '';
+ $indent = (null !== $indent)
+ ? $this->getWhitespace($indent)
+ : $this->getIndent();
+
+ $output .= $indent . "<ul>\n";
+ foreach ($this->items as $item) {
+ $output .= $indent . "<li>" . $item . "</li>\n";
+ }
+ $output .= $indent . "</ul>\n";
+
+ return $output;
+ }
+}
diff --git a/manager/application/views/helpers/TopNav.php b/manager/application/views/helpers/TopNav.php
new file mode 100644
index 0000000..604178a
--- /dev/null
+++ b/manager/application/views/helpers/TopNav.php
@@ -0,0 +1,99 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_View
+ * @subpackage Helper
+ * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version $Id: TopNav.php 20 2009-12-01 14:26:22Z markus $
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+/** Zend_View_Helper_Placeholder_Container_Standalone */
+require_once 'Zend/View/Helper/Placeholder/Container/Standalone.php';
+
+/**
+ * Helper for building an applications top navigation bar
+ *
+ * @uses Zend_View_Helper_Placeholder_Container_Standalone
+ * @package Zend_View
+ * @subpackage Helper
+ * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_View_Helper_TopNav extends Zend_View_Helper_Placeholder_Container_Standalone
+{
+ /**
+ * Registry key for placeholder
+ * @var string
+ */
+ protected $_regKey = 'Zend_View_Helper_TopNav';
+
+ protected $items = array();
+
+ /**
+ * Retrieve placeholder for navigation element and optionally set state
+ *
+ * Single Link elements to be made with $this->url(array('controller'=>'<controller>'), 'default', true);
+ *
+ * @param string $link
+ * @param string $setType
+ * @param string $setPos
+ * @return Zend_View_Helper_TopNav
+ */
+ public function topNav($link = null, $setType = Zend_View_Helper_Placeholder_Container_Abstract::APPEND, $setPos = 0)
+ {
+ $link = (string) $link;
+ if ($link !== '') {
+ if ($setType == Zend_View_Helper_Placeholder_Container_Abstract::SET) {
+ if ($setPos != 0)
+ $this->items[$setPos] = $link;
+ else
+ $this->items[] = $link;
+ } elseif ($setType == Zend_View_Helper_Placeholder_Container_Abstract::PREPEND) {
+ $this->items = array_merge(array($link), $this->items);
+ } else {
+ $this->items[] = $link;
+ }
+ }
+
+ return $this;
+ }
+
+ /**
+ * Turn helper into string
+ *
+ * @param string|null $indent
+ * @param string|null $locale
+ * @return string
+ */
+ public function __toString($indent = null, $locale = null)
+ {
+ $output = '';
+ $indent = (null !== $indent)
+ ? $this->getWhitespace($indent)
+ : $this->getIndent();
+
+ ksort($this->items);
+
+ $output .= $indent . "<ul>\n";
+
+ foreach ($this->items as $item) {
+ $output .= $indent . "<li>" . $item . "</li>\n";
+ }
+ $output .= $indent . "</ul>\n";
+
+ return $output;
+ }
+}
diff --git a/manager/application/views/helpers/UserInfo.php b/manager/application/views/helpers/UserInfo.php
new file mode 100644
index 0000000..31b0b05
--- /dev/null
+++ b/manager/application/views/helpers/UserInfo.php
@@ -0,0 +1,95 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category Zend
+ * @package Zend_View
+ * @subpackage Helper
+ * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version $Id: UserInfo.php 33 2009-12-10 15:08:38Z markus $
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+/** Zend_View_Helper_Placeholder_Container_Standalone */
+require_once 'Zend/View/Helper/Placeholder/Container/Standalone.php';
+
+/**
+ * Helper for displaying an user info div somewhere
+ *
+ * @uses Zend_View_Helper_Placeholder_Container_Standalone
+ * @package Zend_View
+ * @subpackage Helper
+ * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+class Zend_View_Helper_UserInfo extends Zend_View_Helper_Placeholder_Container_Standalone
+{
+ /**
+ * Registry key for placeholder
+ * @var string
+ */
+ protected $_regKey = 'Zend_View_Helper_UserInfo';
+
+ private $items = array();
+
+ /**
+ * Retrieve placeholder for navigation element and optionally set state
+ *
+ * Single Link elements to be made with $this->url(array('controller'=>'<controller>'), 'default', true);
+ *
+ * @param array $data
+ * @return Zend_View_Helper_UserData
+ */
+ public function UserInfo($ar = null, $setType = Zend_View_Helper_Placeholder_Container_Abstract::APPEND, $setPos = 0)
+ {
+ if ($ar !== null && is_array($ar)) {
+ $this->items = $ar;
+ }
+ return $this;
+ }
+
+ /**
+ * Turn helper into string
+ *
+ * @param string|null $indent
+ * @param string|null $locale
+ * @return string
+ */
+ public function __toString($indent = null, $locale = null)
+ {
+ $session = Zend_Registry::get('session');
+ $this->items = $session->authdata;
+
+ $output = '';
+
+ if ($session->authdata['authed'] !== true)
+ return $output;
+
+# $indent = (null !== $indent)
+# ? $this->getWhitespace($indent)
+# : $this->getIndent();
+ $indent = '';
+
+ $output .= $indent . "<div id=\"userinfo\">\n";
+ $output .= $indent . "\tUser: " . $this->items['authed_username'] . "<br>\n";
+ $output .= $indent . "\tName: " . $this->items['authed_fname'] . ' ' . $this->items['authed_lname'] . "<br>\n";
+ $output .= $indent . "\tRole: " . $this->items['authed_role'] . "<br>\n";
+ if ($this->items['authed_by_crt'] === true)
+ $output .= $indent . "\tLoginmethod: CRT<br>\n";
+ else
+ $output .= $indent . "\tLoginmethod: PASSWD<br>\n";
+ $output .= $indent . "</div>\n";
+
+ return $output;
+ }
+}
diff --git a/manager/application/views/scripts/error/error.phtml b/manager/application/views/scripts/error/error.phtml
new file mode 100644
index 0000000..1782039
--- /dev/null
+++ b/manager/application/views/scripts/error/error.phtml
@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>Zend Framework Default Application</title>
+</head>
+<body>
+ <h1>An error occurred</h1>
+ <h2><?php echo $this->message ?></h2>
+
+ <?php if ('development' == APPLICATION_ENV): ?>
+
+ <h3>Exception information:</h3>
+ <p>
+ <b>Message:</b> <?php echo $this->exception->getMessage() ?>
+ </p>
+
+ <h3>Stack trace:</h3>
+ <pre><?php echo $this->exception->getTraceAsString() ?>
+ </pre>
+
+ <h3>Request Parameters:</h3>
+ <pre><?php echo var_export($this->request->getParams(), true) ?>
+ </pre>
+ <?php endif ?>
+
+</body>
+</html>
diff --git a/manager/application/views/scripts/error/permissiondenied.phtml b/manager/application/views/scripts/error/permissiondenied.phtml
new file mode 100644
index 0000000..8219e5b
--- /dev/null
+++ b/manager/application/views/scripts/error/permissiondenied.phtml
@@ -0,0 +1,8 @@
+<?php
+/**
+ * @author markus
+ * $Id: loginresult.phtml 7 2009-11-19 15:03:59Z markus $
+ */
+?>
+<H1><?php print I18n::_('Permission Denied')?></H1>
+<?php print I18n::_('You do not have the permission to perform the requested action'); ?> \ No newline at end of file
diff --git a/manager/application/views/scripts/index/index.phtml b/manager/application/views/scripts/index/index.phtml
new file mode 100644
index 0000000..58c9dc9
--- /dev/null
+++ b/manager/application/views/scripts/index/index.phtml
@@ -0,0 +1,7 @@
+<?php
+/**
+ * @author markus
+ * $Id: index.phtml 25 2009-12-02 15:43:21Z markus $
+ */
+?>
+<H1><?php print I18n::_('Dashboard'); ?></H1>
diff --git a/manager/application/views/scripts/login/index.phtml b/manager/application/views/scripts/login/index.phtml
new file mode 100644
index 0000000..57f49ea
--- /dev/null
+++ b/manager/application/views/scripts/login/index.phtml
@@ -0,0 +1,16 @@
+<?php
+/**
+ * @author markus
+ * $Id: index.phtml 36 2009-12-15 15:49:57Z markus $
+ */
+
+// $this->headScript()->appendFile('js/1st.js');
+// $this->headScript()->appendFile('js/2nd.js');
+$this->headLink()->appendStylesheet('/css/login.css');
+
+$this->headLink()->appendStylesheet('/css/form_dl.css');
+?>
+
+<H1><?php print I18n::_('Please log in'); ?></H1>
+<?php print $this->form;?>
+<a href='/login/crt'><?php print I18n::_('Client Cert Login'); ?></a> \ No newline at end of file
diff --git a/manager/application/views/scripts/login/loginresult.phtml b/manager/application/views/scripts/login/loginresult.phtml
new file mode 100644
index 0000000..09437ca
--- /dev/null
+++ b/manager/application/views/scripts/login/loginresult.phtml
@@ -0,0 +1,16 @@
+<?php
+/**
+ * @author markus
+ * $Id: loginresult.phtml 7 2009-11-19 15:03:59Z markus $
+ */
+
+if ($this->session->authdata['authed']) {
+?>
+<H1>Willkommen im Club, <?php print $this->session->authdata['authed_username']; ?></H1>
+<?php
+}
+else {
+?>
+<H1>Bitte loggen Sie sich ein.</H1>
+<?php
+} \ No newline at end of file
diff --git a/manager/application/views/scripts/logout/index.phtml b/manager/application/views/scripts/logout/index.phtml
new file mode 100644
index 0000000..5106390
--- /dev/null
+++ b/manager/application/views/scripts/logout/index.phtml
@@ -0,0 +1,7 @@
+<?php
+/**
+ * @author markus
+ * $Id: index.phtml 7 2009-11-19 15:03:59Z markus $
+ */
+?>
+<H1><?php print I18n::_('You have successfully been logged out'); ?></H1>