From 8b38867157e02bd635df07b684e146cc5330ca90 Mon Sep 17 00:00:00 2001 From: Mikkel Hoegh Date: Thu, 9 Aug 2012 22:31:21 +0200 Subject: [PATCH 1/3] Added "403 Access Denied" panels page. This to ensure the access denied page does not leak information. --- ding_panels/ding_panels.info | 14 ++-- ding_panels/ding_panels.module | 6 ++ ding_panels/ding_panels.pages_default.inc | 97 +++++++++++++++++++++++ ding_panels/ding_panels.strongarm.inc | 17 ++++ 4 files changed, 128 insertions(+), 6 deletions(-) create mode 100644 ding_panels/ding_panels.pages_default.inc create mode 100644 ding_panels/ding_panels.strongarm.inc diff --git a/ding_panels/ding_panels.info b/ding_panels/ding_panels.info index 18afc29d5..ff9980c7a 100644 --- a/ding_panels/ding_panels.info +++ b/ding_panels/ding_panels.info @@ -1,6 +1,8 @@ -name = Ding! Panels -description = Provides Panels plug-ins. Content types, layouts, etc. -package = Ding! -core = 6.x -dependencies[] = panels - +name = "Ding! Panels" +description = "Provides Panels plug-ins. Content types, layouts, etc." +core = "6.x" +package = "Ding!" +dependencies[] = "panels" +dependencies[] = "strongarm" +features[ctools][] = "strongarm:strongarm:1" +features[variable][] = "site_403" diff --git a/ding_panels/ding_panels.module b/ding_panels/ding_panels.module index 9d1a02cd9..0aae5b0fa 100644 --- a/ding_panels/ding_panels.module +++ b/ding_panels/ding_panels.module @@ -53,6 +53,12 @@ function ding_panels_ctools_plugin_api($module, $api) { if ($module == 'panels' && $api == 'styles') { return array('version' => 2); } + elseif ($module == "page_manager" && $api == "pages_default") { + return array("version" => 1); + } + elseif ($module == "strongarm" && $api == "strongarm") { + return array("version" => 1); + } } /** diff --git a/ding_panels/ding_panels.pages_default.inc b/ding_panels/ding_panels.pages_default.inc new file mode 100644 index 000000000..ef8b07ad9 --- /dev/null +++ b/ding_panels/ding_panels.pages_default.inc @@ -0,0 +1,97 @@ +disabled = FALSE; /* Edit this to true to make a default page disabled initially */ + $page->api_version = 1; + $page->name = 'ding_403_access_denied'; + $page->task = 'page'; + $page->admin_title = 'Access denied page'; + $page->admin_description = 'Generic access denied page.'; + $page->path = 'error/403'; + $page->access = array(); + $page->menu = array(); + $page->arguments = array(); + $page->conf = array(); + $page->default_handlers = array(); + $handler = new stdClass; + $handler->disabled = FALSE; /* Edit this to true to make a default handler disabled initially */ + $handler->api_version = 1; + $handler->name = 'page_ding_403_access_denied_panel_context'; + $handler->task = 'page'; + $handler->subtask = 'ding_403_access_denied'; + $handler->handler = 'panel_context'; + $handler->weight = 0; + $handler->conf = array( + 'title' => 'Panel', + 'no_blocks' => 0, + 'pipeline' => 'standard', + 'css_id' => 'ding-403-access-denied', + 'css' => '', + 'contexts' => array(), + 'relationships' => array(), + ); + $display = new panels_display; + $display->layout = 'onecol'; + $display->layout_settings = array(); + $display->panel_settings = array(); + $display->cache = array(); + $display->title = 'Adgang nægtet'; + $display->content = array(); + $display->panels = array(); + $pane = new stdClass; + $pane->pid = 'access-denied-text'; + $pane->panel = 'middle'; + $pane->type = 'custom'; + $pane->subtype = 'custom'; + $pane->shown = TRUE; + $pane->access = array(); + $pane->configuration = array( + 'admin_title' => 'Basic access denied message', + 'title' => '', + 'body' => 'Du har ikke adgang til at se denne side.', + 'format' => '1', + 'substitute' => TRUE, + ); + $pane->cache = array(); + $pane->style = array(); + $pane->css = array(); + $pane->extras = array(); + $pane->position = 0; + $display->content['access-denied-text'] = $pane; + $display->panels['middle'][0] = 'access-denied-text'; + $pane = new stdClass; + $pane->pid = 'login-in-text'; + $pane->panel = 'middle'; + $pane->type = 'custom'; + $pane->subtype = 'custom'; + $pane->shown = TRUE; + $pane->access = FALSE; + $pane->configuration = array( + 'admin_title' => 'Please log in-text', + 'title' => '', + 'body' => 'Du er ikke logget ind. Brug login-formularen øverst på siden for at logge ind.', + 'format' => '1', + 'substitute' => TRUE, + ); + $pane->cache = array(); + $pane->style = array(); + $pane->css = array(); + $pane->extras = array(); + $pane->position = 1; + $display->content['login-in-text'] = $pane; + $display->panels['middle'][1] = 'login-in-text'; + $display->hide_title = PANELS_TITLE_FIXED; + $display->title_pane = 'access-denied-text'; + $handler->conf['display'] = $display; + $page->default_handlers[$handler->name] = $handler; + + $export['ding_403_access_denied'] = $handler; + + return $export; +} diff --git a/ding_panels/ding_panels.strongarm.inc b/ding_panels/ding_panels.strongarm.inc new file mode 100644 index 000000000..97016b981 --- /dev/null +++ b/ding_panels/ding_panels.strongarm.inc @@ -0,0 +1,17 @@ +disabled = FALSE; /* Edit this to true to make a default strongarm disabled initially */ + $strongarm->api_version = 1; + $strongarm->name = 'site_403'; + $strongarm->value = 'error/403'; + $export['site_403'] = $strongarm; + + return $export; +} From a5fe8c96cd87eada58dd58c1a7a19d62e0dc5cb2 Mon Sep 17 00:00:00 2001 From: Mikkel Hoegh Date: Thu, 9 Aug 2012 23:10:36 +0200 Subject: [PATCH 2/3] Only admins can see normal user profiles. Now, everyone else gets access denied. --- ding_user/ding_user.pages_default.inc | 84 ++++++++++++++++----------- 1 file changed, 51 insertions(+), 33 deletions(-) diff --git a/ding_user/ding_user.pages_default.inc b/ding_user/ding_user.pages_default.inc index 46a878e1a..4f88dc9b0 100644 --- a/ding_user/ding_user.pages_default.inc +++ b/ding_user/ding_user.pages_default.inc @@ -12,11 +12,11 @@ function ding_user_default_page_manager_handlers() { $handler = new stdClass; $handler->disabled = FALSE; /* Edit this to true to make a default handler disabled initially */ $handler->api_version = 1; - $handler->name = 'user_view_panel_context_2'; + $handler->name = 'user_view_panel_context_staff'; $handler->task = 'user_view'; $handler->subtask = ''; $handler->handler = 'panel_context'; - $handler->weight = -10; + $handler->weight = -8; $handler->conf = array( 'autogenerate_title' => TRUE, 'title' => 'Staff user profile', @@ -26,7 +26,7 @@ function ding_user_default_page_manager_handlers() { 'css_cache_file' => '', 'contexts' => array(), 'relationships' => array( - '0' => array( + 0 => array( 'context' => 'argument_uid_1', 'name' => 'node_from_user', 'id' => 1, @@ -39,21 +39,21 @@ function ding_user_default_page_manager_handlers() { ), 'access' => array( 'plugins' => array( - '0' => array( + 0 => array( 'name' => 'perm', 'settings' => array( 'perm' => 'access user profiles', ), 'context' => 'logged-in-user', ), - '1' => array( + 1 => array( 'name' => 'role', 'settings' => array( 'rids' => array( - '0' => 3, - '1' => 4, - '2' => 5, - '3' => 6, + 0 => 3, + 1 => 4, + 2 => 5, + 3 => 6, ), ), 'context' => 'argument_uid_1', @@ -67,9 +67,7 @@ function ding_user_default_page_manager_handlers() { $display->layout_settings = array(); $display->panel_settings = array(); $display->cache = array(); - $display->title = ''; - $display->hide_title = FALSE; - $display->title_pane = 15; + $display->title = '%user:ding_user_display_name'; $display->content = array(); $display->panels = array(); $pane = new stdClass; @@ -81,7 +79,7 @@ function ding_user_default_page_manager_handlers() { $pane->access = array(); $pane->configuration = array( 'context' => array( - '0' => 'argument_uid_1', + 0 => 'argument_uid_1', ), ); $pane->cache = array(); @@ -103,7 +101,7 @@ function ding_user_default_page_manager_handlers() { 'pager_id' => '', 'items_per_page' => '10', 'context' => array( - '0' => 'argument_uid_1', + 0 => 'argument_uid_1', ), ); $pane->cache = array(); @@ -124,8 +122,8 @@ function ding_user_default_page_manager_handlers() { $pane->access = array(); $pane->configuration = array( 'context' => array( - '0' => 'relationship_node_from_user_1', - '1' => 'empty', + 0 => 'relationship_node_from_user_1', + 1 => 'empty', ), 'override_title' => 0, 'override_title_text' => '', @@ -163,17 +161,19 @@ function ding_user_default_page_manager_handlers() { $pane->position = 0; $display->content['new-4'] = $pane; $display->panels['top'][0] = 'new-4'; + $display->hide_title = PANELS_TITLE_FIXED; + $display->title_pane = '0'; $handler->conf['display'] = $display; - $handlers['user_view_panel_context_2'] = $handler; + $handlers['user_view_panel_context_staff'] = $handler; $handler = new stdClass; $handler->disabled = FALSE; /* Edit this to true to make a default handler disabled initially */ $handler->api_version = 1; - $handler->name = 'user_view_panel_context_3'; + $handler->name = 'user_view_panel_context_personal'; $handler->task = 'user_view'; $handler->subtask = ''; $handler->handler = 'panel_context'; - $handler->weight = -9; + $handler->weight = -4; $handler->conf = array( 'title' => 'Personal profile', 'no_blocks' => FALSE, @@ -219,7 +219,7 @@ function ding_user_default_page_manager_handlers() { ), ); $display->cache = array(); - $display->title = ''; + $display->title = '%user:ding_user_display_name'; $display->content = array(); $display->panels = array(); $pane = new stdClass; @@ -311,19 +311,19 @@ function ding_user_default_page_manager_handlers() { $pane->position = 0; $display->content['new-4'] = $pane; $display->panels['right'][0] = 'new-4'; - $display->hide_title = PANELS_TITLE_NONE; + $display->hide_title = PANELS_TITLE_FIXED; $display->title_pane = '0'; $handler->conf['display'] = $display; - $handlers['user_view_panel_context_3'] = $handler; + $handlers['user_view_panel_context_personal'] = $handler; $handler = new stdClass; $handler->disabled = FALSE; /* Edit this to true to make a default handler disabled initially */ $handler->api_version = 1; - $handler->name = 'user_view_panel_context'; + $handler->name = 'user_view_panel_context_normal'; $handler->task = 'user_view'; $handler->subtask = ''; $handler->handler = 'panel_context'; - $handler->weight = -8; + $handler->weight = 0; $handler->conf = array( 'autogenerate_title' => TRUE, 'title' => 'Normal user profile', @@ -335,12 +335,13 @@ function ding_user_default_page_manager_handlers() { 'relationships' => array(), 'access' => array( 'plugins' => array( - '0' => array( + 0 => array( 'name' => 'perm', 'settings' => array( - 'perm' => 'access user profiles', + 'perm' => 'administer users', ), 'context' => 'logged-in-user', + 'not' => FALSE, ), ), 'logic' => 'and', @@ -351,9 +352,7 @@ function ding_user_default_page_manager_handlers() { $display->layout_settings = array(); $display->panel_settings = array(); $display->cache = array(); - $display->title = ''; - $display->hide_title = TRUE; - $display->title_pane = 101; + $display->title = '%user:ding_user_display_name'; $display->content = array(); $display->panels = array(); $pane = new stdClass; @@ -368,7 +367,7 @@ function ding_user_default_page_manager_handlers() { 'pager_id' => '', 'items_per_page' => '10', 'context' => array( - '0' => 'argument_uid_1', + 0 => 'argument_uid_1', ), ); $pane->cache = array(); @@ -389,8 +388,8 @@ function ding_user_default_page_manager_handlers() { $pane->access = array(); $pane->configuration = array( 'context' => array( - '0' => 'empty', - '1' => 'empty', + 0 => 'empty', + 1 => 'empty', ), 'override_title' => 0, 'override_title_text' => '', @@ -421,8 +420,27 @@ function ding_user_default_page_manager_handlers() { $pane->position = 0; $display->content['new-3'] = $pane; $display->panels['top'][0] = 'new-3'; + $display->hide_title = PANELS_TITLE_FIXED; + $display->title_pane = '0'; $handler->conf['display'] = $display; - $handlers['user_view_panel_context'] = $handler; + $handlers['user_view_panel_context_normal'] = $handler; + + $handler = new stdClass; + $handler->disabled = FALSE; /* Edit this to true to make a default handler disabled initially */ + $handler->api_version = 1; + $handler->name = 'user_view_access_denied'; + $handler->task = 'user_view'; + $handler->subtask = ''; + $handler->handler = 'http_response'; + $handler->weight = 8; + $handler->conf = array( + 'title' => 'Access denied', + 'contexts' => array(), + 'relationships' => array(), + 'code' => '403', + 'destination' => '', + ); + $handlers['user_view_access_denied'] = $handler; return $handlers; } From 6625e24cdc09fced06533e54451f827d913353f0 Mon Sep 17 00:00:00 2001 From: Mikkel Hoegh Date: Thu, 16 Aug 2012 15:29:04 +0200 Subject: [PATCH 3/3] Remove URL aliases for alma users. --- ding_user/ding_user.install | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/ding_user/ding_user.install b/ding_user/ding_user.install index ffe635091..6a2c1c0ca 100644 --- a/ding_user/ding_user.install +++ b/ding_user/ding_user.install @@ -85,3 +85,33 @@ function ding_user_update_6002() { return $ret; } +/** + * Remove path alias from alma users. + */ +function ding_user_update_6003() { + $ret = array(); + + $user_count = (integer) db_result(db_query("SELECT COUNT(uid) FROM {users} AS u WHERE u.name LIKE '%@alma_user'")); + + $uid_query = db_query("SELECT uid FROM {users} AS u WHERE u.name LIKE '%@alma_user'"); + + // Make buckets of 50 uids, so we don't have to make a query for each user. + $bucket_count = ceil($user_count / 50); + $uids = array(); + while ($uid = (integer) db_result($uid_query)) { + $uids[$uid % $bucket_count][] = $uid; + } + + // Remove aliases for each bucket. + foreach ($uids as $bucket) { + $filter = array(); + + foreach ($bucket as $uid) { + $filter[] = 'user/' . $uid; + } + + $ret[] = update_sql("DELETE FROM {url_alias} WHERE src IN ('" . implode("','", $filter) . "')"); + } + + return $ret; +}