Basically, the question is more about grammars but I think that it could be more of a interesting exercise on dynamic variables.
I have a grammar role with a prototyped token (the example is simplified to demonstrate the idea):
proto token foo {*}
token foo:sym<a> {
:my $*delimiter = q<">;
\" ~ \" <value>
}
token foo:sym<b> {
:my $*delimiter = q<'>;
\' ~ \' <value>
}
token value {
.+? <?before $($*delimeter) || $($*custom-delimiter)>
}
When the role is consumed by a grammar I want the $*custom-delimiter to be set by the grammar. Of course, I can declare it everywhere where <foo> is needed. But sometimes it is ok to have it pre-initialized with a universal default. Something like:
{ $*custom-delimiter //= $default-delimiter }
in the value token would work. But external pre-declaration would still be needed.
I hoped that:
our $*custom-delimiter is export = $default-delimiter;
in the scope of module where the role is declared would work. But apparently it doesn't. So, the question is: are there any elegant solutions to this?
Actually, I also hope that the solution would allow to move declaration of $*delimiter in foo outside of the token definitions too.
As a side note: my first thought was about adding a parameter to the token. But having absolutely identical signatures for each variant is looking terrible too:
token foo:sym<a> ( $*custom-delimiter = $default-delimiter ) {
}
token foo:sym<b> ( $*custom-delimiter = $default-delimiter ) {
}
token foo:sym<c> ( $*custom-delimiter = $default-delimiter ) {
}
Another approach is to have something like:
token pre-foo ( $*custom-delimiter = $default-delimiter ) {
<foo>
}
In this case an additional method would be required in actions class to propagate $/<foo>.ast one level up.
Based on some test work I've done in one of my modules for allowing scoped settings for a module, you can do this but you will need to use the EXPORT sub.
I imagine the reason is that when doing EXPORT, we can install what is explicitly a brand new dynamic variable, rather than a new symbol linked to an extant dynamic variable — the latter of which to me makes scoping very unclear.
This seems to work okay for me.
# filename: Foo.rakumod
# no 'unit module', etc
sub EXPORT {
proto token foo {*}
token foo:a { … }
token foo:b { … }
Map.new:
'&foo' => &foo,
'$*dynamic' => my $ = 'default'
}
Related
With the Admin SDK it's possible to further enrich the administration in Shopware 6. As in the installation guide for apps stated, an entry point (base-app-url) needs to be provided in the manifest file of an app.
Since every request needs to be authenticated properly, this GET request also needs authentication. However, I am not able to authenticate this one in the same way as I am successfully doing it with the GET request from modules.
The base-app-url request looks the following (in my case with some [custom] entity privileges):
http://localhost:3000/sdk?location-id=sw-main-hidden&privileges=%7B%22read%22%3A%5B%22language%22%2C%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22create%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22update%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22delete%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%7D&shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045964&sw-version=6.4.18.0&sw-context-language=2fbb5fe2e29a4d70aa5854ce7ce3e20b&sw-user-language=de-DE&shopware-shop-signature=e7b20a46487046a515638f76c6fadab6b1c749ea4a8ac6e7653527e73ba18380
The shop has the following data
Shop {
_id: 'sbzqJiPRrbHAlC2K',
_url: 'http://localhost:8888',
_secret: '3c5a2f031006791f2aca40ffa22e8febbc8a53d8',
_apiKey: 'SWIAB2PVODCWSLZNDMC5ZM1XWA',
_secretKey: 'VnNwM0ZOMnN1Y05YdUlKazlPdlduWTdzOHhIdFpacjVCYkgzNEg'
}
I am currently authenticating my modules like the following (Node.js):
const SHOPWARE_SHOP_SIGNATURE = 'shopware-shop-signature';
export function authenticateGetRequest(req: Request, shop: Shop): void {
// e7b20a46487046a515638f76c6fadab6b1c749ea4a8ac6e7653527e73ba18380
const signature = getSignatureFromQuery(req);
verifySignature(shop.secret, removeParamsFromQuery(req), signature);
}
function getSignatureFromQuery(req: Request): string {
if (!req.query[SHOPWARE_SHOP_SIGNATURE]) {
throw new Error('Signature is not present in request!');
}
return req.query[SHOPWARE_SHOP_SIGNATURE] as string;
}
function removeParamsFromQuery(req: Request): string {
// Some code
// Returns following string - Does neither work for base-app-url nor for module GET requests:
// 'shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045964'
// If the string follows this pattern, it works only for modules:
// shop-id={id}&shop-url={url}×tamp={ts}&sw-version={v}&sw-context-language={cl}&sw-user-language={ul}
}
function verifySignature(secret: string, message: string, signature: string): void {
const hmac = crypto.createHmac('sha256', secret).update(message).digest('hex');
if (hmac !== signature) {
throw new Error('Signature could not be verified!');
}
}
However the base-app-url cannot be verified correctly and the "Signature could not be verified!" error is thrown.
What am I doing wrong here?
More info:
Additionally I added a GET request for a module where everything is working:
http://localhost:3000/faq?shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045963&sw-version=6.4.18.0&sw-context-language=2fbb5fe2e29a4d70aa5854ce7ce3e20b&sw-user-language=de-DE&shopware-shop-signature=0f0889c9e8086c6c3553dc946a01f2ef27b34cd1c55b0c03901b6d8a6a9b6f53
The resulting string can be verified:
shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045963&sw-version=6.4.18.0&sw-context-language=2fbb5fe2e29a4d70aa5854ce7ce3e20b&sw-user-language=de-DE
Try out following code in some php sandbox environment:
<?php
$message = 'shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045963&sw-version=6.4.18.0&sw-context-language=2fbb5fe2e29a4d70aa5854ce7ce3e20b&sw-user-language=de-DE';
$secret = '3c5a2f031006791f2aca40ffa22e8febbc8a53d8';
$signature = '0f0889c9e8086c6c3553dc946a01f2ef27b34cd1c55b0c03901b6d8a6a9b6f53';
$hmac = hash_hmac('sha256', $message, $secret);
if (!hash_equals($hmac, $signature)) {
echo 'Signature not valid';
} else {
echo 'Signature valid';
}
SOLUTION:
Express decodes the query strings automatically with req.query depending on your express configuration. Keep in mind to validate the hmac with encoded query params as they are passed from shopware.
In my case the only difference where the decoded privileges and they looked like this:
&privileges={"read":["language","ce_atl_faq_group_faqs","ce_atl_faq_group","ce_atl_faq"],"create":["ce_atl_faq_group_faqs","ce_atl_faq_group","ce_atl_faq"],"update":["ce_atl_faq_group_faqs","ce_atl_faq_group","ce_atl_faq"],"delete":["ce_atl_faq_group_faqs","ce_atl_faq_group","ce_atl_faq"]}
But they need to look like this:
&privileges=%7B%22read%22%3A%5B%22language%22%2C%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22create%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22update%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22delete%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%7D
Looking at the QuerySigner, this is how the signature is generated on the side of Shopware with the actual arguments:
hash_hmac(
'sha256',
'location-id=sw-main-hidden&privileges=%7B%22read%22%3A%5B%22language%22%2C%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22create%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22update%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22delete%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%7D&shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045964&sw-version=6.4.18.0&sw-context-language=2fbb5fe2e29a4d70aa5854ce7ce3e20b&sw-user-language=de-DE',
'VnNwM0ZOMnN1Y05YdUlKazlPdlduWTdzOHhIdFpacjVCYkgzNEg'
);
// 8034a13561b75623420b06fb7be01f20d97556441268939e9a5222ffec12215a
Given on your side you remove the shopware-shop-signature query param AND that the secrets are equal on both sides, you should be able to regenerate the matching signature.
const crypto = require('crypto');
const message = 'location-id=sw-main-hidden&privileges=%7B%22read%22%3A%5B%22language%22%2C%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22create%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22update%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%2C%22delete%22%3A%5B%22ce_atl_faq_group_faqs%22%2C%22ce_atl_faq_group%22%2C%22ce_atl_faq%22%5D%7D&shop-id=sbzqJiPRrbHAlC2K&shop-url=http://localhost:8888×tamp=1674045964&sw-version=6.4.18.0&sw-context-language=2fbb5fe2e29a4d70aa5854ce7ce3e20b&sw-user-language=de-DE';
const hmac = crypto.createHmac('sha256', 'VnNwM0ZOMnN1Y05YdUlKazlPdlduWTdzOHhIdFpacjVCYkgzNEg').update(message).digest('hex');
// 8034a13561b75623420b06fb7be01f20d97556441268939e9a5222ffec12215a
So in theory your code looks fine. Verify that the query string matches exactly. Things to check:
Maybe your node server decodes the url entities unwantedly?
Does your node serve escape special characters in the query string?
Do the secrets match on both sides?
To consider additionally:
Consider to just point the base-app-url to a static page outside of the scope of your app server instead. As that page will be loaded inside an iframe, you can use client side javascript to read the query parameters and, only if necessary, make requests to your app server using the credentials from inside the iframe. Keep in mind you really only need the authentication if you need to handle personalized data, otherwise you might as well serve static assets without the need for authentication.
I am trying to call an API in second feature file , passing arguments from first feature file . Say token and current page value which is returned from a first API response.These has to be passed as a param for second API
* def activeDetails =
"""
function(times){
for(i=0;i<=times;i++){
karate.log('Run test round: '+(i+1));
karate.call('getActiveRouteDetails.feature', { token: token, currentPage: i });
}
java.lang.Thread.sleep(1*1000);
}
"""
* call activeDetails totalPages
In my second feature , I am able to print the values passed , but unable to pass in params . Can you please help me
And print currentPage
And print token
And param pageNumber = '#currentPage'
And param token = token
There is a subtle difference when you are in a JavaScript block. Please read this: https://github.com/intuit/karate#karate-expressions
Make this change:
var result = karate.call('examples/getDetails.feature', { token: token, currentPage, i });
And please don't have variable names like current page, take the help of a JavaScript programmer friend if needed for help.
Also note that the best practice is to avoid JS code and loops as far as possible: https://github.com/intuit/karate#loops
In a puppet class how should I test if a variable has been set in a node?
I use a VM name (like server1) and a domain name (like example.org) where users can reach the page. "example.org" won't be conveyed via a fact, so I need to pass it via a class parameter. I came up with this way to define the variable in a node block and use it in my test class for my settings.
node "VM1" {
class { 'test':
domainname => "example.org",
}
[...]
class test ($domainname) {
ini_setting {
'set_property':
ensure => present,
path => '/tmp/test.ini',
section => 'main',
setting => 'url',
value => "https://$domainname";
}
[...]
But now I want to add a condition that if $domainname isn't set then the $hostname fact should be used in its place.
ini_setting {
'set_property':
ensure => present,
path => '/tmp/test.ini',
section => 'main',
setting => 'url',
if $domainname !~ $hostname {
value => "https://$domainname";
} else {
value => "https://$hostname";
}
But now I get an error like this every time:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Syntax error at 'domainname'
What should I do instead?
The error message is explaining to you that if statements cannot appear inside resource declarations. There is, however, a different conditional form, called a "selector" that can appear inside resource declarations. It is Puppet's analog of the ternary ?: operator that appears in several languages.
Stylistically, though, it is usually better form to keep resource declarations as simple as possible. To that end, you should probably set a variable, conditionally, outside the resource declaration, and then use its value inside. Using your own conditional, that might look like this:
if $domainname !~ $hostname {
$url_value = "https://$domainname";
} else {
$url_value = "https://$hostname";
}
ini_setting {
'set_property':
ensure => present,
path => '/tmp/test.ini',
section => 'main',
setting => 'url',
value => $url_value;
}
Additionally, however, I note that your particular condition, repeated above, is highly suspect. In recent Puppet (version 4 and above), you should be using Puppet data types to both declare your class parameters and check them. In particular, if it is permissible to declare class test without providing a $domainname parameter, then you would declare that class like so:
# Using the Puppet v4+ type system
class test(
Optional[String] $domainname = undef
) {
# ...
, and would test whether a value was provided for $domainname like so:
if $domainname =~ Undef {
# ...
}
You cannot use the type system in earlier Puppet, but there you can rely on undefined variables to expand to nothing when you interpolate them:
# Using the Puppet v3- behavior
class test(
$domainname = undef
) {
# ...
if "$domainname" == "" {
# ...
}
# ...
}
Scenerio:
Using Yii-rights + Yii-user module in my project. In Rights, I generated operations based on my controller action, under update I added a child UpdateOwn.
For UpdateOwn, the bizrule is suppose to be a simple comparison that the logged in user's ID is equal to $model->user_id field.
Problem:
I understand yii checkaccess allow you to pass in variables as parameters and comparing with your defined bizrule. But how does it work for Yii-rights module? How or what are the data/params passed in to be used in bizrule? How can I define or pass my own data/params?
Yii-rights is a wrapper for standart yii-rbac. In rights module you have web-interface for your RBAC. When you creating AuthItem (Operation in rights web interface) you can define your own bizrule.
Here is code for creating AuthItem:
$item = $this->_authorizer->createAuthItem($formModel->name, $type, $formModel->description, $formModel->bizRule, $formModel->data);
$item = $this->_authorizer->attachAuthItemBehavior($item);
_authorizer here is an example of RAuthorizer class. Then we go to RDbAuthManager, which extends CDbAuthManager, where we createAuthItem function:
public function createAuthItem($name,$type,$description='',$bizRule=null,$data=null)
{
$this->db->createCommand()
->insert($this->itemTable, array(
'name'=>$name,
'type'=>$type,
'description'=>$description,
'bizrule'=>$bizRule,
'data'=>serialize($data)
));
return new CAuthItem($this,$name,$type,$description,$bizRule,$data);
}
This is how created AuthItem, in rights. Personally i prefer to use web interface. It have alot of great fetures and much easier to handle then go to code each time.
Then when we perform checkAccess() on AuthItem we call execute bizRule:
public function executeBizRule($bizRule,$params,$data)
{
return $bizRule==='' || $bizRule===null || ($this->showErrors ? eval($bizRule)!=0 : #eval($bizRule)!=0);
}
This is how RBAC in yii work, and rights is just a cool wrapper for it. Rights doesn't change logic of how things must be done.
So in basic yii-rbac if you want to allow update only Own records you do:
$bizRule='return Yii::app()->user->id==$params["user"]->username;';
$task=$auth->createTask('updateOwnUser','update a your own account',$bizRule);
$task->addChild('updateUser');
Then you call it like this:
$user=$this->loadUser();
$params = array('user' => $user);
if(Yii::app()->user->checkAccess('updateOwnUser', $params){
..................
}
In rights it's already implemented with filters. Only thing what you need to do is add to your controller:
class MyController extends RController{
.............
public function filters()
{
return array(
'rights',
............
);
}
.............
}
So define your bizrule for item in web interface, change your controller code, and actually thats it. To know what variables to use in bizrule you can watch on RightsFilter.php code, where checkAccess() performed.
And on top of all of this i'll say about how checkAccess() does :
For each assigned auth item of the user, it first checks if the bizRule for the assignment returns true.
If true, it calls the item's checkAccess method. If the item's bizRule returns true,
2.1. If the item name is the same as the name passed in the original checkAccess() method, it returns true;
2.2. Otherwise, for every child item, it calls its checkAccess.
Hope this will clarify some aspects of RBAC and help in your task.
The yii-rights module has the following properties:
/**
* #property boolean whether to enable business rules.
*/
public $enableBizRule = true;
/**
* #property boolean whether to enable data for business rules.
*/
public $enableBizRuleData = false;
To set bizrule data via the web interface you have to set $enableBizRuleData = true in your application configuration.
Please note that the UI is limited and you can set data only for Auth-Items not for Auth-Assignments. Also the value for data has to be a serialized PHP variable.
As mentioned by #ineersa you can access $data in unserialized form in your bizRule.
It's also worth noting, that Yii checks first the bizRule for the Auth-Item and then additionally for the Auth-Assignment.
[edit] added example
Auth Item
bizRule
Check if the assignment has all the keys specified in the item data
return BizRule::compareKeys($params, $data, 'Editor');
data
a:1:{s:8:"language";b:1;}
Auth Assignment
Check if the application language matches the assignment data
bizRule
return BizRule::compareApplicationLanguage($params, $data);
data
a:1:{s:8:"language";s:5:"de_de";}
[edit] added code link
Here is the full Helper Code
help please? I wish to develop a module to do something very simple with PHP. I am challenged by the Drupal API. I am using version 6.
Goal:
1) Determine if user is viewing a particular node (role is irrelevant)
2) If yes, check to see if cookie is set
a) If cookie is set, do nothing
b) If cookie is not set, then set cookie and then redirect user to another node
That's it!
I have created a module and installed it, there is no error yet it also does nothing. No cookie is set. I am not sure how the Drupal system likes to redirect requests so insight there would be helpful, please. THANK YOU SO MUCH!
<?php
//$Id: offer_survey.module,v 1.0 2009/09/21 11:31:55 blah Exp $
function offer_survey_init() {
global $base_url;
$offer_survey = true;
$cookie_name = 'survey_offered';
if ($node->nid == 651) {
if ($_COOKIE[$cookie_name]) {
// do nothing
} else {
setcookie($cookie_name,1,time() + (86400 * 365));
//then do the redirect an internal webform URL
}
}
}
REVISED VERSION (THE LATEST)
<?php
//$Id: offer_survey.module,v 1.0 2009/09/21 11:31:55 durz Exp $
function offer_survey_init() {
global $base_url;
$offer_survey = true;
$cookie_name = 'survey_offered';
if (arg(0) === "testing") { // the path of the page
if (!$_COOKIE[$cookie_name]) {
setcookie($cookie_name,1,time() + (86400 * 365));
drupal_goto('new-destination'); // the path to be redirected to
}
}
}
There are some different ways to go about this.
One option would be to used hook_nodeapi like jeremy suggests. Doing that you will have the node being loaded/viewed ect available as the $node variable. The other option would be to in your hook_init look at the $_GET and from that see if the user is requesting the node in question. Hook_nodeapi is probably the easiest way to go here.
You can as Jeremy said save data on the user object, however this is only possible if you user is logged in, as the user object otherwise will be the anonymous user which is the same for all not logged in users. In that case using a cookie could be an option. You have to take care though, as you have to create an per site unique cookie name. Else if this module was installed on several sites, users would not get surveys after visiting just one of them.
also in your code instead of doing:
if ($_COOKIE[$cookie_name]) {
// do nothing
} else {
setcookie($cookie_name,1,time() + (86400 * 365));
//then do the redirect an internal webform URL
}
You should instead use the ! (not) operator:
if (!$_COOKIE[$cookie_name]) {
setcookie($cookie_name,1,time() + (86400 * 365));
//then do the redirect an internal webform URL
}
Is your module called offer_survey?
Is it turned on?
Your code looks like it can't work as it uses a $node variable which is not defined.
I think you may have better luck using hook_nodeapi op=load
Once you have sorted these things out you may find drupal_goto is useful to redirect, and you can use user_save for persistent data rather than using set cookie directly.
This is the working code. Note that it was necessary to use arg(1) for the if() statement as well as the node id (nid) rather than hook_nodeapi which didn't work.
Also it was necessary to set the cookie_domain, which is a drupal global.
<?php
//$Id: offer_survey.module,v 1.0 2009/09/21 11:31:55 Stoob Exp $
function offer_survey_init() {
global $base_url;
global $cookie_domain;
$offer_survey = true;
$cookie_name = 'survey_offered';
if (arg(1) == 2) { // the number of the node (nid) of the page
if (!isset($_COOKIE[$cookie_name])) {
setcookie($cookie_name,1,time() + (86400 * 365),null,$cookie_domain); //lasts a year
drupal_goto('new/destination'); // the path to be redirected to
}
}
}
Unless your cache is off, hook_init() only runs on uncached requests. As soon as the cache kicks in your anonymous users will not get this cookie.
You need to put this in hook_boot() but then you can't use drupal_goto since when _boot() runs,that hasn't loaded yet. But that's okay, you can just use header() to set the Location redirect header directly.
It's a good idea to stop execution after a redirect (although you might lose session info if you don't let drupal do some cleanup, take a peek inside what drupal_goto does if you really want to do this right).
<?php
//$Id: offer_survey.module,v 1.1 2010/10/21 11:31:55 tmcclure Exp $
function offer_survey_boot() {
global $base_url;
global $cookie_domain;
$offer_survey = true;
$cookie_name = 'survey_offered';
if (arg(1) == 2) { // the number of the node (nid) of the page
if (!isset($_COOKIE[$cookie_name])) {
setcookie($cookie_name,1,time() + (86400 * 365),null,$cookie_domain); //lasts a year
header('Location: '.$base_url.'/new/destination',TRUE,302); // the path to be redirected to
exit();
}
}
}