| [ Index ] |
|
Code source de b2evolution 2.1.0-beta |
1 <?php 2 /** 3 * This file implements the Group class, which manages user groups. 4 * 5 * This file is part of the evoCore framework - {@link http://evocore.net/} 6 * See also {@link http://sourceforge.net/projects/evocms/}. 7 * 8 * @copyright (c)2003-2007 by Francois PLANQUE - {@link http://fplanque.net/} 9 * 10 * {@internal License choice 11 * - If you have received this file as part of a package, please find the license.txt file in 12 * the same folder or the closest folder above for complete license terms. 13 * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) 14 * then you must choose one of the following licenses before using the file: 15 * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php 16 * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php 17 * }} 18 * 19 * {@internal Open Source relicensing agreement: 20 * }} 21 * 22 * @package evocore 23 * 24 * {@internal Below is a list of authors who have contributed to design/coding of this file: }} 25 * @author fplanque: Francois PLANQUE 26 * 27 * @version $Id: _group.class.php,v 1.1 2007/06/25 11:01:45 fplanque Exp $ 28 */ 29 if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); 30 31 load_class('_core/model/dataobjects/_dataobject.class.php'); 32 33 /** 34 * User Group 35 * 36 * Group of users with specific permissions. 37 * 38 * @package evocore 39 */ 40 class Group extends DataObject 41 { 42 /** 43 * Name of group 44 * 45 * Please use get/set functions to read or write this param 46 * 47 * @var string 48 * @access protected 49 */ 50 var $name; 51 52 /** 53 * Blog posts statuses permissions 54 */ 55 var $blog_post_statuses = array(); 56 57 58 /** 59 * Constructor 60 * 61 * @param object DB row 62 */ 63 function Group( $db_row = NULL ) 64 { 65 // Call parent constructor: 66 parent::DataObject( 'T_groups', 'grp_', 'grp_ID' ); 67 68 $this->delete_restrictions = array( 69 array( 'table'=>'T_users', 'fk'=>'user_grp_ID', 'msg'=>T_('%d users in this group') ), 70 ); 71 72 $this->delete_cascades = array( 73 ); 74 75 if( $db_row == NULL ) 76 { 77 // echo 'Creating blank group'; 78 $this->set( 'name', T_('New group') ); 79 $this->set( 'perm_admin', 'visible' ); 80 $this->set( 'perm_blogs', 'user' ); 81 $this->set( 'perm_spamblacklist', 'none' ); 82 $this->set( 'perm_templates', 0 ); 83 $this->set( 'perm_stats', 'none' ); 84 $this->set( 'perm_files', 'none' ); 85 $this->set( 'perm_options', 'none' ); 86 $this->set( 'perm_users', 'none' ); 87 } 88 else 89 { 90 // echo 'Instanciating existing group'; 91 $this->ID = $db_row->grp_ID; 92 $this->name = $db_row->grp_name; 93 $this->perm_admin = $db_row->grp_perm_admin; 94 $this->perm_blogs = $db_row->grp_perm_blogs; 95 $this->perm_spamblacklist = $db_row->grp_perm_spamblacklist; 96 $this->perm_templates = $db_row->grp_perm_templates; 97 $this->perm_stats = $db_row->grp_perm_stats; 98 $this->perm_files = $db_row->grp_perm_files; 99 $this->perm_options = $db_row->grp_perm_options; 100 $this->perm_users = $db_row->grp_perm_users; 101 } 102 } 103 104 105 /** 106 * Set param value 107 * 108 * @param string Parameter name 109 * @param mixed Parameter value 110 * @return boolean true, if a value has been set; false if it has not changed 111 */ 112 function set( $parname, $parvalue ) 113 { 114 switch( $parname ) 115 { 116 case 'perm_templates': 117 return parent::set_param( $parname, 'number', $parvalue ); 118 119 default: 120 return parent::set_param( $parname, 'string', $parvalue ); 121 } 122 } 123 124 125 /** 126 * Check a permission for this group. 127 * 128 * @param string Permission name: 129 * - templates 130 * - stats 131 * - spamblacklist 132 * - options 133 * - users 134 * - blogs 135 * - admin (levels "visible", "hidden") 136 * @param string Requested permission level 137 * @param mixed Permission target (blog ID, array of cat IDs...) 138 * @return boolean True on success (permission is granted), false if permission is not granted 139 */ 140 function check_perm( $permname, $permlevel = 'any', $perm_target = NULL ) 141 { 142 global $Debuglog; 143 144 $perm = false; // Default is false! 145 146 // echo "<br>Checking group perm $permname:$permlevel against $permvalue"; 147 if( isset($this->{'perm_'.$permname}) ) 148 { 149 $permvalue = $this->{'perm_'.$permname}; 150 } 151 else 152 { // Object's perm-property not set! 153 $Debuglog->add( 'Group permission perm_'.$permname.' not defined!', 'perms' ); 154 155 $permvalue = false; // This will result in $perm == false always. We go on for the $Debuglog.. 156 } 157 158 // echo "<br>Checking group perm $permname:$permlevel against $permvalue"; 159 160 // Check group permission: 161 switch( $permname ) 162 { 163 case 'admin': 164 switch( $permvalue ) 165 { // Depending on current group permission: 166 167 case 'visible': 168 // All permissions granted 169 $perm = true; // Permission granted 170 break; 171 172 case 'hidden': 173 // User can only ask for hidden perm 174 if(( $permlevel == 'hidden' ) || ( $permlevel == 'any' )) 175 { // Permission granted 176 $perm = true; 177 break; 178 } 179 } 180 break; 181 182 case 'templates': 183 if( $permvalue ) 184 { // Permission granted 185 $perm = true; 186 } 187 break; 188 189 case 'blogs': 190 switch( $permvalue ) 191 { // Depending on current group permission: 192 193 case 'editall': 194 // All permissions granted 195 $perm = true; 196 break; 197 198 case 'viewall': 199 // User can only ask for view perm 200 if(( $permlevel == 'view' ) || ( $permlevel == 'any' )) 201 { // Permission granted 202 $perm = true; 203 break; 204 } 205 } 206 break; 207 208 case 'spamblacklist': 209 case 'stats': 210 case 'options': 211 case 'users': 212 switch( $permvalue ) 213 { // Depending on current group permission: 214 215 case 'edit': 216 // All permissions granted 217 $perm = true; 218 break; 219 220 case 'add': 221 // User can ask for add perm... 222 if( $permlevel == 'add' ) 223 { 224 $perm = true; 225 break; 226 } 227 // ... or for any lower priority perm... (no break) 228 229 case 'view': 230 // User can ask for view perm... 231 if( $permlevel == 'view' ) 232 { 233 $perm = true; 234 break; 235 } 236 // ... or for any lower priority perm... (no break) 237 238 case 'user': 239 // This is for stats. User perm can grant permissions in the User class 240 // Here it will just allow to list 241 case 'list': 242 // User can only ask for list perm 243 if( $permlevel == 'list' ) 244 { 245 $perm = true; 246 break; 247 } 248 } 249 break; 250 251 case 'files': 252 switch( $permvalue ) 253 { // Depending on current group permission: 254 case 'all': 255 // All permissions granted 256 $perm = true; 257 break; 258 259 case 'edit': 260 // User can ask for normal edit perm... 261 if( $permlevel == 'edit' ) 262 { 263 $perm = true; 264 break; 265 } 266 // ... or for any lower priority perm... (no break) 267 268 case 'add': 269 // User can ask for add perm... 270 if( $permlevel == 'add' ) 271 { 272 $perm = true; 273 break; 274 } 275 // ... or for any lower priority perm... (no break) 276 277 case 'view': 278 // User can ask for view perm... 279 if( $permlevel == 'view' ) 280 { 281 $perm = true; 282 break; 283 } 284 // ... or for any lower priority perm... (no break) 285 286 case 'list': 287 // User can only ask for list perm 288 if( $permlevel == 'list' ) 289 { 290 $perm = true; 291 break; 292 } 293 } 294 break; 295 } 296 297 $Debuglog->add( "Group perm $permname:$permlevel:$perm_target => ".($perm?'granted':'DENIED'), 'perms' ); 298 299 return $perm; 300 } 301 302 303 /** 304 * Check permission for this group on a set of specified categories 305 * 306 * This is not for direct use, please call {@link User::check_perm()} instead 307 * 308 * @see User::check_perm() 309 * @param string Permission name, can be one of the following: 310 * - cat_post_statuses 311 * - more to come later... 312 * @param string Permission level 313 * @param array Array of target cat IDs 314 * @return boolean 0 if permission denied 315 */ 316 function check_perm_catsgroups( $permname, $permlevel, & $perm_target_cats ) 317 { 318 // Check if permission is granted: 319 switch( $permname ) 320 { 321 case 'cats_post_statuses': 322 case 'cats_post!published': 323 case 'cats_post!protected': 324 case 'cats_post!private': 325 case 'cats_post!draft': 326 case 'cats_post!deprecated': 327 case 'cats_post!redirected': 328 // We'll actually pass this on to blog permissions 329 // First we need to create an array of blogs, not cats 330 $perm_target_blogs = array(); 331 foreach( $perm_target_cats as $loop_cat_ID ) 332 { 333 $loop_cat_blog_ID = get_catblog( $loop_cat_ID ); 334 // echo "cat $loop_cat_ID -> blog $loop_cat_blog_ID <br />"; 335 if( ! in_array( $loop_cat_blog_ID, $perm_target_blogs ) ) 336 { // not already in list: add it: 337 $perm_target_blogs[] = $loop_cat_blog_ID; 338 } 339 } 340 341 // Now we'll check permissions for each blog: 342 foreach( $perm_target_blogs as $loop_blog_ID ) 343 { 344 if( ! $this->check_perm( 'blog_'.substr($permname,5), $permlevel, $loop_blog_ID ) ) 345 { // If at least one blog is denied: 346 return false; // permission denied 347 } 348 } 349 return true; // Permission granted 350 } 351 352 return false; // permission denied 353 } 354 355 356 /** 357 * Check permission for this group on a specified blog 358 * 359 * This is not for direct use, please call {@link User::check_perm()} instead 360 * user is checked for privileges first, group lookup only performed on a false result 361 * 362 * @see User::check_perm() 363 * @param string Permission name, can be one of the following: 364 * - blog_ismember 365 * - blog_post_statuses 366 * - blog_del_post 367 * - blog_comments 368 * - blog_cats 369 * - blog_properties 370 * - blog_genstatic 371 * @param string Permission level 372 * @param integer Permission target blog ID 373 * @param Item post that we want to edit 374 * @return boolean 0 if permission denied 375 */ 376 function check_perm_bloggroups( $permname, $permlevel, $perm_target_blog, $Item = NULL, $User = NULL ) 377 { 378 global $DB; 379 // echo "checkin for $permname >= $permlevel on blog $perm_target_blog<br />"; 380 381 $BlogCache = & get_Cache('BlogCache'); 382 /** 383 * @var Blog 384 */ 385 $Blog = & $BlogCache->get_by_ID( $perm_target_blog ); 386 if( ! $Blog->advanced_perms ) 387 { // We do not abide to advanced perms 388 return false; 389 } 390 391 if( !isset( $this->blog_post_statuses[$perm_target_blog] ) ) 392 { // Allowed blog post statuses have not been loaded yet: 393 if( $this->ID == 0 ) 394 { // User not in DB, nothing to load!: 395 return false; // Permission denied 396 } 397 398 // Load now: 399 // echo 'loading allowed statuses'; 400 $query = "SELECT * 401 FROM T_coll_group_perms 402 WHERE bloggroup_blog_ID = $perm_target_blog 403 AND bloggroup_group_ID = $this->ID"; 404 405 $row = $DB->get_row( $query, ARRAY_A ); 406 407 if( empty($row) ) 408 { // No rights set for this Blog/Group: remember this (in order not to have the same query next time) 409 $this->blog_post_statuses[$perm_target_blog] = array( 410 'blog_ismember' => '0', 411 'blog_post_statuses' => array(), 412 'blog_edit' => 'no', 413 'blog_del_post' => '0', 414 'blog_comments' => '0', 415 'blog_cats' => '0', 416 'blog_properties' => '0', 417 'blog_admin' => '0', 418 ); 419 } 420 else 421 { // OK, rights found: 422 $this->blog_post_statuses[$perm_target_blog] = array(); 423 424 $this->blog_post_statuses[$perm_target_blog]['blog_ismember'] = $row['bloggroup_ismember']; 425 426 $bloggroup_perm_post = $row['bloggroup_perm_poststatuses']; 427 if( empty($bloggroup_perm_post ) ) 428 $this->blog_post_statuses[$perm_target_blog]['blog_post_statuses'] = array(); 429 else 430 $this->blog_post_statuses[$perm_target_blog]['blog_post_statuses'] = explode( ',', $bloggroup_perm_post ); 431 432 $this->blog_post_statuses[$perm_target_blog]['blog_edit'] = $row['bloggroup_perm_edit']; 433 $this->blog_post_statuses[$perm_target_blog]['blog_del_post'] = $row['bloggroup_perm_delpost']; 434 $this->blog_post_statuses[$perm_target_blog]['blog_comments'] = $row['bloggroup_perm_comments']; 435 $this->blog_post_statuses[$perm_target_blog]['blog_cats'] = $row['bloggroup_perm_cats']; 436 $this->blog_post_statuses[$perm_target_blog]['blog_properties'] = $row['bloggroup_perm_properties']; 437 $this->blog_post_statuses[$perm_target_blog]['blog_admin'] = $row['bloggroup_perm_admin']; 438 } 439 } 440 441 // Check if permission is granted: 442 switch( $permname ) 443 { 444 case 'stats': 445 // Wiewing stats is the same perm as being authorized to edit properties: (TODO...) 446 if( $permlevel == 'view' ) 447 { 448 return $this->blog_post_statuses[$perm_target_blog]['blog_properties']; 449 } 450 // No other perm can be granted here (TODO...) 451 return false; 452 453 case 'blog_genstatic': 454 // generate static pages is not currently a group permission. if you are here user is denied already anyway 455 return (false); 456 457 case 'blog_post_statuses': 458 return ( count($this->blog_post_statuses[$perm_target_blog]['blog_post_statuses']) > 0 ); 459 460 case 'blog_post!published': 461 case 'blog_post!protected': 462 case 'blog_post!private': 463 case 'blog_post!draft': 464 case 'blog_post!deprecated': 465 case 'blog_post!redirected': 466 // We want a specific permission: 467 $subperm = substr( $permname, 10 ); 468 // echo "checking : $subperm - ", implode( ',', $this->blog_post_statuses[$perm_target_blog]['blog_post_statuses'] ), '<br />'; 469 $perm = in_array( $subperm, $this->blog_post_statuses[$perm_target_blog]['blog_post_statuses'] ); 470 471 // TODO: the following probably should be handled by the Item class! 472 if( $perm && $permlevel == 'edit' && !empty($Item) ) 473 { // Can we edit this specific Item? 474 switch( $this->blog_post_statuses[$perm_target_blog]['blog_edit'] ) 475 { 476 case 'own': 477 // Own posts only: 478 return ($Item->creator_user_ID == $User->ID); 479 480 case 'lt': 481 // Own + Lower level posts only: 482 if( $Item->creator_user_ID == $User->ID ) 483 { 484 return true; 485 } 486 $item_creator_User = & $Item->get_creator_User(); 487 return ( $item_creator_User->level < $User->level ); 488 489 case 'le': 490 // Own + Lower or equal level posts only: 491 if( $Item->creator_user_ID == $User->ID ) 492 { 493 return true; 494 } 495 $item_creator_User = & $Item->get_creator_User(); 496 return ( $item_creator_User->level <= $User->level ); 497 498 case 'all': 499 return true; 500 501 case 'no': 502 default: 503 return false; 504 } 505 } 506 507 return $perm; 508 509 default: 510 // echo $permname, '=', $this->blog_post_statuses[$perm_target_blog][$permname], ' '; 511 return $this->blog_post_statuses[$perm_target_blog][$permname]; 512 } 513 } 514 515 516 /** 517 * Get name of the Group 518 * 519 * @return string 520 */ 521 function get_name() 522 { 523 return $this->name; 524 } 525 526 } 527 528 /* 529 * $Log: _group.class.php,v $ 530 * Revision 1.1 2007/06/25 11:01:45 fplanque 531 * MODULES (refactored MVC) 532 * 533 * Revision 1.15 2007/06/11 01:55:57 fplanque 534 * level based user permissions 535 * 536 * Revision 1.14 2007/05/31 03:02:23 fplanque 537 * Advanced perms now disabled by default (simpler interface). 538 * Except when upgrading. 539 * Enable advanced perms in blog settings -> features 540 * 541 * Revision 1.13 2007/05/29 01:17:20 fplanque 542 * advanced admin blog settings are now restricted by a special permission 543 * 544 * Revision 1.12 2007/05/28 01:33:22 fplanque 545 * permissions/fixes 546 * 547 * Revision 1.11 2007/04/26 00:11:11 fplanque 548 * (c) 2007 549 * 550 * Revision 1.10 2007/03/20 09:53:26 fplanque 551 * Letting boggers view their own stats. 552 * + Letthing admins view the aggregate by default. 553 * 554 * Revision 1.9 2007/03/07 02:34:29 fplanque 555 * Fixed very sneaky bug 556 * 557 * Revision 1.8 2006/12/07 16:06:23 fplanque 558 * prepared new file editing permission 559 * 560 * Revision 1.7 2006/11/24 18:27:25 blueyed 561 * Fixed link to b2evo CVS browsing interface in file docblocks 562 */ 563 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 23:58:50 2007 | par Balluche grâce à PHPXref 0.7 |
|
|