[Sommaire] [Imprimer]

   1  <?php // $Id: class.wikiaccesscontrol.php,v 1.9 2006/10/16 07:12:19 moosh Exp $
   2  if ( count( get_included_files() ) == 1 ) die( '---' );
   3  
   4      // vim: expandtab sw=4 ts=4 sts=4:
   5  
   6      /**
   7       * CLAROLINE
   8       *
   9       * @version 1.8 $Revision: 1.9 $
  10       *
  11       * @copyright 2001-2006 Universite catholique de Louvain (UCL)
  12       *
  13       * @license http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
  14       * This program is under the terms of the GENERAL PUBLIC LICENSE (GPL)
  15       * as published by the FREE SOFTWARE FOUNDATION. The GPL is available
  16       * through the world-wide-web at http://www.gnu.org/copyleft/gpl.html
  17       *
  18       * @author Frederic Minne <zefredz@gmail.com>
  19       *
  20       * @package Wiki
  21       */
  22  
  23      /**
  24       * Wiki access control library
  25       * ACLs are of the form
  26       *  accessLevel_privilege => boolean
  27       */
  28      class WikiAccessControl
  29      {
  30          /**
  31           * Check if a given access level can request a given
  32           * privilege in a given access control list.
  33           * For example check if a group member is allowed to edit a page
  34           * @param array accessControlList access control list
  35           * @param string accessLevel access level
  36           * @param string privilege requested privilege
  37           * @return boolean true if pivilege is granted, false either
  38           */
  39          function checkAccess( $accessControlList, $accessLevel, $privilege )
  40          {
  41              $prefixList = WikiAccessControl::prefixList();
  42              $privilegeList = WikiAccessControl::privilegeList();
  43  
  44              if ( isset( $prefixList[$accessLevel] ) &&
  45                      isset( $privilegeList[$privilege] ) )
  46              {
  47                  $accessKey = $prefixList[$accessLevel]
  48                      . $privilegeList[$privilege]
  49                      ;
  50  
  51                  $accessControlFlag = isset( $accessControlList[$accessKey] )
  52                      ? $accessControlList[$accessKey]
  53                      : false
  54                      ;
  55              }
  56              else
  57              {
  58                  $accessControlFlag = false;
  59              }
  60  
  61              if ( $accessControlFlag == true )
  62              {
  63                  return true;
  64              }
  65              else
  66              {
  67                  return false;
  68              }
  69          }
  70  
  71          /**
  72           * lists the prefixes associated with the access levels
  73           * @return array associative array of the form
  74           *      accessLevel => prefix
  75           */
  76          function prefixList()
  77          {
  78              static $prefixList = array(
  79                  'course' => 'course_',
  80                  'group' => 'group_',
  81                  'other' => 'other_'
  82              );
  83  
  84              return $prefixList;
  85          }
  86  
  87          /**
  88           * lists the privileges
  89           * @return array associative array of the form
  90           *      privilege => name
  91           */
  92          function privilegeList()
  93          {
  94              static $privilegeList = array(
  95                  'read' => 'read',
  96                  'edit' => 'edit',
  97                  'create' => 'create'
  98              );
  99  
 100              return $privilegeList;
 101          }
 102  
 103          /**
 104           * get default access control list for a course wiki
 105           * @return array default course access control list
 106           */
 107          function defaultCourseWikiACL()
 108          {
 109              static $defaultCourseWikiACL = array(
 110                  'course_read' => true,
 111                  'course_edit' => true,
 112                  'course_create' => true,
 113                  'group_read' => false,
 114                  'group_edit' => false,
 115                  'group_create' => false,
 116                  'other_read' => true,
 117                  'other_edit' => false,
 118                  'other_create' => false
 119              );
 120  
 121              return $defaultCourseWikiACL;
 122          }
 123  
 124          /**
 125           * get empty access control list (ie with all entries
 126           * set to false)
 127           * @return array empty access control list
 128           */
 129          function emptyWikiACL()
 130          {
 131              static $emptyWikiACL = array(
 132                  'course_read' => false,
 133                  'course_edit' => false,
 134                  'course_create' => false,
 135                  'group_read' => false,
 136                  'group_edit' => false,
 137                  'group_create' => false,
 138                  'other_read' => false,
 139                  'other_edit' => false,
 140                  'other_create' => false
 141              );
 142  
 143              return $emptyWikiACL;
 144          }
 145  
 146          /**
 147           * get default access control list for a group wiki
 148           * @return array default group access control list
 149           */
 150          function defaultGroupWikiACL()
 151          {
 152              static $defaultGroupWikiACL = array(
 153                  'course_read' => true,
 154                  'course_edit' => false,
 155                  'course_create' => false,
 156                  'group_read' => true,
 157                  'group_edit' => true,
 158                  'group_create' => true,
 159                  'other_read' => false,
 160                  'other_edit' => false,
 161                  'other_create' => false
 162              );
 163  
 164              return $defaultGroupWikiACL;
 165          }
 166  
 167          /**
 168           * check a given access control list to see wether or not a given
 169           * access level has got read privilege
 170           * @return boolean true if read privilege is granted, false either
 171           */
 172          function isAllowedToReadPage( $accessControlList, $accessLevel )
 173          {
 174              $privilege = 'read';
 175              return WikiAccessControl::checkAccess( $accessControlList, $accessLevel, $privilege );
 176          }
 177  
 178          /**
 179           * check a given access control list to see wether or not a given
 180           * access level has got edit privilege
 181           * @return boolean true if edit privilege is granted, false either
 182           */
 183          function isAllowedToEditPage( $accessControlList, $accessLevel )
 184          {
 185              $privilege = 'edit';
 186              return WikiAccessControl::checkAccess( $accessControlList, $accessLevel, $privilege );
 187          }
 188  
 189          /**
 190           * check a given access control list to see wether or not a given
 191           * access level has got create privilege
 192           * @return boolean true if create privilege is granted, false either
 193           */
 194          function isAllowedToCreatePage( $accessControlList, $accessLevel )
 195          {
 196              $privilege = 'create';
 197              return WikiAccessControl::checkAccess( $accessControlList, $accessLevel, $privilege );
 198          }
 199  
 200          /**
 201           * grant the given privilege to the given access level in the given access
 202           * control list
 203           * @param array accessControlList access control list
 204           * @param string accessLevel access level
 205           * @param string privilege privilege to grant
 206           * @return boolean true on success, false if accessLevel or
 207           *      privilege are not valid
 208           */
 209          function grantPrivilegeToAccessLevel( &$accessControlList, $accessLevel, $privilege )
 210          {
 211              $prefixList = WikiAccessControl::prefixList();
 212              $privilegeList = WikiAccessControl::privilegeList();
 213  
 214              if ( isset( $prefixList[$accessLevel] ) && isset( $privilegeList[$privilege] ) )
 215              {
 216                  $key = $prefixList[$accessLevel] . $privilegeList[$privilege];
 217                  $accessControlList[$key] = true;
 218                  return true;
 219              }
 220              else
 221              {
 222                  return false;
 223              }
 224          }
 225  
 226          /**
 227           * remove the given privilege from the given access level in the given access
 228           * control list
 229           * @param array accessControlList access control list
 230           * @param string accessLevel access level
 231           * @param string privilege privilege to remove
 232           * @return boolean true on success, false if accessLevel or
 233           *      privilege are not valid
 234           */
 235          function removePrivilegeFromAccessLevel( &$accessControlList, $accessLevel, $privilege )
 236          {
 237              $prefixList = WikiAccessControl::prefixList();
 238              $privilegeList = WikiAccessControl::privilegeList();
 239  
 240              if ( isset( $prefixList[$accessLevel] ) && isset( $privilegeList[$privilege] ) )
 241              {
 242                  $key = $prefixList[$accessLevel] . $privilegeList[$privilege];
 243                  $accessControlList[$key] = false;
 244                  return true;
 245              }
 246              else
 247              {
 248                  return false;
 249              }
 250          }
 251  
 252          /**
 253           * grant the read given privilege to the given access level in the given access
 254           * control list
 255           * @param array accessControlList access control list
 256           * @param string accessLevel access level
 257           * @return boolean true on success, false if accessLevel or
 258           *      privilege are not valid
 259           */
 260          function grantReadPrivilegeToAccessLevel( &$accessControlList, $accessLevel )
 261          {
 262              $privilege = 'read';
 263  
 264              return WikiAccessControl::grantPrivilegeToAccessLevel(
 265                  $accessControlList
 266                  , $accessLevel
 267                  , $privilege
 268                  );
 269          }
 270  
 271          /**
 272           * grant the edit given privilege to the given access level in the given access
 273           * control list
 274           * @param array accessControlList access control list
 275           * @param string accessLevel access level
 276           * @return boolean true on success, false if accessLevel or
 277           *      privilege are not valid
 278           */
 279          function grantEditPrivilegeToAccessLevel( &$accessControlList, $accessLevel )
 280          {
 281              $privilege = 'edit';
 282  
 283              return WikiAccessControl::grantPrivilegeToAccessLevel(
 284                  $accessControlList
 285                  , $accessLevel
 286                  , $privilege
 287                  );
 288          }
 289  
 290          /**
 291           * grant the create given privilege to the given access level in the given access
 292           * control list
 293           * @param array accessControlList access control list
 294           * @param string accessLevel access level
 295           * @return boolean true on success, false if accessLevel or
 296           *      privilege are not valid
 297           */
 298          function grantCreatePrivilegeToAccessLevel( &$accessControlList, $accessLevel )
 299          {
 300              $privilege = 'create';
 301  
 302              return WikiAccessControl::grantPrivilegeToAccessLevel(
 303                  $accessControlList
 304                  , $accessLevel
 305                  , $privilege
 306                  );
 307          }
 308  
 309          /**
 310           * remove the read privilege from the given access level in the given access
 311           * control list
 312           * @param array accessControlList access control list
 313           * @param string accessLevel access level
 314           * @return boolean true on success, false if accessLevel or
 315           *      privilege are not valid
 316           */
 317          function removeReadPrivilegeFromAccessLevel( &$accessControlList, $accessLevel )
 318          {
 319              $privilege = 'read';
 320  
 321              return WikiAccessControl::removePrivilegeFromAccessLevel(
 322                  $accessControlList
 323                  , $accessLevel
 324                  , $privilege
 325                  );
 326          }
 327  
 328          /**
 329           * remove the edit privilege from the given access level in the given access
 330           * control list
 331           * @param array accessControlList access control list
 332           * @param string accessLevel access level
 333           * @return boolean true on success, false if accessLevel or
 334           *      privilege are not valid
 335           */
 336          function removeEditPrivilegeFromAccessLevel( &$accessControlList, $accessLevel )
 337          {
 338              $privilege = 'edit';
 339  
 340              return WikiAccessControl::removePrivilegeFromAccessLevel(
 341                  $accessControlList
 342                  , $accessLevel
 343                  , $privilege
 344                  );
 345          }
 346  
 347          /**
 348           * remove the create privilege from the given access level in the given access
 349           * control list
 350           * @param array accessControlList access control list
 351           * @param string accessLevel access level
 352           * @return boolean true on success, false if accessLevel or
 353           *      privilege are not valid
 354           */
 355          function removeCreatePrivilegeFromAccessLevel( &$accessControlList, $accessLevel )
 356          {
 357              $privilege = 'create';
 358  
 359              return WikiAccessControl::removePrivilegeFromAccessLevel(
 360                  $accessControlList
 361                  , $accessLevel
 362                  , $privilege
 363                  );
 364          }
 365  
 366          /**
 367           * Export access control list to a string
 368           * @param array accessControlList access controllist
 369           * @param boolean echoExport print the exported value
 370           *      if set to true (default true)
 371           * @return string string representation of the access control list
 372           */
 373          function exportACL( $accessControlList, $echoExport = true )
 374          {
 375              $export = "<pre>\n";
 376              $prefixList = WikiAccessControl::prefixList();
 377              $privilegeList = WikiAccessControl::privilegeList();
 378  
 379              foreach ( $prefixList as $accessLevel => $prefix )
 380              {
 381                  $export .= $accessLevel . ':';
 382  
 383                  foreach ( $privilegeList as $privilege )
 384                  {
 385                      $aclKey = $prefix . $privilege;
 386  
 387                      $boolValue = ( $accessControlList[$aclKey] == true ) ? 'true' : 'false';
 388                      $export .= $privilege . '('.$boolValue.')';
 389                  }
 390  
 391                  $export .= "<br />\n";
 392              }
 393  
 394              $export .= "</pre>\n";
 395  
 396              if ( $echoExport == true )
 397              {
 398                  echo $export;
 399              }
 400  
 401              return $export;
 402          }
 403      }
 404  ?>