| [ Index ] |
|
Code source de dotProject 2.1 RC1 |
1 <?php 2 // $Id: permissions.class.php,v 1.14.4.2 2007/01/31 09:36:52 ajdonnison Exp $ 3 4 /** 5 * Copyright 2005, the dotProject Team. 6 * 7 * This file is part of dotProject and is released under the same license. 8 * Check the file index.php in the top level dotproject directory for license 9 * details. If you cannot find this file, or a LICENSE or COPYING file, 10 * please email the author for details. 11 */ 12 13 /* 14 * Permissions system extends the phpgacl class. Very few changes have 15 * been made, however the main one is to provide the database details from 16 * the main dP environment. 17 */ 18 19 if (! defined('DP_BASE_DIR')) { 20 die('This file should not be called directly'); 21 } 22 23 // Set the ADODB directory 24 if (! defined('ADODB_DIR')) { 25 define('ADODB_DIR', DP_BASE_DIR."/lib/adodb"); 26 } 27 28 // Include the PHPGACL library 29 require_once DP_BASE_DIR."/lib/phpgacl/gacl.class.php"; 30 require_once DP_BASE_DIR."/lib/phpgacl/gacl_api.class.php"; 31 // Include the db_connections 32 33 // Now extend the class 34 /** 35 * Extend the gacl_api class. There is an argument to separate this 36 * into a gacl and gacl_api class on the premise that normal activity 37 * only needs the functions in gacl, but it would appear that this is 38 * not so for dP, which tends to require reverse lookups rather than 39 * just forward ones (i.e. looking up who is allowed to do x, rather 40 * than is x allowed to do y). 41 */ 42 class dPacl extends gacl_api { 43 44 function dPacl($opts = null) { 45 global $dPconfig; 46 if (! is_array($opts)) 47 $opts = array(); 48 $opts['db_type'] = $dPconfig['dbtype']; 49 $opts['db_host'] = $dPconfig['dbhost']; 50 $opts['db_user'] = $dPconfig['dbuser']; 51 $opts['db_password'] = $dPconfig['dbpass']; 52 $opts['db_name'] = $dPconfig['dbname']; 53 // We can add an ADODB instance instead of the database 54 // connection details. This might be worth looking at in 55 // the future. 56 if ($dPconfig['debug'] > 10) 57 $this->_debug = true; 58 parent::gacl_api($opts); 59 } 60 61 function checkLogin($login) { 62 // Simple ARO<->ACO check, no AXO's required. 63 return $this->acl_check("system", "login", "user", $login); 64 } 65 66 function checkModule($module, $op, $userid = null) { 67 if (! $userid) 68 $userid = $GLOBALS['AppUI']->user_id; 69 70 $result = $this->acl_check("application", $op, "user", $userid, "app", $module); 71 dprint(__FILE__, __LINE__, 2, "checkModule( $module, $op, $userid) returned $result"); 72 return $result; 73 } 74 75 function checkModuleItem($module, $op, $item = null, $userid = null) { 76 if (! $userid) 77 $userid = $GLOBALS['AppUI']->user_id; 78 if (! $item) 79 return $this->checkModule($module, $op, $userid); 80 81 $result = $this->acl_query("application", $op, "user", $userid, $module, $item, NULL); 82 // If there is no acl_id then we default back to the parent lookup 83 if (! $result || ! $result['acl_id']) { 84 dprint(__FILE__, __LINE__, 2, "checkModuleItem($module, $op, $userid) did not return a record"); 85 return $this->checkModule($module, $op, $userid); 86 } 87 dprint(__FILE__, __LINE__, 2, "checkModuleItem($module, $op, $userid) returned $result[allow]"); 88 return $result['allow']; 89 } 90 91 /** 92 * This gets tricky and is there mainly for the compatibility layer 93 * for getDeny functions. 94 * If we get an ACL ID, and we get allow = false, then the item is 95 * actively denied. Any other combination is a soft-deny (i.e. not 96 * strictly allowed, but not actively denied. 97 */ 98 function checkModuleItemDenied($module, $op, $item, $user_id = null) { 99 if (! $user_id) { 100 $user_id = $GLOBALS['AppUI']->user_id; 101 } 102 $result = $this->acl_query("application", $op, "user", $user_id, $module, $item); 103 if ( $result && $result['acl_id'] && ! $result['allow']) 104 return true; 105 else 106 return false; 107 } 108 109 function addLogin($login, $username) { 110 $res = $this->add_object("user", $username, $login, 1, 0, "aro"); 111 if (! $res) 112 dprint(__FILE__, __LINE__, 0, "Failed to add user permission object"); 113 return $res; 114 } 115 116 function updateLogin($login, $username) { 117 $id = $this->get_object_id("user", $login, "aro"); 118 if (! $id) 119 return $this->addLogin($login, $username); 120 // Check if the details have changed. 121 list ($osec, $val, $oord, $oname, $ohid) = $this->get_object_data($id, "aro"); 122 if ($oname != $username) { 123 $res = $this->edit_object( $id, "user", $username, $login, 1, 0, "aro"); 124 if (! $res) 125 dprint(__FILE__, __LINE__, 0, "Failed to change user permission object"); 126 } 127 return $res; 128 } 129 130 function deleteLogin($login) { 131 $id = $this->get_object_id("user", $login, "aro"); 132 if ($id) { 133 $id = $this->del_object($id, "aro", true); 134 } 135 if (! $id) 136 dprint(__FILE__, __LINE__, 0, "Failed to remove user permission object"); 137 return $id; 138 } 139 140 function addModule($mod, $modname) { 141 $res = $this->add_object("app", $modname, $mod, 1, 0, "axo"); 142 if ($res) { 143 $res = $this->addGroupItem($mod); 144 } 145 if (! $res) { 146 dprint(__FILE__, __LINE__, 0, "Failed to add module permission object"); 147 } 148 return $res; 149 } 150 151 function addModuleSection($mod) { 152 $res = $this->add_object_section(ucfirst($mod) . " Record", $mod, 0, 0, "axo"); 153 if (! $res) { 154 dprint(__FILE__, __LINE__, 0, "Failed to add module permission section"); 155 } 156 return $res; 157 } 158 159 function addModuleItem($mod, $itemid, $itemdesc) { 160 $res = $this->add_object($mod, $itemdesc, $itemid, 0, 0, "axo"); 161 return $res; 162 } 163 164 function addGroupItem($item, $group = "all", $section = "app", $type = "axo") { 165 if ($gid = $this->get_group_id($group, null, $type)) { 166 return $this->add_group_object($gid, $section, $item, $type); 167 } 168 return false; 169 } 170 171 function deleteModule($mod) { 172 $id = $this->get_object_id("app", $mod, "axo"); 173 if ($id) { 174 $this->deleteGroupItem($mod); 175 $id = $this->del_object($id, "axo", true); 176 } 177 if (! $id) 178 dprint(__FILE__, __LINE__, 0, "Failed to remove module permission object"); 179 return $id; 180 } 181 182 function deleteModuleSection($mod) { 183 $id = $this->get_object_section_section_id(null, $mod, "axo"); 184 if ($id) { 185 $id = $this->del_object_section($id, "axo", true); 186 } 187 if (! $id) 188 dprint(__FILE__, __LINE__, 0, "Failed to remove module permission section"); 189 return $id; 190 } 191 192 function deleteGroupItem($item, $group = "all", $section = "app", $type = "axo") { 193 if ($gid = $this->get_group_id($group, null, $type)) { 194 return $this->del_group_object($gid, $section, $item, $type); 195 } 196 return false; 197 } 198 199 function isUserPermitted($userid, $module = null) { 200 if ($module) { 201 return $this->checkModule($module, "view", $userid); 202 } else { 203 return $this->checkLogin($userid); 204 } 205 } 206 207 function getPermittedUsers($module = null) { 208 // Not as pretty as I'd like, but we can do it reasonably well. 209 // Check to see if we are allowed to see other users. 210 // If not we can only see ourselves. 211 global $AppUI; 212 $canViewUsers = $this->checkModule('users', 'view'); 213 $q = new DBQuery; 214 $q->addTable('users'); 215 $q->addQuery('user_id, concat_ws(", ", contact_last_name, contact_first_name) as contact_name'); 216 $q->addJoin('contacts', 'con', 'contact_id = user_contact'); 217 $q->addOrder('contact_last_name'); 218 $res = $q->exec(); 219 $userlist = array(); 220 while ($row = $q->fetchRow()) { 221 if ( ($canViewUsers && $this->isUserPermitted($row['user_id'], $module)) 222 || $row['user_id'] == $AppUI->user_id) 223 $userlist[$row['user_id']] = $row['contact_name']; 224 } 225 $q->clear(); 226 // Now format the userlist as an assoc array. 227 return $userlist; 228 } 229 230 function getItemACLs($module, $uid = null) { 231 if (! $uid) 232 $uid = $GLOBALS['AppUI']->user_id; 233 // Grab a list of all acls that match the user/module, for which Deny permission is set. 234 return $this->search_acl("application", "view", "user", $uid, false, $module, false, false, false); 235 } 236 237 function getUserACLs($uid = null) { 238 if (! $uid) 239 $uid = $GLOBALS['AppUI']->user_id; 240 return $this->search_acl("application", false, "user", $uid, null, false, false, false, false); 241 } 242 243 function getRoleACLs($role_id) { 244 $role = $this->getRole($role_id); 245 return $this->search_acl("application", false, false, false, $role['name'], false, false, false, false); 246 } 247 248 function getRole($role_id) { 249 $data = $this->get_group_data($role_id); 250 if ($data) { 251 return array('id' => $data[0], 252 'parent_id' => $data[1], 253 'value' => $data[2], 254 'name' => $data[3], 255 'lft' => $data[4], 256 'rgt' => $data[5]); 257 } else { 258 return false; 259 } 260 } 261 262 function & getDeniedItems($module, $uid = null) { 263 $items = array(); 264 if (! $uid) 265 $uid = $GLOBALS['AppUI']->user_id; 266 267 $acls = $this->getItemACLs($module, $uid); 268 // If we get here we should have an array. 269 if (is_array($acls)) { 270 // Grab the item values 271 foreach ($acls as $acl) { 272 $acl_entry = $this->get_acl($acl); 273 if ($acl_entry['allow'] == false && $acl_entry['enabled'] == true && isset($acl_entry['axo'][$module])) 274 foreach ($acl_entry['axo'][$module] as $id) { 275 $items[] = $id; 276 } 277 } 278 } else { 279 dprint(__FILE__, __LINE__, 2, "getDeniedItems($module, $uid) - no ACL's match"); 280 } 281 dprint(__FILE__,__LINE__, 2, "getDeniedItems($module, $uid) returning " . count($items) . " items"); 282 return $items; 283 } 284 285 // This is probably redundant. 286 function & getAllowedItems($module, $uid = null) { 287 $items = array(); 288 if (! $uid) 289 $uid = $GLOBALS['AppUI']->user_id; 290 $acls = $this->getItemACLs($module, $uid); 291 if (is_array($acls)) { 292 foreach ($acls as $acl) { 293 $acl_entry = $this->get_acl($acl); 294 if ($acl_entry['allow'] == true && $acl_entry['enabled'] == true && isset($acl_entry['axo'][$module])) { 295 foreach ($acl_entry['axo'][$module] as $id) { 296 $items[] = $id; 297 } 298 } 299 } 300 } else { 301 dprint(__FILE__, __LINE__, 2, "getAllowedItems($module, $uid) - no ACL's match"); 302 } 303 dprint(__FILE__,__LINE__, 2, "getAllowedItems($module, $uid) returning " . count($items) . " items"); 304 return $items; 305 } 306 307 // Copied from get_group_children in the parent class, this version returns 308 // all of the fields, rather than just the group ids. This makes it a bit 309 // more efficient as it doesn't need the get_group_data call for each row. 310 function getChildren($group_id, $group_type = 'ARO', $recurse = 'NO_RECURSE') { 311 $this->debug_text("get_group_children(): Group_ID: $group_id Group Type: $group_type Recurse: $recurse"); 312 313 switch (strtolower(trim($group_type))) { 314 case 'axo': 315 $group_type = 'axo'; 316 $table = $this->_db_table_prefix .'axo_groups'; 317 break; 318 default: 319 $group_type = 'aro'; 320 $table = $this->_db_table_prefix .'aro_groups'; 321 } 322 323 if (empty($group_id)) { 324 $this->debug_text("get_group_children(): ID ($group_id) is empty, this is required"); 325 return FALSE; 326 } 327 328 $q = new DBQuery; 329 $q->addTable($table, 'g1'); 330 $q->addQuery('g1.id, g1.name, g1.value, g1.parent_id'); 331 $q->addOrder('g1.value'); 332 333 //FIXME-mikeb: Why is group_id in quotes? 334 switch (strtoupper($recurse)) { 335 case 'RECURSE': 336 $q->addJoin($table, 'g2', 'g2.lft<g1.lft AND g2.rgt>g1.rgt'); 337 $q->addWhere('g2.id='. $group_id); 338 break; 339 default: 340 $q->addWhere('g1.parent_id='. $group_id); 341 } 342 343 $result = array(); 344 $q->exec(); 345 while ($row = $q->fetchRow()) { 346 $result[] = array( 347 'id' => $row[0], 348 'name' => $row[1], 349 'value' => $row[2], 350 'parent_id' => $row[3]); 351 } 352 $q->clear(); 353 return $result; 354 } 355 356 function insertRole($value, $name) { 357 $role_parent = $this->get_group_id("role"); 358 $value = str_replace(" ", "_", $value); 359 return $this->add_group($value, $name, $role_parent); 360 } 361 362 function updateRole($id, $value, $name) { 363 return $this->edit_group($id, $value, $name); 364 } 365 366 function deleteRole($id) { 367 // Delete all of the group assignments before deleting group. 368 $objs = $this->get_group_objects($id); 369 foreach ($objs as $section => $value) { 370 $this->del_group_object($id, $section, $value); 371 } 372 return $this->del_group($id, false); 373 } 374 375 function insertUserRole($role, $user) { 376 // Check to see if the user ACL exists first. 377 $id = $this->get_object_id("user", $user, "aro"); 378 if (! $id) { 379 $q = new DBQuery; 380 $q->addTable('users'); 381 $q->addQuery('user_username'); 382 $q->addWhere("user_id = $user"); 383 $rq = $q->exec(); 384 if (! $rq) { 385 dprint(__FILE__, __LINE__, 0, "Cannot add role, user $user does not exist!<br>" . db_error() ); 386 $q->clear(); 387 return false; 388 } 389 $row = $q->fetchRow(); 390 if ($row) { 391 $this->addLogin($user, $row['user_username']); 392 } 393 $q->clear(); 394 } 395 return $this->add_group_object($role, "user", $user); 396 } 397 398 function deleteUserRole($role, $user) { 399 return $this->del_group_object($role, "user", $user); 400 } 401 402 // Returns the group ids of all groups this user is mapped to. 403 // Not provided in original phpGacl, but useful. 404 function getUserRoles($user) { 405 $id = $this->get_object_id("user", $user, "aro"); 406 $result = $this->get_group_map($id); 407 if (! is_array($result)) 408 $result = array(); 409 return $result; 410 } 411 412 // Return a list of module groups and modules that a user can 413 // be permitted access to. 414 function getModuleList() { 415 $result = array(); 416 // First grab all the module groups. 417 $parent_id = $this->get_group_id("mod", null, "axo"); 418 if (! $parent_id) 419 dprint(__FILE__, __LINE__, 0, "failed to get parent for module groups"); 420 $groups = $this->getChildren($parent_id, "axo"); 421 if (is_array($groups)) { 422 foreach ($groups as $group) { 423 $result[] = array('id' => $group['id'], 'type' => 'grp', 'name' => $group['name'], 'value' => $group['value']); 424 } 425 } else { 426 dprint(__FILE__, __LINE__, 1, "No groups available for $parent_id"); 427 } 428 // Now the individual modules. 429 $modlist = $this->get_objects_full("app", 0, "axo"); 430 if (is_array($modlist)) { 431 foreach ($modlist as $mod) { 432 $result[] = array('id' => $mod['id'], 'type' => 'mod', 'name' => $mod['name'], 'value' => $mod['value']); 433 } 434 } 435 return $result; 436 } 437 438 // An assignable module is one where there is a module sub-group 439 // Effectivly we just list those module in the section "modname" 440 function getAssignableModules() { 441 return $this->get_object_sections(null, 0, 'axo', "value not in ('sys', 'app')"); 442 } 443 444 function getPermissionList() { 445 $list = $this->get_objects_full("application", 0, "aco"); 446 // We only need the id and the name 447 $result = array(); 448 if (! is_array($list)) 449 return $result; 450 foreach ($list as $perm) 451 $result[$perm['id']] = $perm['name']; 452 return $result; 453 } 454 455 function get_group_map($id, $group_type = "ARO") { 456 $this->debug_text("get_group_map(): Assigned ID: $id Group Type: $group_type"); 457 458 switch (strtolower(trim($group_type))) { 459 case 'axo': 460 $group_type = 'axo'; 461 $table = $this->_db_table_prefix .'axo_groups'; 462 $map_table = $this->_db_table_prefix . 'groups_axo_map'; 463 $map_field = "axo_id"; 464 break; 465 default: 466 $group_type = 'aro'; 467 $table = $this->_db_table_prefix .'aro_groups'; 468 $map_table = $this->_db_table_prefix . 'groups_aro_map'; 469 $map_field = "aro_id"; 470 } 471 472 if (empty($id)) { 473 $this->debug_text("get_group_map(): ID ($id) is empty, this is required"); 474 return FALSE; 475 } 476 477 $q = new DBQuery; 478 $q->addTable($table, 'g1'); 479 $q->addTable( $map_table, 'g2'); 480 $q->addQuery('g1.id, g1.name, g1.value, g1.parent_id'); 481 $q->addWhere("g1.id = g2.group_id AND g2.$map_field = $id"); 482 $q->addOrder('g1.value'); 483 484 $result = array(); 485 $q->exec(); 486 while ($row = $q->fetchRow()) { 487 $result[] = array( 488 'id' => $row[0], 489 'name' => $row[1], 490 'value' => $row[2], 491 'parent_id' => $row[3]); 492 } 493 $q->clear(); 494 return $result; 495 496 } 497 498 /*======================================================================*\ 499 Function: get_object() 500 \*======================================================================*/ 501 function get_object_full($value = null , $section_value = null, $return_hidden=1, $object_type=NULL) { 502 503 switch(strtolower(trim($object_type))) { 504 case 'aco': 505 $object_type = 'aco'; 506 $table = $this->_db_table_prefix .'aco'; 507 break; 508 case 'aro': 509 $object_type = 'aro'; 510 $table = $this->_db_table_prefix .'aro'; 511 break; 512 case 'axo': 513 $object_type = 'axo'; 514 $table = $this->_db_table_prefix .'axo'; 515 break; 516 case 'acl': 517 $object_type = 'acl'; 518 $table = $this->_db_table_prefix .'acl'; 519 break; 520 default: 521 $this->debug_text('get_object(): Invalid Object Type: '. $object_type); 522 return FALSE; 523 } 524 525 $this->debug_text("get_object(): Section Value: $section_value Object Type: $object_type"); 526 527 $q = new DBQuery; 528 $q->addTable($table); 529 $q->addQuery('id, section_value, name, value, order_value, hidden'); 530 531 if (!empty($value)) { 532 $q->addWhere('value=' . $this->db->quote($value)); 533 534 } 535 536 if (!empty($section_value)) { 537 $q->addWhere('section_value='. $this->db->quote($section_value)); 538 539 } 540 541 if ($return_hidden==0 AND $object_type != 'acl') { 542 $q->addWhere('hidden=0'); 543 544 } 545 546 547 $q->exec(); 548 $row = $q->fetchRow(); 549 $q->clear(); 550 551 if (!is_array($row)) { 552 $this->debug_db('get_object'); 553 return false; 554 } 555 556 // Return Object info. 557 return array( 558 'id' => $row[0], 559 'section_value' => $row[1], 560 'name' => $row[2], 561 'value' => $row[3], 562 'order_value' => $row[4], 563 'hidden' => $row[5] 564 ); 565 } 566 567 /*======================================================================*\ 568 Function: get_objects () 569 Purpose: Grabs all Objects in the database, or specific to a section_value 570 returns format suitable for add_acl and is_conflicting_acl 571 \*======================================================================*/ 572 function get_objects_full($section_value = NULL, $return_hidden = 1, $object_type = NULL, $limit_clause = NULL) { 573 switch (strtolower(trim($object_type))) { 574 case 'aco': 575 $object_type = 'aco'; 576 $table = $this->_db_table_prefix .'aco'; 577 break; 578 case 'aro': 579 $object_type = 'aro'; 580 $table = $this->_db_table_prefix .'aro'; 581 break; 582 case 'axo': 583 $object_type = 'axo'; 584 $table = $this->_db_table_prefix .'axo'; 585 break; 586 default: 587 $this->debug_text('get_objects(): Invalid Object Type: '. $object_type); 588 return FALSE; 589 } 590 591 $this->debug_text("get_objects(): Section Value: $section_value Object Type: $object_type"); 592 593 $q = new DBQuery; 594 $q->addTable($table); 595 $q->addQuery('id, section_value, name, value, order_value, hidden'); 596 597 if (!empty($section_value)) { 598 $q->addWhere('section_value='. $this->db->quote($section_value)); 599 } 600 601 if ($return_hidden==0) { 602 $q->addWhere('hidden=0'); 603 } 604 605 if (!empty($limit_clause)) { 606 $q->addWhere($limit_clause); 607 } 608 609 $q->addOrder('order_value'); 610 611 /* 612 $rs = $q->exec(); 613 614 if (!is_object($rs)) { 615 $this->debug_db('get_objects'); 616 return FALSE; 617 } 618 */ 619 620 $retarr = array(); 621 622 $q->exec(); 623 while ($row = $q->fetchRow()) { 624 $retarr[] = array( 625 'id' => $row[0], 626 'section_value' => $row[1], 627 'name' => $row[2], 628 'value' => $row[3], 629 'order_value' => $row[4], 630 'hidden' => $row[5] 631 ); 632 } 633 $q->clear(); 634 635 // Return objects 636 return $retarr; 637 } 638 639 function get_object_sections($section_value = NULL, $return_hidden = 1, $object_type = NULL, $limit_clause = NULL) { 640 switch (strtolower(trim($object_type))) { 641 case 'aco': 642 $object_type = 'aco'; 643 $table = $this->_db_table_prefix .'aco_sections'; 644 break; 645 case 'aro': 646 $object_type = 'aro'; 647 $table = $this->_db_table_prefix .'aro_sections'; 648 break; 649 case 'axo': 650 $object_type = 'axo'; 651 $table = $this->_db_table_prefix .'axo_sections'; 652 break; 653 default: 654 $this->debug_text('get_object_sections(): Invalid Object Type: '. $object_type); 655 return FALSE; 656 } 657 658 $this->debug_text("get_objects(): Section Value: $section_value Object Type: $object_type"); 659 660 // $query = 'SELECT id, value, name, order_value, hidden FROM '. $table; 661 $q = new DBQuery; 662 $q->addTable($table); 663 $q->addQuery('id, value, name, order_value, hidden'); 664 665 666 if (!empty($section_value)) { 667 $q->addWhere('value='. $this->db->quote($section_value)); 668 669 } 670 671 if ($return_hidden==0) { 672 $q->addWhere('hidden=0'); 673 674 } 675 676 if (!empty($limit_clause)) { 677 $q->addWhere($limit_clause); 678 679 } 680 681 $q->addOrder('order_value'); 682 683 $rs = $q->exec(); 684 685 /* 686 if (!is_object($rs)) { 687 $this->debug_db('get_object_sections'); 688 return FALSE; 689 } 690 */ 691 692 $retarr = array(); 693 694 while ($row = $q->fetchRow()) { 695 $retarr[] = array( 696 'id' => $row[0], 697 'value' => $row[1], 698 'name' => $row[2], 699 'order_value' => $row[3], 700 'hidden' => $row[4] 701 ); 702 } 703 $q->clear(); 704 705 // Return objects 706 return $retarr; 707 } 708 709 /** Called from do_perms_aed, allows us to add a new ACL */ 710 function addUserPermission() { 711 // Need to have a user id, 712 // parse the permissions array 713 if (! is_array($_POST['permission_type'])) { 714 $this->debug_text("you must select at least one permission"); 715 return false; 716 } 717 /* 718 echo "<pre>\n"; 719 var_dump($_POST); 720 echo "</pre>\n"; 721 return true; 722 */ 723 724 $mod_type = substr($_POST['permission_module'],0,4); 725 $mod_id = substr($_POST['permission_module'],4); 726 $mod_group = null; 727 $mod_mod = null; 728 if ($mod_type == 'grp,') { 729 $mod_group = array($mod_id); 730 } else { 731 if (isset($_POST['permission_item']) && $_POST['permission_item']) { 732 $mod_mod = array(); 733 $mod_mod[$_POST['permission_table']][] = $_POST['permission_item']; 734 // check if the item already exists, if not create it. 735 // First need to check if the section exists. 736 if (! $this->get_object_section_section_id(null, $_POST['permission_table'], 'axo')) { 737 $this->addModuleSection($_POST['permission_table']); 738 } 739 if (! $this->get_object_id($_POST['permission_table'], $_POST['permission_item'], 'axo')) { 740 $this->addModuleItem($_POST['permission_table'], $_POST['permission_item'], $_POST['permission_name']); 741 } 742 } else { 743 // Get the module information 744 $mod_info = $this->get_object_data($mod_id, 'axo'); 745 $mod_mod = array(); 746 $mod_mod[$mod_info[0][0]][] = $mod_info[0][1]; 747 } 748 } 749 $aro_info = $this->get_object_data($_POST['permission_user'], 'aro'); 750 $aro_map = array(); 751 $aro_map[$aro_info[0][0]][] = $aro_info[0][1]; 752 // Build the permissions info 753 $type_map = array(); 754 foreach ($_POST['permission_type'] as $tid) { 755 $type = $this->get_object_data($tid, 'aco'); 756 foreach ($type as $t) { 757 $type_map[$t[0]][] = $t[1]; 758 } 759 } 760 return $this->add_acl( 761 $type_map, 762 $aro_map, 763 null, 764 $mod_mod, 765 $mod_group, 766 $_POST['permission_access'], 767 1, 768 null, 769 null, 770 "user"); 771 } 772 773 function addRolePermission() { 774 if (! is_array($_POST['permission_type'])) { 775 $this->debug_text("you must select at least one permission"); 776 return false; 777 } 778 779 $mod_type = substr($_POST['permission_module'],0,4); 780 $mod_id = substr($_POST['permission_module'],4); 781 $mod_group = null; 782 $mod_mod = null; 783 if ($mod_type == 'grp,') { 784 $mod_group = array($mod_id); 785 } else { 786 // Get the module information 787 $mod_info = $this->get_object_data($mod_id, 'axo'); 788 $mod_mod = array(); 789 $mod_mod[$mod_info[0][0]][] = $mod_info[0][1]; 790 } 791 $aro_map = array($_POST['role_id']); 792 // Build the permissions info 793 $type_map = array(); 794 foreach ($_POST['permission_type'] as $tid) { 795 $type = $this->get_object_data($tid, 'aco'); 796 foreach ($type as $t) { 797 $type_map[$t[0]][] = $t[1]; 798 } 799 } 800 return $this->add_acl( 801 $type_map, 802 null, 803 $aro_map, 804 $mod_mod, 805 $mod_group, 806 $_POST['permission_access'], 807 1, 808 null, 809 null, 810 "user"); 811 if (! is_array($_POST['permission_type'])) { 812 $this->debug_text("you must select at least one permission"); 813 return false; 814 } 815 } 816 817 // Some function overrides. 818 function debug_text($text) { 819 $this->_debug_msg = $text; 820 dprint(__FILE__, __LINE__, 9, $text); 821 } 822 823 function msg() { 824 return $this->_debug_msg; 825 } 826 827 } 828 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 18 19:46:52 2007 | par Balluche grâce à PHPXref 0.7 |