| [ Index ] |
|
Code source de eZ Publish 3.9.0 |
1 <?php 2 // 3 // Definition of eZPolicy class 4 // 5 // Created on: <16-Aug-2002 16:34:41 sp> 6 // 7 // SOFTWARE NAME: eZ publish 8 // SOFTWARE RELEASE: 3.9.0 9 // BUILD VERSION: 17785 10 // COPYRIGHT NOTICE: Copyright (C) 1999-2006 eZ systems AS 11 // SOFTWARE LICENSE: GNU General Public License v2.0 12 // NOTICE: > 13 // This program is free software; you can redistribute it and/or 14 // modify it under the terms of version 2.0 of the GNU General 15 // Public License as published by the Free Software Foundation. 16 // 17 // This program is distributed in the hope that it will be useful, 18 // but WITHOUT ANY WARRANTY; without even the implied warranty of 19 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 // GNU General Public License for more details. 21 // 22 // You should have received a copy of version 2.0 of the GNU General 23 // Public License along with this program; if not, write to the Free 24 // Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 25 // MA 02110-1301, USA. 26 // 27 // 28 29 /*! \file ezpolicy.php 30 */ 31 32 /*! 33 \class eZPolicy ezpolicy.php 34 \ingroup eZRole 35 \brief Defines a policy in the permission system 36 37 */ 38 39 include_once ( 'kernel/classes/ezpolicylimitation.php' ); 40 include_once ( 'kernel/classes/ezrole.php' ); 41 42 class eZPolicy extends eZPersistentObject 43 { 44 /*! 45 Constructor 46 */ 47 function eZPolicy( $row ) 48 { 49 $this->eZPersistentObject( $row ); 50 $this->NodeID = 0; 51 } 52 53 function definition() 54 { 55 return array( 'fields' => array( 'id' => array( 'name' => 'ID', 56 'datatype' => 'integer', 57 'default' => 0, 58 'required' => true ), 59 'role_id' => array( 'name' => 'RoleID', 60 'datatype' => 'integer', 61 'default' => 0, 62 'required' => true, 63 'foreign_class' => 'eZRole', 64 'foreign_attribute' => 'id', 65 'multiplicity' => '1..*' ), 66 'module_name' => array( 'name' => 'ModuleName', 67 'datatype' => 'string', 68 'default' => '', 69 'required' => true ), 70 'function_name' => array( 'name' => 'FunctionName', 71 'datatype' => 'string', 72 'default' => '', 73 'required' => true ) ), 74 'keys' => array( 'id' ), 75 'function_attributes' => array( 'limitations' => 'limitationList', 76 'role' => 'role', 77 'limit_identifier' => 'limitIdentifier', 78 'limit_value' => 'limitValue', 79 'user_role_id' => 'userRoleID' ), 80 'increment_key' => 'id', 81 'sort' => array( 'id' => 'asc' ), 82 'class_name' => 'eZPolicy', 83 'name' => 'ezpolicy' ); 84 } 85 86 function &limitIdentifier() 87 { 88 return $this->LimitIdentifier; 89 } 90 91 function &limitValue() 92 { 93 return $this->LimitValue; 94 } 95 96 function &userRoleID() 97 { 98 return $this->UserRoleID; 99 } 100 101 /*! 102 \reimp 103 */ 104 function setAttribute( $attr, $val ) 105 { 106 switch( $attr ) 107 { 108 case 'limit_identifier': 109 { 110 if ( !$this->LimitIdentifier ) 111 { 112 $this->LimitIdentifier = $val; 113 } 114 } break; 115 116 case 'limit_value': 117 { 118 if ( !$this->LimitValue ) 119 { 120 $this->LimitValue = $val; 121 } 122 } break; 123 case 'user_role_id': 124 { 125 if ( !$this->UserRoleID ) 126 { 127 $this->UserRoleID = $val; 128 } 129 } break; 130 131 default: 132 { 133 eZPersistentObject::setAttribute( $attr, $val ); 134 } break; 135 } 136 } 137 138 /*! 139 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 140 the calls within a db transaction; thus within db->begin and db->commit. 141 */ 142 function createNew( $roleID , $params = array() ) 143 { 144 $policy = new eZPolicy( array() ); 145 $policy->setAttribute( 'role_id', $roleID ); 146 if ( array_key_exists( 'ModuleName', $params )) 147 { 148 $policy->setAttribute( 'module_name', $params['ModuleName'] ); 149 } 150 if ( array_key_exists( 'FunctionName', $params )) 151 { 152 $policy->setAttribute( 'function_name', $params['FunctionName'] ); 153 } 154 $policy->store(); 155 156 return $policy; 157 } 158 159 /*! 160 \static 161 Creates a new policy assigned to the role identified by ID \a $roleID and returns it. 162 \note The policy is not stored. 163 \param $module Which module to give access to or \c true to give access to all modules. 164 \param $function Which function to give access to or \c true to give access to all functions. 165 \param $limitations An associative array with limitations and their values, use an empty array for no limitations. 166 */ 167 function create( $roleID, $module, $function ) 168 { 169 if ( $module === true ) 170 $module = '*'; 171 if ( $function === true ) 172 $function = '*'; 173 $row = array( 'id' => null, 174 'role_id' => $roleID, 175 'module_name' => $module, 176 'function_name' => $function ); 177 $policy = new eZPolicy( $row ); 178 return $policy; 179 } 180 181 /*! 182 Appends a new policy limitation to the current policy and returns it. 183 \note The limitation and it's values will be stored to the database before returning. 184 \param $identifier The identifier for the limitation, e.g. \c 'Class' 185 \param $values Array of values to store for limitation. 186 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 187 the calls within a db transaction; thus within db->begin and db->commit. 188 */ 189 function &appendLimitation( $identifier, $values ) 190 { 191 include_once ( 'kernel/classes/ezpolicylimitation.php' ); 192 include_once ( 'kernel/classes/ezpolicylimitationvalue.php' ); 193 $limitation = eZPolicyLimitation::create( $this->ID, $identifier ); 194 195 $db =& eZDB::instance(); 196 $db->begin(); 197 $limitation->store(); 198 $limitationID = $limitation->attribute( 'id' ); 199 $limitations = array(); 200 foreach ( $values as $value ) 201 { 202 $limitationValue = eZPolicyLimitationValue::create( $limitationID, $value ); 203 $limitationValue->store(); 204 if ( isset( $limitation->Values ) ) 205 { 206 $limitation->Values[] =& $limitationValue; 207 } 208 } 209 $db->commit(); 210 211 if ( isset( $this->Limitations ) ) 212 { 213 $this->Limitations[] =& $limitation; 214 } 215 return $limitation; 216 } 217 218 /*! 219 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 220 the calls within a db transaction; thus within db->begin and db->commit. 221 */ 222 function copy( $roleID ) 223 { 224 $params = array(); 225 $params['ModuleName'] = $this->attribute( 'module_name' ); 226 $params['FunctionName'] = $this->attribute( 'function_name' ); 227 228 $db =& eZDB::instance(); 229 $db->begin(); 230 $newPolicy = eZPolicy::createNew( $roleID, $params ); 231 foreach ( $this->attribute( 'limitations' ) as $limitation ) 232 { 233 $limitation->copy( $newPolicy->attribute( 'id' ) ); 234 } 235 $db->commit(); 236 } 237 238 /*! 239 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 240 the calls within a db transaction; thus within db->begin and db->commit. 241 */ 242 function remove( $id = false ) 243 { 244 if ( is_numeric( $id ) ) 245 { 246 $delID = $id; 247 $policy = eZPolicy::fetch( $delID ); 248 } 249 else 250 { 251 $policy =& $this; 252 $delID = $this->ID; 253 } 254 255 if ( $policy === null ) 256 return; 257 258 include_once ( 'lib/ezdb/classes/ezdb.php' ); 259 $db =& eZDB::instance(); 260 $db->begin(); 261 foreach ( $policy->attribute( 'limitations' ) as $limitation ) 262 { 263 $limitation->remove(); 264 } 265 $db->query( "DELETE FROM ezpolicy 266 WHERE id='$delID'" ); 267 $db->commit(); 268 } 269 270 /*! 271 Generate access array from this policy. 272 273 return access array 274 */ 275 function accessArray( $ignoreLimitIdentifier = false ) 276 { 277 $limitations =& $this->limitationList( true, $ignoreLimitIdentifier ); 278 if ( $this->Disabled === true ) 279 { 280 return array(); 281 } 282 283 if ( !$limitations ) 284 { 285 return array( $this->attribute( 'module_name' ) => array ( $this->attribute( 'function_name' ) => array( '*' => '*' ) ) ); 286 } 287 288 $limitArray = array(); 289 290 foreach( array_keys( $limitations ) as $limitKey ) 291 { 292 $limitArray = array_merge_recursive( $limitArray, $limitations[$limitKey]->limitArray() ); 293 } 294 295 $policyName = 'p_' . $this->attribute( 'id' ) . ( isset($this->UserRoleID) ? ( '_' . $this->UserRoleID ) : '' ); 296 297 return array( $this->attribute( 'module_name' ) => array ( $this->attribute( 'function_name' ) => array( $policyName => $limitArray ) ) ); 298 } 299 300 /*! 301 Fetch limitation array() 302 303 \param use limitation cache, true by default. 304 */ 305 function &limitationList( $useCache = true, $ignoreLimitIdentifier = false ) 306 { 307 if ( !isset( $this->Limitations ) || !$useCache ) 308 { 309 310 $limitations = eZPersistentObject::fetchObjectList( eZPolicyLimitation::definition(), 311 null, array( 'policy_id' => $this->attribute( 'id') ), null, null, 312 true ); 313 314 eZDebugSetting::writeDebug( 'kernel-policy-limitation', $limitations, "before policy limitations " . $this->ID ); 315 eZDebugSetting::writeDebug( 'kernel-policy-limitation', $this, "policy itself before before limitations check" ); 316 317 if ( $ignoreLimitIdentifier === false && isset( $this->LimitIdentifier ) && $this->LimitIdentifier ) 318 { 319 $limitIdentifier = $this->attribute( 'limit_identifier' ); 320 $limitValue = $this->attribute( 'limit_value' ); 321 $limitationTouched = false; 322 $checkEmptyLimitation = true; 323 foreach ( $limitations as $limitation ) 324 { 325 if ( $limitation->attribute( 'identifier' ) == $limitIdentifier ) 326 { 327 if ( $limitIdentifier == 'Subtree' ) 328 { 329 $limitationTouched = true; 330 331 $values =& $limitation->attribute( 'values' ); 332 333 foreach ( array_keys( $values ) as $key ) 334 { 335 $limitationValue =& $values[$key]; 336 $value = $limitationValue->attribute( 'value' ); 337 if ( strpos( $value, $limitValue ) === 0 ) 338 { 339 $checkEmptyLimitation = false; 340 eZDebugSetting::writeDebug( 'kernel-policy-limitation', $value, 341 "Limitationvalue has been left in the limitation [limitValue=$limitValue]" ); 342 } 343 else if ( strpos( $limitValue, $value ) === 0 ) 344 { 345 $checkEmptyLimitation = false; 346 $limitationValue->setAttribute( 'value', $limitValue ); 347 eZDebugSetting::writeDebug( 'kernel-policy-limitation', 348 $value, 349 "Limitationvalue has been exchanged to the value from cond assignment [limitValue=$limitValue]" ); 350 } 351 else 352 { 353 eZDebugSetting::writeDebug( 'kernel-policy-limitation', $value, 354 "Limitationvalue has been removed from limitation [limitValue=$limitValue]" ); 355 //exlude limitation value from limitation.. 356 unset( $limitationValue ); 357 } 358 } 359 if ( $checkEmptyLimitation ) 360 { 361 eZDebugSetting::writeDebug( 'kernel-policy-limitation', $this, 'The policy has been disabled' ); 362 $this->Disabled = true; 363 $this->Limitations = array(); 364 return $this->Limitations; 365 } 366 } 367 } 368 } 369 370 if ( !$limitationTouched ) 371 { 372 $policyLimitation = new eZPolicyLimitation( array ( 'id' => -1, 373 'policy_id' => $this->attribute( 'id' ), 374 'identifier' => $this->attribute( 'limit_identifier' ) ) ); 375 $policyLimitation->setAttribute( 'limit_value', $this->attribute( 'limit_value' ) ); 376 377 $limitations[] = $policyLimitation; 378 } 379 } 380 eZDebugSetting::writeDebug( 'kernel-policy-limitation', $limitations, "policy limitations " . $this->ID ); 381 382 $this->Limitations =& $limitations; 383 } 384 return $this->Limitations; 385 } 386 387 function &role() 388 { 389 if ( $this->ID ) 390 { 391 $role = eZPersistentObject::fetchObject( eZRole::definition(), 392 null, array( 'id' => $this->RoleID ), true ); 393 } 394 else 395 $role = false; 396 return $role; 397 } 398 399 function fetch( $policyID ) 400 { 401 return eZPersistentObject::fetchObject( eZPolicy::definition(), 402 null, array('id' => $policyID ), true); 403 } 404 405 // Used for assign based limitations. 406 var $Disabled = false; 407 var $LimitValue; 408 var $LimitIdentifier; 409 var $UserRoleID; 410 411 } 412 413 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sat Feb 24 10:30:04 2007 | par Balluche grâce à PHPXref 0.7 |