|
Viewing File core/PermissionManager.php of 0.00.1a
|
1: <?php 2: /* ------------------------------------------------------------- 3: This file is part of FreeDESK 4: 5: FreeDESK is (C) Copyright 2012 David Cutting 6: 7: FreeDESK is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeDESK is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeDESK. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freedesk/ 21: -------------------------------------------------------------- */ 22: 23: /** 24: * Permission Manager 25: **/ 26: class PermissionManager 27: { 28: /** 29: * FreeDESK Instance 30: **/ 31: private $DESK = null; 32: 33: /** 34: * User Permissions Loaded 35: **/ 36: private $userperm = array(); 37: 38: /** 39: * Group Permissions Loaded 40: **/ 41: private $groupperm = array(); 42: 43: /** 44: * Permission Sets and Defaults 45: **/ 46: private $permissions = array(); 47: 48: /** 49: * Constructor 50: * @param mixed &$freeDESK FreeDESK instance 51: **/ 52: function PermissionManager(&$freeDESK) 53: { 54: $this->DESK = &$freeDESK; 55: } 56: 57: /** 58: * Register a Permission Attribute 59: * @param string $permission Permission tag 60: * @param bool $default Default response (optional, default false) 61: **/ 62: function Register($permission, $default=false) 63: { 64: $this->permissions[$permission]=$default; 65: //$this->DESK->LoggingEngine->Log("Reg: ".$permission,"Ha","Ha"); 66: } 67: 68: /** 69: * Check if a permission tag exists 70: * @param string $permission Permission tag 71: * @return bool True if exists, false on failure 72: **/ 73: function PermissionExists($permission) 74: { 75: if (isset($this->permissions[$permission])) 76: return true; 77: return false; 78: } 79: 80: /** 81: * Check a user permission 82: * @param string $permission Permission tag 83: * @param string $username Username 84: * @return bool true if allowed or false if denied 85: **/ 86: function UserPermission($permission, $username) 87: { 88: if (!isset($this->userperm[$username])) 89: $this->LoadUser($username); 90: 91: if (isset($this->userperm[$username][$permission])) 92: return $this->userperm[$username][$permission]; 93: if (isset($this->userperm[$username]['default'])) 94: return $this->userperm[$username]['default']; 95: 96: // Otherwise we try for a group 97: $q="SELECT ".$this->DESK->Database->Field("permgroup")." FROM ".$this->DESK->Database->Table("user"); 98: $q.=" WHERE ".$this->DESK->Database->Field("username")."=\"".$this->DESK->Database->Safe($username)."\" LIMIT 0,1"; 99: $r=$this->DESK->Database->Query($q); 100: if ($row=$this->DESK->Database->FetchAssoc($r)) 101: { 102: $this->DESK->Database->Free($r); 103: $group = $row['permgroup']; 104: if ($group != 0) 105: { 106: if (!isset($this->groupperm[$group])) 107: $this->LoadGroup($group); 108: if (isset($this->groupperm[$group][$permission])) 109: return $this->groupperm[$group][$permission]; 110: if (isset($this->groupperm[$group]['default'])) 111: return $this->groupperm[$group]['default']; 112: } 113: } 114: 115: // No user or group preference so check for a code default 116: if (isset($this->permissions[$permission])) 117: return $this->permissions[$permission]; 118: 119: // Nothing set for this permission so deny 120: return false; 121: } 122: 123: /** 124: * Load a users permissions 125: * @param string $username Username 126: **/ 127: private function LoadUser($username) 128: { 129: $q="SELECT * FROM ".$this->DESK->Database->Table("permissions")." WHERE "; 130: $q.=$this->DESK->Database->Field("permissiontype")."=\"user\" AND "; 131: $q.=$this->DESK->Database->Field("usergroupid")."=\"".$this->DESK->Database->Safe($username)."\""; 132: 133: $r=$this->DESK->Database->Query($q); 134: 135: $this->userperm[$username] = array(); 136: 137: while ($row=$this->DESK->Database->FetchAssoc($r)) 138: { 139: if ($row['allowed']==1) 140: $this->userperm[$username][$row['permission']] = true; 141: else 142: $this->userperm[$username][$row['permission']] = false; 143: } 144: 145: $this->DESK->Database->Free($r); 146: } 147: 148: /** 149: * Load a groups permissions 150: * @param int $permgroupid Permission Group ID 151: **/ 152: private function LoadGroup($permgroupid) 153: { 154: $q="SELECT * FROM ".$this->DESK->Database->Table("permissions")." WHERE "; 155: $q.=$this->DESK->Database->Field("permissiontype")."=\"group\" AND "; 156: $q.=$this->DESK->Database->Field("usergroupid")."=\"".$this->DESK->Database->Safe($permgroupid)."\""; 157: 158: $r=$this->DESK->Database->Query($q); 159: 160: $this->groupperm[$permgroupid] = array(); 161: 162: while ($row=$this->DESK->Database->FetchAssoc($r)) 163: { 164: if ($row['allowed']==1) 165: $this->groupperm[$permgroupid][$row['permission']] = true; 166: else 167: $this->groupperm[$permgroupid][$row['permission']] = false; 168: } 169: 170: $this->DESK->Database->Free($r); 171: } 172: 173: /** 174: * Get the full set of permissions 175: * @return array Permission list 176: **/ 177: function PermissionList() 178: { 179: $permlist = $this->permissions; 180: if (!isset($permlist['default'])) 181: $permlist['default']=false; 182: return $permlist; 183: } 184: 185: /** 186: * Get user settings (user-specific, not group or anything else) for permissions 187: * @param string $username Username 188: * @return array Array of permissions with form (-1 undefined, 0 denied, 1 allowed) 189: **/ 190: function UserPermissionList($username) 191: { 192: $permlist = $this->PermissionList(); 193: 194: $perms = array("default" => -1); 195: 196: foreach($permlist as $key => $perm) 197: $perms[$key]=-1; 198: 199: 200: $q="SELECT ".$this->DESK->Database->Field("permission").",".$this->DESK->Database->Field("allowed")." "; 201: $q.="FROM ".$this->DESK->Database->Table("permissions")." WHERE "; 202: $q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("user")." AND "; 203: $q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->SafeQuote($username); 204: 205: $r=$this->DESK->Database->Query($q); 206: 207: while ($row=$this->DESK->Database->FetchAssoc($r)) 208: { 209: $perms[$row['permission']] = $row['allowed']; 210: } 211: 212: $this->DESK->Database->Free($r); 213: 214: return $perms; 215: } 216: 217: /** 218: * Get group settings for permissions 219: * @param string $groupid Group ID 220: * @return array Array of permissions with form (-1 undefined, 0 denied, 1 allowed) 221: **/ 222: function GroupPermissionList($groupid) 223: { 224: $permlist = $this->PermissionList(); 225: 226: $perms = array("default" => -1); 227: 228: foreach($permlist as $key => $perm) 229: $perms[$key]=-1; 230: 231: $q="SELECT ".$this->DESK->Database->Field("permission").",".$this->DESK->Database->Field("allowed")." "; 232: $q.="FROM ".$this->DESK->Database->Table("permissions")." WHERE "; 233: $q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("group")." AND "; 234: $q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->Safe($groupid); 235: 236: $r=$this->DESK->Database->Query($q); 237: 238: while ($row=$this->DESK->Database->FetchAssoc($r)) 239: { 240: $perms[$row['permission']] = $row['allowed']; 241: } 242: 243: $this->DESK->Database->Free($r); 244: 245: return $perms; 246: } 247: 248: /** 249: * Get a list of security groups 250: * @return array List of groups id => name 251: **/ 252: function GroupList() 253: { 254: $q="SELECT * FROM ".$this->DESK->Database->Table("permgroup")." ORDER BY ".$this->DESK->Database->Field("permgroupid")." ASC"; 255: $r=$this->DESK->Database->Query($q); 256: 257: $out = array(); 258: 259: while ($row=$this->DESK->Database->FetchAssoc($r)) 260: $out[$row['permgroupid']]=$row['groupname']; 261: 262: $this->DESK->Database->Free($r); 263: 264: return $out; 265: } 266: 267: /** 268: * Delete a security group 269: * @param int $groupid Group ID 270: **/ 271: function DeleteGroup($groupid) 272: { 273: // First remove users from the group 274: $q="UPDATE ".$this->DESK->Database->Table("user")." SET "; 275: $q.=$this->DESK->Database->Field("permgroup")."=0 WHERE "; 276: $q.=$this->DESK->Database->Field("permgroup")."=".$this->DESK->Database->Safe($groupid); 277: $this->DESK->Database->Query($q); 278: 279: // And the linked permissions 280: $q="DELETE FROM ".$this->DESK->Database->Table("permissions")." WHERE "; 281: $q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("group")." AND "; 282: $q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->SafeQuote($groupid); 283: $this->DESK->Database->Query($q); 284: 285: // Now delete the group 286: $q="DELETE FROM ".$this->DESK->Database->Table("permgroup")." WHERE "; 287: $q.=$this->DESK->Database->Field("permgroupid")."=".$this->DESK->Database->Safe($groupid); 288: $this->DESK->Database->Query($q); 289: } 290: 291: /** 292: * Create a group 293: * @param string $groupname Name of the group 294: **/ 295: function CreateGroup($groupname) 296: { 297: $q="INSERT INTO ".$this->DESK->Database->Table("permgroup")."(".$this->DESK->Database->Field("groupname").") "; 298: $q.="VALUES(".$this->DESK->Database->SafeQuote($groupname).")"; 299: $this->DESK->Database->Query($q); 300: } 301: 302: 303: } 304: ?> 305: