File:
0.00.1a/core/PermissionManager.php (
View as Code)
1: 2: /* -------------------------------------------------------------
3: This file is part of FreeDESK
4:
5: FreeDESK is (C) Copyright 2012 David Cutting
6:
7: FreeDESK is free software: you can redistribute it and/or modify
8: it under the terms of the GNU General Public License as published by
9: the Free Software Foundation, either version 3 of the License, or
10: (at your option) any later version.
11:
12: FreeDESK is distributed in the hope that it will be useful,
13: but WITHOUT ANY WARRANTY; without even the implied warranty of
14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15: GNU General Public License for more details.
16:
17: You should have received a copy of the GNU General Public License
18: along with FreeDESK. If not, see www.gnu.org/licenses
19:
20: For more information see www.purplepixie.org/freedesk/
21: -------------------------------------------------------------- */
22:
23: /**
24: * Permission Manager
25: **/
26: class PermissionManager
27: {
28: /**
29: * FreeDESK Instance
30: **/
31: private $DESK = null;
32:
33: /**
34: * User Permissions Loaded
35: **/
36: private $userperm = array();
37:
38: /**
39: * Group Permissions Loaded
40: **/
41: private $groupperm = array();
42:
43: /**
44: * Permission Sets and Defaults
45: **/
46: private $permissions = array();
47:
48: /**
49: * Constructor
50: * @param mixed &$freeDESK FreeDESK instance
51: **/
52: function PermissionManager(&$freeDESK)
53: {
54: $this->DESK = &$freeDESK;
55: }
56:
57: /**
58: * Register a Permission Attribute
59: * @param string $permission Permission tag
60: * @param bool $default Default response (optional, default false)
61: **/
62: function Register($permission, $default=false)
63: {
64: $this->permissions[$permission]=$default;
65: //$this->DESK->LoggingEngine->Log("Reg: ".$permission,"Ha","Ha");
66: }
67:
68: /**
69: * Check if a permission tag exists
70: * @param string $permission Permission tag
71: * @return bool True if exists, false on failure
72: **/
73: function PermissionExists($permission)
74: {
75: if (isset($this->permissions[$permission]))
76: return true;
77: return false;
78: }
79:
80: /**
81: * Check a user permission
82: * @param string $permission Permission tag
83: * @param string $username Username
84: * @return bool true if allowed or false if denied
85: **/
86: function UserPermission($permission, $username)
87: {
88: if (!isset($this->userperm[$username]))
89: $this->LoadUser($username);
90:
91: if (isset($this->userperm[$username][$permission]))
92: return $this->userperm[$username][$permission];
93: if (isset($this->userperm[$username]['default']))
94: return $this->userperm[$username]['default'];
95:
96: // Otherwise we try for a group
97: $q="SELECT ".$this->DESK->Database->Field("permgroup")." FROM ".$this->DESK->Database->Table("user");
98: $q.=" WHERE ".$this->DESK->Database->Field("username")."=\"".$this->DESK->Database->Safe($username)."\" LIMIT 0,1";
99: $r=$this->DESK->Database->Query($q);
100: if ($row=$this->DESK->Database->FetchAssoc($r))
101: {
102: $this->DESK->Database->Free($r);
103: $group = $row['permgroup'];
104: if ($group != 0)
105: {
106: if (!isset($this->groupperm[$group]))
107: $this->LoadGroup($group);
108: if (isset($this->groupperm[$group][$permission]))
109: return $this->groupperm[$group][$permission];
110: if (isset($this->groupperm[$group]['default']))
111: return $this->groupperm[$group]['default'];
112: }
113: }
114:
115: // No user or group preference so check for a code default
116: if (isset($this->permissions[$permission]))
117: return $this->permissions[$permission];
118:
119: // Nothing set for this permission so deny
120: return false;
121: }
122:
123: /**
124: * Load a users permissions
125: * @param string $username Username
126: **/
127: private function LoadUser($username)
128: {
129: $q="SELECT * FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
130: $q.=$this->DESK->Database->Field("permissiontype")."=\"user\" AND ";
131: $q.=$this->DESK->Database->Field("usergroupid")."=\"".$this->DESK->Database->Safe($username)."\"";
132:
133: $r=$this->DESK->Database->Query($q);
134:
135: $this->userperm[$username] = array();
136:
137: while ($row=$this->DESK->Database->FetchAssoc($r))
138: {
139: if ($row['allowed']==1)
140: $this->userperm[$username][$row['permission']] = true;
141: else
142: $this->userperm[$username][$row['permission']] = false;
143: }
144:
145: $this->DESK->Database->Free($r);
146: }
147:
148: /**
149: * Load a groups permissions
150: * @param int $permgroupid Permission Group ID
151: **/
152: private function LoadGroup($permgroupid)
153: {
154: $q="SELECT * FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
155: $q.=$this->DESK->Database->Field("permissiontype")."=\"group\" AND ";
156: $q.=$this->DESK->Database->Field("usergroupid")."=\"".$this->DESK->Database->Safe($permgroupid)."\"";
157:
158: $r=$this->DESK->Database->Query($q);
159:
160: $this->groupperm[$permgroupid] = array();
161:
162: while ($row=$this->DESK->Database->FetchAssoc($r))
163: {
164: if ($row['allowed']==1)
165: $this->groupperm[$permgroupid][$row['permission']] = true;
166: else
167: $this->groupperm[$permgroupid][$row['permission']] = false;
168: }
169:
170: $this->DESK->Database->Free($r);
171: }
172:
173: /**
174: * Get the full set of permissions
175: * @return array Permission list
176: **/
177: function PermissionList()
178: {
179: $permlist = $this->permissions;
180: if (!isset($permlist['default']))
181: $permlist['default']=false;
182: return $permlist;
183: }
184:
185: /**
186: * Get user settings (user-specific, not group or anything else) for permissions
187: * @param string $username Username
188: * @return array Array of permissions with form (-1 undefined, 0 denied, 1 allowed)
189: **/
190: function UserPermissionList($username)
191: {
192: $permlist = $this->PermissionList();
193:
194: $perms = array("default" => -1);
195:
196: foreach($permlist as $key => $perm)
197: $perms[$key]=-1;
198:
199:
200: $q="SELECT ".$this->DESK->Database->Field("permission").",".$this->DESK->Database->Field("allowed")." ";
201: $q.="FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
202: $q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("user")." AND ";
203: $q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->SafeQuote($username);
204:
205: $r=$this->DESK->Database->Query($q);
206:
207: while ($row=$this->DESK->Database->FetchAssoc($r))
208: {
209: $perms[$row['permission']] = $row['allowed'];
210: }
211:
212: $this->DESK->Database->Free($r);
213:
214: return $perms;
215: }
216:
217: /**
218: * Get group settings for permissions
219: * @param string $groupid Group ID
220: * @return array Array of permissions with form (-1 undefined, 0 denied, 1 allowed)
221: **/
222: function GroupPermissionList($groupid)
223: {
224: $permlist = $this->PermissionList();
225:
226: $perms = array("default" => -1);
227:
228: foreach($permlist as $key => $perm)
229: $perms[$key]=-1;
230:
231: $q="SELECT ".$this->DESK->Database->Field("permission").",".$this->DESK->Database->Field("allowed")." ";
232: $q.="FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
233: $q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("group")." AND ";
234: $q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->Safe($groupid);
235:
236: $r=$this->DESK->Database->Query($q);
237:
238: while ($row=$this->DESK->Database->FetchAssoc($r))
239: {
240: $perms[$row['permission']] = $row['allowed'];
241: }
242:
243: $this->DESK->Database->Free($r);
244:
245: return $perms;
246: }
247:
248: /**
249: * Get a list of security groups
250: * @return array List of groups id => name
251: **/
252: function GroupList()
253: {
254: $q="SELECT * FROM ".$this->DESK->Database->Table("permgroup")." ORDER BY ".$this->DESK->Database->Field("permgroupid")." ASC";
255: $r=$this->DESK->Database->Query($q);
256:
257: $out = array();
258:
259: while ($row=$this->DESK->Database->FetchAssoc($r))
260: $out[$row['permgroupid']]=$row['groupname'];
261:
262: $this->DESK->Database->Free($r);
263:
264: return $out;
265: }
266:
267: /**
268: * Delete a security group
269: * @param int $groupid Group ID
270: **/
271: function DeleteGroup($groupid)
272: {
273: // First remove users from the group
274: $q="UPDATE ".$this->DESK->Database->Table("user")." SET ";
275: $q.=$this->DESK->Database->Field("permgroup")."=0 WHERE ";
276: $q.=$this->DESK->Database->Field("permgroup")."=".$this->DESK->Database->Safe($groupid);
277: $this->DESK->Database->Query($q);
278:
279: // And the linked permissions
280: $q="DELETE FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
281: $q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("group")." AND ";
282: $q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->SafeQuote($groupid);
283: $this->DESK->Database->Query($q);
284:
285: // Now delete the group
286: $q="DELETE FROM ".$this->DESK->Database->Table("permgroup")." WHERE ";
287: $q.=$this->DESK->Database->Field("permgroupid")."=".$this->DESK->Database->Safe($groupid);
288: $this->DESK->Database->Query($q);
289: }
290:
291: /**
292: * Create a group
293: * @param string $groupname Name of the group
294: **/
295: function CreateGroup($groupname)
296: {
297: $q="INSERT INTO ".$this->DESK->Database->Table("permgroup")."(".$this->DESK->Database->Field("groupname").") ";
298: $q.="VALUES(".$this->DESK->Database->SafeQuote($groupname).")";
299: $this->DESK->Database->Query($q);
300: }
301:
302:
303: }
304: ?>
305: