File: 0.01.1a/core/PermissionManager.php (View as HTML)

  1: <?php 
  2: /* -------------------------------------------------------------
  3: This file is part of FreeDESK
  4: 
  5: FreeDESK is (C) Copyright 2012 David Cutting
  6: 
  7: FreeDESK is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeDESK is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeDESK.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freedesk/
 21: -------------------------------------------------------------- */
 22: 
 23: /**
 24:  * Permission Manager
 25: **/
 26: class PermissionManager
 27: {
 28: 	/**
 29: 	 * FreeDESK Instance
 30: 	**/
 31: 	private $DESK = null;
 32: 	
 33: 	/**
 34: 	 * User Permissions Loaded
 35: 	**/
 36: 	private $userperm = array();
 37: 	
 38: 	/**
 39: 	 * Group Permissions Loaded
 40: 	**/
 41: 	private $groupperm = array();
 42: 	
 43: 	/**
 44: 	 * Permission Sets and Defaults
 45: 	**/
 46: 	private $permissions = array();
 47: 	
 48: 	/**
 49: 	 * Constructor
 50: 	 * @param mixed &$freeDESK FreeDESK instance
 51: 	**/
 52: 	function PermissionManager(&$freeDESK)
 53: 	{
 54: 		$this->DESK = &$freeDESK;
 55: 	}
 56: 	
 57: 	/**
 58: 	 * Register a Permission Attribute
 59: 	 * @param string $permission Permission tag
 60: 	 * @param bool $default Default response (optional, default false)
 61: 	**/
 62: 	function Register($permission, $default=false)
 63: 	{
 64: 		$this->permissions[$permission]=$default;
 65: 		//$this->DESK->LoggingEngine->Log("Reg: ".$permission,"Ha","Ha");
 66: 	}
 67: 	
 68: 	/**
 69: 	 * Check if a permission tag exists
 70: 	 * @param string $permission Permission tag
 71: 	 * @return bool True if exists, false on failure
 72: 	**/
 73: 	function PermissionExists($permission)
 74: 	{
 75: 		if (isset($this->permissions[$permission]))
 76: 			return true;
 77: 		return false;
 78: 	}
 79: 	
 80: 	/**
 81: 	 * Check a user permission
 82: 	 * @param string $permission Permission tag
 83: 	 * @param string $username Username
 84: 	 * @return bool true if allowed or false if denied
 85: 	**/
 86: 	function UserPermission($permission, $username)
 87: 	{
 88: 		if (!isset($this->userperm[$username]))
 89: 			$this->LoadUser($username);
 90: 		
 91: 		if (isset($this->userperm[$username][$permission]))
 92: 			return $this->userperm[$username][$permission];
 93: 		if (isset($this->userperm[$username]['default']))
 94: 			return $this->userperm[$username]['default'];
 95: 		
 96: 		// Otherwise we try for a group
 97: 		$q="SELECT ".$this->DESK->Database->Field("permgroup")." FROM ".$this->DESK->Database->Table("user");
 98: 		$q.=" WHERE ".$this->DESK->Database->Field("username")."=\"".$this->DESK->Database->Safe($username)."\" LIMIT 0,1";
 99: 		$r=$this->DESK->Database->Query($q);
100: 		if ($row=$this->DESK->Database->FetchAssoc($r))
101: 		{
102: 			$this->DESK->Database->Free($r);
103: 			$group = $row['permgroup'];
104: 			if ($group != 0)
105: 			{
106: 				if (!isset($this->groupperm[$group]))
107: 					$this->LoadGroup($group);
108: 				if (isset($this->groupperm[$group][$permission]))
109: 					return $this->groupperm[$group][$permission];
110: 				if (isset($this->groupperm[$group]['default']))
111: 					return $this->groupperm[$group]['default'];
112: 			}
113: 		}
114: 		
115: 		// No user or group preference so check for a code default
116: 		if (isset($this->permissions[$permission]))
117: 			return $this->permissions[$permission];
118: 		
119: 		// Nothing set for this permission so deny
120: 		return false;
121: 	}
122: 	
123: 	/**
124: 	 * Load a users permissions
125: 	 * @param string $username Username
126: 	**/
127: 	private function LoadUser($username)
128: 	{
129: 		$q="SELECT * FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
130: 		$q.=$this->DESK->Database->Field("permissiontype")."=\"user\" AND ";
131: 		$q.=$this->DESK->Database->Field("usergroupid")."=\"".$this->DESK->Database->Safe($username)."\"";
132: 		
133: 		$r=$this->DESK->Database->Query($q);
134: 		
135: 		$this->userperm[$username] = array();
136: 		
137: 		while ($row=$this->DESK->Database->FetchAssoc($r))
138: 		{
139: 			if ($row['allowed']==1)
140: 				$this->userperm[$username][$row['permission']] = true;
141: 			else
142: 				$this->userperm[$username][$row['permission']] = false;
143: 		}
144: 		
145: 		$this->DESK->Database->Free($r);
146: 	}
147: 	
148: 	/**
149: 	 * Load a groups permissions
150: 	 * @param int $permgroupid Permission Group ID
151: 	**/
152: 	private function LoadGroup($permgroupid)
153: 	{
154: 		$q="SELECT * FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
155: 		$q.=$this->DESK->Database->Field("permissiontype")."=\"group\" AND ";
156: 		$q.=$this->DESK->Database->Field("usergroupid")."=\"".$this->DESK->Database->Safe($permgroupid)."\"";
157: 		
158: 		$r=$this->DESK->Database->Query($q);
159: 		
160: 		$this->groupperm[$permgroupid] = array();
161: 		
162: 		while ($row=$this->DESK->Database->FetchAssoc($r))
163: 		{
164: 			if ($row['allowed']==1)
165: 				$this->groupperm[$permgroupid][$row['permission']] = true;
166: 			else
167: 				$this->groupperm[$permgroupid][$row['permission']] = false;
168: 		}
169: 		
170: 		$this->DESK->Database->Free($r);
171: 	}
172: 	
173: 	/**
174: 	 * Get the full set of permissions
175: 	 * @return array Permission list
176: 	**/
177: 	function PermissionList()
178: 	{
179: 		$permlist = $this->permissions;
180: 		if (!isset($permlist['default']))
181: 			$permlist['default']=false;
182: 		return $permlist;
183: 	}
184: 	
185: 	/**
186: 	 * Get user settings (user-specific, not group or anything else) for permissions
187: 	 * @param string $username Username
188: 	 * @return array Array of permissions with form (-1 undefined, 0 denied, 1 allowed)
189: 	**/
190: 	function UserPermissionList($username)
191: 	{
192: 		$permlist = $this->PermissionList();
193: 		
194: 		$perms = array("default" => -1);
195: 		
196: 		foreach($permlist as $key => $perm)
197: 			$perms[$key]=-1;
198: 		
199: 		
200: 		$q="SELECT ".$this->DESK->Database->Field("permission").",".$this->DESK->Database->Field("allowed")." ";
201: 		$q.="FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
202: 		$q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("user")." AND ";
203: 		$q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->SafeQuote($username);
204: 		
205: 		$r=$this->DESK->Database->Query($q);
206: 		
207: 		while ($row=$this->DESK->Database->FetchAssoc($r))
208: 		{
209: 			$perms[$row['permission']] = $row['allowed'];
210: 		}
211: 		
212: 		$this->DESK->Database->Free($r);
213: 		
214: 		return $perms;
215: 	}
216: 	
217: 	/**
218: 	 * Get group settings for permissions
219: 	 * @param string $groupid Group ID
220: 	 * @return array Array of permissions with form (-1 undefined, 0 denied, 1 allowed)
221: 	**/
222: 	function GroupPermissionList($groupid)
223: 	{
224: 		$permlist = $this->PermissionList();
225: 		
226: 		$perms = array("default" => -1);
227: 		
228: 		foreach($permlist as $key => $perm)
229: 			$perms[$key]=-1;
230: 		
231: 		$q="SELECT ".$this->DESK->Database->Field("permission").",".$this->DESK->Database->Field("allowed")." ";
232: 		$q.="FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
233: 		$q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("group")." AND ";
234: 		$q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->Safe($groupid);
235: 		
236: 		$r=$this->DESK->Database->Query($q);
237: 		
238: 		while ($row=$this->DESK->Database->FetchAssoc($r))
239: 		{
240: 			$perms[$row['permission']] = $row['allowed'];
241: 		}
242: 		
243: 		$this->DESK->Database->Free($r);
244: 		
245: 		return $perms;
246: 	}
247: 	
248: 	/**
249: 	 * Get a list of security groups
250: 	 * @return array List of groups id => name
251: 	**/
252: 	function GroupList()
253: 	{
254: 		$q="SELECT * FROM ".$this->DESK->Database->Table("permgroup")." ORDER BY ".$this->DESK->Database->Field("permgroupid")." ASC";
255: 		$r=$this->DESK->Database->Query($q);
256: 		
257: 		$out = array();
258: 		
259: 		while ($row=$this->DESK->Database->FetchAssoc($r))
260: 			$out[$row['permgroupid']]=$row['groupname'];
261: 		
262: 		$this->DESK->Database->Free($r);
263: 		
264: 		return $out;
265: 	}
266: 	
267: 	/**
268: 	 * Delete a security group
269: 	 * @param int $groupid Group ID
270: 	**/
271: 	function DeleteGroup($groupid)
272: 	{
273: 		// First remove users from the group
274: 		$q="UPDATE ".$this->DESK->Database->Table("user")." SET ";
275: 		$q.=$this->DESK->Database->Field("permgroup")."=0 WHERE ";
276: 		$q.=$this->DESK->Database->Field("permgroup")."=".$this->DESK->Database->Safe($groupid);
277: 		$this->DESK->Database->Query($q);
278: 		
279: 		// And the linked permissions
280: 		$q="DELETE FROM ".$this->DESK->Database->Table("permissions")." WHERE ";
281: 		$q.=$this->DESK->Database->Field("permissiontype")."=".$this->DESK->Database->SafeQuote("group")." AND ";
282: 		$q.=$this->DESK->Database->Field("usergroupid")."=".$this->DESK->Database->SafeQuote($groupid);
283: 		$this->DESK->Database->Query($q);
284: 		
285: 		// Now delete the group
286: 		$q="DELETE FROM ".$this->DESK->Database->Table("permgroup")." WHERE ";
287: 		$q.=$this->DESK->Database->Field("permgroupid")."=".$this->DESK->Database->Safe($groupid);
288: 		$this->DESK->Database->Query($q);
289: 	}
290: 	
291: 	/**
292: 	 * Create a group
293: 	 * @param string $groupname Name of the group
294: 	**/
295: 	function CreateGroup($groupname)
296: 	{
297: 		$q="INSERT INTO ".$this->DESK->Database->Table("permgroup")."(".$this->DESK->Database->Field("groupname").") ";
298: 		$q.="VALUES(".$this->DESK->Database->SafeQuote($groupname).")";
299: 		$this->DESK->Database->Query($q);
300: 	}
301: 	
302: 	
303: }
304: ?>
305: