Changeset 2439
- Timestamp:
- 09/04/08 14:03:31 (3 months ago)
- Location:
- branches/schema06/system/classes
- Files:
-
- 2 modified
-
acl.php (modified) (10 diffs)
-
usergroup.php (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/schema06/system/classes/acl.php
r2438 r2439 24 24 const ACCESS_NONEXISTANT_PERMISSION = true; 25 25 26 private static $permission_ids = array(); 27 28 /** 29 * Convert a permission access name (read, write, full, denied) into an ID 30 * @param string The access name 31 * @return mixed the ID of the permission, or boolean FALSE if it does not exist 32 **/ 33 public static function permission_id( $name ) 34 { 35 if ( count( $access_ids ) == 0 ) { 36 $result = DB::query( 'SELECT id, name FROM {permissions};' ); 37 foreach ( $result as $r ) { 38 $access_ids[$r->name] = $r->id; 39 } 40 } 41 42 return ( isset( $access_ids[$name] ) ? $access_ids[$name] : FALSE; 43 } 44 26 45 /** 27 46 * Create a new permission, and save it to the Permissions table … … 63 82 { 64 83 // make sure the permission exists, first 65 if ( ! ACL::permission_exists( $permission ) ) {66 return false; 67 } 68 69 // grab permission ID70 $permission = ACL::permission_id( $permission );84 if ( ! self::token_exists( $permission ) ) { 85 return false; 86 } 87 88 // grab token ID 89 $permission = self::token_id( $permission ); 71 90 72 91 $allow = true; … … 77 96 } 78 97 Plugins::act('permission_destroy_before', $permission ); 79 // capture the permission name98 // capture the permission token name 80 99 $name = DB::get_value( 'SELECT name FROM {tokens} WHERE id=?', array( $permission ) ); 81 100 // remove all references to this permissions … … 98 117 * @return array an array of QueryRecord objects containing all permissions 99 118 **/ 100 public static function all_permission s( $order= 'id' )101 { 102 $order = strtolower( $order );119 public static function all_permission_tokens( $order= 'id' ) 120 { 121 $order = strtolower( $order ); 103 122 if ( ( 'id' != $order ) && ( 'name' != $order ) && ( 'description' != $order ) ) { 104 123 $order= 'id'; 105 124 } 106 $permissions = DB::get_results( 'SELECT id, name, description FROM {tokens} ORDER BY ' . $order );125 $permissions = DB::get_results( 'SELECT id, name, description FROM {tokens} ORDER BY ' . $order ); 107 126 return $permissions ? $permissions : array(); 108 127 } 109 128 110 129 /** 111 * Get a permission 's name by its ID130 * Get a permission token's name by its ID 112 131 * @param int a permission ID 113 132 * @return string the name of the permission, or boolean FALSE 114 133 **/ 115 public static function permission_name( $id )134 public static function token_name( $id ) 116 135 { 117 136 if ( ! is_int( $id ) ) { … … 123 142 124 143 /** 125 * Get a permission 's ID by its name144 * Get a permission token's ID by its name 126 145 * @param string the name of the permission 127 146 * @return int the permission's ID 128 147 **/ 129 public static function permission_id( $name )148 public static function token_id( $name ) 130 149 { 131 150 if( is_integer($name) ) { … … 137 156 138 157 /** 139 * Fetch a permission description from the DB158 * Fetch a permission token's description from the DB 140 159 * @param mixed a permission name or ID 141 160 * @return string the description of the permission 142 161 **/ 143 public static function permission_description( $permission )162 public static function token_description( $permission ) 144 163 { 145 164 if ( is_int( $permission) ) { … … 153 172 154 173 /** 155 * Determine whether a permission exists174 * Determine whether a permission token exists 156 175 * @param mixed a permission name or ID 157 176 * @return bool whether the permission exists or not 158 177 **/ 159 public static function permission_exists( $permission )178 public static function token_exists( $permission ) 160 179 { 161 180 if ( is_int( $permission ) ) { … … 202 221 // Use only numeric ids internally 203 222 $group = UserGroup::id( $group ); 204 $permission = ACL::permission_id( $permission );223 $permission = self::token_id( $permission ); 205 224 $sql = <<<SQL 206 225 SELECT p.name FROM {group_token_permissions} gp, {permissions} p WHERE 207 226 gp.group_id=? AND gp.token_id=? AND gp.permission_id=p.id; 208 227 SQL; 209 $result = DB::get_value s( $sql );228 $result = DB::get_value( $sql ); 210 229 if ( $result == $access ) { 211 230 // the permission has been granted to this group … … 227 246 { 228 247 // Use only numeric ids internally 229 $permission= ACL::permission_id( $permission );248 $permission= self::token_id( $permission ); 230 249 // if we were given a user ID, use that to fetch the group membership from the DB 231 250 if ( is_int( $user) ) { … … 294 313 295 314 /** 315 * Grant a permission to a group 316 * @param integer $group_id The group ID 317 * @param integer $token_id The permission token to grant 318 * @param string $access The kind of access to assign the group 319 * @return Result of the DB query 320 **/ 321 public static function grant_group( $group_id, $token_id, $access = 'full' ) 322 { 323 $result = DB::query( 'INSERT INTO {group_tokens_permissions} (group_id, token_id, permission_id) VALUES (?, ?, ?);', 324 array( $group_id, $token_id, self::permission_ids( $access ) ); 325 return $result; 326 } 327 328 /** 329 * Grant a permission to a user 330 * @param integer $user_id The user ID 331 * @param integer $token_id The permission token to grant 332 * @param string $access The kind of access to assign the group 333 * @return Result of the DB query 334 **/ 335 public static function grant_user( $user_id, $token_id, $access = 'full' ) 336 { 337 $result = DB::query( 'INSERT INTO {user_tokens_permissions} (user_id, token_id, permission_id) VALUES (?, ?, ?);', 338 array( $user_id, $token_id, self::permission_ids( $access ) ); 339 return $result; 340 } 341 342 343 /** 296 344 * Convert a permission name into a valid format 297 345 * -
branches/schema06/system/classes/usergroup.php
r1809 r2439 8 8 // These arrays hold the current membership and permission settings for this group 9 9 // These arrays are NOT matched key and value pairs (the are not stored like array('foo'=>'foo') ) 10 private $member_ids= array(); 11 private $permissions_granted= array(); 12 private $permissions_denied= array(); 10 private $member_ids = array(); 11 private $permissions = array(); 13 12 14 13 /** … … 42 41 } 43 42 44 if ( $results= DB::get_results( 'SELECT permission_id, denied FROM {groups_permissions} WHERE group_id=?', array( $this->id ) ) ) {43 if ( $results= DB::get_results( 'SELECT token_id, permission_id FROM {group_token_permissions} WHERE group_id=?', array( $this->id ) ) ) { 45 44 foreach ( $results as $result ) { 46 if ( 1 === (int) $result->denied ) { 47 $this->permissions_denied[]= $result->permission_id; 48 } 49 else { 50 $this->permissions_granted[]= $result->permission_id; 51 } 45 $this->permissions[] = array( 46 'token_id' => $result->token_id, 47 'permission_id' => $result->permission_id, 48 ); 52 49 } 53 50 } … … 129 126 130 127 // Remove all permissions from this group in preparation for adding the current list 131 DB::query( 'DELETE FROM {group s_permissions} WHERE group_id=?', array( $this->id ) );128 DB::query( 'DELETE FROM {group_token_permissions} WHERE group_id=?', array( $this->id ) ); 132 129 // Add the current list of permissions into the group 133 foreach( $this->permissions_granted as $grant_id ) { 134 DB::query('INSERT INTO {groups_permissions} (group_id, permission_id, denied ) VALUES (?, ?, 0)', array( $this->id, $grant_id) ); 135 } 136 foreach( $this->permissions_denied as $deny_id ) { 137 DB::query('INSERT INTO {groups_permissions} (group_id, permission_id, denied ) VALUES (?, ?, 1)', array( $this->id, $deny_id) ); 130 foreach( $this->permissions as $permission ) { 131 DB::query('INSERT INTO {group_token_permissions} (group_id, token_id, permission_id) VALUES (?, ?, ?)', array( $this->id, $permission->token_id, $permission->permission_id ) ); 138 132 } 139 133 } … … 153 147 Plugins::act('usergroup_delete_before', $this); 154 148 // remove all this group's permissions 155 $results= DB::query( 'DELETE FROM {group s_permissions} WHERE group_id=?', array( $this->id ) );149 $results= DB::query( 'DELETE FROM {group_token_permissions} WHERE group_id=?', array( $this->id ) ); 156 150 // remove all this group's members 157 151 $results= DB::query( 'DELETE FROM {users_groups} WHERE group_id=?', array( $this->id ) ); … … 174 168 return $this->member_ids; 175 169 break; 176 case 'granted': 177 return $this->permissions_granted; 178 break; 179 case 'denied': 180 return $this->permissions_denied; 170 case 'permissions': 171 return $this->permissions; 181 172 break; 182 173 default: … … 216 207 /** 217 208 * Assign one or more new permissions to this group 218 * @param mixed A permission ID, name, or array of the same209 * @param mixed A permission token ID, name, or array of the same 219 210 **/ 220 211 public function grant( $permissions ) … … 222 213 $permissions = Utils::single_array( $permissions ); 223 214 // Use ids internally for all permissions 224 $permissions = array_map(array('ACL', ' permission_id'), $permissions);215 $permissions = array_map(array('ACL', 'token_id'), $permissions); 225 216 // Merge the new permissions 226 217 $this->permissions_granted = $this->permissions_granted + $permissions; … … 271 262 public function can( $permission ) 272 263 { 273 $permission= ACL:: permission_id( $permission );264 $permission= ACL::token_id( $permission ); 274 265 if ( in_array( $permission, $this->permissions_denied ) ) { 275 266 return false;
