Changeset 2445
- Timestamp:
- 09/05/08 03:39:36 (3 months ago)
- Location:
- branches/schema06/system/classes
- Files:
-
- 2 modified
-
acl.php (modified) (10 diffs)
-
usergroup.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/schema06/system/classes/acl.php
r2439 r2445 27 27 28 28 /** 29 * Static initializer to fill the $permission_ids array 30 */ 31 public static function __static() 32 { 33 $result = DB::get_results( 'SELECT id, name FROM {permissions};' ); 34 foreach ( $result as $r ) { 35 self::$permission_ids[$r->name] = $r->id; 36 } 37 } 38 39 /** 29 40 * Convert a permission access name (read, write, full, denied) into an ID 30 41 * @param string The access name … … 33 44 public static function permission_id( $name ) 34 45 { 35 if ( count( $access_ids ) == 0 ) { 36 $result = DB::query( 'SELECT id, name FROM {permissions};' ); 37 foreach ( $result as $r ) { 38 $access_ids[$r->name] = $r->id; 39 } 40 } 41 42 return ( isset( $access_ids[$name] ) ? $access_ids[$name] : FALSE; 43 } 44 45 /** 46 * Create a new permission, and save it to the Permissions table 46 return ( isset( self::$permission_ids[$name] ) ? self::$permission_ids[$name] : FALSE; 47 } 48 49 /** 50 * Create a new permission, and save it to the permission tokens table 47 51 * @param string The name of the permission 48 52 * @param string The description of the permission … … 117 121 * @return array an array of QueryRecord objects containing all permissions 118 122 **/ 119 public static function all_permission _tokens( $order= 'id' )123 public static function all_permissions( $order= 'id' ) 120 124 { 121 125 $order = strtolower( $order ); … … 222 226 $group = UserGroup::id( $group ); 223 227 $permission = self::token_id( $permission ); 224 $sql = <<<SQL 225 SELECT p.name FROM {group_token_permissions} gp, {permissions} p WHERE 226 gp.group_id=? AND gp.token_id=? AND gp.permission_id=p.id; 227 SQL; 228 $sql = 'SELECT permission_id FROM {group_token_permissions} WHERE 229 group_id=? AND token_id=?;'; 230 228 231 $result = DB::get_value( $sql ); 229 if ( $result == $access ) {232 if ( $result !== FALSE && self::$permission_ids[$result] == $access ) { 230 233 // the permission has been granted to this group 231 234 return true; … … 276 279 */ 277 280 $sql = <<<SQL 278 SELECT COALESCE(permission_id, 0) aspermission_id281 SELECT permission_id 279 282 FROM ( 280 283 ( … … 300 303 $result = DB::get_value( $sql, array( ':user_id' => $user_id, ':token_id' => $permission ); 301 304 302 // TODO: modify above call to return the permission name rather than the ID 303 // For now, I'll just look for a result > 0 304 if ( $result !== FALSE && intval($result) > 0 ) { 305 if ( $result !== FALSE && self::permission_ids[$result] == $access ) { 305 306 return true; 306 307 } 307 308 308 // if the permission is neither denied nor granted, they're not 309 // allowed to do it. 310 return self::ACCESS_NONEXISTANT_PERMISSION; 309 // either the permission hasn't been granted, or it's been 310 // explicitly denied. 311 311 return false; 312 312 } … … 315 315 * Grant a permission to a group 316 316 * @param integer $group_id The group ID 317 * @param integer $token_id The permission token to grant317 * @param mixed $token_id The name or ID of the permission token to grant 318 318 * @param string $access The kind of access to assign the group 319 319 * @return Result of the DB query … … 321 321 public static function grant_group( $group_id, $token_id, $access = 'full' ) 322 322 { 323 $result = DB::query( 'INSERT INTO {group_tokens_permissions} (group_id, token_id, permission_id) VALUES (?, ?, ?);', 324 array( $group_id, $token_id, self::permission_ids( $access ) ); 323 // DB::update will insert if the token is not already in the group tokens table 324 $result = DB::update( 325 '{group_tokens_permissions}', 326 array( 'permission_id' => self::$permission_ids[$access] ), 327 array( 'group_id' => $group_id, 'token_id' => self::token_id( $token_id ) ) 328 ); 329 325 330 return $result; 326 331 } … … 329 334 * Grant a permission to a user 330 335 * @param integer $user_id The user ID 331 * @param integer $token_id The permission token to grant336 * @param integer $token_id The name or ID of the permission token to grant 332 337 * @param string $access The kind of access to assign the group 333 338 * @return Result of the DB query … … 335 340 public static function grant_user( $user_id, $token_id, $access = 'full' ) 336 341 { 337 $result = DB::query( 'INSERT INTO {user_tokens_permissions} (user_id, token_id, permission_id) VALUES (?, ?, ?);', 338 array( $user_id, $token_id, self::permission_ids( $access ) ); 342 $result = DB::update( 343 '{user_tokens_permissions}', 344 array( 'permission_id' => self::$permission_ids[$access] ), 345 array( 'user_id' => $user_id, 'token_id' => self::token_id( $token_id ) ) 346 ); 347 339 348 return $result; 340 349 } 341 350 351 /** 352 * Deny permission to a group 353 * @param integer $group_id The group ID 354 * @param mixed $token_id The name or ID of the permission token 355 * @return Result of the DB query 356 **/ 357 public static function deny_group( $group_id, $token_id ) 358 { 359 self::grant_group( $group_id, $token_id, 'deny' ); 360 } 361 362 /** 363 * Deny permission to a user 364 * @param integer $user_id The user ID 365 * @param mixed $token_id The name or ID of the permission token 366 * @return Result of the DB query 367 **/ 368 public static function deny_user( $user_id, $token_id ) 369 { 370 self::grant_user( $group_id, $token_id, 'deny' ); 371 } 372 373 /** 374 * Remove a permission from the group permissions table 375 * @param integer $group_id The group ID 376 * @param mixed $token_id The name or ID of the permission token 377 * @return the result of the DB query 378 **/ 379 public static function revoke_group_permission( $group_id, $token_id ) 380 { 381 $result = DB::delete( '{group_tokens_permissions}', 382 array( 'group_id' => $group_id, 'token_id' => $token_id ) ); 383 384 return $result; 385 } 386 387 /** 388 * Remove a permission from the user permissions table 389 * @param integer $user_id The user ID 390 * @param mixed $token_id The name or ID of the permission token 391 * @return the result of the DB query 392 **/ 393 public static function revoke_user_permission( $user_id, $token_id ) 394 { 395 $result = DB::delete( '{user_tokens_permissions}', 396 array( 'user_id' => $user_id, 'token_id' => $token_id ) ); 397 398 return $result; 399 } 342 400 343 401 /** -
branches/schema06/system/classes/usergroup.php
r2439 r2445 7 7 { 8 8 // These arrays hold the current membership and permission settings for this group 9 // These arrays are NOT matched key and value pairs (the are not storedlike array('foo'=>'foo') )9 // $member_ids is not NOT matched key and value pairs ( like array('foo'=>'foo') ) 10 10 private $member_ids = array(); 11 11 private $permissions = array(); … … 43 43 if ( $results= DB::get_results( 'SELECT token_id, permission_id FROM {group_token_permissions} WHERE group_id=?', array( $this->id ) ) ) { 44 44 foreach ( $results as $result ) { 45 $this->permissions[] = array( 46 'token_id' => $result->token_id, 47 'permission_id' => $result->permission_id, 48 ); 45 $this->permissions[$result->token_id] = $result->permission_id; 49 46 } 50 47 } … … 209 206 * @param mixed A permission token ID, name, or array of the same 210 207 **/ 211 public function grant( $permissions )208 public function grant( $permissions, $access = 'full' ) 212 209 { 213 210 $permissions = Utils::single_array( $permissions ); 214 211 // Use ids internally for all permissions 215 212 $permissions = array_map(array('ACL', 'token_id'), $permissions); 216 // Merge the new permissions 217 $this->permissions_granted = $this->permissions_granted + $permissions;218 // List each permission exactly once219 $this->permissions_granted = array_unique($this->permissions_granted);220 // Remove granted permissions from the denied list221 $this->permissions_denied = array_diff($this->permissions_denied, $this->permissions_granted);213 214 // Merge and grant the new permissions 215 foreach ( $permissions as $permission ) { 216 $this->permissions[$permission] = $access; 217 ACL::grant_group( $this->id, $permission, $access ); 218 } 222 219 } 223 220 … … 228 225 public function deny( $permissions ) 229 226 { 230 $permissions = Utils::single_array( $permissions ); 231 // Use ids internally for all permissions 232 $permissions = array_map(array('ACL', 'permission_id'), $permissions); 233 // Merge the new permissions 234 $this->permissions_denied = $this->permissions_denied + $permissions; 235 // List each permission exactly once 236 $this->permissions_denied = array_unique($this->permissions_denied); 237 // Remove denied permissions from the granted list 238 $this->permissions_granted = array_diff($this->permissions_granted, $this->permissions_denied); 227 $this->grant( $permissions, 'deny' ); 239 228 } 240 229 … … 247 236 $permissions = Utils::single_array( $permissions ); 248 237 // Remove permissions from the granted list 249 $this->permissions_granted = array_diff($this->permissions_granted, $permissions); 250 // Remove permissions from the denied list 251 $this->permissions_denied = array_diff($this->permissions_denied, $permissions); 238 $this->permissions = array_diff_key( $this->permissions, $permissions ); 239 foreach ( $permissions as $permission ) { 240 ACL::revoke_group_permission( $this->id, $permission ); 241 } 252 242 } 253 243 … … 260 250 * @see ACL::user_can() 261 251 **/ 262 public function can( $permission )252 public function can( $permission, $access = 'full' ) 263 253 { 264 254 $permission= ACL::token_id( $permission ); 265 if ( in_array( $permission, $this->permissions_denied ) ) { 266 return false; 267 } 268 if ( in_array( $permission, $this->permissions_granted ) ) { 255 if ( isset( $this->permissions[$permission] ) && $this->permissions[$permission] == $access ) { 269 256 return true; 270 257 }
