Core  3.2
PHP API documentation
 All Data Structures Namespaces Files Functions Variables Pages
Class.Acl.php
Go to the documentation of this file.
1 <?php
2 /*
3  * @author Anakeen
4  * @package FDL
5 */
6 /**
7  * Access Control for application
8  *
9  * @author Anakeen
10  * @version $Id: Class.Acl.php,v 1.8 2005/10/27 14:26:05 eric Exp $
11  * @package FDL
12  * @subpackage CORE
13  */
14 /**
15  */
16 
17 include_once ('Class.DbObj.php');
18 include_once ('Class.QueryDb.php');
19 include_once ('Class.Application.php');
20 include_once ('Class.User.php');
21 
22 class Acl extends DbObj
23 {
24  var $fields = array(
25  "id",
26  "id_application",
27  "name",
28  "grant_level",
29  "description",
30  "group_default"
31  );
32 
33  var $id_fields = array(
34  "id"
35  );
36  public $id;
37  public $id_application;
38  public $name;
39  public $grant_level;
40  public $description;
41  public $group_default;
42  var $dbtable = "acl";
43 
44  var $sqlcreate = '
45 create table acl (id int not null,
46  id_application int not null,
47  name text not null,
48  grant_level int not null,
49  description text,
50  group_default char);
51 create index acl_idx1 on acl(id);
52 create index acl_idx2 on acl(id_application);
53 create index acl_idx3 on acl(name);
54 create sequence SEQ_ID_ACL;
55  ';
56 
57  function Set($name, $id_app)
58  {
59  $query = new QueryDb($this->dbaccess, "Acl");
60  $query->basic_elem->sup_where = array(
61  "name='$name'",
62  "id_application=$id_app"
63  );
64  $query->Query(0, 0, "TABLE");
65 
66  if ($query->nb > 0) {
67  $this->Affect($query->list[0]);
68  } else {
69  return false;
70  }
71  return true;
72  }
73 
74  function Complete()
75  {
76  }
77 
78  function PreInsert()
79  {
80  if ($this->Exists($this->name, $this->id_application)) return "Acl {$this->name} already exists...";
81  $msg_res = $this->exec_query("select nextval ('seq_id_acl')");
82  $arr = $this->fetch_array(0);
83  $this->id = $arr["nextval"];
84  return '';
85  }
86  function PreUpdate()
87  {
88  if ($this->dbid == - 1) return FALSE;
89  return '';
90  }
91 
92  function Exists($name, $id_app)
93  {
94  $query = new QueryDb($this->dbaccess, "Acl");
95  $query->basic_elem->sup_where = array(
96  "name='$name'",
97  "id_application=$id_app"
98  );
99  $query->Query(0, 0, "TABLE");
100  return ($query->nb > 0);
101  }
102 
103  function DelAppAcl($id)
104  {
105  $query = new QueryDb($this->dbaccess, "Acl");
106  $query->basic_elem->sup_where = array(
107  "id_application=$id"
108  );
109  $list = $query->Query();
110  if ($query->nb > 0) {
111  /*
112  * @var Acl $v
113  */
114  foreach ($list as $v) {
115  $v->Delete();
116  }
117  }
118  // Remove Permission
119  $permission = new Permission($this->dbaccess);
120  $permission->DelAppPerm($id);
121  }
122 
123  function Init($app, $app_acl, $update = FALSE)
124  {
125  if (sizeof($app_acl) == 0) {
126  $this->log->debug("No acl available");
127  return ("");
128  }
129 
130  $default_grant_level_found = false; // indicate user default set explicitly
131  if (isset($app_acl[0]["grant_level"])) $oldacl = true; // for old ACL description (for compatibility with old application)
132  else $oldacl = false;
133  // read init file
134  $default_user_acl = array(); // default acl ids
135  $default_acl = false; // to update default acl id
136  $smalestgrant = null;
137  foreach ($app_acl as $k => $tab) {
138  $acl = new Acl($this->dbaccess);
139  if ($acl->Exists($tab["name"], $app->id)) {
140  $acl->Set($tab["name"], $app->id);
141  }
142  $acl->id_application = $app->id;
143  $acl->name = $tab["name"];
144  if (isset($tab["description"])) {
145  $acl->description = $tab["description"];
146  }
147  if (isset($tab["grant_level"])) {
148  $acl->grant_level = $tab["grant_level"];
149  } else {
150  $acl->grant_level = 1;
151  }
152  // initialise grant level default
153  if ((isset($tab["group_default"])) && ($tab["group_default"] == "Y")) {
154  if ($oldacl) {
155  $default_grant_level = $tab["grant_level"];
156  $default_grant_level_found = true;
157  }
158  $acl->group_default = "Y";
159  $default_acl = true;
160  } else {
161  $acl->group_default = "N";
162 
163  if ($oldacl) {
164  if ((!$default_grant_level_found) && ((!isset($smalestgrant)) || ($tab["grant_level"] < $smalestgrant)) && (!((isset($tab["admin"]) && $tab["admin"])))) {
165  // default acl admin must be specified explicitly
166  $smalestgrant = $tab["grant_level"];
167  }
168  }
169  }
170 
171  if ($acl->Exists($acl->name, $acl->id_application)) {
172  $this->log->info("Acl Modify : {$acl->name}, {$acl->description}");
173  $acl->Modify();
174  } else {
175  $this->log->info("Acl Add : {$acl->name}, {$acl->description}");
176  $acl->Add();
177  }
178  if (isset($tab["admin"]) && $tab["admin"]) {
179  $permission = new Permission($this->dbaccess);
180  $permission->id_user = 1;
181  $permission->id_application = $app->id;
182  $permission->id_acl = $acl->id;
183  if ($permission->Exists($permission->id_user, $app->id, $permission->id_acl)) {
184  $this->log->info("Modify admin permission : {$acl->name}");
185  $permission->Modify();
186  } else {
187  $this->log->info("Create admin permission : {$acl->name}");
188  $permission->Add();
189  }
190  }
191  if ($default_acl) {
192  $default_user_acl[] = $acl->id;
193  $default_acl = false;
194  }
195  }
196  // default privilige is the smallest if no definition (for old old application)
197  if (count($default_user_acl) == 0) {
198  if (isset($smalestgrant)) {
199  $default_user_acl[] = $smalestgrant;
200  $default_grant_level = $smalestgrant;
201  }
202  }
203 
204  if ($oldacl) {
205  // ----------------------------------------------
206  // for old acl form definition (with grant_level)
207  // set default acl for grant level under the default
208  if (isset($default_grant_level)) {
209  $query = new QueryDb($this->dbaccess, "Acl");
210  $query->AddQuery("id_application = " . $app->id);
211  $query->AddQuery("grant_level < $default_grant_level");
212  if ($qacl = $query->Query()) {
213  foreach ($qacl as $k2 => $acl) {
214  if (!in_array($acl->id, $default_user_acl)) {
215  $default_user_acl[] = $acl->id;
216  }
217  }
218  }
219  }
220  }
221  // create default permission
222  reset($default_user_acl);
223  foreach ($default_user_acl as $ka => $aclid) {
224  // set the default user access
225  $defaultacl = new Acl($this->dbaccess, $aclid);
226  $defaultacl->group_default = "Y";
227  $defaultacl->Modify();
228 
229  if (!$update) {
230  // set default access to 'all' group only
231  $permission = new Permission($this->dbaccess);
232  $permission->id_user = 2;
233  $permission->id_application = $app->id;
234  $permission->id_acl = $aclid;
235  if (!$permission->Exists($permission->id_user, $app->id, $permission->id_acl)) {
236  $permission->Add();
237  }
238  }
239  }
240  return '';
241  // Remove unused Acl in case of update
242  // if ($update) {
243  // $query=new QueryDb($this->dbaccess,"Acl");
244  // $query->basic_elem->sup_where=array ("id_application = {$app->id}");
245  // $list=$query->Query();
246  // while (list($k,$v)=each($list)) {
247  // // Check if the ACL still exists
248  // $find=FALSE;
249  // reset($app_acl);
250  // while ( (list($k2,$v2) = each($app_acl)) && ($find==FALSE) ) {
251  // $find=( $v2["name"] == $v->name );
252  // }
253  // if (!$find) {
254  // // remove the ACL and all associated permissions
255  // $this->log->info("Removing the {$v->name} ACL");
256  // $query2 = new QueryDb($this->dbaccess,"Permission");
257  // $query2->basic_elem->sup_where=array("id_application= {$app->id}",
258  // "id_acl = {$v->id}");
259  // $list_perm = $query2->Query();
260  // if ($query2->nb>0) {
261  // while (list($k2,$p) = each ($list_perm)) {
262  // $p->Delete();
263  // }
264  // }
265  // $v->Delete();
266  // }
267  // }
268  // }
269 
270 
271  }
272  // get default ACL for an application
273  function getDefaultAcls($idapp)
274  {
275 
276  $aclids = array();
277  $query = new QueryDb($this->dbaccess, "Acl");
278  $query->AddQuery("id_application = $idapp");
279  $query->AddQuery("group_default = 'Y'");
280  if ($qacl = $query->Query()) {
281  foreach ($qacl as $k2 => $acl) {
282  $aclids[] = $acl->id;
283  }
284  }
285  return $aclids;
286  }
287 
288  function getAclApplication($idapp)
289  {
290 
291  $query = new QueryDb($this->dbaccess, "Acl");
292  $query->AddQuery("id_application = $idapp");
293  if ($qacl = $query->Query()) return $qacl;
294  return 0;
295  }
296 }
297 ?>
Acl\$id_fields
$id_fields
Definition: Class.Acl.php:33
DbObj\exec_query
exec_query($sql, $lvl=0, $prepare=false)
Definition: Class.DbObj.php:698
name
print $fam getTitle() $fam name
Definition: cleanFamily.php:133
Acl\$description
$description
Definition: Class.Acl.php:40
Acl\$id_application
$id_application
Definition: Class.Acl.php:37
Acl\Exists
Exists($name, $id_app)
Definition: Class.Acl.php:92
Acl\getAclApplication
getAclApplication($idapp)
Definition: Class.Acl.php:288
Acl\Set
Set($name, $id_app)
Definition: Class.Acl.php:57
DbObj\fetch_array
fetch_array($c, $type=PGSQL_ASSOC)
Definition: Class.DbObj.php:804
Acl\$name
$name
Definition: Class.Acl.php:38
Acl\$fields
$fields
Definition: Class.Acl.php:24
Acl\DelAppAcl
DelAppAcl($id)
Definition: Class.Acl.php:103
Acl\Complete
Complete()
Definition: Class.Acl.php:74
$app
$app
Definition: change_action.php:35
Acl\getDefaultAcls
getDefaultAcls($idapp)
Definition: Class.Acl.php:273
Acl\PreUpdate
PreUpdate()
Definition: Class.Acl.php:86
Acl\PreInsert
PreInsert()
Definition: Class.Acl.php:78
Acl\Init
Init($app, $app_acl, $update=FALSE)
Definition: Class.Acl.php:123
Acl\$dbtable
$dbtable
Definition: Class.Acl.php:42
$query
if(($docid!==0)&&(!is_numeric($docid))) $query
Definition: generateDocumentClass.php:40
Acl\$group_default
$group_default
Definition: Class.Acl.php:41
Acl\$sqlcreate
$sqlcreate
Definition: Class.Acl.php:44
Acl\$grant_level
$grant_level
Definition: Class.Acl.php:39
← centre documentaire © anakeen