Platform  3.1
PHP API documentation
 All Data Structures Namespaces Files Functions Variables Pages
Class.Permission.php
Go to the documentation of this file.
1 <?php
2 /*
3  * @author Anakeen
4  * @license http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Anakeen - licence CC
5  * @package FDL
6 */
7 /**
8  * Permission to execute actions
9  *
10  * @author Anakeen 2000
11  * @version $Id: Class.Permission.php,v 1.10 2006/06/01 12:54:05 eric Exp $
12  * @license http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Anakeen - licence CC
13  * @package FDL
14  * @subpackage CORE
15  */
16 /**
17  */
18 
19 include_once ('Class.DbObj.php');
20 include_once ('Class.QueryDb.php');
21 include_once ('Class.Application.php');
22 include_once ('Class.Action.php');
23 include_once ('Class.Acl.php');
24 include_once ('Class.User.php');
25 include_once ('Class.Group.php');
26 
27 class Permission extends DbObj
28 {
29  var $fields = array(
30  "id_user",
31  "id_application",
32  "id_acl",
33  "computed"
34  );
35 
36  var $id_fields = array(
37  "id_user",
38  "id_application"
39  );
40 
41  var $dbtable = "permission";
42  var $privileges = array(); // privileges array for a user (including group) in an application
43  private $upprivileges = false; // specifific privileges array for a user in an application
44  private $unprivileges = false; // specifific NO privileges array for a user in an application
45  private $gprivileges = false; // privileges array for the group user
46  var $sqlcreate = '
47 create table permission (id_user int not null,
48  id_application int not null,
49  id_acl int not null,
50  computed boolean default false);
51 create index permission_idx1 on permission(id_user);
52 create index permission_idx2 on permission(id_application);
53 create index permission_idx3 on permission(id_acl);
54 create index permission_idx4 on permission(computed);
55  ';
56 
57  var $actions = array(); // actions array for a user (including group) in an application
58  function __construct($dbaccess = '', $id = '', $res = '', $dbid = 0, $computed = true)
59  {
60  parent::__construct($dbaccess, $id, $res, $dbid);
61  if (!$this->isAffected()) {
62 
63  if (is_array($id)) {
64  $this->Affect(array(
65  "id_user" => $id[0],
66  "id_application" => $id[1],
67  "computed" => $id[2]
68  ));
69  $this->GetPrivileges(false, $computed);
70  }
71  }
72  }
73  function PostSelect()
74  {
75  // init privileges
76  $this->GetPrivileges();
77  }
78  function PostDelete()
79  {
80  // update privileges
81  $this->GetPrivileges();
82  }
83 
84  function PostUpdate()
85  {
86  // update privileges
87  $this->GetPrivileges();
88  }
89 
90  function PreInsert()
91  {
92  // no duplicate items
93  if ($this->Exists($this->id_user, $this->id_application, $this->id_acl)) return "Permission ({$this->id_user},{$this->id_application},{$this->id_acl}) already exists...";
94 
95  return "";
96  }
97  function postInsert()
98  {
99  if (!$this->computed) {
100  $this->exec_query(sprintf("delete from permission where id_application=%d and abs(id_acl)=%d and computed", $this->id_application, $this->id_acl));
101  }
102 
103  return "";
104  }
105  // Gives the list of Permission for a user on an application
106  function ListUserPermissions($user, $app)
107  {
108  $query = new QueryDb($this->dbaccess, "Permission");
109  $query->basic_elem->sup_where = array(
110  "id_user='{$user->id}'",
111  "id_application='{app->id}'"
112  );
113  $list = $query->Query();
114  $res = array();
115  $i = 0;
116  while ($i < $query->nb) {
117  $res[$i] = new Acl($this->dbaccess, $list[$i]->id_acl);
118  $i++;
119  }
120  return ($res);
121  }
122  // Gives the list of application where a user has permission
123  function ListUserApplications($user)
124  {
125  $query = new QueryDb($this->dbaccess, "Permission");
126  $query->basic_elem->sup_where = array(
127  "id_user='{$user->id}'"
128  );
129 
130  $list = $query->Query();
131  $res = array();
132  $i = 0;
133  while ($i < $query->nb) {
134  $this->log->debug("ListUserApplicaion");
135  $res[$i] = new Application($this->dbaccess, $list[$i]->id_application);
136  $i++;
137  }
138  return ($res);
139  }
140 
141  function ListApplicationUsers($app)
142  {
143  $query = new QueryDb($this->dbaccess, "Permission");
144  $query->basic_elem->sup_where = array(
145  "id_application='{$app->id}'"
146  );
147 
148  $list = $query->Query();
149  $res = array();
150  $i = 0;
151  while ($i < $query->nb) {
152  $res[$i] = new User($this->dbaccess, $list[$i]->id_user);
153  $i++;
154  }
155  return ($res);
156  }
157 
158  function Exists($userid, $applicationid, $aclid = 0)
159  {
160  $query = new QueryDb($this->dbaccess, "Permission");
161  $query->basic_elem->sup_where = array(
162  "id_application='$applicationid'",
163  "id_user='{$userid}'",
164  "( computed = FALSE OR computed IS NULL )"
165  );
166  if ($aclid != 0) {
167  $naclid = - $aclid;
168  $query->AddQuery("(id_acl={$aclid}) OR (id_acl= {$naclid}) ");
169  }
170  $list = $query->Query(0, 0, "TABLE");
171 
172  return ($query->nb > 0);
173  }
174 
175  function IsOver($user, $application, $acl)
176  {
177  $query = new QueryDb($this->dbaccess, "Permission");
178  $query->basic_elem->sup_where = array(
179  "id_application='{$application->id}'",
180  "id_user='{$user->id}'"
181  );
182  $list = $query->Query();
183  if ($query->nb == 0) return FALSE;
184  $aclu = new Acl($this->dbaccess, $list[0]->id_acl);
185  return ($aclu->grant_level >= $acl->grant_level);
186  }
187 
188  function GrantLevel($user, $application)
189  {
190  $query = new QueryDb($this->dbaccess, "Permission");
191  $query->basic_elem->sup_where = array(
192  "id_application='{$application->id}'",
193  "id_user='{$user->id}'"
194  );
195  $list = $query->Query();
196  if ($query->nb == 0) return (0);
197  $acl = new Acl($this->dbaccess, $list[0]->id_acl);
198  return ($acl->grant_level);
199  }
200 
201  function DelAppPerm($id)
202  {
203  $query = new QueryDb($this->dbaccess, "Permission");
204  $query->basic_elem->sup_where = array(
205  "id_application=$id"
206  );
207  $list = $query->Query();
208  $this->log->debug("DEL APP PERM");
209  if ($query->nb > 0) {
210  while (list($k, $v) = each($list)) {
211  $v->Delete();
212  }
213  } else {
214  $this->log->debug("NO PERM");
215  }
216  }
217  /**
218  * return ACL up list for a user
219  */
220  public function GetUpPrivileges()
221  {
222  if ($this->upprivileges === false) {
223  $this->GetPrivileges(true, false);
224  }
225  return $this->upprivileges;
226  }
227  /**
228  * return ACL un list for a user
229  */
230  public function GetUnPrivileges()
231  {
232  if ($this->unprivileges === false) {
233  $this->GetPrivileges(true, false);
234  }
235  return $this->unprivileges;
236  }
237  /**
238  * return ACL un list for a user
239  */
240  public function GetGPrivileges()
241  {
242  if ($this->gprivileges === false) {
243  $this->GetPrivileges(true, false);
244  }
245  return $this->gprivileges;
246  }
247  /**
248  * Get all ACL for a given application
249  */
250  public function getAllAclForApplication($appid)
251  {
252  $query = new QueryDb($this->dbaccess, "acl");
253  $query->basic_elem->sup_where = array(
254  "id_application = '" . $appid . "'"
255  );
256  $res = $query->Query();
257  $aclList = array();
258  foreach ($res as $k => $v) {
259  $aclList[] = $v->id;
260  }
261  return $aclList;
262  }
263  /**
264  * Returns the resulting ACL for a given (user, application), computing
265  * ACL value if they are empty.
266  */
267  public function GetComputedPrivileges($uid, $appid)
268  {
269  $query = new QueryDb($this->dbaccess, "permission");
270  $query->basic_elem->sup_where = array(
271  "id_application = '" . $appid . "'",
272  "id_user = '" . $uid . "'",
273  "computed = TRUE"
274  );
275  $computedAcl = array();
276  $privileges = array();
277  $list = $query->Query();
278  if ($query->nb > 0) {
279  while (list($k, $v) = each($list)) {
280  $computedAcl[abs($v->id_acl) ] = $v->id_acl;
281  }
282  }
283  $allAclList = $this->getAllAclForApplication($appid);
284  foreach ($allAclList as $acl) {
285  if (!array_key_exists($acl, $computedAcl)) {
286  $computedAcl[abs($acl) ] = $this->computePerm($uid, $appid, abs($acl));
287  }
288  }
289  return array_values($computedAcl);
290  }
291  /**
292  * Return the ACL value for a given (user, app, acl), computing it if it's not
293  * already computed, and storing the results.
294  */
295  public function computePerm($uid, $appid, $acl)
296  {
297  $db = new DbObj($this->dbaccess);
298  $res = $db->exec_query(sprintf("SELECT computePerm(%d, %d, %d)", $uid, $appid, abs($acl)));
299  $perm = $db->fetch_array(0);
300  return $perm['computeperm'];
301  }
302  /**
303  * return ACL list for a user
304  */
305  public function GetPrivileges($force = false, $computed = true)
306  {
307  global $session;
308 
309  if (!$force) {
310  $privileges = "";
311  if ($computed) {
312  $privileges = $this->GetComputedPrivileges($this->id_user, $this->id_application);
313  if (count($privileges) <= 0) {
314  $privileges = "";
315  }
316  }
317  if ($privileges !== "") {
318  $this->privileges = $privileges;
319  return;
320  }
321  }
322  $this->privileges = array();
323  $this->upprivileges = array();
324  $this->unprivileges = array();
325  $this->gprivileges = array();
326  // add groups privilege
327  $ugroup = new Group($this->dbaccess, $this->id_user);
328 
329  while (list($k, $gid) = each($ugroup->groups)) {
330 
331  $gperm = new permission($this->dbaccess, array(
332  $gid,
333  $this->id_application,
334  false
335  ) , '', 0, $computed);
336  // add group
337  while (list($k2, $gacl) = each($gperm->privileges)) {
338  if (!in_array($gacl, $this->privileges)) {
339  $this->gprivileges[] = $gacl;
340  $this->privileges[] = $gacl;
341  }
342  }
343  }
344 
345  $query = new QueryDb($this->dbaccess, "Permission");
346  $query->basic_elem->sup_where = array(
347  "id_application='{$this->id_application}'",
348  "id_user='{$this->id_user}'",
349  (!$computed) ? "( computed = FALSE OR computed IS NULL )" : ""
350  );
351  $list = $query->Query();
352  if ($query->nb > 0) {
353  while (list($k, $v) = each($list)) {
354  if ($v->id_acl > 0) {
355  // add privilege
356  $this->upprivileges[] = $v->id_acl;
357  if (!in_array($v->id_acl, $this->privileges)) {
358  $this->privileges[] = $v->id_acl;
359  }
360  } else {
361  // suppress privilege
362  $this->unprivileges[] = - ($v->id_acl);
363 
364  $nk = array_search(-($v->id_acl) , $this->privileges, false);
365  if (is_integer($nk)) {
366  unset($this->privileges[$nk]);
367  }
368  }
369  }
370  }
371 
372  return ($this->privileges);
373  }
374 
375  function HasPrivilege($idacl)
376  {
377  return (($this->id_user == 1) || // admin user
378  (in_array($idacl, $this->privileges)));
379  }
380  // id_user field must be set before
381  function AddUserPermission($appname, $aclname)
382  {
383  $app = new Application($this->dbaccess);
384  $appid = $app->GetIdFromName($appname);
385  if ($appid != 0) {
386 
387  $this->id_application = $appid;
388 
389  $acl = new Acl($this->dbaccess);
390  if ($acl->Set($aclname, $this->id_application)) {
391  $this->id_acl = $acl->id;
392  $this->Add();
393  }
394  }
395  }
396  /**
397  * return ACTION list for a user
398  *
399  * @author Philippe VALENCIA <pvalencia@fram.fr>
400  * @return array actions available for current user
401  */
402  function GetActions()
403  {
404 
405  $this->actions = array();
406 
407  $acls = $this->GetPrivileges();
408 
409  if (!count($acls)) return array();
410 
411  $sSql = " select distinct action.name from action inner join acl on
412 action.acl = acl.name where ";
413  $sSql.= " action.id_application = '" . $this->id_application . "' AND ";
414  $sSql.= " acl.id in ('" . implode("','", $acls) . "')";
415 
416  $res = pg_exec($this->dbid, $sSql);
417 
418  $i = 0;
419  while ($arr = pg_fetch_array($res, $i)) {
420  $this->actions[] = $arr[0];
421  $i++;
422  }
423  return $this->actions;
424  }
425  /**
426  * delete permissions
427  */
428  public function deletePermission($id_user = null, $id_application = null, $id_acl = null, $computed = null)
429  {
430  $sqlCond = array();
431  if ($id_user != null) {
432  $sqlCond[] = sprintf("( id_user = %d )", pg_escape_string($id_user));
433  }
434  if ($id_application != null) {
435  $sqlCond[] = sprintf("( id_application = %d )", pg_escape_string($id_application));
436  }
437  if ($id_acl != null) {
438  $sqlCond[] = sprintf("( abs(id_acl) = abs(%d) )", pg_escape_string($id_acl));
439  }
440  if ($computed != null) {
441  if ($computed = true) {
442  $sqlCond[] = "( computed = TRUE )";
443  } else {
444  $sqlCond[] = "( computed = FALSE OR computed IS NULL )";
445  }
446  }
447 
448  if (count($sqlCond) > 0) {
449  return $this->exec_query(sprintf("DELETE FROM permission WHERE ( %s )", join(" AND ", $sqlCond)));
450  }
451 
452  return false;
453  }
454 }
455 ?>
← centre documentaire © anakeen - published under CC License - Dynacase