extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-24 11:51:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

- inherit ACL and admin from parent categories

Browse Source 
+ ACL get or'ed together (you can't take away rights)
  + admins only get inherited, if there's none defined in cat
- store state of category filter for select resource popup (not
  currently used in stock EGroupware)
This commit is contained in:
Ralf Becker 2009-11-05 19:37:28 +00:00
parent e99af0dfd6
commit c531f0077e
3 changed files with 129 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
resources/inc/class.bo_acl.inc.php
View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* eGroupWare - resources * EGroupWare - resources
* *
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License * @license http://www.gnu.org/licenses/gpl.html GNU General Public License
* @package resources * @package resources
@ -11,15 +11,12 @@
/** /**
* ACL business object for resources * ACL business object for resources
* *
* @package resources * Category rights and admins get inherited from parent categories.
* Current rights and the ones inherited from parents get ORed together,
* while for admins the "closest" cat-admin will be used.
*/ */
class bo_acl class bo_acl
{ {
/**
* @var $permissions Holds alls permissions for resources of user
*/
var $permissions;
var $acl; var $acl;
var $start = 0; var $start = 0;
var $query = ''; var $query = '';
@ -37,13 +34,17 @@ class bo_acl
*/ */
var $egw_cats; var $egw_cats;
function bo_acl($session=False) /**
* Constructor
*
* @param boolean $session
*/
function __construct($session=False)
{ {
define('EGW_ACL_CAT_ADMIN',64); define('EGW_ACL_CAT_ADMIN',64);
define('EGW_ACL_DIRECT_BOOKING',128); define('EGW_ACL_DIRECT_BOOKING',128);
define('EGW_ACL_CALREAD',256); define('EGW_ACL_CALREAD',256);
$this->permissions = $GLOBALS['egw']->acl->get_all_location_rights($GLOBALS['egw_info']['user']['account_id'],'resources',true);
$this->egw_cats = new categories('','resources'); $this->egw_cats = new categories('','resources');
$this->debug = False; $this->debug = False;
@ -68,6 +69,18 @@ class bo_acl
} }
} }
/**
* PHP4 constructor
*
* @param boolean $session
* @deprecated use __construct()
* @return bo_acl
*/
function bo_acl($session=False)
{
self::__construct($session);
}
/** /**
* get list of cats where current user has given rights * get list of cats where current user has given rights
* *
@ -106,9 +119,9 @@ class bo_acl
* @param int $cat_id * @param int $cat_id
* @return mixed name of category * @return mixed name of category
*/ */
function get_cat_name($cat_id) static public function get_cat_name($cat_id)
{ {
return $this->egw_cats->id2name($cat_id); return $GLOBALS['egw']->categories->id2name($cat_id);
} }
/** /**
@ -118,9 +131,9 @@ class bo_acl
* @param int $cat_id * @param int $cat_id
* @return int userid of cat admin * @return int userid of cat admin
*/ */
function get_cat_admin($cat_id) static public function get_cat_admin($cat_id)
{ {
$cat_rights = $this->get_rights($cat_id); $cat_rights = self::get_rights($cat_id);
foreach ($cat_rights as $userid => $right) foreach ($cat_rights as $userid => $right)
{ {
if ($right & EGW_ACL_CAT_ADMIN) if ($right & EGW_ACL_CAT_ADMIN)
@ -128,21 +141,63 @@ class bo_acl
return $userid; return $userid;
} }
} }
// check for an inherited cat admin
if (($parent = $GLOBALS['egw']->categories->id2name($cat_id,'parent')))
{
return self::get_cat_admin($parent);
}
return lang('none'); return lang('none');
} }
/** /**
* cheks one of the following rights for current user: * Permissions including inherited ones
* *
* EGW_ACL_READ, EGW_ACL_ADD, EGW_ACL_EDIT, EGW_ACL_DELETE, EGW_ACL_DIRECT_BOOKING * @var array cat_id => rights
* */
* @param int $cat_id static private $permissions;
* @param int $right static private $resource_acl;
* @return bool user is permitted or not for right
*/ /**
function is_permitted($cat_id,$right) * Get permissions of current user on a given category
*
* @param int $cat_id
* @return int
*/
static public function get_permissions($cat_id)
{ {
return $this->permissions['L'.$cat_id] & $right; if (!isset(self::$permissions[$cat_id]))
{
if (is_null(self::$resource_acl))
{
self::$resource_acl = $GLOBALS['egw']->acl->get_all_location_rights($GLOBALS['egw_info']['user']['account_id'],'resources',true);
}
self::$permissions[$cat_id] = (int)self::$resource_acl['L'.$cat_id];
if (($parent = $GLOBALS['egw']->categories->id2name($cat_id,'parent')))
{
self::$permissions[$cat_id] |= self::get_permissions($parent);
}
}
//echo "<p>".__METHOD__."($cat_id) = ".self::$permissions[$cat_id]."</p>\n";
return self::$permissions[$cat_id];
}
/**
* checks one of the following rights for current user:
*
* EGW_ACL_READ, EGW_ACL_ADD, EGW_ACL_EDIT, EGW_ACL_DELETE, EGW_ACL_DIRECT_BOOKING
*
* @param int $cat_id
* @param int $right
* @return boolean user is permitted or not for right
*/
static public function is_permitted($cat_id,$right)
{
if (!isset(self::$permissions[$cat_id]))
{
self::get_permissions($cat_id);
}
//echo "<p>".__METHOD__."($cat_id,$right) = ".self::$permissions[$cat_id]." & $right = ".(self::$permissions[$cat_id] & $right)."</p>\n";
return (boolean) (self::$permissions[$cat_id] & $right);
} }
/** /**
@ -151,7 +206,7 @@ class bo_acl
* @param int $cat_id * @param int $cat_id
* @return array userid => right * @return array userid => right
*/ */
function get_rights($cat_id) static public function get_rights($cat_id)
{ {
return $GLOBALS['egw']->acl->get_all_rights('L'.$cat_id,'resources'); return $GLOBALS['egw']->acl->get_all_rights('L'.$cat_id,'resources');
} }

20
resources/inc/class.bo_resources.inc.php
View File

@ -27,6 +27,16 @@ class bo_resources
* @var so_resources * @var so_resources
*/ */
var $so; var $so;
/**
* Instance of resources acl class
*
* @var bo_acl
*/
var $acl;
/**
* Instance of categories class for resources
*/
var $cats;
function bo_resources() function bo_resources()
{ {
@ -48,6 +58,16 @@ class bo_resources
*/ */
function get_rows($query,&$rows,&$readonlys) function get_rows($query,&$rows,&$readonlys)
{ {
if ($query['store_state']) // request to store state in session and filter in prefs?
{
egw_cache::setSession('resources',$query['store_state'],$query);
//echo "<p>".__METHOD__."() query[filter]=$query[filter], prefs[resources][filter]={$GLOBALS['egw_info']['user']['preferences']['resources']['filter']}</p>\n";
if ($query['filter'] != $GLOBALS['egw_info']['user']['preferences']['resources']['filter'])
{
$GLOBALS['egw']->preferences->add('resources','filter',$query['filter'],'user');
$GLOBALS['egw']->preferences->save_repository();
}
}
if ($this->debug) _debug_array($query); if ($this->debug) _debug_array($query);
$criteria = array('name' => $query['search'], 'short_description' => $query['search'], 'inventory_number' => $query['search']); $criteria = array('name' => $query['search'], 'short_description' => $query['search'], 'inventory_number' => $query['search']);
$read_onlys = 'res_id,name,short_description,quantity,useable,bookable,buyable,cat_id,location,storage_info'; $read_onlys = 'res_id,name,short_description,quantity,useable,bookable,buyable,cat_id,location,storage_info';

46
resources/inc/class.ui_resources.inc.php
View File

@ -26,10 +26,10 @@ class ui_resources
); );
/** /**
* constructor of class ui_resources * Constructor
* *
*/ */
function ui_resources() function __construct()
{ {
// print_r($GLOBALS['egw_info']); die(); // print_r($GLOBALS['egw_info']); die();
$this->tmpl = new etemplate('resources.show'); $this->tmpl = new etemplate('resources.show');
@ -37,6 +37,15 @@ class ui_resources
// $this->calui = CreateObject('resources.ui_calviews'); // $this->calui = CreateObject('resources.ui_calviews');
} }
/**
* PHP4 constructor
*
* @deprecated use __construct();
*/
function ui_resources()
{
self::__construct();
}
/** /**
* main resources list. * main resources list.
@ -436,20 +445,25 @@ class ui_resources
if (!is_array($content)) if (!is_array($content))
{ {
$content['nm'] = array( if (!($content['nm'] = egw_cache::getSession('resources','get_rows')))
'header_left' => 'resources.resource_select.header', {
'show_bookable' => true, $content['nm'] = array(
'get_rows' => 'resources.bo_resources.get_rows', 'header_left' => 'resources.resource_select.header',
'filter_label' => 'Category', 'show_bookable' => true,
'filter_help' => lang('Select a category'), 'get_rows' => 'resources.bo_resources.get_rows',
'options-filter'=> array(''=>lang('all categories'))+(array)$this->bo->acl->get_cats(EGW_ACL_READ), 'filter_label' => 'Category',
'no_filter2' => true, 'filter_help' => lang('Select a category'),
'filter_no_lang'=> true, 'options-filter'=> array(''=>lang('all categories'))+(array)$this->bo->acl->get_cats(EGW_ACL_READ),
'no_cat' => true, 'no_filter2' => true,
'rows' => array('js_id' => 1), 'filter_no_lang'=> true,
'csv_fields' => false, 'no_cat' => true,
'default_cols' => 'name,cat_id,quantity', // I columns to use if there's no user or default pref 'rows' => array('js_id' => 1),
); 'csv_fields' => false,
'default_cols' => 'name,cat_id,quantity', // I columns to use if there's no user or default pref
'store_state' => 'get_rows', // store in session as for location get_rows
);
$content['nm']['filter'] = $GLOBALS['egw_info']['user']['preferences']['resources']['filter'];
}
} }
$sel_options = array(); $sel_options = array();
$no_button = array(); $no_button = array();