mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-30 03:43:40 +01:00
rewrote AND documented the ACL class with new DB functions to fix the problems pointed out by GulfTech
I backported them to 1.0.0 too, but will give it a view days testing on my server and egroupware.org, before I commit them
This commit is contained in:
parent
290dd01868
commit
12e4740941
@ -23,44 +23,53 @@
|
|||||||
|
|
||||||
/* $Id$ */
|
/* $Id$ */
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@class acl
|
* Access Control List System
|
||||||
@abstract Access Control List Security System
|
*
|
||||||
@discussion This class provides an ACL security scheme.
|
* This class provides an ACL security scheme.
|
||||||
This can manage rights to 'run' applications, and limit certain features within an application.
|
* This can manage rights to 'run' applications, and limit certain features within an application.
|
||||||
It is also used for granting a user "membership" to a group, or making a user have the security equivilance of another user.
|
* It is also used for granting a user "membership" to a group, or making a user have the security equivilance of another user.
|
||||||
It is also used for granting a user or group rights to various records, such as todo or calendar items of another user.
|
* It is also used for granting a user or group rights to various records, such as todo or calendar items of another user.
|
||||||
@syntax CreateObject('phpgwapi.acl',int account_id);
|
* $acl =& CreateObject('phpgwapi.acl',5); // 5 is the user id
|
||||||
@example $acl = CreateObject('phpgwapi.acl',5); // 5 is the user id
|
* @author Seek3r
|
||||||
@example $acl = CreateObject('phpgwapi.acl',10); // 10 is the user id
|
* @copyright LGPL
|
||||||
@author Seek3r
|
* @package api
|
||||||
@copyright LGPL
|
* @subpackage accounts
|
||||||
@package phpgwapi
|
* @access public
|
||||||
@access public
|
*/
|
||||||
*/
|
|
||||||
class acl
|
class acl
|
||||||
{
|
{
|
||||||
/*! @var $account_id */
|
/**
|
||||||
var $account_id;
|
* @var int $account_id the account-id this class is instanciated for
|
||||||
/*! @var $account_type */
|
*/
|
||||||
|
var $account_id = 0;
|
||||||
|
/**
|
||||||
|
* @var $account_type
|
||||||
|
*/
|
||||||
var $account_type;
|
var $account_type;
|
||||||
/*! @var $data */
|
/**
|
||||||
|
* @var array $data internal repository with acl rows for the given app and account-id (incl. memberships)
|
||||||
|
*/
|
||||||
var $data = Array();
|
var $data = Array();
|
||||||
/*! @var $db */
|
/**
|
||||||
|
* @var object/db $db internal copy of the db-object
|
||||||
|
*/
|
||||||
var $db;
|
var $db;
|
||||||
|
/**
|
||||||
|
* @var string $table_name name of the acl_table
|
||||||
|
*/
|
||||||
var $table_name = 'phpgw_acl';
|
var $table_name = 'phpgw_acl';
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function acl
|
* ACL constructor for setting account id
|
||||||
@abstract ACL constructor for setting account id
|
*
|
||||||
@discussion Author: Seek3r <br>
|
* Author: Seek3r <br>
|
||||||
Sets the ID for $acl->account_id. Can be used to change a current instances id as well. <br>
|
* Sets the ID for $acl->account_id. Can be used to change a current instances id as well. <br>
|
||||||
Some functions are specific to this account, and others are generic. <br>
|
* Some functions are specific to this account, and others are generic. <br>
|
||||||
@syntax int acl(int account_id) <br>
|
* @example acl->acl(5); // 5 is the user id <br>
|
||||||
@example1 acl->acl(5); // 5 is the user id <br>
|
* @param int $account_id int-the user id
|
||||||
@param account_id int-the user id
|
*/
|
||||||
*/
|
function acl($account_id = 0)
|
||||||
function acl($account_id = '')
|
|
||||||
{
|
{
|
||||||
$this->db = clone($GLOBALS['egw']->db);
|
$this->db = clone($GLOBALS['egw']->db);
|
||||||
$this->db->set_app('phpgwapi');
|
$this->db->set_app('phpgwapi');
|
||||||
@ -120,149 +129,123 @@
|
|||||||
* These are the standard $this->account_id specific functions *
|
* These are the standard $this->account_id specific functions *
|
||||||
\**************************************************************************/
|
\**************************************************************************/
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function read_repository
|
* Read acl records from reposity
|
||||||
@abstract Read acl records from reposity
|
*
|
||||||
@discussion Author: Seek3r <br>
|
* Author: Seek3r <br>
|
||||||
Reads ACL records for $acl->account_id and returns array along with storing it in $acl->data. <br>
|
* Reads ACL records for $acl->account_id and returns array along with storing it in $acl->data. <br>
|
||||||
Syntax: array read_repository() <br>
|
* Syntax: array read_repository() <br>
|
||||||
Example1: acl->read_repository(); <br>
|
* Example1: acl->read_repository(); <br>
|
||||||
Should only be called within this class
|
* Should only be called within this class
|
||||||
*/
|
*/
|
||||||
function read_repository()
|
function read_repository()
|
||||||
{
|
{
|
||||||
// For some reason, calling this via XML-RPC doesn't call the constructor.
|
// For some reason, calling this via XML-RPC doesn't call the constructor.
|
||||||
// Here is yet another work around(tm) (jengo)
|
// Here is yet another work around(tm) (jengo)
|
||||||
if (! $this->account_id)
|
if (!$this->account_id)
|
||||||
{
|
{
|
||||||
$this->acl();
|
$this->acl();
|
||||||
}
|
}
|
||||||
|
$this->db->select($this->table_name,'*',array(
|
||||||
$sql = 'select * from phpgw_acl where (acl_account in ('.$this->account_id.', 0';
|
'acl_account' => array($this->account_id,0) + array_values((array)$this->get_location_list_for_id('phpgw_group', 1, $this->account_id))
|
||||||
|
),__LINE__,__FILE__);
|
||||||
$groups = $this->get_location_list_for_id('phpgw_group', 1, $this->account_id);
|
|
||||||
while($groups && list($key,$value) = each($groups))
|
|
||||||
{
|
|
||||||
if($value != '')
|
|
||||||
$sql .= ','.$value;
|
|
||||||
}
|
|
||||||
$sql .= '))';
|
|
||||||
$this->db->query($sql ,__LINE__,__FILE__);
|
|
||||||
$count = $this->db->num_rows();
|
|
||||||
$this->data = Array();
|
$this->data = Array();
|
||||||
for ($idx = 0; $idx < $count; ++$idx)
|
while($this->db->next_record())
|
||||||
{
|
{
|
||||||
//reset ($this->data);
|
|
||||||
//while(list($idx,$value) = each($this->data)){
|
|
||||||
$this->db->next_record();
|
|
||||||
$this->data[] = array(
|
$this->data[] = array(
|
||||||
'appname' => $this->db->f('acl_appname'),
|
'appname' => $this->db->f('acl_appname'),
|
||||||
'location' => $this->db->f('acl_location'),
|
'location' => $this->db->f('acl_location'),
|
||||||
'account' => $this->db->f('acl_account'),
|
'account' => $this->db->f('acl_account'),
|
||||||
'rights' => $this->db->f('acl_rights')
|
'rights' => $this->db->f('acl_rights')
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
reset ($this->data);
|
|
||||||
return $this->data;
|
return $this->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function read
|
* Read acl records from $acl->data
|
||||||
@abstract Read acl records from $acl->data
|
*
|
||||||
@discussion Author: Seek3r <br>
|
* Author: Seek3r
|
||||||
Returns ACL records from $acl->data. <br>
|
* @return array all ACL records from $this->data.
|
||||||
Syntax: array read() <br>
|
*/
|
||||||
Example1: acl->read(); <br>
|
|
||||||
*/
|
|
||||||
function read()
|
function read()
|
||||||
{
|
{
|
||||||
if (count($this->data) == 0)
|
if (!count($this->data))
|
||||||
{
|
{
|
||||||
$this->read_repository();
|
$this->read_repository();
|
||||||
}
|
}
|
||||||
reset ($this->data);
|
|
||||||
return $this->data;
|
return $this->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function add
|
* Adds ACL record to the repository of the class
|
||||||
@abstract Adds ACL record to $acl->data
|
*
|
||||||
@discussion Adds ACL record to $acl->data. <br>
|
* Adds ACL record to $this->data.
|
||||||
Syntax: array add() <br>
|
*
|
||||||
Example1: acl->add();
|
* @param string $appname default False derives value from $GLOBALS['egw_info']['flags']['currentapp']
|
||||||
@param $appname default False derives value from $phpgw_info['flags']['currentapp']
|
* @param string $location location
|
||||||
@param $location location
|
* @param int $rights rights
|
||||||
@param $rights rights
|
* @return array all ACL records from $this->data.
|
||||||
*/
|
*/
|
||||||
function add($appname = False, $location, $rights)
|
function add($appname,$location,$rights)
|
||||||
{
|
{
|
||||||
if ($appname == False)
|
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
{
|
|
||||||
settype($appname,'string');
|
$this->data[] = array(
|
||||||
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
'appname' => $appname,
|
||||||
}
|
'location' => $location,
|
||||||
$this->data[] = array('appname' => $appname, 'location' => $location, 'account' => $this->account_id, 'rights' => $rights);
|
'account' => (int) $this->account_id,
|
||||||
reset($this->data);
|
'rights' => (int) $rights
|
||||||
|
);
|
||||||
|
|
||||||
return $this->data;
|
return $this->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function delete
|
* Delete ACL record in the repository of the class
|
||||||
@abstract Delete ACL record
|
*
|
||||||
@discussion
|
* @param string $appname appname or '' for $GLOBALS['egw_info']['flags']['currentapp']
|
||||||
Syntax <br>
|
* @param string $location location
|
||||||
Example: <br>
|
* @return array all ACL records from $this->data.
|
||||||
@param $appname optional defaults to $phpgw_info['flags']['currentapp']
|
*/
|
||||||
@param $location app location
|
function delete($appname,$location)
|
||||||
*/
|
|
||||||
function delete($appname = False, $location)
|
|
||||||
{
|
{
|
||||||
if ($appname == False)
|
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
{
|
|
||||||
settype($appname,'string');
|
foreach($this->data as $idx => $value)
|
||||||
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
|
||||||
}
|
|
||||||
$count = count($this->data);
|
|
||||||
reset ($this->data);
|
|
||||||
while(list($idx,$value) = each($this->data))
|
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['appname'] == $appname && $this->data[$idx]['location'] == $location && $this->data[$idx]['account'] == $this->account_id)
|
if ($this->data[$idx]['appname'] == $appname && $this->data[$idx]['location'] == $location && $this->data[$idx]['account'] == $this->account_id)
|
||||||
{
|
{
|
||||||
$this->data[$idx] = Array();
|
unset($this->data[$idx]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
reset($this->data);
|
|
||||||
return $this->data;
|
return $this->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function save_repostiory
|
* save the internal repository or the class
|
||||||
@abstract save repository
|
*
|
||||||
@discussion save the repository <br>
|
* @return array all ACL records from $this->data.
|
||||||
Syntax: save_repository() <br>
|
*/
|
||||||
example: acl->save_repository()
|
|
||||||
*/
|
|
||||||
|
|
||||||
function save_repository()
|
function save_repository()
|
||||||
{
|
{
|
||||||
reset($this->data);
|
$this->db->delete($this->table_name,array(
|
||||||
|
'acl_account' => $this->account_id,
|
||||||
|
),__LINE__,__FILE__);
|
||||||
|
|
||||||
$sql = 'delete from phpgw_acl where acl_account = '. (int)$this->account_id;
|
foreach($this->data as $value)
|
||||||
$this->db->query($sql ,__LINE__,__FILE__);
|
|
||||||
|
|
||||||
$count = count($this->data);
|
|
||||||
reset ($this->data);
|
|
||||||
while(list($idx,$value) = each($this->data))
|
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['account'] == $this->account_id)
|
if ($value['account'] == $this->account_id)
|
||||||
{
|
{
|
||||||
$sql = 'insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)';
|
$this->db->insert($this->table_name,array(
|
||||||
$sql .= " values('".$this->data[$idx]['appname']."', '"
|
'acl_appname' => $value['appname'],
|
||||||
. $this->data[$idx]['location']."', ".$this->account_id.', '.$this->data[$idx]['rights'].')';
|
'acl_location' => $value['location'],
|
||||||
$this->db->query($sql ,__LINE__,__FILE__);
|
'acl_account' => $this->account_id,
|
||||||
|
'acl_rights' => $value['rights'],
|
||||||
|
),false,__LINE__,__FILE__);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
reset($this->data);
|
|
||||||
return $this->data;
|
return $this->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -270,214 +253,124 @@
|
|||||||
* These are the non-standard $this->account_id specific functions *
|
* These are the non-standard $this->account_id specific functions *
|
||||||
\**************************************************************************/
|
\**************************************************************************/
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function get_rights
|
* get rights from the class repository (included rights of $this->account_id and all it's memberships)
|
||||||
@abstract get rights from the repository not specific to this->account_id (?)
|
*
|
||||||
@discussion
|
* @param string $location app location to get rights from
|
||||||
@param $location app location to get rights from
|
* @param string $appname optional defaults to $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
@param $appname optional defaults to $phpgw_info['flags']['currentapp'];
|
* @return int al rights or'ed together
|
||||||
*/
|
*/
|
||||||
function get_rights($location,$appname = False)
|
function get_rights($location,$appname = '')
|
||||||
{
|
{
|
||||||
// For XML-RPC, change this once its working correctly for passing parameters (jengo)
|
// For XML-RPC, change this once its working correctly for passing parameters (jengo)
|
||||||
if (is_array($location))
|
if (is_array($location))
|
||||||
{
|
{
|
||||||
$a = $location;
|
$appname = $location['appname'];
|
||||||
$location = $a['location'];
|
$location = $location['location'];
|
||||||
$appname = $a['appname'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (count($this->data) == 0)
|
if (!count($this->data))
|
||||||
{
|
{
|
||||||
$this->read_repository();
|
$this->read_repository();
|
||||||
}
|
}
|
||||||
reset ($this->data);
|
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
if ($appname == False)
|
|
||||||
{
|
if (!count($this->data) && $GLOBALS['egw_info']['server']['acl_default'] != 'deny')
|
||||||
settype($appname,'string');
|
|
||||||
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
|
||||||
}
|
|
||||||
$count = count($this->data);
|
|
||||||
if ($count == 0 && $GLOBALS['egw_info']['server']['acl_default'] != 'deny')
|
|
||||||
{
|
{
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
$rights = 0;
|
$rights = 0;
|
||||||
//for ($idx = 0; $idx < $count; ++$idx){
|
foreach($this->data as $idx => $value)
|
||||||
reset ($this->data);
|
|
||||||
while(list($idx,$value) = each($this->data))
|
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['appname'] == $appname)
|
if ($value['appname'] == $appname)
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['location'] == $location || $this->data[$idx]['location'] == 'everywhere')
|
if ($value['location'] == $location || $value['location'] == 'everywhere')
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['rights'] == 0)
|
if ($value['rights'] == 0)
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
$rights |= $value['rights'];
|
||||||
$rights |= $this->data[$idx]['rights'];
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $rights;
|
return $rights;
|
||||||
}
|
}
|
||||||
/*!
|
|
||||||
@function check
|
/**
|
||||||
@abstract check required rights (not specific to this->account_id?)
|
* check required rights agains the internal repository (included rights of $this->account_id and all it's memberships)
|
||||||
@param $location app location
|
*
|
||||||
@param $required required right to check against
|
* @param $location app location
|
||||||
@param $appname optional defaults to currentapp
|
* @param $required required right to check against
|
||||||
*/
|
* @param $appname optional defaults to currentapp
|
||||||
|
*/
|
||||||
function check($location, $required, $appname = False)
|
function check($location, $required, $appname = False)
|
||||||
{
|
{
|
||||||
$rights = $this->get_rights($location,$appname);
|
$rights = $this->get_rights($location,$appname);
|
||||||
|
|
||||||
return !!($rights & $required);
|
return !!($rights & $required);
|
||||||
}
|
}
|
||||||
/*!
|
|
||||||
@function get_specific_rights
|
|
||||||
@abstract get specific rights for this->account_id for an app location
|
|
||||||
@param $location app location
|
|
||||||
@param $appname optional defaults to currentapp
|
|
||||||
@result $rights ?
|
|
||||||
*/
|
|
||||||
function get_specific_rights($location, $appname = False)
|
|
||||||
{
|
|
||||||
if ($appname == False)
|
|
||||||
{
|
|
||||||
settype($appname,'string');
|
|
||||||
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
|
||||||
}
|
|
||||||
|
|
||||||
$count = count($this->data);
|
/**
|
||||||
if ($count == 0 && $GLOBALS['egw_info']['server']['acl_default'] != 'deny')
|
* get specific rights for this->account_id for an app location
|
||||||
|
*
|
||||||
|
* @param string $location app location
|
||||||
|
* @param string $appname optional defaults to currentapp
|
||||||
|
* @return int $rights
|
||||||
|
*/
|
||||||
|
function get_specific_rights($location, $appname = '')
|
||||||
|
{
|
||||||
|
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
|
|
||||||
|
if (!count($this->data) && $GLOBALS['egw_info']['server']['acl_default'] != 'deny')
|
||||||
{
|
{
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
$rights = 0;
|
$rights = 0;
|
||||||
|
|
||||||
reset ($this->data);
|
foreach($this->data as $idx => $value)
|
||||||
while(list($idx,$value) = each($this->data))
|
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['appname'] == $appname &&
|
if ($value['appname'] == $appname &&
|
||||||
($this->data[$idx]['location'] == $location ||
|
($value['location'] == $location || $value['location'] == 'everywhere') &&
|
||||||
$this->data[$idx]['location'] == 'everywhere') &&
|
$value['account'] == $this->account_id)
|
||||||
$this->data[$idx]['account'] == $this->account_id)
|
|
||||||
{
|
{
|
||||||
if ($this->data[$idx]['rights'] == 0)
|
if ($value['rights'] == 0)
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
$rights |= $this->data[$idx]['rights'];
|
$rights |= $value['rights'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $rights;
|
return $rights;
|
||||||
}
|
}
|
||||||
/*!
|
|
||||||
@function check_specific
|
/**
|
||||||
@abstract check specific
|
* check specific rights
|
||||||
@param $location app location
|
*
|
||||||
@param $required required rights
|
* @param string $location app location
|
||||||
@param $appname optional defaults to currentapp
|
* @param int $required required rights
|
||||||
@result boolean
|
* @param string $appname optional defaults to currentapp
|
||||||
*/
|
* @return boolean
|
||||||
function check_specific($location, $required, $appname = False)
|
*/
|
||||||
|
function check_specific($location, $required, $appname = '')
|
||||||
{
|
{
|
||||||
$rights = $this->get_specific_rights($location,$appname);
|
$rights = $this->get_specific_rights($location,$appname);
|
||||||
|
|
||||||
return !!($rights & $required);
|
return !!($rights & $required);
|
||||||
}
|
}
|
||||||
/*!
|
|
||||||
@function get_location_list
|
|
||||||
@abstract ?
|
|
||||||
@param $app appname
|
|
||||||
@param $required ?
|
|
||||||
*/
|
|
||||||
function get_location_list($app, $required)
|
|
||||||
{
|
|
||||||
// User piece
|
|
||||||
$sql = "select acl_location, acl_rights from phpgw_acl where acl_appname = '$app' ";
|
|
||||||
$sql .= " and (acl_account in ('".$this->account_id."', 0"; // group 0 covers all users
|
|
||||||
$equalto = $GLOBALS['egw']->accounts->security_equals($this->account_id);
|
|
||||||
if (is_array($equalto) && count($equalto) > 0)
|
|
||||||
{
|
|
||||||
for ($idx = 0; $idx < count($equalto); ++$idx)
|
|
||||||
{
|
|
||||||
$sql .= ','.$equalto[$idx][0];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$sql .= ')))';
|
|
||||||
|
|
||||||
$this->db->query($sql ,__LINE__,__FILE__);
|
|
||||||
$rights = 0;
|
|
||||||
if ($this->db->num_rows() == 0 )
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
while ($this->db->next_record())
|
|
||||||
{
|
|
||||||
if ($this->db->f('acl_rights') == 0)
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
$rights |= $this->db->f('acl_rights');
|
|
||||||
if (!!($rights & $required) == True)
|
|
||||||
{
|
|
||||||
$locations[] = $this->db->f('acl_location');
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $locations;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
This is kinda how the function SHOULD work, so that it doesnt need to do its own sql query.
|
|
||||||
It should use the values in the $this->data
|
|
||||||
|
|
||||||
function get_location_list($app, $required)
|
|
||||||
{
|
|
||||||
if ($appname == False)
|
|
||||||
{
|
|
||||||
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
|
||||||
}
|
|
||||||
|
|
||||||
$count = count($this->data);
|
|
||||||
if ($count == 0 && $GLOBALS['egw_info']['server']['acl_default'] != 'deny'){ return True; }
|
|
||||||
$rights = 0;
|
|
||||||
|
|
||||||
reset ($this->data);
|
|
||||||
while(list($idx,$value) = each($this->data))
|
|
||||||
{
|
|
||||||
if ($this->data[$idx]['appname'] == $appname && $this->data[$idx]['rights'] != 0)
|
|
||||||
{
|
|
||||||
$location_rights[$this->data[$idx]['location']] |= $this->data[$idx]['rights'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
reset($location_rights);
|
|
||||||
for ($idx = 0; $idx < count($location_rights); ++$idx)
|
|
||||||
{
|
|
||||||
if (!!($location_rights[$idx] & $required) == True)
|
|
||||||
{
|
|
||||||
$location_rights[] = $this->data[$idx]['location'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $locations;
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**************************************************************************\
|
/**************************************************************************\
|
||||||
* These are the generic functions. Not specific to $this->account_id *
|
* These are the generic functions. Not specific to $this->account_id *
|
||||||
\**************************************************************************/
|
\**************************************************************************/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* add repository information / rights for app/location/account_id
|
* add repository information / rights for app/location/account_id to the database
|
||||||
*
|
*
|
||||||
* @param $app appname
|
* @param string $app appname
|
||||||
* @param $location location
|
* @param string $location location
|
||||||
* @param $account_id account id
|
* @param int $account_id account id
|
||||||
* @param $rights rights
|
* @param int $rights rights
|
||||||
|
* @return boolean allways true
|
||||||
*/
|
*/
|
||||||
function add_repository($app, $location, $account_id, $rights)
|
function add_repository($app, $location, $account_id, $rights)
|
||||||
{
|
{
|
||||||
@ -494,7 +387,8 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* delete repository information / rights for app/location[/account_id]
|
* delete repository information / rights for app/location[/account_id] from the DB
|
||||||
|
*
|
||||||
* @param string $app appname
|
* @param string $app appname
|
||||||
* @param string $location location
|
* @param string $location location
|
||||||
* @param int/boolean $account_id account id, default 0=$this->account_id, or false to delete all entries for $app/$location
|
* @param int/boolean $account_id account id, default 0=$this->account_id, or false to delete all entries for $app/$location
|
||||||
@ -524,14 +418,15 @@
|
|||||||
return $this->db->affected_rows();
|
return $this->db->affected_rows();
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function get_app_list_for_id
|
* get application list for an account id
|
||||||
@abstract get application list for an account id
|
*
|
||||||
@param $location location
|
* @param string $location location
|
||||||
@param $required ?
|
* @param int $required required rights
|
||||||
@param $account_id account id defaults to $phpgw_info['user']['account_id'];
|
* @param int $account_id account id defaults to $GLOBALS['egw_info']['user']['account_id'];
|
||||||
*/
|
* @return array/boolean false if there are no matching row in the db, else array with app-names
|
||||||
function get_app_list_for_id($location, $required, $accountid = '')
|
*/
|
||||||
|
function get_app_list_for_id($location, $required, $accountid = 0)
|
||||||
{
|
{
|
||||||
static $cache_accountid;
|
static $cache_accountid;
|
||||||
|
|
||||||
@ -544,15 +439,13 @@
|
|||||||
$account_id = get_account_id($accountid,$this->account_id);
|
$account_id = get_account_id($accountid,$this->account_id);
|
||||||
$cache_accountid[$accountid] = $account_id;
|
$cache_accountid[$accountid] = $account_id;
|
||||||
}
|
}
|
||||||
$sql = 'SELECT acl_appname, acl_rights from phpgw_acl ';
|
$this->db->select($this->table_name,array('acl_appname','acl_rights'),array(
|
||||||
$sql .= "where acl_location = '" . $this->db->db_addslashes($location) . "' ";
|
'acl_location' => $location,
|
||||||
$sql .= 'AND acl_account = ' . (int)$account_id;
|
'acl_account' => $account_id,
|
||||||
$this->db->query($sql ,__LINE__,__FILE__);
|
),__LINE__,__FILE__);
|
||||||
|
|
||||||
$rights = 0;
|
$rights = 0;
|
||||||
if ($this->db->num_rows() == 0 )
|
$apps = false;
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
while ($this->db->next_record())
|
while ($this->db->next_record())
|
||||||
{
|
{
|
||||||
if ($this->db->f('acl_rights') == 0)
|
if ($this->db->f('acl_rights') == 0)
|
||||||
@ -560,7 +453,7 @@
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
$rights |= $this->db->f('acl_rights');
|
$rights |= $this->db->f('acl_rights');
|
||||||
if (!!($rights & $required) == True)
|
if (!!($rights & $required))
|
||||||
{
|
{
|
||||||
$apps[] = $this->db->f('acl_appname');
|
$apps[] = $this->db->f('acl_appname');
|
||||||
}
|
}
|
||||||
@ -568,15 +461,15 @@
|
|||||||
return $apps;
|
return $apps;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function get_location_list_for_id
|
* get location list for id
|
||||||
@abstract get location list for id
|
*
|
||||||
@discussion ?
|
* @param string $app app
|
||||||
@param $app app
|
* @param int $required required rights
|
||||||
@param $required required
|
* @param int $account_id optional defaults to $GLOBALS['egw_info']['user']['account_id'];
|
||||||
@param $account_id optional defaults to $phpgw_info['user']['account_id'];
|
* @return array/boolean false if there are no matching rows in the db or array with location-strings
|
||||||
*/
|
*/
|
||||||
function get_location_list_for_id($app, $required, $accountid = '')
|
function get_location_list_for_id($app, $required, $accountid = 0)
|
||||||
{
|
{
|
||||||
static $cache_accountid;
|
static $cache_accountid;
|
||||||
|
|
||||||
@ -603,47 +496,42 @@
|
|||||||
}
|
}
|
||||||
return $locations;
|
return $locations;
|
||||||
}
|
}
|
||||||
/*!
|
|
||||||
@function get_ids_for_location
|
/**
|
||||||
@abstract get ids for location
|
* get ids for location
|
||||||
@param $location location
|
*
|
||||||
@param $required required
|
* @param string $location location
|
||||||
@param $app app optional defaults to $phpgw_info['flags']['currentapp'];
|
* @param int $required required rights
|
||||||
*/
|
* @param string $app app optional defaults to $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
function get_ids_for_location($location, $required, $app = False)
|
* @return boolean/array false if there are no matching rows in the db or array of account-ids
|
||||||
|
*/
|
||||||
|
function get_ids_for_location($location, $required, $app = '')
|
||||||
{
|
{
|
||||||
if ($app == False)
|
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
{
|
|
||||||
$app = $GLOBALS['egw_info']['flags']['currentapp'];
|
$this->db->select($this->table_name,array('acl_account','acl_rights'),array(
|
||||||
}
|
'acl_appname' => $app,
|
||||||
$sql = "select acl_account, acl_rights from phpgw_acl where acl_appname = '$app' and ";
|
'acl_location' => $location,
|
||||||
$sql .= "acl_location = '".$location."'";
|
),__LINE__,__FILE__);
|
||||||
$this->db->query($sql ,__LINE__,__FILE__);
|
|
||||||
$rights = 0;
|
$accounts = false;
|
||||||
if ($this->db->num_rows() == 0 )
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
while ($this->db->next_record())
|
while ($this->db->next_record())
|
||||||
{
|
{
|
||||||
$rights = 0;
|
if (!!($this->db->f('acl_rights') & $required))
|
||||||
$rights |= $this->db->f('acl_rights');
|
|
||||||
if (!!($rights & $required) == True)
|
|
||||||
{
|
{
|
||||||
$accounts[] = (int)$this->db->f('acl_account');
|
$accounts[] = (int) $this->db->f('acl_account');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@reset($accounts);
|
|
||||||
return $accounts;
|
return $accounts;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/**
|
||||||
@function get_user_applications
|
* get a list of applications a user has rights to
|
||||||
@abstract get a list of applications a user has rights to
|
*
|
||||||
@param $account_id optional defaults to $phpgw_info['user']['account_id'];
|
* @param int $account_id optional defaults to $GLOBALS['egw_info']['user']['account_id'];
|
||||||
@result $apps array containing list of apps
|
* @return boolean/array containing list of apps or false if there are none
|
||||||
*/
|
*/
|
||||||
function get_user_applications($accountid = '')
|
function get_user_applications($accountid = 0)
|
||||||
{
|
{
|
||||||
static $cache_accountid;
|
static $cache_accountid;
|
||||||
|
|
||||||
@ -656,73 +544,52 @@
|
|||||||
$account_id = get_account_id($accountid,$this->account_id);
|
$account_id = get_account_id($accountid,$this->account_id);
|
||||||
$cache_accountid[$accountid] = $account_id;
|
$cache_accountid[$accountid] = $account_id;
|
||||||
}
|
}
|
||||||
|
$memberships = array($account_id);
|
||||||
|
foreach((array)$GLOBALS['egw']->accounts->membership($account_id) as $group)
|
||||||
|
{
|
||||||
|
$memberships[] = $group['account_id'];
|
||||||
|
}
|
||||||
$db2 = clone($this->db);
|
$db2 = clone($this->db);
|
||||||
$memberships = $GLOBALS['egw']->accounts->membership($account_id);
|
$db2->select($this->table_name,array('acl_appname','acl_rights'),array(
|
||||||
$sql = "select acl_appname, acl_rights from phpgw_acl where acl_location = 'run' and "
|
'acl_location' => 'run',
|
||||||
. 'acl_account in ';
|
'acl_account' => $memberships,
|
||||||
$security = '('.$account_id;
|
),__LINE__,__FILE__);
|
||||||
while($groups = @each($memberships))
|
|
||||||
{
|
|
||||||
$group = each($groups);
|
|
||||||
$security .= ','.$group[1]['account_id'];
|
|
||||||
}
|
|
||||||
$security .= ')';
|
|
||||||
$db2->query($sql . $security ,__LINE__,__FILE__);
|
|
||||||
|
|
||||||
if ($db2->num_rows() == 0)
|
$apps = false;
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
while ($db2->next_record())
|
while ($db2->next_record())
|
||||||
{
|
{
|
||||||
if(isset($apps[$db2->f('acl_appname')]))
|
$app = $db2->f('acl_appname');
|
||||||
|
if(!isset($apps[$app]))
|
||||||
{
|
{
|
||||||
$rights = $apps[$db2->f('acl_appname')];
|
$apps[$app] = 0;
|
||||||
}
|
}
|
||||||
else
|
$apps[$app] |= (int) $db2->f('acl_rights');
|
||||||
{
|
|
||||||
$rights = 0;
|
|
||||||
$apps[$db2->f('acl_appname')] = 0;
|
|
||||||
}
|
|
||||||
$rights |= $db2->f('acl_rights');
|
|
||||||
$apps[$db2->f('acl_appname')] |= $rights;
|
|
||||||
}
|
}
|
||||||
return $apps;
|
return $apps;
|
||||||
}
|
}
|
||||||
/*!
|
|
||||||
@function get_grants
|
/**
|
||||||
@abstract ?
|
* Read the grants other users gave $this->account_id for $app, group ACL is taken into account
|
||||||
@param $app optional defaults to $phpgw_info['flags']['currentapp'];
|
*
|
||||||
*/
|
* @param string $app optional defaults to $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
|
* @return array with account-ids (of owners) and granted rights as values
|
||||||
|
*/
|
||||||
function get_grants($app='')
|
function get_grants($app='')
|
||||||
{
|
{
|
||||||
|
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
|
|
||||||
|
$memberships = array($account_id);
|
||||||
|
foreach((array)$GLOBALS['egw']->accounts->membership($account_id) as $group)
|
||||||
|
{
|
||||||
|
$memberships[] = $group['account_id'];
|
||||||
|
}
|
||||||
$db2 = clone($this->db);
|
$db2 = clone($this->db);
|
||||||
|
$db2->select($this->table_name,array('acl_account','acl_rights'),array(
|
||||||
if ($app=='')
|
'acl_appname' => $app,
|
||||||
{
|
'acl_location' => $memberships,
|
||||||
$app = $GLOBALS['egw_info']['flags']['currentapp'];
|
),__LINE__,__FILE__);
|
||||||
}
|
|
||||||
|
$grants = $accounts = Array();
|
||||||
$sql = "select acl_account, acl_rights from phpgw_acl where acl_appname = '$app' and "
|
|
||||||
. "acl_location in ";
|
|
||||||
$security = "('". $this->account_id ."'";
|
|
||||||
$myaccounts = CreateObject('phpgwapi.accounts');
|
|
||||||
$my_memberships = $myaccounts->membership($this->account_id);
|
|
||||||
unset($myaccounts);
|
|
||||||
@reset($my_memberships);
|
|
||||||
while($my_memberships && list($key,$group) = each($my_memberships))
|
|
||||||
{
|
|
||||||
$security .= ",'" . $group['account_id'] . "'";
|
|
||||||
}
|
|
||||||
$security .= ')';
|
|
||||||
$db2->query($sql . $security ,__LINE__,__FILE__);
|
|
||||||
$rights = 0;
|
|
||||||
$accounts = Array();
|
|
||||||
if ($db2->num_rows() == 0)
|
|
||||||
{
|
|
||||||
$grants[$GLOBALS['egw_info']['user']['account_id']] = ~0;
|
|
||||||
return $grants;
|
|
||||||
}
|
|
||||||
while ($db2->next_record())
|
while ($db2->next_record())
|
||||||
{
|
{
|
||||||
$grantor = $db2->f('acl_account');
|
$grantor = $db2->f('acl_account');
|
||||||
@ -758,7 +625,7 @@
|
|||||||
$grants[$grantor] |= EGW_ACL_READ;
|
$grants[$grantor] |= EGW_ACL_READ;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
while(list($nul,$grantors) = each($accounts[$grantor]))
|
foreach($accounts[$grantor] as $grantors)
|
||||||
{
|
{
|
||||||
if(!isset($grants[$grantors]))
|
if(!isset($grants[$grantors]))
|
||||||
{
|
{
|
||||||
@ -766,7 +633,6 @@
|
|||||||
}
|
}
|
||||||
$grants[$grantors] |= $rights;
|
$grants[$grantors] |= $rights;
|
||||||
}
|
}
|
||||||
reset($accounts[$grantor]);
|
|
||||||
}
|
}
|
||||||
$grants[$GLOBALS['egw_info']['user']['account_id']] = ~0;
|
$grants[$GLOBALS['egw_info']['user']['account_id']] = ~0;
|
||||||
|
|
||||||
@ -782,10 +648,14 @@
|
|||||||
{
|
{
|
||||||
if ((int) $account_id)
|
if ((int) $account_id)
|
||||||
{
|
{
|
||||||
$this->db->query('DELETE FROM phpgw_acl WHERE acl_account='.(int)$account_id,__LINE__,__FILE__);
|
$this->db->delete($this->table_name,array(
|
||||||
|
'acl_account' => $account_id
|
||||||
|
),__LINE__,__FILE__);
|
||||||
// delete all memberships in account_id (if it is a group)
|
// delete all memberships in account_id (if it is a group)
|
||||||
$this->db->query("DELETE FROM phpgw_acl WHERE acl_appname='phpgw_group' AND acl_location='".(int)$account_id."'",__LINE__,__FILE__);
|
$this->db->delete($this->table_name,array(
|
||||||
|
'acl_appname' => 'phpgw_group',
|
||||||
|
'acl_location' => $account_id,
|
||||||
|
),__LINE__,__FILE__);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} //end of acl class
|
} //end of acl class
|
||||||
?>
|
|
||||||
|
Loading…
Reference in New Issue
Block a user