extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-17 02:41:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

"using global db object"

Browse Source
This commit is contained in:
Ralf Becker 2008-03-21 11:49:28 +00:00
parent add5646e48
commit de74e8b6ce
1 changed files with 660 additions and 702 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
phpgwapi/inc/class.acl.inc.php
View File

@ -1,29 +1,17 @@
<?php
/**************************************************************************\
* eGroupWare API - Access Control List *
* This file written by Dan Kuykendall <seek3r@phpgroupware.org> *
* Security scheme based on ACL design *
* Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------*
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
* This library is free software; you can redistribute it and/or modify it *
* under the terms of the GNU Lesser General Public License as published by *
* the Free Software Foundation; either version 2.1 of the License, *
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/**
* eGroupWare API - Applications
*
* @link http://www.egroupware.org
* @author Dan Kuykendall <seek3r@phpgroupware.org>
* Copyright (C) 2000, 2001 Dan Kuykendall
* @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
* @package api
* @subpackage accounts
* @version $Id$
*/
/* $Id$ */
/**
/**
* Access Control List System
*
* This class provides an ACL security scheme.
@ -31,15 +19,9 @@
* It is also used for granting a user "membership" to a group, or making a user have the security equivilance of another user.
* It is also used for granting a user or group rights to various records, such as todo or calendar items of another user.
* $acl =& CreateObject('phpgwapi.acl',5); // 5 is the user id
*
* @author Seek3r and others
* @copyright LGPL
* @package api
* @subpackage accounts
* @access public
*/
class acl
{
class acl
{
/**
* @var int $account_id the account-id this class is instanciated for
*/
@ -61,7 +43,7 @@
/**
* @var string $table_name name of the acl_table
*/
var $table_name = 'egw_acl';
const TABLE = 'egw_acl';
/**
* ACL constructor for setting account id
@ -76,14 +58,12 @@
{
if (is_object($GLOBALS['egw_setup']->db))
{
$this->db = clone($GLOBALS['egw_setup']->db);
$this->db = $GLOBALS['egw_setup']->db;
}
else
{
$this->db = clone($GLOBALS['egw']->db);
$this->db = $GLOBALS['egw']->db;
}
$this->db->set_app('phpgwapi');
if ((int)$this->account_id != (int)$account_id)
{
$this->account_id = get_account_id((int)$account_id,@$GLOBALS['egw_info']['user']['account_id']);
@ -155,12 +135,12 @@
}
$acl_acc_list = $GLOBALS['egw']->accounts->memberships($this->account_id,true);
@array_unshift($acl_acc_list,$this->account_id);
$this->db->select($this->table_name,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__);
$this->data = Array();
while(($row = $this->db->row(true,'acl_')))
foreach($this->db->select(acl::TABLE,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__) as $row)
{
$this->data[$row['appname'].'-'.$row['location'].'-'.$row['account']] = $row;
$this->data[$row['acl_appname'].'-'.$row['acl_location'].'-'.$row['acl_account']] = egw_db::strip_array_keys($row,'acl_');
}
return $this->data;
}
@ -234,7 +214,7 @@
*/
function save_repository()
{
$this->db->delete($this->table_name,array(
$this->db->delete(acl::TABLE,array(
'acl_account' => $this->account_id,
),__LINE__,__FILE__);
@ -242,7 +222,7 @@
{
if ($value['account'] == $this->account_id)
{
$this->db->insert($this->table_name,array(
$this->db->insert(acl::TABLE,array(
'acl_appname' => $value['appname'],
'acl_location' => $value['location'],
'acl_account' => $this->account_id,
@ -386,7 +366,7 @@
function add_repository($app, $location, $account_id, $rights)
{
//echo "<p>acl::add_repository('$app','$location',$account_id,$rights);</p>\n";
$this->db->insert($this->table_name,array(
$this->db->insert(acl::TABLE,array(
'acl_rights' => $rights,
),array(
'acl_appname' => $app,
@ -435,7 +415,7 @@
}
if ($app == '%' || $app == '%%') unset($where['acl_appname']);
$this->db->delete($this->table_name,$where,__LINE__,__FILE__);
$this->db->delete(acl::TABLE,$where,__LINE__,__FILE__);
return $this->db->affected_rows();
}
@ -452,13 +432,11 @@
{
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,'acl_rights',array(
return $this->db->select(acl::TABLE,'acl_rights',array(
'acl_location' => $location,
'acl_account' => $account_id,
'acl_appname' => $appname,
),__LINE__,__FILE__);
return $this->db->next_record() ? $this->db->f('acl_rights') : false;
),__LINE__,__FILE__)->fetchSingle();
}
/**
@ -472,15 +450,13 @@
{
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,'acl_account,acl_rights',array(
$rights = array();
foreach($this->db->select(acl::TABLE,'acl_account,acl_rights',array(
'acl_location' => $location,
'acl_appname' => $appname,
),__LINE__,__FILE__);
$rights = array();
while($this->db->next_record())
),__LINE__,__FILE__) as $row)
{
$rights[$this->db->f('acl_account')] = $this->db->f('acl_rights');
$rights[$row['acl_account']] = $row['acl_rights'];
}
return $rights;
}
@ -505,15 +481,13 @@
$accounts[] = $group['account_id'];
}
}
$this->db->select($this->table_name,'acl_location,acl_rights',array(
$rights = array();
foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array(
'acl_account' => $accounts,
'acl_appname' => $appname,
),__LINE__,__FILE__);
$rights = array();
while($this->db->next_record())
),__LINE__,__FILE__) as $row)
{
$rights[$this->db->f('acl_location')] |= $this->db->f('acl_rights');
$rights[$row['acl_location']] |= $row['acl_rights'];
}
return $rights;
}
@ -539,23 +513,21 @@
$account_id = get_account_id($accountid,$this->account_id);
$cache_accountid[$accountid] = $account_id;
}
$this->db->select($this->table_name,array('acl_appname','acl_rights'),array(
'acl_location' => $location,
'acl_account' => $account_id,
),__LINE__,__FILE__);
$rights = 0;
$apps = false;
while ($this->db->next_record())
foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array(
'acl_location' => $location,
'acl_account' => $account_id,
),__LINE__,__FILE__) as $row)
{
if ($this->db->f('acl_rights') == 0)
if ($row['acl_rights'] == 0)
{
return False;
}
$rights |= $this->db->f('acl_rights');
$rights |= $row['acl_rights'];
if (!!($rights & $required))
{
$apps[] = $this->db->f('acl_appname');
$apps[] = $row['acl_appname'];
}
}
return $apps;
@ -581,17 +553,15 @@
{
$accountid = $cache_accountid[$accountid] = get_account_id($accountid,$this->account_id);
}
$this->db->select($this->table_name,'acl_location,acl_rights',array(
$locations = false;
foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array(
'acl_appname' => $app,
'acl_account' => $accountid,
),__LINE__,__FILE__);
$locations = false;
while ($this->db->next_record())
),__LINE__,__FILE__) as $row)
{
if ($this->db->f('acl_rights') & $required)
if ($row['acl_rights'] & $required)
{
$locations[] = $this->db->f('acl_location');
$locations[] = $row['acl_location'];
}
}
return $locations;
@ -609,17 +579,15 @@
{
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,array('acl_account','acl_rights'),array(
$accounts = false;
foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights'),array(
'acl_appname' => $app,
'acl_location' => $location,
),__LINE__,__FILE__);
$accounts = false;
while ($this->db->next_record())
),__LINE__,__FILE__) as $row)
{
if (!!($this->db->f('acl_rights') & $required))
if (!!($row['acl_rights'] & $required))
{
$accounts[] = (int) $this->db->f('acl_account');
$accounts[] = (int) $row['acl_account'];
}
}
return $accounts;
@ -635,14 +603,12 @@
{
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,'DISTINCT '.'acl_location',array(
'acl_appname' => $app,
),__LINE__,__FILE__);
$locations = false;
while ($this->db->next_record())
foreach($this->db->select(acl::TABLE,'DISTINCT '.'acl_location',array(
'acl_appname' => $app,
),__LINE__,__FILE__) as $row)
{
if (($location = $this->db->f(0)) != 'run')
if (($location = $row['acl_location']) != 'run')
{
$locations[] = $location;
}
@ -669,26 +635,21 @@
$account_id = get_account_id($accountid,$this->account_id);
$cache_accountid[$accountid] = $account_id;
}
$memberships = array($account_id);
foreach((array)$GLOBALS['egw']->accounts->membership($account_id) as $group)
{
$memberships[] = $group['account_id'];
}
$db2 = clone($this->db);
$db2->select($this->table_name,array('acl_appname','acl_rights'),array(
'acl_location' => 'run',
'acl_account' => $memberships,
),__LINE__,__FILE__);
$memberships = $GLOBALS['egw']->accounts->memberships($account_id,true);
$memberships[] = $account_id;
$apps = false;
while ($db2->next_record())
foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array(
'acl_location' => 'run',
'acl_account' => $memberships,
),__LINE__,__FILE__) as $row)
{
$app = $db2->f('acl_appname');
$app = $row['acl_appname'];
if(!isset($apps[$app]))
{
$apps[$app] = 0;
}
$apps[$app] |= (int) $db2->f('acl_rights');
$apps[$app] |= (int) $row['acl_rights'];
}
return $apps;
}
@ -710,18 +671,15 @@
{
$memberships[] = $group['account_id'];
}
$db2 = clone($this->db);
$db2->select($this->table_name,array('acl_account','acl_rights','acl_location'),array(
$grants = $accounts = Array();
foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights','acl_location'),array(
'acl_appname' => $app,
'acl_location' => $memberships,
),__LINE__,__FILE__);
$grants = $accounts = Array();
while ($db2->next_record())
),__LINE__,__FILE__) as $row)
{
$grantor = $db2->f('acl_account');
$rights = $db2->f('acl_rights');
$granted_to = (int) $db2->f('acl_location');
$grantor = $row['acl_account'];
$rights = $row['acl_rights'];
$granted_to = (int) $row['acl_location'];
if(!isset($grants[$grantor]))
{
@ -767,14 +725,14 @@
{
if ((int) $account_id)
{
$this->db->delete($this->table_name,array(
$this->db->delete(acl::TABLE,array(
'acl_account' => $account_id
),__LINE__,__FILE__);
// delete all memberships in account_id (if it is a group)
$this->db->delete($this->table_name,array(
$this->db->delete(acl::TABLE,array(
'acl_appname' => 'phpgw_group',
'acl_location' => $account_id,
),__LINE__,__FILE__);
}
}
} //end of acl class
} //end of acl class