egroupware_official/admin/inc/class.admin_cmd_account_app.inc.php
Ralf Becker 462719d45e A very first step to remodel our current admin backend:
- all commands get loged and optional documented with requesting
  person and a comment
- all commands can be run immediatly or scheduled for a later execusion
- all commands can be run either from a command line (admin-cli), from
  the web GUI or via a remore administration from a different instance
current status: 
- command queue / history table created (need to be installed)
- base class for all comments
- one exemplary command to change application rights of users or groups
- admin-cli used the above comment and has additional parameters to set
  the requesting person, scheduled execution time and comment
- GUI to watch the queue / history
- URL to excute/schedule commands remote
More to come now on a daily basis
2007-11-22 00:57:12 +00:00

88 lines
2.5 KiB
PHP

<?php
/**
* eGgroupWare admin - admin command: give or remove run rights from a given account and application
*
* @link http://www.egroupware.org
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @package admin
* @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');
/**
* admin command: give or remove run rights from a given account and application
*/
class admin_cmd_account_app extends admin_cmd
{
/**
* Constructor
*
* @param boolean/array $allow true=give rights, false=remove rights, or array with all 3 params
* @param string/int $account=null account name or id
* @param array/string $apps=null app-names
*/
function __construct($allow,$account=null,$apps=null)
{
if (!is_array($allow))
{
$allow = array(
'allow' => $allow,
'account' => $account,
'apps' => $apps,
);
}
if (isset($allow['apps']) && !is_array($allow['apps']))
{
$allow['apps'] = explode(',',$allow['apps']);
}
parent::__construct($allow);
}
/**
* give or remove run rights from a given account and application
*
* @return string success message
* @throws Exception(lang("Permission denied !!!"),2)
* @throws Exception(lang("Unknown account: %1 !!!",$this->account),15);
* @throws Exception(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
*/
function exec()
{
admin_cmd::_instanciate_acl($this->creator);
admin_cmd::_instanciate_accounts();
$account_id = admin_cmd::_parse_account($this->account);
// check creator is still admin and not explicitly forbidden to edit accounts/groups
if ($this->creator) $this->_check_admin($account_id > 0 ? 'account_access' : 'group_access',16);
$apps = admin_cmd::_parse_apps($this->apps);
//echo "account=$this->account, account_id=$account_id, apps: ".implode(', ',$apps)."\n";
foreach($apps as $app)
{
if ($this->allow)
{
admin_cmd::$acl->add_repository($app,'run',$account_id,1);
}
else
{
admin_cmd::$acl->delete_repository($app,'run',$account_id);
}
}
return lang('Applications run rights updated.');
}
/**
* Return a title / string representation for a given command, eg. to display it
*
* @return string
*/
function __tostring()
{
return lang('%1 rights for %2 and applications %3',$this->allow ? lang('Grant') : lang('Remove'),
$this->account,implode(', ',$this->apps));
}
}