holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

"using global db object"

Browse Source
This commit is contained in:
Ralf Becker 2008-03-21 11:49:28 +00:00
parent add5646e48
commit de74e8b6ce
1 changed files with 660 additions and 702 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
phpgwapi/inc/class.acl.inc.php
View File

@ -1,27 +1,15 @@
<?php <?php
/**************************************************************************\ /**
* eGroupWare API - Access Control List * * eGroupWare API - Applications
* This file written by Dan Kuykendall <seek3r@phpgroupware.org> * *
* Security scheme based on ACL design * * @link http://www.egroupware.org
* Copyright (C) 2000, 2001 Dan Kuykendall * * @author Dan Kuykendall <seek3r@phpgroupware.org>
* -------------------------------------------------------------------------* * Copyright (C) 2000, 2001 Dan Kuykendall
* This library is part of the eGroupWare API * * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
* http://www.egroupware.org/api * * @package api
* ------------------------------------------------------------------------ * * @subpackage accounts
* This library is free software; you can redistribute it and/or modify it * * @version $Id$
* under the terms of the GNU Lesser General Public License as published by * */
* the Free Software Foundation; either version 2.1 of the License, *
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/* $Id$ */
/** /**
* Access Control List System * Access Control List System
@ -31,12 +19,6 @@
* It is also used for granting a user "membership" to a group, or making a user have the security equivilance of another user. * It is also used for granting a user "membership" to a group, or making a user have the security equivilance of another user.
* It is also used for granting a user or group rights to various records, such as todo or calendar items of another user. * It is also used for granting a user or group rights to various records, such as todo or calendar items of another user.
* $acl =& CreateObject('phpgwapi.acl',5); // 5 is the user id * $acl =& CreateObject('phpgwapi.acl',5); // 5 is the user id
*
* @author Seek3r and others
* @copyright LGPL
* @package api
* @subpackage accounts
* @access public
*/ */
class acl class acl
{ {
@ -61,7 +43,7 @@
/** /**
* @var string $table_name name of the acl_table * @var string $table_name name of the acl_table
*/ */
var $table_name = 'egw_acl'; const TABLE = 'egw_acl';
/** /**
* ACL constructor for setting account id * ACL constructor for setting account id
@ -76,14 +58,12 @@
{ {
if (is_object($GLOBALS['egw_setup']->db)) if (is_object($GLOBALS['egw_setup']->db))
{ {
$this->db = clone($GLOBALS['egw_setup']->db); $this->db = $GLOBALS['egw_setup']->db;
} }
else else
{ {
$this->db = clone($GLOBALS['egw']->db); $this->db = $GLOBALS['egw']->db;
} }
$this->db->set_app('phpgwapi');
if ((int)$this->account_id != (int)$account_id) if ((int)$this->account_id != (int)$account_id)
{ {
$this->account_id = get_account_id((int)$account_id,@$GLOBALS['egw_info']['user']['account_id']); $this->account_id = get_account_id((int)$account_id,@$GLOBALS['egw_info']['user']['account_id']);
@ -155,12 +135,12 @@
} }
$acl_acc_list = $GLOBALS['egw']->accounts->memberships($this->account_id,true); $acl_acc_list = $GLOBALS['egw']->accounts->memberships($this->account_id,true);
@array_unshift($acl_acc_list,$this->account_id); @array_unshift($acl_acc_list,$this->account_id);
$this->db->select($this->table_name,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__);
$this->data = Array(); $this->data = Array();
while(($row = $this->db->row(true,'acl_'))) foreach($this->db->select(acl::TABLE,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__) as $row)
{ {
$this->data[$row['appname'].'-'.$row['location'].'-'.$row['account']] = $row; $this->data[$row['acl_appname'].'-'.$row['acl_location'].'-'.$row['acl_account']] = egw_db::strip_array_keys($row,'acl_');
} }
return $this->data; return $this->data;
} }
@ -234,7 +214,7 @@
*/ */
function save_repository() function save_repository()
{ {
$this->db->delete($this->table_name,array( $this->db->delete(acl::TABLE,array(
'acl_account' => $this->account_id, 'acl_account' => $this->account_id,
),__LINE__,__FILE__); ),__LINE__,__FILE__);
@ -242,7 +222,7 @@
{ {
if ($value['account'] == $this->account_id) if ($value['account'] == $this->account_id)
{ {
$this->db->insert($this->table_name,array( $this->db->insert(acl::TABLE,array(
'acl_appname' => $value['appname'], 'acl_appname' => $value['appname'],
'acl_location' => $value['location'], 'acl_location' => $value['location'],
'acl_account' => $this->account_id, 'acl_account' => $this->account_id,
@ -386,7 +366,7 @@
function add_repository($app, $location, $account_id, $rights) function add_repository($app, $location, $account_id, $rights)
{ {
//echo "<p>acl::add_repository('$app','$location',$account_id,$rights);</p>\n"; //echo "<p>acl::add_repository('$app','$location',$account_id,$rights);</p>\n";
$this->db->insert($this->table_name,array( $this->db->insert(acl::TABLE,array(
'acl_rights' => $rights, 'acl_rights' => $rights,
),array( ),array(
'acl_appname' => $app, 'acl_appname' => $app,
@ -435,7 +415,7 @@
} }
if ($app == '%' || $app == '%%') unset($where['acl_appname']); if ($app == '%' || $app == '%%') unset($where['acl_appname']);
$this->db->delete($this->table_name,$where,__LINE__,__FILE__); $this->db->delete(acl::TABLE,$where,__LINE__,__FILE__);
return $this->db->affected_rows(); return $this->db->affected_rows();
} }
@ -452,13 +432,11 @@
{ {
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,'acl_rights',array( return $this->db->select(acl::TABLE,'acl_rights',array(
'acl_location' => $location, 'acl_location' => $location,
'acl_account' => $account_id, 'acl_account' => $account_id,
'acl_appname' => $appname, 'acl_appname' => $appname,
),__LINE__,__FILE__); ),__LINE__,__FILE__)->fetchSingle();
return $this->db->next_record() ? $this->db->f('acl_rights') : false;
} }
/** /**
@ -472,15 +450,13 @@
{ {
if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,'acl_account,acl_rights',array( $rights = array();
foreach($this->db->select(acl::TABLE,'acl_account,acl_rights',array(
'acl_location' => $location, 'acl_location' => $location,
'acl_appname' => $appname, 'acl_appname' => $appname,
),__LINE__,__FILE__); ),__LINE__,__FILE__) as $row)
$rights = array();
while($this->db->next_record())
{ {
$rights[$this->db->f('acl_account')] = $this->db->f('acl_rights'); $rights[$row['acl_account']] = $row['acl_rights'];
} }
return $rights; return $rights;
} }
@ -505,15 +481,13 @@
$accounts[] = $group['account_id']; $accounts[] = $group['account_id'];
} }
} }
$this->db->select($this->table_name,'acl_location,acl_rights',array( $rights = array();
foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array(
'acl_account' => $accounts, 'acl_account' => $accounts,
'acl_appname' => $appname, 'acl_appname' => $appname,
),__LINE__,__FILE__); ),__LINE__,__FILE__) as $row)
$rights = array();
while($this->db->next_record())
{ {
$rights[$this->db->f('acl_location')] |= $this->db->f('acl_rights'); $rights[$row['acl_location']] |= $row['acl_rights'];
} }
return $rights; return $rights;
} }
@ -539,23 +513,21 @@
$account_id = get_account_id($accountid,$this->account_id); $account_id = get_account_id($accountid,$this->account_id);
$cache_accountid[$accountid] = $account_id; $cache_accountid[$accountid] = $account_id;
} }
$this->db->select($this->table_name,array('acl_appname','acl_rights'),array(
'acl_location' => $location,
'acl_account' => $account_id,
),__LINE__,__FILE__);
$rights = 0; $rights = 0;
$apps = false; $apps = false;
while ($this->db->next_record()) foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array(
'acl_location' => $location,
'acl_account' => $account_id,
),__LINE__,__FILE__) as $row)
{ {
if ($this->db->f('acl_rights') == 0) if ($row['acl_rights'] == 0)
{ {
return False; return False;
} }
$rights |= $this->db->f('acl_rights'); $rights |= $row['acl_rights'];
if (!!($rights & $required)) if (!!($rights & $required))
{ {
$apps[] = $this->db->f('acl_appname'); $apps[] = $row['acl_appname'];
} }
} }
return $apps; return $apps;
@ -581,17 +553,15 @@
{ {
$accountid = $cache_accountid[$accountid] = get_account_id($accountid,$this->account_id); $accountid = $cache_accountid[$accountid] = get_account_id($accountid,$this->account_id);
} }
$this->db->select($this->table_name,'acl_location,acl_rights',array( $locations = false;
foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array(
'acl_appname' => $app, 'acl_appname' => $app,
'acl_account' => $accountid, 'acl_account' => $accountid,
),__LINE__,__FILE__); ),__LINE__,__FILE__) as $row)
$locations = false;
while ($this->db->next_record())
{ {
if ($this->db->f('acl_rights') & $required) if ($row['acl_rights'] & $required)
{ {
$locations[] = $this->db->f('acl_location'); $locations[] = $row['acl_location'];
} }
} }
return $locations; return $locations;
@ -609,17 +579,15 @@
{ {
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,array('acl_account','acl_rights'),array( $accounts = false;
foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights'),array(
'acl_appname' => $app, 'acl_appname' => $app,
'acl_location' => $location, 'acl_location' => $location,
),__LINE__,__FILE__); ),__LINE__,__FILE__) as $row)
$accounts = false;
while ($this->db->next_record())
{ {
if (!!($this->db->f('acl_rights') & $required)) if (!!($row['acl_rights'] & $required))
{ {
$accounts[] = (int) $this->db->f('acl_account'); $accounts[] = (int) $row['acl_account'];
} }
} }
return $accounts; return $accounts;
@ -635,14 +603,12 @@
{ {
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
$this->db->select($this->table_name,'DISTINCT '.'acl_location',array(
'acl_appname' => $app,
),__LINE__,__FILE__);
$locations = false; $locations = false;
while ($this->db->next_record()) foreach($this->db->select(acl::TABLE,'DISTINCT '.'acl_location',array(
'acl_appname' => $app,
),__LINE__,__FILE__) as $row)
{ {
if (($location = $this->db->f(0)) != 'run') if (($location = $row['acl_location']) != 'run')
{ {
$locations[] = $location; $locations[] = $location;
} }
@ -669,26 +635,21 @@
$account_id = get_account_id($accountid,$this->account_id); $account_id = get_account_id($accountid,$this->account_id);
$cache_accountid[$accountid] = $account_id; $cache_accountid[$accountid] = $account_id;
} }
$memberships = array($account_id); $memberships = $GLOBALS['egw']->accounts->memberships($account_id,true);
foreach((array)$GLOBALS['egw']->accounts->membership($account_id) as $group) $memberships[] = $account_id;
{
$memberships[] = $group['account_id'];
}
$db2 = clone($this->db);
$db2->select($this->table_name,array('acl_appname','acl_rights'),array(
'acl_location' => 'run',
'acl_account' => $memberships,
),__LINE__,__FILE__);
$apps = false; $apps = false;
while ($db2->next_record()) foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array(
'acl_location' => 'run',
'acl_account' => $memberships,
),__LINE__,__FILE__) as $row)
{ {
$app = $db2->f('acl_appname'); $app = $row['acl_appname'];
if(!isset($apps[$app])) if(!isset($apps[$app]))
{ {
$apps[$app] = 0; $apps[$app] = 0;
} }
$apps[$app] |= (int) $db2->f('acl_rights'); $apps[$app] |= (int) $row['acl_rights'];
} }
return $apps; return $apps;
} }
@ -710,18 +671,15 @@
{ {
$memberships[] = $group['account_id']; $memberships[] = $group['account_id'];
} }
$db2 = clone($this->db); $grants = $accounts = Array();
$db2->select($this->table_name,array('acl_account','acl_rights','acl_location'),array( foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights','acl_location'),array(
'acl_appname' => $app, 'acl_appname' => $app,
'acl_location' => $memberships, 'acl_location' => $memberships,
),__LINE__,__FILE__); ),__LINE__,__FILE__) as $row)
$grants = $accounts = Array();
while ($db2->next_record())
{ {
$grantor = $db2->f('acl_account'); $grantor = $row['acl_account'];
$rights = $db2->f('acl_rights'); $rights = $row['acl_rights'];
$granted_to = (int) $db2->f('acl_location'); $granted_to = (int) $row['acl_location'];
if(!isset($grants[$grantor])) if(!isset($grants[$grantor]))
{ {
@ -767,11 +725,11 @@
{ {
if ((int) $account_id) if ((int) $account_id)
{ {
$this->db->delete($this->table_name,array( $this->db->delete(acl::TABLE,array(
'acl_account' => $account_id 'acl_account' => $account_id
),__LINE__,__FILE__); ),__LINE__,__FILE__);
// delete all memberships in account_id (if it is a group) // delete all memberships in account_id (if it is a group)
$this->db->delete($this->table_name,array( $this->db->delete(acl::TABLE,array(
'acl_appname' => 'phpgw_group', 'acl_appname' => 'phpgw_group',
'acl_location' => $account_id, 'acl_location' => $account_id,
),__LINE__,__FILE__); ),__LINE__,__FILE__);