Annotation of /mambo/branches/4.6/includes/gacl.class.php
Parent Directory
| 
Revision Log
Revision 948 - (view) (download)
| 1 : | root | 1 | <?php |
| 2 : | /** | ||
| 3 : | csouza | 297 | * @package Mambo Open Source |
| 4 : | cauld | 948 | * @copyright Refer to copyright.php |
| 5 : | root | 1 | * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL |
| 6 : | csouza | 297 | * |
| 7 : | * Mambo was originally developed by Miro (www.miro.com.au) in 2000. Miro assigned the copyright in Mambo to The Mambo Foundation in 2005 to ensure | ||
| 8 : | * that Mambo remained free Open Source software owned and managed by the community. | ||
| 9 : | root | 1 | * Mambo is Free Software |
| 10 : | csouza | 297 | */ |
| 11 : | root | 1 | |
| 12 : | /* | ||
| 13 : | * phpGACL - Generic Access Control List | ||
| 14 : | * Copyright (C) 2002,2003 Mike Benoit | ||
| 15 : | * | ||
| 16 : | * This library is free software; you can redistribute it and/or | ||
| 17 : | * modify it under the terms of the GNU Lesser General Public | ||
| 18 : | * License as published by the Free Software Foundation; either | ||
| 19 : | * version 2.1 of the License, or (at your option) any later version. | ||
| 20 : | * | ||
| 21 : | * This library is distributed in the hope that it will be useful, | ||
| 22 : | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 23 : | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| 24 : | * Lesser General Public License for more details. | ||
| 25 : | * | ||
| 26 : | * You should have received a copy of the GNU Lesser General Public | ||
| 27 : | * License along with this library; if not, write to the Free Software | ||
| 28 : | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
| 29 : | * | ||
| 30 : | * For questions, help, comments, discussion, etc., please join the | ||
| 31 : | * phpGACL mailing list. http://sourceforge.net/mail/?group_id=57103 | ||
| 32 : | * | ||
| 33 : | * You may contact the author of phpGACL by e-mail at: | ||
| 34 : | * ipso@snappymail.ca | ||
| 35 : | * | ||
| 36 : | * The latest version of phpGACL can be obtained from: | ||
| 37 : | * http://phpgacl.sourceforge.net/ | ||
| 38 : | * | ||
| 39 : | */ | ||
| 40 : | |||
| 41 : | /** ensure this file is being included by a parent file */ | ||
| 42 : | defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); | ||
| 43 : | |||
| 44 : | // NOTE, this is a temporary solution until phpGACL libraries are fully implemented | ||
| 45 : | |||
| 46 : | /* -- Code to manually add a group to the ARO Groups | ||
| 47 : | SET @parent_name = 'Registered'; | ||
| 48 : | SET @new_name = 'Support'; | ||
| 49 : | |||
| 50 : | -- Select the parent node to insert after | ||
| 51 : | SELECT @ins_id := group_id, @ins_lft := lft, @ins_rgt := rgt | ||
| 52 : | FROM mos_core_acl_aro_groups | ||
| 53 : | WHERE name = @parent_name; | ||
| 54 : | |||
| 55 : | SELECT @new_id := MAX(group_id) + 1 FROM mos_core_acl_aro_groups; | ||
| 56 : | |||
| 57 : | -- Make room for the new node | ||
| 58 : | UPDATE mos_core_acl_aro_groups SET rgt=rgt+2 WHERE rgt>=@ins_rgt; | ||
| 59 : | UPDATE mos_core_acl_aro_groups SET lft=lft+2 WHERE lft>@ins_rgt; | ||
| 60 : | |||
| 61 : | -- Insert the new node | ||
| 62 : | INSERT INTO mos_core_acl_aro_groups (group_id,parent_id,name,lft,rgt) | ||
| 63 : | VALUES (@new_id,@ins_id,@new_name,@ins_rgt,@ins_rgt+1); | ||
| 64 : | */ | ||
| 65 : | |||
| 66 : | class gacl { | ||
| 67 : | |||
| 68 : | // --- Private properties --- | ||
| 69 : | |||
| 70 : | /* | ||
| 71 : | * Enable Debug output. | ||
| 72 : | */ | ||
| 73 : | var $_debug = FALSE; | ||
| 74 : | |||
| 75 : | /* | ||
| 76 : | * Database configuration. | ||
| 77 : | */ | ||
| 78 : | var $db=null; | ||
| 79 : | var $_db_table_prefix = '#__core_acl_'; | ||
| 80 : | |||
| 81 : | /* | ||
| 82 : | * NOTE: This cache must be manually cleaned each time ACL's are modified. | ||
| 83 : | * Alternatively you could wait for the cache to expire. | ||
| 84 : | */ | ||
| 85 : | var $_caching = FALSE; | ||
| 86 : | var $_force_cache_expire = TRUE; | ||
| 87 : | |||
| 88 : | // --- Fudge properties | ||
| 89 : | var $acl=null; | ||
| 90 : | var $acl_count=0; | ||
| 91 : | |||
| 92 : | /* | ||
| 93 : | * Constructor | ||
| 94 : | */ | ||
| 95 : | function gacl( $db=null ) { | ||
| 96 : | global $database; | ||
| 97 : | |||
| 98 : | $this->db = $db ? $db : $database; | ||
| 99 : | |||
| 100 : | // ARO value is currently the user type, | ||
| 101 : | // this changes to user id in proper implementation | ||
| 102 : | // No hierarchial inheritance so have to do that the long way | ||
| 103 : | $this->acl = array(); | ||
| 104 : | |||
| 105 : | // backend login | ||
| 106 : | $this->_mos_add_acl( 'administration', 'login', 'users', 'administrator', null, null ); | ||
| 107 : | $this->_mos_add_acl( 'administration', 'login', 'users', 'super administrator', null, null ); | ||
| 108 : | $this->_mos_add_acl( 'administration', 'login', 'users', 'manager', null, null ); | ||
| 109 : | // backend menus | ||
| 110 : | //$this->_mos_add_acl( 'administration', 'config', 'users', 'administrator', null, null ); | ||
| 111 : | $this->_mos_add_acl( 'administration', 'config', 'users', 'super administrator', null, null ); | ||
| 112 : | |||
| 113 : | // access to db admin | ||
| 114 : | //$this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_dbadmin' ); | ||
| 115 : | |||
| 116 : | // access to templates | ||
| 117 : | //$this->_mos_add_acl( 'administration', 'manage', 'user', 'administrator', 'components', 'com_templates' ) | ||
| 118 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_templates' ); | ||
| 119 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'templates', 'all' ); | ||
| 120 : | |||
| 121 : | // access to trash | ||
| 122 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'administrator', 'components', 'com_trash' ); | ||
| 123 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_trash' ); | ||
| 124 : | |||
| 125 : | // access to menu manager | ||
| 126 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'administrator', 'components', 'com_menumanager' ); | ||
| 127 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_menumanager' ); | ||
| 128 : | |||
| 129 : | csouza | 300 | // access to languages |
| 130 : | root | 1 | $this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_languages' ); |
| 131 : | csouza | 300 | $this->_mos_add_acl( 'administration', 'manage', 'users', 'administrator', 'components', 'com_languages' ); |
| 132 : | root | 1 | $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'languages', 'all' ); |
| 133 : | csouza | 300 | $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'languages', 'all' ); |
| 134 : | root | 1 | |
| 135 : | // access to modules | ||
| 136 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'modules', 'all' ); | ||
| 137 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'modules', 'all' ); | ||
| 138 : | |||
| 139 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'super administrator', 'modules', 'all' ); | ||
| 140 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'administrator', 'modules', 'all' ); | ||
| 141 : | |||
| 142 : | // access to modules | ||
| 143 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'mambots', 'all' ); | ||
| 144 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'mambots', 'all' ); | ||
| 145 : | |||
| 146 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'super administrator', 'mambots', 'all' ); | ||
| 147 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'administrator', 'mambots', 'all' ); | ||
| 148 : | // uncomment following to allow managers to edit modules | ||
| 149 : | //array( 'administration', 'edit', 'users', 'manager', 'modules', 'all' ); | ||
| 150 : | |||
| 151 : | counterpoi | 218 | t // access to universal installer |
| 152 : | t $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'universals', 'all' ); | ||
| 153 : | t $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'universals', 'all' ); | ||
| 154 : | t | ||
| 155 : | root | 1 | // access to components |
| 156 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'components', 'all' ); | ||
| 157 : | $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'components', 'all' ); | ||
| 158 : | |||
| 159 : | counterpoi | 218 | t // access to parameters |
| 160 : | t $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'parameters', 'all' ); | ||
| 161 : | t $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'parameters', 'all' ); | ||
| 162 : | t | ||
| 163 : | t // access to includes | ||
| 164 : | t $this->_mos_add_acl( 'administration', 'install', 'users', 'administrator', 'includes', 'all' ); | ||
| 165 : | t $this->_mos_add_acl( 'administration', 'install', 'users', 'super administrator', 'includes', 'all' ); | ||
| 166 : | t | ||
| 167 : | root | 1 | $this->_mos_add_acl( 'administration', 'edit', 'users', 'super administrator', 'components', 'all' ); |
| 168 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'administrator', 'components', 'all' ); | ||
| 169 : | |||
| 170 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'manager', 'components', 'com_newsflash' ); | ||
| 171 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'manager', 'components', 'com_frontpage' ); | ||
| 172 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'manager', 'components', 'com_media' ); | ||
| 173 : | // ** add additional components for a manager as desired, or give access to all | ||
| 174 : | |||
| 175 : | // massmail | ||
| 176 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_massmail' ); | ||
| 177 : | |||
| 178 : | // manage users | ||
| 179 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'administrator', 'components', 'com_users' ); | ||
| 180 : | $this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_users' ); | ||
| 181 : | |||
| 182 : | // email block users property | ||
| 183 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'administrator', 'user properties', 'block_user' ); | ||
| 184 : | $this->_mos_add_acl( 'administration', 'edit', 'users', 'super administrator', 'user properties', 'block_user' ); | ||
| 185 : | |||
| 186 : | // email system events | ||
| 187 : | $this->_mos_add_acl( 'workflow', 'email_events', 'users', 'administrator', null, null ); | ||
| 188 : | $this->_mos_add_acl( 'workflow', 'email_events', 'users', 'super administrator', null, null ); | ||
| 189 : | |||
| 190 : | // actions | ||
| 191 : | $this->_mos_add_acl( 'action', 'add', 'users', 'author', 'content', 'all' ); | ||
| 192 : | $this->_mos_add_acl( 'action', 'add', 'users', 'editor', 'content', 'all' ); | ||
| 193 : | $this->_mos_add_acl( 'action', 'add', 'users', 'publisher', 'content', 'all' ); | ||
| 194 : | $this->_mos_add_acl( 'action', 'edit', 'users', 'author', 'content', 'own' ); | ||
| 195 : | $this->_mos_add_acl( 'action', 'edit', 'users', 'editor', 'content', 'all' ); | ||
| 196 : | $this->_mos_add_acl( 'action', 'edit', 'users', 'publisher', 'content', 'all' ); | ||
| 197 : | $this->_mos_add_acl( 'action', 'publish', 'users', 'publisher', 'content', 'all' ); | ||
| 198 : | |||
| 199 : | $this->_mos_add_acl( 'action', 'add', 'users', 'manager', 'content', 'all' ); | ||
| 200 : | $this->_mos_add_acl( 'action', 'edit', 'users', 'manager', 'content', 'all' ); | ||
| 201 : | $this->_mos_add_acl( 'action', 'publish', 'users', 'manager', 'content', 'all' ); | ||
| 202 : | |||
| 203 : | $this->_mos_add_acl( 'action', 'add', 'users', 'administrator', 'content', 'all' ); | ||
| 204 : | $this->_mos_add_acl( 'action', 'edit', 'users', 'administrator', 'content', 'all' ); | ||
| 205 : | $this->_mos_add_acl( 'action', 'publish', 'users', 'administrator', 'content', 'all' ); | ||
| 206 : | |||
| 207 : | $this->_mos_add_acl( 'action', 'add', 'users', 'super administrator', 'content', 'all' ); | ||
| 208 : | $this->_mos_add_acl( 'action', 'edit', 'users', 'super administrator', 'content', 'all' ); | ||
| 209 : | |||
| 210 : | $this->_mos_add_acl( 'action', 'publish', 'users', 'super administrator', 'content', 'all' ); | ||
| 211 : | |||
| 212 : | $this->acl_count = count( $this->acl ); | ||
| 213 : | } | ||
| 214 : | |||
| 215 : | /* | ||
| 216 : | This is a temporary function to allow 3PD's to add basic ACL checks for their | ||
| 217 : | modules and components. NOTE: this information will be compiled in the db | ||
| 218 : | in future versions | ||
| 219 : | */ | ||
| 220 : | function _mos_add_acl( $aco_section_value, $aco_value, | ||
| 221 : | $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL ) { | ||
| 222 : | |||
| 223 : | $this->acl[] = array( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value ); | ||
| 224 : | $this->acl_count = count( $this->acl ); | ||
| 225 : | } | ||
| 226 : | |||
| 227 : | /*======================================================================*\ | ||
| 228 : | Function: $gacl_api->debug_text() | ||
| 229 : | Purpose: Prints debug text if debug is enabled. | ||
| 230 : | \*======================================================================*/ | ||
| 231 : | function debug_text($text) { | ||
| 232 : | |||
| 233 : | if ($this->_debug) { | ||
| 234 : | echo "$text<br>\n"; | ||
| 235 : | } | ||
| 236 : | |||
| 237 : | return true; | ||
| 238 : | } | ||
| 239 : | |||
| 240 : | /*======================================================================*\ | ||
| 241 : | Function: $gacl_api->debug_db() | ||
| 242 : | Purpose: Prints database debug text if debug is enabled. | ||
| 243 : | \*======================================================================*/ | ||
| 244 : | function debug_db($function_name = '') { | ||
| 245 : | if ($function_name != '') { | ||
| 246 : | $function_name .= ' (): '; | ||
| 247 : | } | ||
| 248 : | |||
| 249 : | return $this->debug_text ($function_name .'database error: '. $this->db->getErrorMsg() .' ('. $this->db->getErrorNum() .')'); | ||
| 250 : | } | ||
| 251 : | |||
| 252 : | /*======================================================================*\ | ||
| 253 : | Function: acl_check() | ||
| 254 : | Purpose: Function that wraps the actual acl_query() function. | ||
| 255 : | It is simply here to return TRUE/FALSE accordingly. | ||
| 256 : | \*======================================================================*/ | ||
| 257 : | function acl_check( $aco_section_value, $aco_value, | ||
| 258 : | $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL ) { | ||
| 259 : | $acl_result = 0; | ||
| 260 : | for ($i=0; $i < $this->acl_count; $i++) { | ||
| 261 : | if (strcasecmp( $aco_section_value, $this->acl[$i][0] ) == 0) { | ||
| 262 : | if (strcasecmp( $aco_value, $this->acl[$i][1] ) == 0) { | ||
| 263 : | if (strcasecmp( $aro_section_value, $this->acl[$i][2] ) == 0) { | ||
| 264 : | if (strcasecmp( $aro_value, $this->acl[$i][3] ) == 0) { | ||
| 265 : | if (strcasecmp( $axo_section_value, $this->acl[$i][4] ) == 0) { | ||
| 266 : | if (strcasecmp( $axo_value, $this->acl[$i][5] ) == 0) { | ||
| 267 : | $acl_result = 1; | ||
| 268 : | break; | ||
| 269 : | } | ||
| 270 : | } | ||
| 271 : | } | ||
| 272 : | } | ||
| 273 : | } | ||
| 274 : | } | ||
| 275 : | } | ||
| 276 : | return $acl_result; | ||
| 277 : | } | ||
| 278 : | |||
| 279 : | } | ||
| 280 : | |||
| 281 : | ?> |
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
Web Hosting provided by Network Redux.