Mambo > Projects > Mambo CMS > SVN

Annotation of /mambo/branches/4.6/includes/mambo.php

Revision 516 - (view) (download)

1 :	root	1	<?php
2 :			/**
3 :	csouza	297	* @package Mambo Open Source
4 :			* @copyright (C) 2005 - 2006 Mambo Foundation Inc.
5 :	root	1	* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
6 :	csouza	297	*
7 :			* Mambo was originally developed by Miro (www.miro.com.au) in 2000. Miro assigned the copyright in Mambo to The Mambo Foundation in 2005 to ensure
8 :			* that Mambo remained free Open Source software owned and managed by the community.
9 :	root	1	* Mambo is Free Software
10 :	csouza	297	*/
11 :	root	1
12 :
13 :	mambo	117	class mosAuthoriser {
14 :			var $connection = '';
15 :			var $perm_found;
16 :			var $permissions = array();
17 :			var $assignments = array();
18 :	root	1
19 :	mambo	117	function mosAuthoriser () {
20 :			$this->connection =& mamboDatabase::getInstance();
21 :			}
22 :	root	1
23 :	mambo	117	function &getInstance () {
24 :			static $instance;
25 :			if (!is_object($instance)) {
26 :			$instance =& new mosAuthoriser();
27 :	root	1	}
28 :	mambo	117	return $instance;
29 :	root	1	}
30 :	mambo	117
31 :			function doSQL ($sql) {
32 :			$this->connection->setQuery($sql);
33 :			if (!$this->connection->query()) {
34 :			echo "<script> alert('".$this->connection->getErrorMsg()."'); window.history.go(-1); </script>\n";
35 :			exit();
36 :	root	1	}
37 :			}
38 :	mambo	117
39 :			function getAccessorData ($type, $id) {
40 :			if (isset($this->perm_found[$type][$id])) return;
41 :			$sql = "SELECT a.*, p.control, p.action, p.subject_type, p.subject_id, p.system FROM #__assignments AS a LEFT JOIN #__permissions AS p ON p.role=a.role WHERE a.access_type='$type'";
42 :			if (isset($this->perm_found[$type])) $sql .= " AND a.access_id='$id'";
43 :			else $sql .= " AND (a.access_id='$id' OR a.access_id='*' OR a.access_id='+')";
44 :			$this->doSQL($sql);
45 :			$new_permissions = $this->connection->loadObjectList();
46 :			if ($new_permissions) $this->permissions = array_merge($this->permissions, $new_permissions);
47 :			$this->perm_found[$type][$id] = 1;
48 :	root	1	}
49 :	mambo	117
50 :			function &getRoles ($type, $id) {
51 :			$this->getAccessorData ($type, $id);
52 :			$rolenames = array();
53 :			foreach ($this->permissions as $role) {
54 :			if (strcasecmp($role->access_type, $type) == 0
55 :			AND ($role->access_id == $id OR $role->access_id == '*' OR ($role->access_id == '+' AND $id != 0))
56 :			AND !in_array($role->role,$rolenames)) $rolenames[] = $role->role;
57 :	root	1	}
58 :	mambo	117	return $rolenames;
59 :			}
60 :	root	1
61 :	mambo	117	function accessorPermissionOrControl ($mask, $a_type, $a_id, $action, $s_type='', $s_id='') {
62 :			$this->getAccessorData ($a_type, $a_id);
63 :			foreach ($this->permissions as $permission) {
64 :			if ((strcasecmp($permission->access_type,$a_type) == 0 OR $permission->access_type == '*')
65 :			AND (strcasecmp($permission->access_id,$a_id) == 0 OR $permission->access_id == '*')
66 :			AND (strcasecmp($permission->action,$action)==0 OR $permission->action == '' OR $action == '')
67 :			AND (strcasecmp($permission->subject_type,$s_type)==0 OR $s_type=='*')
68 :			AND (strcasecmp($permission->subject_id,$s_id)==0 OR $permission->subject_id == '*')
69 :			AND ($permission->control&$mask)) return 1;
70 :	root	1	}
71 :	mambo	117	return 0;
72 :	root	1	}
73 :	mambo	117
74 :			function checkPermission ($a_type, $a_id, $action, $s_type='', $s_id='') {
75 :			return $this->accessorPermissionOrControl(2, $a_type, $a_id, $action, $s_type='', $s_id='');
76 :	root	1	}
77 :	mambo	117
78 :			function checkControl ($a_type, $a_id, $action, $s_type='', $s_id='') {
79 :			return $this->accessorPermissionOrControl(1, $a_type, $a_id, $action, $s_type='', $s_id='');
80 :	root	1	}
81 :	mambo	117
82 :			function checkGrant ($a_type, $a_id, $action, $s_type='', $s_id='') {
83 :			return $this->accessorPermissionOrControl(4, $a_type, $a_id, $action, $s_type='', $s_id='');
84 :	root	1	}
85 :
86 :	mambo	117	function rolePermissionOrControl ($mask, $role, $action, $s_type, $s_id) {
87 :			$sql = "SELECT * FROM #__permissions WHERE role='$role'";
88 :			$this->connection->setQuery($sql);
89 :			$permissions = $this->connection->loadObjectList();
90 :			if ($permissions) {
91 :			foreach ($permissions as $permission) {
92 :			if (strcasecmp($permission->role,$role) == 0
93 :			AND (strcasecmp($permission->action,$action)==0 OR $permission->action == '*')
94 :			AND (strcasecmp($permission->subject_type,$s_type)==0)
95 :			AND (strcasecmp($permission->subject_id,$s_id)==0 OR $permission->subject_id == '*')
96 :			AND ($permission->control&$mask)) return 1;
97 :	root	1	}
98 :			}
99 :	mambo	117	return 0;
100 :	root	1	}
101 :	mambo	117
102 :			function checkRolePermission ($role, $action, $s_type, $s_id) {
103 :			return $this->rolePermissionOrControl(2, $role, $action, $s_type, $s_id);
104 :	root	1	}
105 :
106 :	mambo	117	function checkRoleControl ($role, $action, $s_type, $s_id) {
107 :			return $this->rolePermissionOrControl(1, $role, $action, $s_type, $s_id);
108 :			}
109 :
110 :			function checkRoleGrant ($role, $action, $s_type, $s_id) {
111 :			return $this->rolePermissionOrControl(4, $role, $action, $s_type, $s_id);
112 :	root	1	}
113 :
114 :	mambo	117	function &listPermissions ($a_type, $a_id, $action, $property) {
115 :			$this->getAccessorData ($a_type, $a_id);
116 :			$results = array();
117 :			foreach ($this->permissions as $permission) {
118 :			if (strcasecmp($permission->access_type,$a_type) == 0
119 :			AND (strcasecmp($permission->access_id,$a_id) == 0 OR $permission->access_id == '*' OR ($permission->access_id == '+' AND $a_id != 0))
120 :			AND (strcasecmp($permission->action,$action) == 0 OR $permission->action == '*')
121 :			AND $permission->subject_type != null AND $permission->subject_id != null) {
122 :			$results[] = $permission->$property;
123 :	root	1	}
124 :			}
125 :	mambo	117	return $results;
126 :	root	1	}
127 :
128 :	mambo	117	}
129 :	root	1
130 :	mambo	117	class mosAuthorisationAdmin {
131 :			var $connection;
132 :			var $roles = array();
133 :	root	1
134 :	mambo	117	function mosAuthorisationAdmin () {
135 :			$this->connection =& mamboDatabase::getInstance();
136 :	root	1	}
137 :
138 :	mambo	117	function &getInstance () {
139 :			static $instance;
140 :			if (!is_object($instance)) {
141 :			$instance =& new mosAuthorisationAdmin();
142 :	root	1	}
143 :	mambo	117	return $instance;
144 :			}
145 :	root	1
146 :	mambo	117	function doSQL ($sql) {
147 :			$this->connection->setQuery($sql);
148 :			if (!$this->connection->query()) {
149 :			echo "<script> alert('".$this->connection->getErrorMsg()."'); window.history.go(-1); </script>\n";
150 :			exit();
151 :	root	1	}
152 :	mambo	117	}
153 :
154 :			function getRoles () {
155 :			if (count($this->roles) == 0) {
156 :			$sql = "SELECT DISTINCT role FROM #__assignments";
157 :			$this->connection->setQuery($sql);
158 :			$this->roles = $this->connection->loadResultArray();
159 :			$sql = "SELECT DISTINCT role FROM #__permissions";
160 :			$this->connection->setQuery($sql);
161 :			$more = $this->connection->loadResultArray();
162 :			foreach ($more as $role) $this->addRole($role);
163 :	root	1	}
164 :	mambo	117	return $this->roles;
165 :	root	1	}
166 :	mambo	117
167 :			function addRole ($role) {
168 :			if (!in_array($role, $this->roles)) $this->roles[] = $role;
169 :			}
170 :
171 :			function removeRole ($role) {
172 :			$key = array_search($role, $this->roles);
173 :			if ($key !== false) unset($this->roles[$key]);
174 :			}
175 :
176 :			function &permissionHolders ($subject_type, $subject_id) {
177 :			$sql = "SELECT role, action, control FROM #__permissions";
178 :			if ($subject_type != '') $where[] = "(subject_type='$subject_type' OR subject_type='')";
179 :			if ($subject_id != '') $where[] = "(subject_id='$subject_id' OR subject_id='')";
180 :			if (isset($where)) $sql .= " WHERE ".implode(' AND ', $where);
181 :			$this->connection->setQuery($sql);
182 :			$result = $this->connection->loadObjectList();
183 :			if (!$result) $result = array();
184 :			return $result;
185 :			}
186 :
187 :			function &nonLocalPermissionHolders ($subject_type, $subject_id) {
188 :			$sql = "SELECT role, action, control FROM #__permissions WHERE (action='' OR subject_type='' OR subject_id='') AND ((subject_type='$subject_type' OR subject_type='') AND (subject_id='$subject_id' OR subject_id='*'))";
189 :			$this->connection->setQuery($sql);
190 :			$result = $this->connection->loadObjectList();
191 :			if (!$result) $result = array();
192 :			return $result;
193 :			}
194 :
195 :			function permitSQL ($role, $control, $action, $subject_type, $subject_id) {
196 :			$sql = "REPLACE INTO #__permissions (role, control, action, subject_type, subject_id) VALUES ('$role', '$control', '$action', '$subject_type', '$subject_id');";
197 :			return $sql;
198 :			}
199 :	root	1
200 :	mambo	117	function permit ($role, $control, $action, $subject_type, $subject_id) {
201 :			$sql = $this->permitSQL($role, $control, $action, $subject_type, $subject_id);
202 :			$this->doSQL($sql);
203 :			$this->addRole($role);
204 :	root	1	}
205 :
206 :	mambo	117	function assign ($role, $access_type, $access_id) {
207 :			$sql = "REPLACE INTO #__assignments (role, access_type, access_id) VALUES ('$role', '$access_type', '$access_id')";
208 :			$this->doSQL($sql);
209 :			$this->addRole($role);
210 :	root	1	}
211 :
212 :	mambo	117	function dropAccess ($access_type, $access_id) {
213 :			$sql = "DELETE FROM #__assignments WHERE access_type='$access_type' AND access_id='$access_id'";
214 :			$this->doSQL($sql);
215 :	root	1	}
216 :
217 :	mambo	117	function &getControllingRoles ($access_type, $access_id, $action, $subject_type, $subject_id) {
218 :			$sql = "SELECT a.role FROM #__permissions AS p, #__assignments AS a WHERE a.access_type='$access_type'"
219 :			." AND a.access_id='$access_id' AND a.role=p.role AND (p.control&1)"
220 :			." AND p.action='$action' AND p.subject_type='$subject_type' AND p.subject_id='$subject_id'";
221 :			$this->doSQL($sql);
222 :			$roles = $this->connection->loadResultArray();
223 :			return $roles;
224 :	root	1	}
225 :
226 :	mambo	117	function &getMyPermissions ($access_type, $access_id) {
227 :			$sql = 'SELECT p.action, p.subject_type, p.subject_id, control FROM #__permissions AS p, #__assignments AS a'
228 :			. " WHERE p.role=a.role AND a.access_type='$access_type' AND (a.access_id='$access_id' OR a.access_id='*')"
229 :			. ' AND (p.control&1)';
230 :			$this->doSQL($sql);
231 :			$permissions =& $this->connection->loadObjectList();
232 :			return $permissions;
233 :	root	1	}
234 :
235 :	mambo	117	function getJointPermissions ($access_type, $access_id, $role) {
236 :			$sql = "SELECT p2.control AS hiscontrol, p1.control AS mycontrol, p1.action, p1.subject_type, p1.subject_id"
237 :	neilt	516	." FROM `#__assignments` AS a, `#__permissions` AS p1 LEFT JOIN `#__permissions` AS p2"
238 :	mambo	117	." ON (p2.role='$role' AND p1.action=p2.action AND p1.subject_type=p2.subject_type AND p1.subject_id=p2.subject_id)"
239 :			." WHERE (p1.control&1) AND p1.role=a.role AND a.access_type='$access_type' AND (a.access_id='$access_id' OR a.access_id='*')";
240 :			$this->doSQL($sql);
241 :			$permissions =& $this->connection->loadObjectList();
242 :			return $permissions;
243 :	root	1	}
244 :	mambo	117
245 :			function getAccessLists ($access_type, $access_id, $action, $subject_type, $subject_id) {
246 :	counterpoi	238	t $authoriser =& mosAuthoriser::getInstance();
247 :	mambo	117	if ($authoriser->checkControl($access_type, $access_id, $action, $subject_type, $subject_id)) {
248 :			$cangrant = $authoriser->checkGrant($access_type, $access_id, $action, $subject_type, $subject_id);
249 :			$permissions = $this->permissionHolders($subject_type, $subject_id);
250 :			$allroles = $this->getRoles();
251 :			foreach ($allroles as $role) {
252 :			$itemc[] = $optionc = mosHTML::makeOption($role, $role);
253 :			$itema[] = $optiona = mosHTML::makeOption($role, $role);
254 :			if ($cangrant) $itemg[] = $optiong = mosHTML::makeOption($role, $role);
255 :			foreach ($permissions as $permission) {
256 :			if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) {
257 :			if ($permission->control & 1) $cselected[] = $optionc;
258 :			if ($permission->control & 2) $aselected[] = $optiona;
259 :			if ($cangrant AND $permission->control & 4) $gselected[] = $optiong;
260 :	root	1	}
261 :			}
262 :			}
263 :	mambo	117	$results[] = mosHTML::selectList($itema, $action.'_arole[]', 'multiple="multiple"', 'value', 'text', $aselected);
264 :			$results[] = mosHTML::selectList($itemc, $action.'_crole[]', 'multiple="multiple"', 'value', 'text', $cselected);
265 :			if ($cangrant) $results[] = mosHTML::selectList($itemg, $action.'_grole[]', 'multiple="multiple"', 'value', 'text', $gselected);
266 :	root	1	}
267 :	mambo	117	else $results = array();
268 :			return $results;
269 :	root	1	}
270 :	mambo	117
271 :			function resetPermissions ($action, $subject_type, $subject_id) {
272 :			$control_types = array ('crole', 'arole', 'grole');
273 :			$control_values = array (1,2,4);
274 :			$permissions = $this->nonLocalPermissionHolders($subject_type, $subject_id);
275 :			$this->dropPermissions($action, $subject_type, $subject_id);
276 :			foreach ($control_types as $i=>$type) {
277 :			$key = $action.'_'.$type;
278 :			if (isset($_POST[$key])) {
279 :			foreach ($_POST[$key] as $role) {
280 :			$value = isset($newpermits[$role]) ? $newpermits[$role] : 0;
281 :			$newpermits[$role] = $value \| $control_values[$i];
282 :	root	1	}
283 :			}
284 :			}
285 :	mambo	117	$sql = '';
286 :			foreach ($newpermits as $role=>$value) {
287 :			$needed = true;
288 :			foreach ($permissions as $permission) {
289 :			if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) {
290 :			if (($value & $permission->control) === $value) {
291 :			$needed = false;
292 :	root	1	break;
293 :			}
294 :			}
295 :			}
296 :	mambo	117	if ($needed) $sql .= $this->permitSQL ($role, $value, $action, $subject_type, $subject_id);
297 :	root	1	}
298 :	mambo	117	if ($sql) $this->doSQL($sql);
299 :	root	1	}
300 :
301 :	mambo	117	function roleExists ($role) {
302 :			$sql = "SELECT COUNT(role) FROM #__permissions WHERE role='$role' GROUP BY role";
303 :			$this->doSQL($sql);
304 :			if ($this->connection->loadResult()) return true;
305 :			$sql = "SELECT COUNT(role) FROM #__assignments WHERE role='$role' GROUP BY role";
306 :			$this->doSQL($sql);
307 :			if ($this->connection->loadResult()) return true;
308 :			else return false;
309 :	root	1	}
310 :
311 :	mambo	117	function dropRole ($role) {
312 :			$sql = "DELETE FROM #__permissions WHERE action='administer' AND subject_type='$role' AND system=0";
313 :			$this->doSQL($sql);
314 :			$sql = "DELETE a FROM #__assignments AS a LEFT JOIN #__permissions AS p ON a.role=p.role WHERE a.role='$role' AND (p.system=0 OR p.system=NULL)";
315 :			$this->doSQL($sql);
316 :			$this->dropRolePermissions($role);
317 :			$this->removeRole($role);
318 :	root	1	}
319 :
320 :	mambo	117	function dropRolePermissions ($role) {
321 :			$sql = "DELETE FROM #__permissions WHERE role='$role' AND system=0";
322 :			$this->doSQL($sql);
323 :			$this->roles = array();
324 :	root	1	}
325 :
326 :	mambo	117	function dropPermissions ($action, $subject_type, $subject_id) {
327 :			$sql = "DELETE FROM #__permissions WHERE action='$action' AND subject_type='$subject_type'AND subject_id='$subject_id' AND system=0";
328 :			$this->doSQL($sql);
329 :			$this->roles = array();
330 :	root	1	}
331 :
332 :			}
333 :
334 :
335 :
336 :
337 :			// ----- NO MORE CLASSES OR FUNCTIONS PASSED THIS POINT -----
338 :			// Post class declaration initialisations
339 :			// some version of PHP don't allow the instantiation of classes
340 :			// before they are defined
341 :
342 :	mambo	117	?>

	ViewVC Help
Powered by ViewVC 1.0.0

Web Hosting provided by Network Redux.

MyGforge Home

Mambo CMS

Annotation of /mambo/branches/4.6/includes/mambo.php