DataObjects/Core_enum.php

[Pman.Core] / DataObjects / Group_rights.php

diff --git a/DataObjects/Group_rights.php b/DataObjects/Group_rights.php
index 32cd240..b3877d3 100755 (executable)
--- a/DataObjects/Group_rights.php
+++ b/DataObjects/Group_rights.php
@@ -34,13 +34,32 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
     
     var $fullRights = "ADESPIM";
     
-    function listPermsFromGroupIds($grps, $isAdmin=false) {
+    
+    function groupsWithRights($rightname, $right)
+    {
+        $t = clone($this);
+        $t->rightname = $rightname;
+        $t->whereAdd("accessmask like '{$this->escape($right)}'");
+        $t->selectAdd();
+        $t->selectAdd('distinct(group_id) as group_id');
+        return $t->fetchAll('group_id');
+         
+    }
+    
+    
+    function listPermsFromGroupIds($grps, $isAdmin=false, $isOwner = false) {
         
         $t = clone($this);
         $t->whereAdd('group_id IN ('. implode(',', $grps).')');
+        $t->autoJoin();
         $t->find();
-        $ret = array();
+        
+         $ret = array();
         while($t->fetch()) {
+            
+           
+            
+            
             if (isset($ret[$t->rightname])) {
                 $ret[$t->rightname] = $this->mergeMask($ret[$t->rightname], $t->accessmask);
                 continue;
@@ -49,9 +68,15 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
         }
         // blank out rights that are disabled by the system..
         $defs = $this->defaultPermData();
+        
+        
+        
         //echo "<PRE>";print_r($defs);
         $r = array();
         foreach($defs as $k=>$v) {
+            
+            
+            
             if (empty($v[0])) { // delete right if not there..
                 $r[$k] = '';
                 continue;
@@ -60,14 +85,18 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
             
             if (isset($ret[$k])) {
                 if (empty($ret[$k]) && $isAdmin) {
-                    $r[$k] = $v[0];
+                    $r[$k] = $v[0] ; // -- it's admin they get rights... can not be disabled..
                     continue;
                 }
-                
+                // in theory non-owners could sneak in rights here..??
                 $r[$k] = $ret[$k];
                 continue;
             }
             // not set contition...
+            if (!$isOwner) {
+                $r[$k] = '';
+                continue;
+            }
             
             $r[$k] = $isAdmin ? $v[0] : $v[1];
             
@@ -111,17 +140,20 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
         // M????
         
         
-        
+        $gid = empty($this->group_id) ? 0 : $this->group_id;
         static $Pman_DataObjects_Group_Right = array();
         
         
-        if (!empty($Pman_DataObjects_Group_Right[$this->group_id])) {
-            return $Pman_DataObjects_Group_Right[$this->group_id];
+        if (!empty($Pman_DataObjects_Group_Right[$gid])) {
+            return $Pman_DataObjects_Group_Right[$gid];
+        }
+        $has_admin = true; ///?? not sure..
+        if ($gid) {
+            $g = DB_DataObject::factory('groups');
+            $g->get($this->group_id);
+            $has_admin = $g->type  == 2 ? false : true;
         }
         
-        $g = DB_DataObject::factory('groups');
-        $g->get($this->group_id);
-        $has_admin = $g->type  == 2 ? false : true;
         
         
         $ff = HTML_FlexyFramework::get();
@@ -159,9 +191,9 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
             }
             
         }
-        $Pman_DataObjects_Group_Right[$this->group_id] = $ret;
+        $Pman_DataObjects_Group_Right[$gid] = $ret;
        // print_r($ret);
-        return $Pman_DataObjects_Group_Right[$this->group_id];
+        return $Pman_DataObjects_Group_Right[$gid];
          
         
     }