rightname = $rightname; $t->whereAdd("accessmask like '{$this->escape($right)}'"); $t->selectAdd(); $t->selectAdd('distinct(group_id) as group_id'); return $t->fetchAll('group_id'); } function listPermsFromGroupIds($grps, $isAdmin=false, $isOwner = false) { $t = clone($this); $t->whereAdd('group_id IN ('. implode(',', $grps).')'); $t->autoJoin(); $t->find(); $ret = array(); while($t->fetch()) { if (isset($ret[$t->rightname])) { $ret[$t->rightname] = $this->mergeMask($ret[$t->rightname], $t->accessmask); continue; } $ret[$t->rightname] = $t->accessmask; } // blank out rights that are disabled by the system.. $defs = $this->defaultPermData(); //echo "
";print_r($defs); $r = array(); foreach($defs as $k=>$v) { if (empty($v[0])) { // delete right if not there.. $r[$k] = ''; continue; } if (isset($ret[$k])) { if (empty($ret[$k]) && $isAdmin) { $r[$k] = $v[0] ; // -- it's admin they get rights... can not be disabled.. continue; } // in theory non-owners could sneak in rights here..?? $r[$k] = $ret[$k]; continue; } // not set contition... if (!$isOwner) { $r[$k] = ''; continue; } $r[$k] = $isAdmin ? $v[0] : $v[1]; } return $r; } function mergeMask($a, $b) { // default $ret = ''; for($i=0; $i< strlen($this->fullRights) ; $i++) { if ((strpos($a, $this->fullRights[$i]) > -1) || (strpos($b, $this->fullRights[$i]) > -1) ) { $ret .= $this->fullRights[$i]; } } return $ret; } function defaultPermData() { // we should do better caching of this... really.. // what they mean: // A - add // D - delete // E - edit // S - list // P - print / export // I - import // M???? $gid = empty($this->group_id) ? 0 : $this->group_id; static $Pman_DataObjects_Group_Right = array(); if (!empty($Pman_DataObjects_Group_Right[$gid])) { return $Pman_DataObjects_Group_Right[$gid]; } $has_admin = true; ///?? not sure.. if ($gid) { $g = DB_DataObject::factory('core_group'); $g->get($this->group_id); $has_admin = $g->type == 2 ? false : true; } $ff = HTML_FlexyFramework::get(); //print_R($ff); $enabled = array('Core') ; $enabled = explode(',', $ff->enable); $disabled = explode(',', $ff->disable? $ff->disable: ''); $pman = $ff->rootDir . '/Pman/'; $ret = array(); //echo '';print_r($enabled); foreach($enabled as $module) { if (($module == 'Admin') && !$has_admin) { continue; } $fn = $pman. $module. '/'.$module. '.perms.json'; if (!file_exists($fn)) { continue; } $ar = (array)json_decode(file_get_contents($fn)); if (empty($ar)) { // since these are critical files.. die'ing with error is ok. die("invalid json file: " . $fn); } // echo '';print_r($ar); foreach($ar as $k=> $perm) { if ($k[0] == '/') { continue; // it's a comment.. } if (in_array($module, $disabled) || in_array($module.'.'. $k, $disabled)) { continue; } $ret[$module.'.'. $k ] = $perm; } } $Pman_DataObjects_Group_Right[$gid] = $ret; // print_r($ret); return $Pman_DataObjects_Group_Right[$gid]; } function adminRights() // get the admin rights - used when no accounts are available.. { $defs = $this->defaultPermData(); $ret = array(); foreach($defs as $k=>$v) { $ret[$k] = $v[0]; } return $ret; } function validate() { // all groups must have the minimum privaligess.. // admin group must have all the privaliges $g = DB_DataObject::Factory('core_group'); $g->get($this->group_id); $defs = $this->defaultPermData(); switch($g->name) { case "Administrators"; $this->accessmask = $this->mergeMask($this->accessmask, $defs[$this->rightname][0]); break; default: //$this->accessmask = $this->mergeMask($this->accessmask, $defs[$this->rightname][1]); break; } } /** * generates the default admin group. * and returns it. */ function genDefault() { // need to create to special groups, admin & DEFAULT. $g = DB_DataObject::Factory('core_group'); //$g->name = 'Default'; //if (!$g->find(true)) { // $g->insert(); //} $g->id = 0; $this->applyDefs($g, 1); $g = DB_DataObject::Factory('core_group'); $g->name = 'Administrators'; $g->type = 0; if (!$g->find(true)) { $g->insert(); } $this->applyDefs($g, 0); return $g; } function applyDefs($g, $usecol) { $defs = $this->defaultPermData(); //echo '';print_r($defs); //$usecol = 1; foreach($defs as $rightname => $defdata) { $gr = DB_DataObject::Factory('core_group_right'); $gr->rightname = $rightname; $gr->group_id = $g->id; if (!$gr->find(true)) { $gr->accessmask = $defdata[$usecol]; $gr->insert(); continue; } $oldgr = clone($gr); $gr->accessmask = $gr->mergeMask($gr->accessmask, $defdata[$usecol]); if ($gr->accessmask == $oldgr->accessmask) { continue; } $gr->update($oldgr); } } function checkPerm($lvl, $au) { return false; } }