DataObjects/Core_domain.php

[Pman.Core] / DataObjects / Group_rights.php

diff --git a/DataObjects/Group_rights.php b/DataObjects/Group_rights.php
index 3a0255b..b3877d3 100755 (executable)
--- a/DataObjects/Group_rights.php
+++ b/DataObjects/Group_rights.php
@@ -34,13 +34,32 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
     
     var $fullRights = "ADESPIM";
     
-    function listPermsFromGroupIds($grps, $isAdmin=false) {
+    
+    function groupsWithRights($rightname, $right)
+    {
+        $t = clone($this);
+        $t->rightname = $rightname;
+        $t->whereAdd("accessmask like '{$this->escape($right)}'");
+        $t->selectAdd();
+        $t->selectAdd('distinct(group_id) as group_id');
+        return $t->fetchAll('group_id');
+         
+    }
+    
+    
+    function listPermsFromGroupIds($grps, $isAdmin=false, $isOwner = false) {
         
         $t = clone($this);
         $t->whereAdd('group_id IN ('. implode(',', $grps).')');
+        $t->autoJoin();
         $t->find();
-        $ret = array();
+        
+         $ret = array();
         while($t->fetch()) {
+            
+           
+            
+            
             if (isset($ret[$t->rightname])) {
                 $ret[$t->rightname] = $this->mergeMask($ret[$t->rightname], $t->accessmask);
                 continue;
@@ -49,9 +68,15 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
         }
         // blank out rights that are disabled by the system..
         $defs = $this->defaultPermData();
+        
+        
+        
         //echo "<PRE>";print_r($defs);
         $r = array();
         foreach($defs as $k=>$v) {
+            
+            
+            
             if (empty($v[0])) { // delete right if not there..
                 $r[$k] = '';
                 continue;
@@ -60,14 +85,18 @@ class Pman_Core_DataObjects_Group_rights extends DB_DataObject
             
             if (isset($ret[$k])) {
                 if (empty($ret[$k]) && $isAdmin) {
-                    $r[$k] = $v[0];
+                    $r[$k] = $v[0] ; // -- it's admin they get rights... can not be disabled..
                     continue;
                 }
-                
+                // in theory non-owners could sneak in rights here..??
                 $r[$k] = $ret[$k];
                 continue;
             }
             // not set contition...
+            if (!$isOwner) {
+                $r[$k] = '';
+                continue;
+            }
             
             $r[$k] = $isAdmin ? $v[0] : $v[1];