From: Alan Knowles Date: Fri, 7 Oct 2016 06:17:04 +0000 (+0800) Subject: MOVED DataObjects/Group_rights.php to DataObjects/Core_group_right.php X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=commitdiff_plain;h=604cb58c11bd88a8c05d244a1af7e4da32c856a8 MOVED DataObjects/Group_rights.php to DataObjects/Core_group_right.php --- diff --git a/DataObjects/Core_group_right.php b/DataObjects/Core_group_right.php new file mode 100755 index 00000000..b3877d36 --- /dev/null +++ b/DataObjects/Core_group_right.php @@ -0,0 +1,287 @@ +rightname = $rightname; + $t->whereAdd("accessmask like '{$this->escape($right)}'"); + $t->selectAdd(); + $t->selectAdd('distinct(group_id) as group_id'); + return $t->fetchAll('group_id'); + + } + + + function listPermsFromGroupIds($grps, $isAdmin=false, $isOwner = false) { + + $t = clone($this); + $t->whereAdd('group_id IN ('. implode(',', $grps).')'); + $t->autoJoin(); + $t->find(); + + $ret = array(); + while($t->fetch()) { + + + + + if (isset($ret[$t->rightname])) { + $ret[$t->rightname] = $this->mergeMask($ret[$t->rightname], $t->accessmask); + continue; + } + $ret[$t->rightname] = $t->accessmask; + } + // blank out rights that are disabled by the system.. + $defs = $this->defaultPermData(); + + + + //echo "
";print_r($defs);
+        $r = array();
+        foreach($defs as $k=>$v) {
+            
+            
+            
+            if (empty($v[0])) { // delete right if not there..
+                $r[$k] = '';
+                continue;
+            }
+            
+            
+            if (isset($ret[$k])) {
+                if (empty($ret[$k]) && $isAdmin) {
+                    $r[$k] = $v[0] ; // -- it's admin they get rights... can not be disabled..
+                    continue;
+                }
+                // in theory non-owners could sneak in rights here..??
+                $r[$k] = $ret[$k];
+                continue;
+            }
+            // not set contition...
+            if (!$isOwner) {
+                $r[$k] = '';
+                continue;
+            }
+            
+            $r[$k] = $isAdmin ? $v[0] : $v[1];
+            
+       
+        }
+        
+        return $r;
+    }
+    function mergeMask($a, $b) 
+    {
+        // default 
+        $ret = '';
+        for($i=0; $i< strlen($this->fullRights) ; $i++) {
+            if ((strpos($a, $this->fullRights[$i]) > -1) ||
+                (strpos($b, $this->fullRights[$i]) > -1)
+            ) {
+                $ret .= $this->fullRights[$i];
+            }
+        }
+        return $ret;
+        
+        
+    }
+    
+    
+    function defaultPermData()
+    {
+        
+        // we should do better caching of this... really..
+        
+        
+        
+        
+        // what they mean:
+        // A - add
+        // D - delete
+        // E - edit
+        // S - list
+        // P - print / export
+        // I - import
+        // M????
+        
+        
+        $gid = empty($this->group_id) ? 0 : $this->group_id;
+        static $Pman_DataObjects_Group_Right = array();
+        
+        
+        if (!empty($Pman_DataObjects_Group_Right[$gid])) {
+            return $Pman_DataObjects_Group_Right[$gid];
+        }
+        $has_admin = true; ///?? not sure..
+        if ($gid) {
+            $g = DB_DataObject::factory('groups');
+            $g->get($this->group_id);
+            $has_admin = $g->type  == 2 ? false : true;
+        }
+        
+        
+        
+        $ff = HTML_FlexyFramework::get();
+        //print_R($ff);
+        $enabled =  array('Core') ;
+        $enabled = explode(',', $ff->enable);
+        $disabled =  explode(',', $ff->disable? $ff->disable: '');
+        $pman = $ff->rootDir . '/Pman/';
+        $ret = array();
+         //echo '
';print_r($enabled);
+        foreach($enabled as $module) {
+            
+            if (($module == 'Admin') && !$has_admin) {
+                continue;
+            }
+            
+            $fn = $pman. $module.  '/'.$module. '.perms.json';
+            if (!file_exists($fn)) {
+                continue;
+            }
+            $ar = (array)json_decode(file_get_contents($fn));
+            if (empty($ar)) {
+                // since these are critical files.. die'ing with error is ok.
+                die("invalid json file: " . $fn);
+               }
+           // echo '
';print_r($ar);
+            foreach($ar as $k=> $perm) {
+                if ($k[0] == '/') {
+                    continue; // it's a comment..
+                }
+                if (in_array($module, $disabled) || in_array($module.'.'. $k, $disabled)) {
+                    continue;
+                }
+                $ret[$module.'.'. $k ] = $perm;
+            }
+            
+        }
+        $Pman_DataObjects_Group_Right[$gid] = $ret;
+       // print_r($ret);
+        return $Pman_DataObjects_Group_Right[$gid];
+         
+        
+    }
+    
+    function adminRights() // get the admin rights - used when no accounts are available..
+    {
+        $defs = $this->defaultPermData();
+        $ret = array();
+        foreach($defs as $k=>$v) {
+            $ret[$k] = $v[0];
+        
+        }
+        return $ret;
+        
+    }
+    
+    function validate()
+    {
+        // all groups must have the minimum privaligess..
+        // admin group must have all the privaliges
+        $g = DB_DataObject::Factory('groups');
+        $g->get($this->group_id);
+        $defs = $this->defaultPermData();
+        switch($g->name) {
+            case "Administrators";
+                $this->accessmask = $this->mergeMask($this->accessmask, $defs[$this->rightname][0]);
+                break;
+                
+            default:
+                //$this->accessmask = $this->mergeMask($this->accessmask, $defs[$this->rightname][1]);
+                break;
+        
+        }
+        
+    }
+    /**
+     * generates the default admin group.
+     * and returns it.
+     */
+    function genDefault()
+    {
+        // need to create to special groups, admin & DEFAULT.
+        $g = DB_DataObject::Factory('Groups');
+        //$g->name = 'Default';
+        //if (!$g->find(true)) {
+        //    $g->insert();
+        //}
+        $g->id = 0;
+        $this->applyDefs($g, 1);
+    
+        $g = DB_DataObject::Factory('Groups');
+        $g->name = 'Administrators';
+        $g->type = 0;
+        if (!$g->find(true)) {
+            $g->insert();
+        }
+        $this->applyDefs($g, 0);
+        return $g;
+        
+    }
+        
+    function applyDefs($g, $usecol) {
+        
+        $defs = $this->defaultPermData();
+        //echo '
';print_r($defs);
+        //$usecol = 1;
+        foreach($defs as $rightname => $defdata) {
+            $gr = DB_DataObject::Factory('group_rights');
+            $gr->rightname  = $rightname;
+            $gr->group_id = $g->id;
+            if (!$gr->find(true)) {
+                $gr->accessmask = $defdata[$usecol];
+                $gr->insert();
+                continue;
+            }
+            $oldgr = clone($gr);
+            $gr->accessmask = $gr->mergeMask($gr->accessmask, $defdata[$usecol]);
+            if ($gr->accessmask == $oldgr->accessmask) {
+                continue;
+            }
+            $gr->update($oldgr);
+        }
+        
+    }
+        
+    function checkPerm($lvl, $au) 
+    {
+        return false;
+    }  
+    
+}