summaryrefslogblamecommitdiffstats
path: root/inc/permission.inc.php
blob: f346f1dac8bbb2f6e3e33636e6e6ec731d93935d (plain) (tree) 
01065674 ^


aa49154e ^


01065674 ^


9792e13f ^

e1dc0d3c ^




9792e13f ^

01065674 ^

06bff0b9 ^

01065674 ^

5eb8df74 ^

01065674 ^



cfa60bc6 ^

c3a4746d ^

06bff0b9 ^

cfa60bc6 ^

fadc375c ^

cfa60bc6 ^

06bff0b9 ^



c3a4746d ^

cfa60bc6 ^

c3a4746d ^


cfa60bc6 ^

c3a4746d ^

cfa60bc6 ^

735ac097 ^

cfa60bc6 ^




7afe5a3f ^

c3a4746d ^

cfa60bc6 ^


ca312a6a ^

cfa60bc6 ^

c3a4746d ^

ad4362a2 ^




c3a4746d ^

cfa60bc6 ^


06bff0b9 ^

fadc375c ^






55c1e9bd ^




55c1e9bd ^

06bff0b9 ^

55c1e9bd ^













01065674 ^


1
2

3
4

5
6

7

8
9
10
11

12

13

14

15

16

17
18
19

20

21

22

23

24

25

26
27
28

29

30

31
32

33

34

35

36

37
38
39
40

41

42

43
44

45

46

47

48
49
50
51

52

53
54

55

56
57
58
59
60
61

62
63
64
65

66

67

68
69
70
71
72
73
74
75
76
77
78
79
80

81
82


     

                        

                
                                            



                                                                                          
          
 
                                                           
         
                                                                                                                            


                                                       
 
                             
                                                                                                                                        
         
                                                               
                               


                                      
                             
                                              

                                                                      
                                         
                         
                                                           
                                                                                                     



                                                               
                                                                
                                                 

                                                     
                                                                                                           
                 
                                                            



                                                         
                 

         
                                                                           





                                                                                             



                                                                                                           
           
                                                                                                                                   












                                                                                                

 
<?php

declare(strict_types=1);

class Permission
{
	private static $permissions = array(
		'superadmin' => 1, // Can do everything
		'baseconfig_global' => 2, // Change configuration globally
		'baseconfig_local' => 4, // Change configuration for specifig groups/rooms
		'translation' => 8, // Can edit translations
	);

	public static function get(string $permission): int
	{
		if (!isset(self::$permissions[$permission])) ErrorHandler::traceError('Invalid permission: ' . $permission);
		return self::$permissions[$permission];
	}


	// TODO: Doc/Refactor
	public static function addGlobalTags(?array &$array, ?int $locationid, array $disabled, ?string $noneAvailDisabled = null): void
	{
		if (Module::get('permissionmanager') === false)
			return;
		if ($array === null) {
			$array = [];
		}
		$one = false;
		foreach ($disabled as $perm) {
			if (User::hasPermission($perm, $locationid)) {
				$one = true;
				continue;
			}
			if (strpos($perm, '.') === false) {
				$array[$perm] = ['disabled' => 'disabled', 'readonly' => 'readonly'];
				continue;
			}
			$temp =& $array;
			foreach (explode('.', $perm) as $sub) {
				if (empty($sub) || $sub === '*')
					continue;
				$temp =& $temp[$sub];
			}
			$temp = ['disabled' => 'disabled', 'readonly' => 'readonly', 'hidden' => 'hidden'];
		}
		if (!$one && !is_null($noneAvailDisabled)) {
			$array[$noneAvailDisabled] = [
				'disabled' => 'disabled',
				'readonly' => 'readonly',
			];
		}
	}

	public static function moduleHasPermissions(string $moduleId): bool
	{
		if (Module::get('permissionmanager') === false)
			return true;
		return file_exists('modules/' . $moduleId . '/permissions/permissions.json');
	}

	/**
	 * Takes a list of locations, removes any locations from it where the user doesn't have permission,
	 * and then re-adds locations resulting from the given query. The given query should return only
	 * one column per row, which is a location id.
	 */
	public static function mergeWithDisallowed(array $passedLocations, string $permission, string $query, array $params): array
	{
		$allowed = User::getAllowedLocations($permission);
		if (in_array(0, $allowed))
			return $passedLocations;
		$passedLocations = array_intersect($passedLocations, $allowed);
		$oldSet = Database::queryColumnArray($query, $params);
		$oldSet = array_diff($oldSet, $allowed);
		if (!empty($oldSet)) {
			$passedLocations = array_unique(array_merge($passedLocations, $oldSet));
		}
		return $passedLocations;
	}

}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2025-01-12 10:23:56 +0100