path: root/modules-available/permissionmanager/inc/permissiondbupdate.inc.php

<?php

class PermissionDbUpdate
{

	/**
	 * Insert all user/role combinations into the role_x_user table.
	 *
	 * @param int[] $users userids
	 * @param int[] $roles roleids
	 */
	public static function addRoleToUser(array $users, array $roles): int
	{
		if (empty($users) || empty($roles))
			return 0;
		$arg = [];
		foreach ($users AS $userid) {
			foreach ($roles AS $roleid) {
				$arg[] = ['userid' => $userid, 'roleid' => $roleid];
			}
		}
		return Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg",
			['arg' => $arg]);
	}

	/**
	 * Remove all user/role combinations from the role_x_user table.
	 *
	 * @param int[] $users userids
	 * @param int[] $roles roleids
	 */
	public static function removeRoleFromUser(array $users, array $roles): int
	{
		if (empty($users) || empty($roles))
			return 0;
		$query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)";
		return Database::exec($query, ["users" => $users, "roles" => $roles]);
	}

	/**
	 * Assign the specified roles to given users, removing any roles from the users
	 * that are not in the given set.
	 *
	 * @param int[] $users list of user ids
	 * @param int[] $roles list of role ids
	 */
	public static function setRolesForUser(array $users, array $roles): int
	{
		$count = Database::exec("DELETE FROM role_x_user WHERE userid in (:users) AND roleid NOT IN (:roles)",
			compact('users', 'roles'));
		return $count + self::addRoleToUser($users, $roles);
	}

	/**
	 * Delete role from the role table.
	 *
	 * @param int $roleid roleid
	 */
	public static function deleteRole(int $roleid): int
	{
		return Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid));
	}

	/**
	 * Save changes to a role or create a new one.
	 *
	 * @param string $roleName rolename
	 * @param int[] $locations array of locations
	 * @param string[] $permissions array of permissions
	 * @param int|null $roleId roleid or null if the role does not exist yet
	 */
	public static function saveRole(string $roleName, string $roleDescription, array $locations, array $permissions,
											  ?int $roleId = null): void
	{
		foreach ($permissions as &$permission) {
			$permission = strtolower($permission);
		}
		unset($permission);
		if ($roleId) {
			Database::exec("UPDATE role SET rolename = :rolename, roledescription = :roledescription WHERE roleid = :roleid",
				array("rolename" => $roleName, "roledescription" => $roleDescription, "roleid" => $roleId));
			Database::exec("DELETE FROM role_x_location
					WHERE roleid = :roleid AND (locationid NOT IN (:locations) OR locationid IS NULL)",
				array("roleid" => $roleId, 'locations' => $locations));
			Database::exec("DELETE FROM role_x_permission
					WHERE roleid = :roleid AND permissionid NOT IN (:permissions)",
				array("roleid" => $roleId, 'permissions' => $permissions));
		} else {
			Database::exec("INSERT INTO role (rolename, roledescription) VALUES (:rolename, :roledescription)",
				array("rolename" => $roleName, "roledescription" => $roleDescription));
			$roleId = Database::lastInsertId();
		}

		if (!empty($locations)) {
			$arg = array_map(function ($loc) use ($roleId) {
				return ['roleId' => $roleId, 'loc' => $loc];
			}, $locations);
			Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]);
		}

		if (!empty($permissions)) {
			$arg = array_map(function ($perm) use ($roleId) {
				return ['roleId' => $roleId, 'perm' => $perm];
			}, $permissions);
			Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]);
		}
	}

}