summaryrefslogtreecommitdiffstats
path: root/modules-available/permissionmanager/inc/permissionutil.inc.php
diff options
context:
space:
mode:
authorUdo Walter2017-04-25 14:50:37 +0200
committerUdo Walter2017-04-25 14:50:37 +0200
commit3e4c27599f920e6f630f048f494f5d196fc81b8e (patch)
tree77c61e2867f26fbbfe928266d433652a3248053e /modules-available/permissionmanager/inc/permissionutil.inc.php
parentMerge branches 'master' and 'permission-manager' of git.openslx.org:openslx-n... (diff)
downloadslx-admin-3e4c27599f920e6f630f048f494f5d196fc81b8e.tar.gz
slx-admin-3e4c27599f920e6f630f048f494f5d196fc81b8e.tar.xz
slx-admin-3e4c27599f920e6f630f048f494f5d196fc81b8e.zip
[permissionmanager] added possibility to get a list of allowed locations for a given permission + bugfixes
Diffstat (limited to 'modules-available/permissionmanager/inc/permissionutil.inc.php')
-rw-r--r--modules-available/permissionmanager/inc/permissionutil.inc.php56
1 files changed, 41 insertions, 15 deletions
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 8442f288..fe16f7ab 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -3,14 +3,28 @@
class PermissionUtil
{
public static function userHasPermission($userid, $permissionid, $locationid) {
- $locations = array();
- if (!is_null($locationid)) {
- $res = Database::simpleQuery("SELECT locationid, parentlocationid FROM location");
- while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
- $locations[$row["locationid"]] = $row["parentlocationid"];
+ $locations = Location::getLocationRootChain($locationid);
+ if (count($locations) == 0) return false;
+ else $locations[] = 0;
+
+ $res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
+ role_x_location.locid as 'locationid'
+ FROM user_x_role
+ INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
+ LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+ WHERE user_x_role.userid = :userid", array("userid" => $userid));
+
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $userPermission = trim($row["permissionid"], "*");
+ if (substr($permissionid, 0, strlen($userPermission)) === $userPermission
+ && (is_null($locationid) || in_array($row["locationid"], $locations))) {
+ return true;
}
- if (!array_key_exists($locationid, $locations)) return false;
}
+ return false;
+ }
+
+ public static function getAllowedLocations($userid, $permissionid) {
$res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
role_x_location.locid as 'locationid'
@@ -19,24 +33,36 @@ class PermissionUtil
LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
WHERE user_x_role.userid = :userid", array("userid" => $userid));
+ $allowedLocations = array();
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
$userPermission = trim($row["permissionid"], "*");
if (substr($permissionid, 0, strlen($userPermission)) === $userPermission) {
- if (is_null($locationid) || $locationid == $row["locationid"]) {
- return true;
+ $allowedLocations[] = $row["locationid"];
+ }
+ }
+ $locations = Location::getTree();
+ if (count($allowedLocations) == 1 && $allowedLocations[0] == "0") {
+ $allowedLocations = Location::extractIds($locations);
+ } else {
+ $allowedLocations = self::getSublocations($locations, $allowedLocations);
+ }
+ return $allowedLocations;
+ }
+
+ private static function getSublocations($tree, $locations) {
+ $result = array_flip($locations);
+ foreach ($tree as $location) {
+ if (array_key_exists("children", $location)) {
+ if (in_array($location["locationid"], $locations)) {
+ $result += array_flip(Location::extractIds($location["children"]));
} else {
- $parentlocid = $locationid;
- while ($parentlocid != 0) {
- $parentlocid = $locations[$parentlocid];
- if ($parentlocid == $row["locationid"]) return true;
- }
+ $result += array_flip(self::getSublocations($location["children"], $locations));
}
}
}
- return false;
+ return array_keys($result);
}
-
public static function getPermissions()
{
$permissions = array();