diff options
author | Simon Rettberg | 2018-02-23 18:41:49 +0100 |
---|---|---|
committer | Simon Rettberg | 2018-02-23 18:41:49 +0100 |
commit | 00851bd25e57938a79356d2efb36c2bea1697760 (patch) | |
tree | 11a759430f5a9ddc3b7977bb6c4451aa71287622 /modules-available/permissionmanager | |
parent | [adduser] Extend module to simple user manager (add/edit/remove) (diff) | |
download | slx-admin-00851bd25e57938a79356d2efb36c2bea1697760.tar.gz slx-admin-00851bd25e57938a79356d2efb36c2bea1697760.tar.xz slx-admin-00851bd25e57938a79356d2efb36c2bea1697760.zip |
[adduser] Support setting user's roles on add/edit
Diffstat (limited to 'modules-available/permissionmanager')
-rw-r--r-- | modules-available/permissionmanager/inc/permissiondbupdate.inc.php | 28 | ||||
-rw-r--r-- | modules-available/permissionmanager/inc/permissionutil.inc.php | 23 |
2 files changed, 46 insertions, 5 deletions
diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 1f56f4ea..5f528a37 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -7,17 +7,19 @@ class PermissionDbUpdate * Insert all user/role combinations into the role_x_user table. * * @param int[] $users userids - * @param string[] $roles roleids + * @param int[] $roles roleids */ public static function addRoleToUser($users, $roles) { + if (empty($users) || empty($roles)) + return 0; $arg = array(); foreach ($users AS $userid) { foreach ($roles AS $roleid) { $arg[] = compact('userid', 'roleid'); } } - Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", + return Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", ['arg' => $arg]); } @@ -25,12 +27,28 @@ class PermissionDbUpdate * Remove all user/role combinations from the role_x_user table. * * @param int[] $users userids - * @param string[] $roles roleids + * @param int[] $roles roleids */ public static function removeRoleFromUser($users, $roles) { + if (empty($users) || empty($roles)) + return 0; $query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)"; - Database::exec($query, array("users" => $users, "roles" => $roles)); + return Database::exec($query, array("users" => $users, "roles" => $roles)); + } + + /** + * Assign the specified roles to given users, removing any roles from the users + * that are not in the given set. + * + * @param int[] $users list of user ids + * @param int[] $roles list of role ids + */ + public static function setRolesForUser($users, $roles) + { + $count = Database::exec("DELETE FROM role_x_user WHERE userid in (:users) AND roleid NOT IN (:roles)", + compact('users', 'roles')); + return $count + self::addRoleToUser($users, $roles); } /** @@ -40,7 +58,7 @@ class PermissionDbUpdate */ public static function deleteRole($roleid) { - Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); + return Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); } /** diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 29663ed9..a3a2b610 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -232,6 +232,28 @@ class PermissionUtil } /** + * Get all existing roles. + * + * @param int|false $userid Which user to consider, false = none + * @param bool $onlyMatching true = filter roles the user doesn't have + * @return array list of roles + */ + public static function getRoles($userid = false, $onlyMatching = true) + { + if ($userid === false) { + return Database::queryAll('SELECT roleid, rolename FROM role ORDER BY rolename ASC'); + } + $ret = Database::queryAll('SELECT r.roleid, r.rolename, u.userid AS hasRole FROM role r + LEFT JOIN role_x_user u ON (r.roleid = u.roleid AND u.userid = :userid) + GROUP BY r.roleid + ORDER BY rolename ASC', ['userid' => $userid]); + foreach ($ret as &$role) { + settype($role['hasRole'], 'bool'); + } + return $ret; + } + + /** * Place a permission into the given permission tree. * * @param string $permission the permission to place in the tree @@ -252,4 +274,5 @@ class PermissionUtil } $tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true); } + }
\ No newline at end of file |