diff options
Diffstat (limited to 'inc/permission.inc.php')
-rw-r--r-- | inc/permission.inc.php | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/inc/permission.inc.php b/inc/permission.inc.php index 3a7bdc36..f346f1da 100644 --- a/inc/permission.inc.php +++ b/inc/permission.inc.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + class Permission { private static $permissions = array( @@ -9,18 +11,21 @@ class Permission 'translation' => 8, // Can edit translations ); - public static function get($permission) + public static function get(string $permission): int { - if (!isset(self::$permissions[$permission])) Util::traceError('Invalid permission: ' . $permission); + if (!isset(self::$permissions[$permission])) ErrorHandler::traceError('Invalid permission: ' . $permission); return self::$permissions[$permission]; } // TODO: Doc/Refactor - public static function addGlobalTags(&$array, $locationid, $disabled, $noneAvailDisabled = null) + public static function addGlobalTags(?array &$array, ?int $locationid, array $disabled, ?string $noneAvailDisabled = null): void { if (Module::get('permissionmanager') === false) return; + if ($array === null) { + $array = []; + } $one = false; foreach ($disabled as $perm) { if (User::hasPermission($perm, $locationid)) { @@ -37,7 +42,7 @@ class Permission continue; $temp =& $temp[$sub]; } - $temp = ['disabled' => 'disabled', 'readonly' => 'readonly']; + $temp = ['disabled' => 'disabled', 'readonly' => 'readonly', 'hidden' => 'hidden']; } if (!$one && !is_null($noneAvailDisabled)) { $array[$noneAvailDisabled] = [ @@ -47,12 +52,31 @@ class Permission } } - public static function moduleHasPermissions($moduleId) + public static function moduleHasPermissions(string $moduleId): bool { if (Module::get('permissionmanager') === false) return true; return file_exists('modules/' . $moduleId . '/permissions/permissions.json'); } + /** + * Takes a list of locations, removes any locations from it where the user doesn't have permission, + * and then re-adds locations resulting from the given query. The given query should return only + * one column per row, which is a location id. + */ + public static function mergeWithDisallowed(array $passedLocations, string $permission, string $query, array $params): array + { + $allowed = User::getAllowedLocations($permission); + if (in_array(0, $allowed)) + return $passedLocations; + $passedLocations = array_intersect($passedLocations, $allowed); + $oldSet = Database::queryColumnArray($query, $params); + $oldSet = array_diff($oldSet, $allowed); + if (!empty($oldSet)) { + $passedLocations = array_unique(array_merge($passedLocations, $oldSet)); + } + return $passedLocations; + } + } |