diff options
Diffstat (limited to 'modules-available/permissionmanager/inc/permissionutil.inc.php')
-rw-r--r-- | modules-available/permissionmanager/inc/permissionutil.inc.php | 59 |
1 files changed, 46 insertions, 13 deletions
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 6fc33ad1..5ff41046 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -2,6 +2,14 @@ class PermissionUtil { + /** + * Check if the user has the given permission (for the given location). + * + * @param string $userid userid to check + * @param string $permissionid permissionid to check + * @param int|null $locationid locationid to check or null if the location should be disregarded + * @return bool true if user has permission, false if not + */ public static function userHasPermission($userid, $permissionid, $locationid) { $locations = array(); if (!is_null($locationid)) { @@ -10,23 +18,29 @@ class PermissionUtil else $locations[] = 0; } - $res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid', - role_x_location.locationid as 'locationid' - FROM user_x_role + $res = Database::simpleQuery("SELECT permissionid, locationid FROM user_x_role INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid - LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid + LEFT JOIN (SELECT roleid, COALESCE(locationid, 0) AS locationid FROM role_x_location) t1 + ON role_x_permission.roleid = t1.roleid WHERE user_x_role.userid = :userid", array("userid" => $userid)); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $userPermission = trim($row["permissionid"], "*"); - if (substr($permissionid, 0, strlen($userPermission)) === $userPermission - && (is_null($locationid) || in_array($row["locationid"], $locations))) { + $userPermission = rtrim($row["permissionid"], ".*")."."; + if ((is_null($locationid) || (!is_null($row["locationid"]) && in_array($row["locationid"], $locations))) && + (substr($permissionid.".", 0, strlen($userPermission)) === $userPermission || $userPermission === ".")) { return true; } } return false; } + /** + * Get all locations where the user has the given permission. + * + * @param string $userid userid to check + * @param string $permissionid permissionid to check + * @return array array of locationids where the user has the given permission + */ public static function getAllowedLocations($userid, $permissionid) { $res = Database::simpleQuery("SELECT permissionid, COALESCE(locationid, 0) AS locationid FROM user_x_role @@ -36,8 +50,8 @@ class PermissionUtil $allowedLocations = array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $userPermission = trim($row["permissionid"], "*"); - if (!is_null($row["locationid"]) && substr($permissionid, 0, strlen($userPermission)) === $userPermission) { + $userPermission = rtrim($row["permissionid"], ".*")."."; + if (substr($permissionid.".", 0, strlen($userPermission)) === $userPermission || $userPermission === ".") { $allowedLocations[$row["locationid"]] = 1; } } @@ -45,12 +59,20 @@ class PermissionUtil $locations = Location::getTree(); if (in_array("0", $allowedLocations)) { $allowedLocations = array_map("intval", Location::extractIds($locations)); + $allowedLocations[] = 0; } else { $allowedLocations = self::getSublocations($locations, $allowedLocations); } return $allowedLocations; } + /** + * Extend an array of locations by adding all sublocations. + * + * @param array $tree tree of all locations (structured like Location::getTree()) + * @param array $locations the array of locationids to extend + * @return array extended array of locationids + */ public static function getSublocations($tree, $locations) { $result = array_flip($locations); foreach ($tree as $location) { @@ -65,6 +87,11 @@ class PermissionUtil return array_keys($result); } + /** + * Get all permissions of all active modules that have permissions in their permissions/permissions.json file. + * + * @return array permission tree as a multidimensional array + */ public static function getPermissions() { $permissions = array(); @@ -75,7 +102,7 @@ class PermissionUtil preg_match('#^modules/([^/]+)/#', $file, $out); foreach( $data as $p ) { $description = Dictionary::translateFileModule($out[1], "permissions", $p); - $permissions = self::putInPermissionTree($out[1].".".$p, $description, $permissions); + self::putInPermissionTree($out[1].".".$p, $description, $permissions); } } ksort($permissions); @@ -89,10 +116,16 @@ class PermissionUtil return $permissions; } - private static function putInPermissionTree($permission, $description, $tree) + /** + * Place a permission into the given permission tree. + * + * @param string $permission the permission to place in the tree + * @param string $description the description of the permission + * @param array $tree the permission tree to modify + */ + private static function putInPermissionTree($permission, $description, &$tree) { $subPermissions = explode('.', $permission); - $original =& $tree; foreach ($subPermissions as $subPermission) { if ($subPermission) { if (!array_key_exists($subPermission, $tree)) { @@ -101,6 +134,6 @@ class PermissionUtil $tree =& $tree[$subPermission]; } } - return $original; + $tree = $description; } }
\ No newline at end of file |