summaryrefslogtreecommitdiffstats
path: root/modules-available/permissionmanager/inc/permissionutil.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/permissionmanager/inc/permissionutil.inc.php')
-rw-r--r--modules-available/permissionmanager/inc/permissionutil.inc.php108
1 files changed, 108 insertions, 0 deletions
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
new file mode 100644
index 00000000..391cd047
--- /dev/null
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -0,0 +1,108 @@
+<?php
+
+class PermissionUtil
+{
+ public static function userHasPermission($userid, $permissionid, $locationid) {
+ $locations = array();
+ if (!is_null($locationid)) {
+ $locations = Location::getLocationRootChain($locationid);
+ if (count($locations) == 0) return false;
+ else $locations[] = 0;
+ }
+
+ $res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
+ role_x_location.locationid as 'locationid'
+ FROM user_x_role
+ INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
+ LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+ WHERE user_x_role.userid = :userid", array("userid" => $userid));
+
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $userPermission = trim($row["permissionid"], "*");
+ if (substr($permissionid, 0, strlen($userPermission)) === $userPermission
+ && (is_null($locationid) || in_array($row["locationid"], $locations))) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public static function getAllowedLocations($userid, $permissionid) {
+
+ $res = Database::simpleQuery("SELECT permissionid, COALESCE(locationid, 0) AS locationid FROM user_x_role
+ INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
+ INNER JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+ WHERE user_x_role.userid = :userid", array("userid" => $userid));
+
+ $allowedLocations = array();
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $userPermission = trim($row["permissionid"], "*");
+ if (!is_null($row["locationid"]) && substr($permissionid, 0, strlen($userPermission)) === $userPermission) {
+ $allowedLocations[$row["locationid"]] = 1;
+ }
+ }
+ $allowedLocations = array_keys($allowedLocations);
+ $locations = Location::getTree();
+ if (in_array("0", $allowedLocations)) {
+ $allowedLocations = array_map("intval", Location::extractIds($locations));
+ } else {
+ $allowedLocations = self::getSublocations($locations, $allowedLocations);
+ }
+ return $allowedLocations;
+ }
+
+ public static function getSublocations($tree, $locations) {
+ $result = array_flip($locations);
+ foreach ($tree as $location) {
+ if (array_key_exists("children", $location)) {
+ if (in_array($location["locationid"], $locations)) {
+ $result += array_flip(Location::extractIds($location["children"]));
+ } else {
+ $result += array_flip(self::getSublocations($location["children"], $locations));
+ }
+ }
+ }
+ return array_keys($result);
+ }
+
+ public static function getPermissions()
+ {
+ $permissions = array();
+ foreach (glob("modules/*/permissions/permissions.json", GLOB_NOSORT) as $file) {
+ $data = json_decode(file_get_contents($file), true);
+ if (!is_array($data))
+ continue;
+ preg_match('#^modules/([^/]+)/#', $file, $out);
+ $newData = array();
+ foreach( $data as $k => $v ) {
+ $newData[] = $v;
+ $permissions = self::putInPermissionTree($out[1].".".$k, $v, $permissions);
+ }
+ }
+ ksort($permissions);
+ global $MENU_CAT_OVERRIDE;
+ $sortingOrder = $MENU_CAT_OVERRIDE;
+ foreach ($permissions as $module => $v) $sortingOrder[Module::get($module)->getCategory()][] = $module;
+ $permissions = array_replace(array_flip(call_user_func_array('array_merge', $sortingOrder)), $permissions);
+ foreach ($permissions as $module => $v) if (is_int($v)) unset($permissions[$module]);
+
+
+ return $permissions;
+ }
+
+ private static function putInPermissionTree($permission, $description, $tree)
+ {
+ $subPermissions = explode('.', $permission);
+ $original =& $tree;
+ foreach ($subPermissions as $subPermission) {
+ if ($subPermission) {
+ if (!array_key_exists($subPermission, $tree)) {
+ $tree[$subPermission] = array();
+ }
+ $tree =& $tree[$subPermission];
+ }
+ }
+ $tree = $description;
+ return $original;
+ }
+} \ No newline at end of file
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-23 19:03:43 +0200