diff options
Diffstat (limited to 'modules-available/permissionmanager/inc')
3 files changed, 98 insertions, 38 deletions
diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php index 13c7ca89..982fa0b7 100644 --- a/modules-available/permissionmanager/inc/getpermissiondata.inc.php +++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php @@ -2,9 +2,17 @@ class GetPermissionData { - // get UserIDs, User Login Names, User Roles + /** + * Get data for all users. + * + * @return array array of users (each with userid, username and roles (each with roleid and rolename)) + */ public static function getUserData() { - $res = self::queryUserData(); + $res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, role.rolename AS rolename, role.roleid AS roleid + FROM user + LEFT JOIN user_x_role ON user.userid = user_x_role.userid + LEFT JOIN role ON user_x_role.roleid = role.roleid + "); $userdata= array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { $userdata[$row['userid'].' '.$row['login']][] = array( @@ -24,7 +32,11 @@ class GetPermissionData { return $data; } - // get LocationIDs, Location Names, Roles of each Location + /** + * Get data for all locations. + * + * @return array array of locations (each including the roles that have permissions for them) + */ public static function getLocationData() { $res = Database::simpleQuery("SELECT role.roleid as roleid, rolename, GROUP_CONCAT(COALESCE(locationid, 0)) AS locationids FROM role INNER JOIN role_x_location ON role.roleid = role_x_location.roleid GROUP BY roleid ORDER BY rolename ASC"); @@ -46,7 +58,11 @@ class GetPermissionData { return array_values($locations); } - // get all roles from database (id and name) + /** + * Get all roles. + * + * @return array array roles (each with roleid and rolename) + */ public static function getRoles() { $res = Database::simpleQuery("SELECT roleid, rolename FROM role ORDER BY rolename ASC"); $data = array(); @@ -59,6 +75,12 @@ class GetPermissionData { return $data; } + /** + * Get permissions and locations for a given role. + * + * @param string $roleid id of the role + * @return array array containing an array of permissions and an array of locations + */ public static function getRoleData($roleid) { $query = "SELECT roleid, rolename FROM role WHERE roleid = :roleid"; $data = Database::queryFirst($query, array("roleid" => $roleid)); @@ -77,14 +99,4 @@ class GetPermissionData { return $data; } - // UserID, User Login Name, Roles of each User - private static function queryUserData() { - $res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, role.rolename AS rolename, role.roleid AS roleid - FROM user - LEFT JOIN user_x_role ON user.userid = user_x_role.userid - LEFT JOIN role ON user_x_role.roleid = role.roleid - "); - return $res; - } - }
\ No newline at end of file diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index f144b35e..ffe5fac0 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -2,7 +2,12 @@ class PermissionDbUpdate { - // insert new user_x_role to database. "ignore" to ignore duplicate entry try + /** + * Insert all user/role combinations into the user_x_role table. + * + * @param array $users userids + * @param array $roles roleids + */ public static function addRoleToUser($users, $roles) { $query = "INSERT IGNORE INTO user_x_role (userid, roleid) VALUES (:userid, :roleid)"; foreach($users AS $userid) { @@ -12,24 +17,34 @@ class PermissionDbUpdate { } } - // remove user_x_role entry from database + /** + * Remove all user/role combinations from the user_x_role table. + * + * @param array $users userids + * @param array $roles roleids + */ public static function removeRoleFromUser($users, $roles) { $query = "DELETE FROM user_x_role WHERE userid IN (:users) AND roleid IN (:roles)"; Database::exec($query, array("users" => $users, "roles" => $roles)); } - // delete role, delete user_x_role relationships, delete role_x_location relationships, delete role_x_permission relationships + /** + * Delete role from the role table. + * + * @param string $roleid roleid + */ public static function deleteRole($roleid) { - $query = "DELETE FROM role WHERE roleid = :roleid"; - Database::exec($query, array("roleid" => $roleid)); - $query = "DELETE FROM user_x_role WHERE roleid = :roleid"; - Database::exec($query, array("roleid" => $roleid)); - $query = "DELETE FROM role_x_location WHERE roleid = :roleid"; - Database::exec($query, array("roleid" => $roleid)); - $query = "DELETE FROM role_x_permission WHERE roleid = :roleid"; - Database::exec($query, array("roleid" => $roleid)); + Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); } + /** + * Save changes to a role or create a new one. + * + * @param string $rolename rolename + * @param array $locations array of locations + * @param array $permissions array of permissions + * @param string|null $roleid roleid or null if the role does not exist yet + */ public static function saveRole($rolename, $locations, $permissions, $roleid = NULL) { if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 6fc33ad1..5ff41046 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -2,6 +2,14 @@ class PermissionUtil { + /** + * Check if the user has the given permission (for the given location). + * + * @param string $userid userid to check + * @param string $permissionid permissionid to check + * @param int|null $locationid locationid to check or null if the location should be disregarded + * @return bool true if user has permission, false if not + */ public static function userHasPermission($userid, $permissionid, $locationid) { $locations = array(); if (!is_null($locationid)) { @@ -10,23 +18,29 @@ class PermissionUtil else $locations[] = 0; } - $res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid', - role_x_location.locationid as 'locationid' - FROM user_x_role + $res = Database::simpleQuery("SELECT permissionid, locationid FROM user_x_role INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid - LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid + LEFT JOIN (SELECT roleid, COALESCE(locationid, 0) AS locationid FROM role_x_location) t1 + ON role_x_permission.roleid = t1.roleid WHERE user_x_role.userid = :userid", array("userid" => $userid)); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $userPermission = trim($row["permissionid"], "*"); - if (substr($permissionid, 0, strlen($userPermission)) === $userPermission - && (is_null($locationid) || in_array($row["locationid"], $locations))) { + $userPermission = rtrim($row["permissionid"], ".*")."."; + if ((is_null($locationid) || (!is_null($row["locationid"]) && in_array($row["locationid"], $locations))) && + (substr($permissionid.".", 0, strlen($userPermission)) === $userPermission || $userPermission === ".")) { return true; } } return false; } + /** + * Get all locations where the user has the given permission. + * + * @param string $userid userid to check + * @param string $permissionid permissionid to check + * @return array array of locationids where the user has the given permission + */ public static function getAllowedLocations($userid, $permissionid) { $res = Database::simpleQuery("SELECT permissionid, COALESCE(locationid, 0) AS locationid FROM user_x_role @@ -36,8 +50,8 @@ class PermissionUtil $allowedLocations = array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $userPermission = trim($row["permissionid"], "*"); - if (!is_null($row["locationid"]) && substr($permissionid, 0, strlen($userPermission)) === $userPermission) { + $userPermission = rtrim($row["permissionid"], ".*")."."; + if (substr($permissionid.".", 0, strlen($userPermission)) === $userPermission || $userPermission === ".") { $allowedLocations[$row["locationid"]] = 1; } } @@ -45,12 +59,20 @@ class PermissionUtil $locations = Location::getTree(); if (in_array("0", $allowedLocations)) { $allowedLocations = array_map("intval", Location::extractIds($locations)); + $allowedLocations[] = 0; } else { $allowedLocations = self::getSublocations($locations, $allowedLocations); } return $allowedLocations; } + /** + * Extend an array of locations by adding all sublocations. + * + * @param array $tree tree of all locations (structured like Location::getTree()) + * @param array $locations the array of locationids to extend + * @return array extended array of locationids + */ public static function getSublocations($tree, $locations) { $result = array_flip($locations); foreach ($tree as $location) { @@ -65,6 +87,11 @@ class PermissionUtil return array_keys($result); } + /** + * Get all permissions of all active modules that have permissions in their permissions/permissions.json file. + * + * @return array permission tree as a multidimensional array + */ public static function getPermissions() { $permissions = array(); @@ -75,7 +102,7 @@ class PermissionUtil preg_match('#^modules/([^/]+)/#', $file, $out); foreach( $data as $p ) { $description = Dictionary::translateFileModule($out[1], "permissions", $p); - $permissions = self::putInPermissionTree($out[1].".".$p, $description, $permissions); + self::putInPermissionTree($out[1].".".$p, $description, $permissions); } } ksort($permissions); @@ -89,10 +116,16 @@ class PermissionUtil return $permissions; } - private static function putInPermissionTree($permission, $description, $tree) + /** + * Place a permission into the given permission tree. + * + * @param string $permission the permission to place in the tree + * @param string $description the description of the permission + * @param array $tree the permission tree to modify + */ + private static function putInPermissionTree($permission, $description, &$tree) { $subPermissions = explode('.', $permission); - $original =& $tree; foreach ($subPermissions as $subPermission) { if ($subPermission) { if (!array_key_exists($subPermission, $tree)) { @@ -101,6 +134,6 @@ class PermissionUtil $tree =& $tree[$subPermission]; } } - return $original; + $tree = $description; } }
\ No newline at end of file |