summaryrefslogtreecommitdiffstats
path: root/modules-available/permissionmanager/inc
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/permissionmanager/inc')
-rw-r--r--modules-available/permissionmanager/inc/getpermissiondata.inc.php40
-rw-r--r--modules-available/permissionmanager/inc/permissiondbupdate.inc.php37
-rw-r--r--modules-available/permissionmanager/inc/permissionutil.inc.php59
3 files changed, 98 insertions, 38 deletions
diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
index 13c7ca89..982fa0b7 100644
--- a/modules-available/permissionmanager/inc/getpermissiondata.inc.php
+++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
@@ -2,9 +2,17 @@
class GetPermissionData {
- // get UserIDs, User Login Names, User Roles
+ /**
+ * Get data for all users.
+ *
+ * @return array array of users (each with userid, username and roles (each with roleid and rolename))
+ */
public static function getUserData() {
- $res = self::queryUserData();
+ $res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, role.rolename AS rolename, role.roleid AS roleid
+ FROM user
+ LEFT JOIN user_x_role ON user.userid = user_x_role.userid
+ LEFT JOIN role ON user_x_role.roleid = role.roleid
+ ");
$userdata= array();
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
$userdata[$row['userid'].' '.$row['login']][] = array(
@@ -24,7 +32,11 @@ class GetPermissionData {
return $data;
}
- // get LocationIDs, Location Names, Roles of each Location
+ /**
+ * Get data for all locations.
+ *
+ * @return array array of locations (each including the roles that have permissions for them)
+ */
public static function getLocationData() {
$res = Database::simpleQuery("SELECT role.roleid as roleid, rolename, GROUP_CONCAT(COALESCE(locationid, 0)) AS locationids FROM role
INNER JOIN role_x_location ON role.roleid = role_x_location.roleid GROUP BY roleid ORDER BY rolename ASC");
@@ -46,7 +58,11 @@ class GetPermissionData {
return array_values($locations);
}
- // get all roles from database (id and name)
+ /**
+ * Get all roles.
+ *
+ * @return array array roles (each with roleid and rolename)
+ */
public static function getRoles() {
$res = Database::simpleQuery("SELECT roleid, rolename FROM role ORDER BY rolename ASC");
$data = array();
@@ -59,6 +75,12 @@ class GetPermissionData {
return $data;
}
+ /**
+ * Get permissions and locations for a given role.
+ *
+ * @param string $roleid id of the role
+ * @return array array containing an array of permissions and an array of locations
+ */
public static function getRoleData($roleid) {
$query = "SELECT roleid, rolename FROM role WHERE roleid = :roleid";
$data = Database::queryFirst($query, array("roleid" => $roleid));
@@ -77,14 +99,4 @@ class GetPermissionData {
return $data;
}
- // UserID, User Login Name, Roles of each User
- private static function queryUserData() {
- $res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, role.rolename AS rolename, role.roleid AS roleid
- FROM user
- LEFT JOIN user_x_role ON user.userid = user_x_role.userid
- LEFT JOIN role ON user_x_role.roleid = role.roleid
- ");
- return $res;
- }
-
} \ No newline at end of file
diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
index f144b35e..ffe5fac0 100644
--- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
+++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
@@ -2,7 +2,12 @@
class PermissionDbUpdate {
- // insert new user_x_role to database. "ignore" to ignore duplicate entry try
+ /**
+ * Insert all user/role combinations into the user_x_role table.
+ *
+ * @param array $users userids
+ * @param array $roles roleids
+ */
public static function addRoleToUser($users, $roles) {
$query = "INSERT IGNORE INTO user_x_role (userid, roleid) VALUES (:userid, :roleid)";
foreach($users AS $userid) {
@@ -12,24 +17,34 @@ class PermissionDbUpdate {
}
}
- // remove user_x_role entry from database
+ /**
+ * Remove all user/role combinations from the user_x_role table.
+ *
+ * @param array $users userids
+ * @param array $roles roleids
+ */
public static function removeRoleFromUser($users, $roles) {
$query = "DELETE FROM user_x_role WHERE userid IN (:users) AND roleid IN (:roles)";
Database::exec($query, array("users" => $users, "roles" => $roles));
}
- // delete role, delete user_x_role relationships, delete role_x_location relationships, delete role_x_permission relationships
+ /**
+ * Delete role from the role table.
+ *
+ * @param string $roleid roleid
+ */
public static function deleteRole($roleid) {
- $query = "DELETE FROM role WHERE roleid = :roleid";
- Database::exec($query, array("roleid" => $roleid));
- $query = "DELETE FROM user_x_role WHERE roleid = :roleid";
- Database::exec($query, array("roleid" => $roleid));
- $query = "DELETE FROM role_x_location WHERE roleid = :roleid";
- Database::exec($query, array("roleid" => $roleid));
- $query = "DELETE FROM role_x_permission WHERE roleid = :roleid";
- Database::exec($query, array("roleid" => $roleid));
+ Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid));
}
+ /**
+ * Save changes to a role or create a new one.
+ *
+ * @param string $rolename rolename
+ * @param array $locations array of locations
+ * @param array $permissions array of permissions
+ * @param string|null $roleid roleid or null if the role does not exist yet
+ */
public static function saveRole($rolename, $locations, $permissions, $roleid = NULL) {
if ($roleid) {
Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid",
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 6fc33ad1..5ff41046 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -2,6 +2,14 @@
class PermissionUtil
{
+ /**
+ * Check if the user has the given permission (for the given location).
+ *
+ * @param string $userid userid to check
+ * @param string $permissionid permissionid to check
+ * @param int|null $locationid locationid to check or null if the location should be disregarded
+ * @return bool true if user has permission, false if not
+ */
public static function userHasPermission($userid, $permissionid, $locationid) {
$locations = array();
if (!is_null($locationid)) {
@@ -10,23 +18,29 @@ class PermissionUtil
else $locations[] = 0;
}
- $res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
- role_x_location.locationid as 'locationid'
- FROM user_x_role
+ $res = Database::simpleQuery("SELECT permissionid, locationid FROM user_x_role
INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
- LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+ LEFT JOIN (SELECT roleid, COALESCE(locationid, 0) AS locationid FROM role_x_location) t1
+ ON role_x_permission.roleid = t1.roleid
WHERE user_x_role.userid = :userid", array("userid" => $userid));
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
- $userPermission = trim($row["permissionid"], "*");
- if (substr($permissionid, 0, strlen($userPermission)) === $userPermission
- && (is_null($locationid) || in_array($row["locationid"], $locations))) {
+ $userPermission = rtrim($row["permissionid"], ".*").".";
+ if ((is_null($locationid) || (!is_null($row["locationid"]) && in_array($row["locationid"], $locations))) &&
+ (substr($permissionid.".", 0, strlen($userPermission)) === $userPermission || $userPermission === ".")) {
return true;
}
}
return false;
}
+ /**
+ * Get all locations where the user has the given permission.
+ *
+ * @param string $userid userid to check
+ * @param string $permissionid permissionid to check
+ * @return array array of locationids where the user has the given permission
+ */
public static function getAllowedLocations($userid, $permissionid) {
$res = Database::simpleQuery("SELECT permissionid, COALESCE(locationid, 0) AS locationid FROM user_x_role
@@ -36,8 +50,8 @@ class PermissionUtil
$allowedLocations = array();
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
- $userPermission = trim($row["permissionid"], "*");
- if (!is_null($row["locationid"]) && substr($permissionid, 0, strlen($userPermission)) === $userPermission) {
+ $userPermission = rtrim($row["permissionid"], ".*").".";
+ if (substr($permissionid.".", 0, strlen($userPermission)) === $userPermission || $userPermission === ".") {
$allowedLocations[$row["locationid"]] = 1;
}
}
@@ -45,12 +59,20 @@ class PermissionUtil
$locations = Location::getTree();
if (in_array("0", $allowedLocations)) {
$allowedLocations = array_map("intval", Location::extractIds($locations));
+ $allowedLocations[] = 0;
} else {
$allowedLocations = self::getSublocations($locations, $allowedLocations);
}
return $allowedLocations;
}
+ /**
+ * Extend an array of locations by adding all sublocations.
+ *
+ * @param array $tree tree of all locations (structured like Location::getTree())
+ * @param array $locations the array of locationids to extend
+ * @return array extended array of locationids
+ */
public static function getSublocations($tree, $locations) {
$result = array_flip($locations);
foreach ($tree as $location) {
@@ -65,6 +87,11 @@ class PermissionUtil
return array_keys($result);
}
+ /**
+ * Get all permissions of all active modules that have permissions in their permissions/permissions.json file.
+ *
+ * @return array permission tree as a multidimensional array
+ */
public static function getPermissions()
{
$permissions = array();
@@ -75,7 +102,7 @@ class PermissionUtil
preg_match('#^modules/([^/]+)/#', $file, $out);
foreach( $data as $p ) {
$description = Dictionary::translateFileModule($out[1], "permissions", $p);
- $permissions = self::putInPermissionTree($out[1].".".$p, $description, $permissions);
+ self::putInPermissionTree($out[1].".".$p, $description, $permissions);
}
}
ksort($permissions);
@@ -89,10 +116,16 @@ class PermissionUtil
return $permissions;
}
- private static function putInPermissionTree($permission, $description, $tree)
+ /**
+ * Place a permission into the given permission tree.
+ *
+ * @param string $permission the permission to place in the tree
+ * @param string $description the description of the permission
+ * @param array $tree the permission tree to modify
+ */
+ private static function putInPermissionTree($permission, $description, &$tree)
{
$subPermissions = explode('.', $permission);
- $original =& $tree;
foreach ($subPermissions as $subPermission) {
if ($subPermission) {
if (!array_key_exists($subPermission, $tree)) {
@@ -101,6 +134,6 @@ class PermissionUtil
$tree =& $tree[$subPermission];
}
}
- return $original;
+ $tree = $description;
}
} \ No newline at end of file
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-04 16:14:45 +0200