From 3e4c27599f920e6f630f048f494f5d196fc81b8e Mon Sep 17 00:00:00 2001
From: Udo Walter
Date: Tue, 25 Apr 2017 14:50:37 +0200
Subject: [permissionmanager] added possibility to get a list of allowed
 locations for a given permission + bugfixes

---
 .../permissionmanager/inc/permissionutil.inc.php   | 56 ++++++++++++++++------
 1 file changed, 41 insertions(+), 15 deletions(-)

(limited to 'modules-available/permissionmanager/inc/permissionutil.inc.php')

diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 8442f288..fe16f7ab 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -3,14 +3,28 @@
 class PermissionUtil
 {
 	public static function userHasPermission($userid, $permissionid, $locationid) {
-		$locations = array();
-		if (!is_null($locationid)) {
-			$res = Database::simpleQuery("SELECT locationid, parentlocationid FROM location");
-			while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-				$locations[$row["locationid"]] = $row["parentlocationid"];
+		$locations = Location::getLocationRootChain($locationid);
+		if (count($locations) == 0) return false;
+		else $locations[] = 0;
+
+		$res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
+													role_x_location.locid as 'locationid'
+												FROM user_x_role
+												INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
+												LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+												WHERE user_x_role.userid = :userid", array("userid" => $userid));
+
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$userPermission = trim($row["permissionid"], "*");
+			if (substr($permissionid, 0, strlen($userPermission)) === $userPermission
+					&& (is_null($locationid) || in_array($row["locationid"], $locations))) {
+				return true;
 			}
-			if (!array_key_exists($locationid, $locations)) return false;
 		}
+		return false;
+	}
+
+	public static function getAllowedLocations($userid, $permissionid) {
 
 		$res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
 													role_x_location.locid as 'locationid'
@@ -19,24 +33,36 @@ class PermissionUtil
 												LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
 												WHERE user_x_role.userid = :userid", array("userid" => $userid));
 
+		$allowedLocations = array();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
 			$userPermission = trim($row["permissionid"], "*");
 			if (substr($permissionid, 0, strlen($userPermission)) === $userPermission) {
-				if (is_null($locationid) || $locationid == $row["locationid"]) {
-					return true;
+				$allowedLocations[] = $row["locationid"];
+			}
+		}
+		$locations = Location::getTree();
+		if (count($allowedLocations) == 1 && $allowedLocations[0] == "0") {
+			$allowedLocations = Location::extractIds($locations);
+		} else {
+			$allowedLocations = self::getSublocations($locations, $allowedLocations);
+		}
+		return $allowedLocations;
+	}
+
+	private static function getSublocations($tree, $locations) {
+		$result = array_flip($locations);
+		foreach ($tree as $location) {
+			if (array_key_exists("children", $location)) {
+				if (in_array($location["locationid"], $locations)) {
+					$result += array_flip(Location::extractIds($location["children"]));
 				} else {
-					$parentlocid = $locationid;
-					while ($parentlocid != 0) {
-						$parentlocid  = $locations[$parentlocid];
-						if ($parentlocid == $row["locationid"]) return true;
-					}
+					$result += array_flip(self::getSublocations($location["children"], $locations));
 				}
 			}
 		}
-		return false;
+		return array_keys($result);
 	}
 
-
 	public static function getPermissions()
 	{
 		$permissions = array();
-- 
cgit v1.2.3-55-g7522