From 9361d6f74a7407278d4f89911db5be369ec9fcca Mon Sep 17 00:00:00 2001
From: Udo Walter
Date: Mon, 10 Apr 2017 17:00:10 +0200
Subject: [permission-manager] added permission check functionality + bugfixes
---
.../permissionmanager/inc/permissionutil.inc.php | 35 ++++++++++++++++++++++
modules-available/permissionmanager/page.inc.php | 2 +-
.../templates/modulepermissionbox.html | 4 ++-
.../templates/permissiontreenode.html | 20 ++++++-------
4 files changed, 48 insertions(+), 13 deletions(-)
(limited to 'modules-available/permissionmanager')
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index d6adf2bf..8442f288 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -2,6 +2,41 @@
class PermissionUtil
{
+ public static function userHasPermission($userid, $permissionid, $locationid) {
+ $locations = array();
+ if (!is_null($locationid)) {
+ $res = Database::simpleQuery("SELECT locationid, parentlocationid FROM location");
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $locations[$row["locationid"]] = $row["parentlocationid"];
+ }
+ if (!array_key_exists($locationid, $locations)) return false;
+ }
+
+ $res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
+ role_x_location.locid as 'locationid'
+ FROM user_x_role
+ INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
+ LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+ WHERE user_x_role.userid = :userid", array("userid" => $userid));
+
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $userPermission = trim($row["permissionid"], "*");
+ if (substr($permissionid, 0, strlen($userPermission)) === $userPermission) {
+ if (is_null($locationid) || $locationid == $row["locationid"]) {
+ return true;
+ } else {
+ $parentlocid = $locationid;
+ while ($parentlocid != 0) {
+ $parentlocid = $locations[$parentlocid];
+ if ($parentlocid == $row["locationid"]) return true;
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+
public static function getPermissions()
{
$permissions = array();
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index 30cc07c3..326d5b24 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -135,7 +135,7 @@ class Page_PermissionManager extends Page
$res .= Render::parse($genModuleBox ? "modulepermissionbox" : (is_array($v) ? "permissiontreenode" : "permission"),
array("id" => $genModuleBox ? $k : $permString.".".$k,
"name" => $genModuleBox ? Module::get($k)->getDisplayName(): $k,
- "HTML" => self::generatePermissionHTML($v, $genModuleBox ? $k : $permString.".".$k),
+ "HTML" => is_array($v) ? self::generatePermissionHTML($v, $genModuleBox ? $k : $permString.".".$k) : "",
"description" => $v));
}
return $res;
diff --git a/modules-available/permissionmanager/templates/modulepermissionbox.html b/modules-available/permissionmanager/templates/modulepermissionbox.html
index d298409b..69bde718 100644
--- a/modules-available/permissionmanager/templates/modulepermissionbox.html
+++ b/modules-available/permissionmanager/templates/modulepermissionbox.html
@@ -6,6 +6,8 @@
\ No newline at end of file
diff --git a/modules-available/permissionmanager/templates/permissiontreenode.html b/modules-available/permissionmanager/templates/permissiontreenode.html
index e9656902..47bff1f2 100644
--- a/modules-available/permissionmanager/templates/permissiontreenode.html
+++ b/modules-available/permissionmanager/templates/permissiontreenode.html
@@ -1,11 +1,9 @@
-
\ No newline at end of file
+
+
+ {{name}}
+
+
+
--
cgit v1.2.3-55-g7522