summaryrefslogtreecommitdiffstats
path: root/inc/permission.inc.php
blob: f346f1dac8bbb2f6e3e33636e6e6ec731d93935d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php

declare(strict_types=1);

class Permission
{
	private static $permissions = array(
		'superadmin' => 1, // Can do everything
		'baseconfig_global' => 2, // Change configuration globally
		'baseconfig_local' => 4, // Change configuration for specifig groups/rooms
		'translation' => 8, // Can edit translations
	);

	public static function get(string $permission): int
	{
		if (!isset(self::$permissions[$permission])) ErrorHandler::traceError('Invalid permission: ' . $permission);
		return self::$permissions[$permission];
	}


	// TODO: Doc/Refactor
	public static function addGlobalTags(?array &$array, ?int $locationid, array $disabled, ?string $noneAvailDisabled = null): void
	{
		if (Module::get('permissionmanager') === false)
			return;
		if ($array === null) {
			$array = [];
		}
		$one = false;
		foreach ($disabled as $perm) {
			if (User::hasPermission($perm, $locationid)) {
				$one = true;
				continue;
			}
			if (strpos($perm, '.') === false) {
				$array[$perm] = ['disabled' => 'disabled', 'readonly' => 'readonly'];
				continue;
			}
			$temp =& $array;
			foreach (explode('.', $perm) as $sub) {
				if (empty($sub) || $sub === '*')
					continue;
				$temp =& $temp[$sub];
			}
			$temp = ['disabled' => 'disabled', 'readonly' => 'readonly', 'hidden' => 'hidden'];
		}
		if (!$one && !is_null($noneAvailDisabled)) {
			$array[$noneAvailDisabled] = [
				'disabled' => 'disabled',
				'readonly' => 'readonly',
			];
		}
	}

	public static function moduleHasPermissions(string $moduleId): bool
	{
		if (Module::get('permissionmanager') === false)
			return true;
		return file_exists('modules/' . $moduleId . '/permissions/permissions.json');
	}

	/**
	 * Takes a list of locations, removes any locations from it where the user doesn't have permission,
	 * and then re-adds locations resulting from the given query. The given query should return only
	 * one column per row, which is a location id.
	 */
	public static function mergeWithDisallowed(array $passedLocations, string $permission, string $query, array $params): array
	{
		$allowed = User::getAllowedLocations($permission);
		if (in_array(0, $allowed))
			return $passedLocations;
		$passedLocations = array_intersect($passedLocations, $allowed);
		$oldSet = Database::queryColumnArray($query, $params);
		$oldSet = array_diff($oldSet, $allowed);
		if (!empty($oldSet)) {
			$passedLocations = array_unique(array_merge($passedLocations, $oldSet));
		}
		return $passedLocations;
	}

}