1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?php
class PermissionDbUpdate
{
/**
* Insert all user/role combinations into the role_x_user table.
*
* @param int[] $users userids
* @param int[] $roles roleids
*/
public static function addRoleToUser(array $users, array $roles): int
{
if (empty($users) || empty($roles))
return 0;
$arg = [];
foreach ($users AS $userid) {
foreach ($roles AS $roleid) {
$arg[] = ['userid' => $userid, 'roleid' => $roleid];
}
}
return Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg",
['arg' => $arg]);
}
/**
* Remove all user/role combinations from the role_x_user table.
*
* @param int[] $users userids
* @param int[] $roles roleids
*/
public static function removeRoleFromUser(array $users, array $roles): int
{
if (empty($users) || empty($roles))
return 0;
$query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)";
return Database::exec($query, ["users" => $users, "roles" => $roles]);
}
/**
* Assign the specified roles to given users, removing any roles from the users
* that are not in the given set.
*
* @param int[] $users list of user ids
* @param int[] $roles list of role ids
*/
public static function setRolesForUser(array $users, array $roles): int
{
$count = Database::exec("DELETE FROM role_x_user WHERE userid in (:users) AND roleid NOT IN (:roles)",
compact('users', 'roles'));
return $count + self::addRoleToUser($users, $roles);
}
/**
* Delete role from the role table.
*
* @param int $roleid roleid
*/
public static function deleteRole(int $roleid): int
{
return Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid));
}
/**
* Save changes to a role or create a new one.
*
* @param string $roleName rolename
* @param int[] $locations array of locations
* @param string[] $permissions array of permissions
* @param int|null $roleId roleid or null if the role does not exist yet
*/
public static function saveRole(string $roleName, string $roleDescription, array $locations, array $permissions,
?int $roleId = null): void
{
foreach ($permissions as &$permission) {
$permission = strtolower($permission);
}
unset($permission);
if ($roleId) {
Database::exec("UPDATE role SET rolename = :rolename, roledescription = :roledescription WHERE roleid = :roleid",
array("rolename" => $roleName, "roledescription" => $roleDescription, "roleid" => $roleId));
Database::exec("DELETE FROM role_x_location
WHERE roleid = :roleid AND (locationid NOT IN (:locations) OR locationid IS NULL)",
array("roleid" => $roleId, 'locations' => $locations));
Database::exec("DELETE FROM role_x_permission
WHERE roleid = :roleid AND permissionid NOT IN (:permissions)",
array("roleid" => $roleId, 'permissions' => $permissions));
} else {
Database::exec("INSERT INTO role (rolename, roledescription) VALUES (:rolename, :roledescription)",
array("rolename" => $roleName, "roledescription" => $roleDescription));
$roleId = Database::lastInsertId();
}
if (!empty($locations)) {
$arg = array_map(function ($loc) use ($roleId) {
return ['roleId' => $roleId, 'loc' => $loc];
}, $locations);
Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]);
}
if (!empty($permissions)) {
$arg = array_map(function ($perm) use ($roleId) {
return ['roleId' => $roleId, 'perm' => $perm];
}, $permissions);
Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]);
}
}
}
|
