mirror of
https://git.code.sf.net/p/seeddms/code
synced 2024-10-04 23:22:24 +00:00
391 lines
11 KiB
PHP
391 lines
11 KiB
PHP
<?php
|
||
/**
|
||
* Implementation of a access control list.
|
||
*
|
||
* SeedDMS uses access control list for setting permission,
|
||
* on various operations.
|
||
*
|
||
* @category DMS
|
||
* @package SeedDMS
|
||
* @license GPL 2
|
||
* @version @version@
|
||
* @author Uwe Steinmann <uwe@steinmann.cx>
|
||
* @copyright 2016 Uwe Steinmann
|
||
* @version Release: @package_version@
|
||
*/
|
||
|
||
/**
|
||
* Class to represent an access request object
|
||
*
|
||
* This class provides a model for access request objects.
|
||
*
|
||
* @category DMS
|
||
* @package SeedDMS
|
||
* @author Uwe Steinmann <uwe@steinmann.cx>
|
||
* @copyright 2016 Uwe Steinmann
|
||
* @version Release: @package_version@
|
||
*/
|
||
class SeedDMS_Acl { /* {{{ */
|
||
/**
|
||
* @var object $dms reference to dms object.
|
||
* @access public
|
||
*/
|
||
public $_dms;
|
||
|
||
/**
|
||
* Create a new instance of an acl
|
||
*
|
||
* @param object $dms object of dms
|
||
* @return object instance of SeedDMS_Acl
|
||
*/
|
||
public function __construct($dms) { /* {{{ */
|
||
$this->_dms = $dms;
|
||
} /* }}} */
|
||
|
||
/**
|
||
* Check if Aro has access on Aco
|
||
*
|
||
* @param object $aro access request object
|
||
* @param object $aco access control object
|
||
* @return integer/boolean -1 if access is explictly denied, 1 if access
|
||
* is explictly allow, 0 if no access restrictions exists, false if
|
||
* an error occured.
|
||
*/
|
||
public function check($aro, $aco) { /* {{{ */
|
||
$db = $this->_dms->getDB();
|
||
|
||
while($aco) {
|
||
$acoid = $aco->getID();
|
||
$queryStr = "SELECT * FROM `tblArosAcos` WHERE `aro`=".$aro->getID()." AND `aco`=".$acoid;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return false;
|
||
if (count($resArr) == 1)
|
||
return((int) $resArr[0]['read']);
|
||
|
||
$aco = $aco->getParent();
|
||
}
|
||
|
||
return 0;
|
||
} /* }}} */
|
||
|
||
public function toggle($aro, $aco) { /* {{{ */
|
||
$db = $this->_dms->getDB();
|
||
$queryStr = "SELECT * FROM `tblArosAcos` WHERE `aro`=".$aro->getID()." AND `aco`=".$aco->getID();
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return false;
|
||
if (count($resArr) != 1)
|
||
return false;
|
||
$resArr = $resArr[0];
|
||
|
||
$newperm = $resArr['read'] == 1 ? -1 : 1;
|
||
$queryStr = "UPDATE `tblArosAcos` SET `read`=".$newperm." WHERE `aro`=".$aro->getID()." AND `aco`=".$aco->getID();
|
||
if (!$db->getResult($queryStr))
|
||
return false;
|
||
return true;
|
||
|
||
} /* }}} */
|
||
|
||
public function add($aro, $aco, $perm=-1) { /* {{{ */
|
||
$db = $this->_dms->getDB();
|
||
$queryStr = "SELECT * FROM `tblArosAcos` WHERE `aro`=".$aro->getID()." AND `aco`=".$aco->getID();
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return false;
|
||
if (count($resArr) == 1) {
|
||
$resArr = $resArr[0];
|
||
|
||
$newperm = $resArr['read'] == 1 ? -1 : 1;
|
||
$queryStr = "UPDATE `tblArosAcos` SET `read`=".$newperm." WHERE `aro`=".$aro->getID()." AND `aco`=".$aco->getID();
|
||
if (!$db->getResult($queryStr))
|
||
return false;
|
||
} else {
|
||
$queryStr = "INSERT INTO `tblArosAcos` (`aro`, `aco`, `read`) VALUES (".$aro->getID().", ".$aco->getID().", ".$perm.")";
|
||
if (!$db->getResult($queryStr))
|
||
return false;
|
||
}
|
||
return true;
|
||
|
||
} /* }}} */
|
||
|
||
public function remove($aro, $aco) { /* {{{ */
|
||
$db = $this->_dms->getDB();
|
||
$queryStr = "DELETE FROM `tblArosAcos` WHERE `aro`=".$aro->getID()." AND `aco`=".$aco->getID();
|
||
if (!$db->getResult($queryStr))
|
||
return false;
|
||
return true;
|
||
} /* }}} */
|
||
} /* }}} */
|
||
|
||
/**
|
||
* Class to represent an access request/controll object
|
||
*
|
||
* This class provides a model for access request/controll objects.
|
||
*
|
||
* @category DMS
|
||
* @package SeedDMS
|
||
* @author Uwe Steinmann <uwe@steinmann.cx>
|
||
* @copyright 2016 Uwe Steinmann
|
||
* @version Release: @package_version@
|
||
*/
|
||
class SeedDMS_AroAco { /* {{{ */
|
||
/**
|
||
* @var object $dms reference to dms object.
|
||
* @access protected
|
||
*/
|
||
public $_dms;
|
||
|
||
/**
|
||
* @var integer id of access request object
|
||
*/
|
||
protected $_id;
|
||
|
||
/**
|
||
* @var integer id of parent of access request object
|
||
*/
|
||
protected $_parent;
|
||
|
||
/**
|
||
* @var string alias of access request object
|
||
*/
|
||
protected $_alias;
|
||
|
||
/**
|
||
* @var object object of access request object
|
||
*/
|
||
protected $_object;
|
||
|
||
/**
|
||
* Create a new instance of an aro
|
||
*
|
||
* @param object $dms object of dms
|
||
* @return object instance of SeedDMS_Aco
|
||
*/
|
||
function __construct($dms, $id, $parent, $object, $alias) { /* {{{ */
|
||
$this->_dmѕ = $dms;
|
||
$this->_id = $id;
|
||
$this->_parent = $parent;
|
||
$this->_object = $object;
|
||
$this->_alias = $alias;
|
||
} /* }}} */
|
||
|
||
public function setDMS($dms) { /* {{{ */
|
||
$this->_dms = $dms;
|
||
} /* }}} */
|
||
|
||
public function getDMS() { /* {{{ */
|
||
return($this->_dms);
|
||
} /* }}} */
|
||
|
||
public function getID() { /* {{{ */
|
||
return $this->_id;
|
||
} /* }}} */
|
||
|
||
public function getAlias() { /* {{{ */
|
||
return $this->_alias;
|
||
} /* }}} */
|
||
|
||
public function getObject() { /* {{{ */
|
||
return $this->_object;
|
||
} /* }}} */
|
||
} /* }}} */
|
||
|
||
/**
|
||
* Class to represent an access request object
|
||
*
|
||
* This class provides a model for access request objects.
|
||
*
|
||
* @category DMS
|
||
* @package SeedDMS
|
||
* @author Uwe Steinmann <uwe@steinmann.cx>
|
||
* @copyright 2016 Uwe Steinmann
|
||
* @version Release: @package_version@
|
||
*/
|
||
class SeedDMS_Aro extends SeedDMS_AroAco { /* {{{ */
|
||
|
||
/**
|
||
* Create a new instance of an aro
|
||
*
|
||
* @param object $dms object to access the underlying database
|
||
* @return object instance of SeedDMS_Aro
|
||
*/
|
||
public static function getInstance($id, $dms) { /* {{{ */
|
||
$db = $dms->getDB();
|
||
if(is_int($id)) {
|
||
$queryStr = "SELECT * FROM `tblAros` WHERE `id` = " . (int) $id;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
if (count($resArr) != 1)
|
||
return null;
|
||
$resArr = $resArr[0];
|
||
} elseif(is_object($id)) {
|
||
if($dms->getClassname('role') == get_class($id)) {
|
||
$model = 'Role';
|
||
$queryStr = "SELECT * FROM `tblAros` WHERE `model`=".$db->qstr($model)." AND `foreignid`=".$id->getID();
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
if (count($resArr) == 0) {
|
||
$queryStr = "INSERT INTO `tblAros` (`parent`, `model`, `foreignid`) VALUES (0, ".$db->qstr($model).", ".$id->getID().")";
|
||
if (!$db->getResult($queryStr))
|
||
return null;
|
||
$id = $db->getInsertID();
|
||
$queryStr = "SELECT * FROM `tblAros` WHERE `id` = " . $id;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
}
|
||
$resArr = $resArr[0];
|
||
} else {
|
||
return null;
|
||
}
|
||
}
|
||
|
||
if($resArr['model'] == 'Role') {
|
||
$classname = $dms->getClassname('role');
|
||
$object = $classname::getInstance($resArr['foreignid'], $dms);
|
||
} else {
|
||
$object = null;
|
||
}
|
||
|
||
$aro = new SeedDMS_Aro($dms, $resArr["id"], $resArr['parent'], $object, $resArr['alias']);
|
||
$aro->setDMS($dms);
|
||
return $aro;
|
||
} /* }}} */
|
||
|
||
} /* }}} */
|
||
|
||
/**
|
||
* Class to represent an access control object
|
||
*
|
||
* This class provides a model for access control objects.
|
||
*
|
||
* @category DMS
|
||
* @package SeedDMS
|
||
* @author Uwe Steinmann <uwe@steinmann.cx>
|
||
* @copyright 2016 Uwe Steinmann
|
||
* @version Release: @package_version@
|
||
*/
|
||
class SeedDMS_Aco extends SeedDMS_AroAco{ /* {{{ */
|
||
|
||
/**
|
||
* Create a new instance of an aco
|
||
*
|
||
* @param object $dms object to access the underlying database
|
||
* @return object instance of SeedDMS_Aco
|
||
*/
|
||
public static function getInstance($id, $dms) { /* {{{ */
|
||
$db = $dms->getDB();
|
||
if(is_int($id)) {
|
||
$queryStr = "SELECT * FROM `tblAcos` WHERE `id` = " . (int) $id;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
if (count($resArr) == 0) {
|
||
return null;
|
||
}
|
||
$resArr = $resArr[0];
|
||
} elseif(is_string($id)) {
|
||
$tmp = explode('/', $id);
|
||
$parentid = 0;
|
||
foreach($tmp as $part) {
|
||
$queryStr = "SELECT * FROM `tblAcos` WHERE `alias` = " . $db->qstr($part);
|
||
// if($parentid)
|
||
$queryStr .= " AND parent=".$parentid;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
if (count($resArr) == 0) {
|
||
$queryStr = "INSERT INTO `tblAcos` (`parent`, `alias`, `model`) VALUES (".$parentid.",".$db->qstr($part).", '')";
|
||
if (!$db->getResult($queryStr))
|
||
return null;
|
||
$id = $db->getInsertID();
|
||
$queryStr = "SELECT * FROM `tblAcos` WHERE `id` = " . $id;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
}
|
||
$parentid = (int) $resArr[0]['id'];
|
||
}
|
||
$resArr = $resArr[0];
|
||
}
|
||
|
||
if($resArr['model'] == 'Document') {
|
||
$classname = $dms->getClassname('document');
|
||
$object = $classname::getInstance($resArr['foreignid'], $dms);
|
||
} elseif($resArr['model'] == 'Folder') {
|
||
$classname = $dms->getClassname('focument');
|
||
$object = $classname::getInstance($resArr['foreignid'], $dms);
|
||
} else {
|
||
$object = null;
|
||
}
|
||
|
||
$aco = new SeedDMS_Aco($dms, $resArr["id"], $resArr['parent'], $object, $resArr['alias']);
|
||
$aco->setDMS($dms);
|
||
return $aco;
|
||
} /* }}} */
|
||
|
||
public function getChildren() { /* {{{ */
|
||
$dms = $this->getDMS();
|
||
$db = $dms->getDB();
|
||
$queryStr = "SELECT * FROM `tblAcos` WHERE `parent` = ".$this->_id." ORDER BY `alias`";
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
if (count($resArr) == 0)
|
||
return null;
|
||
|
||
$acos = array();
|
||
foreach($resArr as $row) {
|
||
$aco = new SeedDMS_Aco($dms, $row["id"], $row['parent'], null, $row['alias']);
|
||
$aco->setDMS($dms);
|
||
$acos[] = $aco;
|
||
}
|
||
return $acos;
|
||
} /* }}} */
|
||
|
||
public function getPermission($aro) { /* {{{ */
|
||
if(!$aro)
|
||
return 0;
|
||
$dms = $this->getDMS();
|
||
$db = $dms->getDB();
|
||
$queryStr = "SELECT * FROM `tblArosAcos` WHERE `aro`=".$aro->getID()." AND `aco`=".$this->_id;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return false;
|
||
if (count($resArr) != 1)
|
||
return 0;
|
||
return (int) $resArr[0]['read'];
|
||
} /* }}} */
|
||
|
||
public static function getRoot($dms) { /* {{{ */
|
||
$db = $dms->getDB();
|
||
$queryStr = "SELECT * FROM `tblAcos` WHERE `parent` = 0 ORDER BY `alias`";
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
|
||
$acos = array();
|
||
foreach($resArr as $row) {
|
||
$aco = new SeedDMS_Aco($dms, $row["id"], $row['parent'], null, $row['alias']);
|
||
$aco->setDMS($dms);
|
||
$acos[] = $aco;
|
||
}
|
||
return $acos;
|
||
} /* }}} */
|
||
|
||
public function getParent() { /* {{{ */
|
||
$dms = $this->getDMS();
|
||
$db = $dms->getDB();
|
||
$queryStr = "SELECT * FROM `tblAcos` WHERE `id` = ".$this->_parent;
|
||
$resArr = $db->getResultArray($queryStr);
|
||
if (is_bool($resArr) && $resArr === false)
|
||
return null;
|
||
if (count($resArr) != 1)
|
||
return null;
|
||
|
||
$row = $resArr[0];
|
||
$aco = new SeedDMS_Aco($dms, $row["id"], $row['parent'], null, $row['alias']);
|
||
$aco->setDMS($dms);
|
||
return $aco;
|
||
} /* }}} */
|
||
} /* }}} */
|