[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] property/class.acl2.php, 1.1.1.3
|
From: |
nomail |
|
Subject: |
[Phpgroupware-cvs] property/class.acl2.php, 1.1.1.3 |
|
Date: |
Fri, 21 May 2004 15:21:51 -0000 |
Update of /property
Modified Files:
Branch:
class.acl2.php
date: 2004/04/23 21:26:33; author: sigurdne; state: Exp; lines: +841 -841
Log Message:
no message
=====================================================================
Index: property/class.acl2.php
diff -u property/class.acl2.php:1.1.1.2 property/class.acl2.php:1.1.1.3
--- property/class.acl2.php:1.1.1.2 Fri Apr 23 20:25:05 2004
+++ property/class.acl2.php Fri Apr 23 21:26:33 2004
@@ -1,841 +1,841 @@
-<?php
-
/**************************************************************************\
- * phpGroupWare - property
*
- * http://www.phpgroupware.org
*
- *
*
- * Facilities Management
*
- * Written by Sigurd Nes [sigurdne at online.no]
*
- *
------------------------------------------------------------------------ *
- * Copyright 2000 - 2003 Free Software Foundation, Inc
*
- * This program is part of the GNU project, see http://www.gnu.org/
*
- *
------------------------------------------------------------------------ *
- * This program is free software; you can redistribute it and/or modify
it *
- * under the terms of the GNU General Public License as published by the
*
- * Free Software Foundation; either version 2 of the License, or (at
your *
- * option) any later version.
*
-
\**************************************************************************/
-
- class property_acl2
- {
- var $account_id;
- var $host_id;
- var $app_id;
- var $memberships = Array(0=>1); //group 0 is for all users
- var $memberships_sql = ',0'; //group 0 is for all users
- var $rights_cache = Array();
- var $masks_cache = Array();
- var $previous_location; // used for inheritance
- var $db;
-
-
/*************************************************************************\
- * These lines load up the templates class and set some default
values *
-
\*************************************************************************/
- function property_acl2()
- {
- $expected_args[0] =
Array('name'=>'account_id','default'=>$GLOBALS['phpgw_data']['user']['id'],
'type'=>'number');
- $expected_args[1] =
Array('name'=>'host_id','default'=>0, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'app_id','default'=>$GLOBALS['phpgw']->applications->data[$GLOBALS['phpgw_info']['flags']['currentapp']]['id'],
'type'=>'number');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
- $this->db = $GLOBALS['phpgw']->db;
- $this->db2 = $this->db;
- $this->account_id = $args['account_id'];
- $this->host_id = $args['host_id'];
- $this->app_id = $args['app_id'];
- }
-
- function get_account_id($account_id = '',$default_id = '')
- {
- if (gettype($account_id) == 'integer')
- {
- return $account_id;
- }
- elseif ($account_id == '')
- {
- if ($default_id == '')
- {
- return
(isset($GLOBALS['phpgw_data']['user']['id'])?$GLOBALS['phpgw_data']['user']['id']:0);
- }
- elseif (is_string($default_id))
- {
- return
$GLOBALS['phpgw']->accounts->name2id($default_id);
- }
- return intval($default_id);
- }
- elseif (is_string($account_id))
- {
- if($this->exists(intval($account_id)) == True)
- {
- return intval($account_id);
- }
- else
- {
- return
$GLOBALS['phpgw']->accounts->name2id($account_id);
- }
- }
- }
-
-
-
- function membership($accountid = '')
- {
- $account_id = $this->get_account_id($accountid);
-
- $security_equals = Array();
- $security_equals =
$GLOBALS['phpgw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id);
-
- if($security_equals == False)
- {
- return False;
- }
-
- $this->memberships = Array();
-
- for($idx=0; $idx<count($security_equals); $idx++)
- {
- $groups = intval($security_equals[$idx]);
- $this->memberships[] = Array('account_id' =>
$groups, 'account_name' => $this->id2name($groups));
- }
-
- return $this->memberships;
- }
-
-
- function safe_args($expected, $recieved, $line='??', $file='??')
- {
- /* This array will contain all the required fields */
- $required = Array();
-
- /* This array will contain all types for sanatization
checking */
- /* only used when an array is passed as the first arg
*/
- $types = Array();
-
- /* start by looping thru the expected list and set
params with */
- /* the default values
*/
- $num = count($expected);
- for ($i = 0; $i < $num; $i++)
- {
- $args[$expected[$i]['name']] =
$expected[$i]['default'];
- if ($expected[$i]['default'] === '##REQUIRED##')
- {
- $required[$expected[$i]['name']] = True;
- }
- $types[$expected[$i]['name']] =
$expected[$i]['type'];
- }
-
- /* Make sure they passed at least one param */
- if(count($recieved) != 0)
- {
- /* if used as standard function we loop thru
and set by position */
- if(!is_array($recieved[0]))
- {
- for ($i = 0; $i < $num; $i++)
- {
- if(isset($recieved[$i]) &&
$recieved[$i] !== '##DEFAULT##')
- {
-
if(sanitize($recieved[$i],$expected[$i]['type']))
- {
-
$args[$expected[$i]['name']] = $recieved[$i];
-
unset($required[$expected[$i]['name']]);
- }
- else
- {
- echo 'Fatal
Error: Invalid paramater type for '.$expected[$i]['name'].' on line '.$line.'
of '.$file.'<br>';
- exit;
- }
- }
- }
- }
- /* if used as standard function we loop thru
and set by position */
- else
- {
- for ($i = 0; $i < $num; $i++)
- {
- $types[$expected[$i]['name']] =
$expected[$i]['type'];
- }
- while(list($key,$val) =
each($recieved[0]))
- {
- if($val !== '##DEFAULT##')
- {
-
if(sanitize($val,$types[$key]) == True)
- {
- $args[$key] =
$val;
-
unset($required[$key]);
- }
- else
- {
- echo 'Fatal
Error: Invalid paramater type for '.$key.' on line '.$line.' of '.$file.'<br>';
- exit;
- }
- }
- }
- }
- }
- if(count($required) != 0)
- {
- while (list($key) = each($required))
- {
- echo 'Fatal Error: Missing required
paramater '.$key.' on line '.$line.' of '.$file.'<br>';
- }
- exit;
- }
- return $args;
- }
-
-
- function get_memberships ()
- {
- $expected_args[0] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- $sql = "SELECT acl_location,acl_rights FROM fm_acl2
- WHERE (
acl_host='".$this->host_id."' and acl_appid = 0 and acl_account =
".$args['account_id'].")";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
-
- while (!$dbresult->EOF)
- {
-
if(!isset($this->memberships[$dbresult->fields['acl_location']]))
- {
-
$this->memberships[$dbresult->fields['acl_location']] =
$dbresult->fields['acl_rights'];
- $this->memberships_sql .=
','.$dbresult->fields['acl_location'];
-
$this->get_memberships(Array('account_id'=>$dbresult->fields['acl_location']));
- }
- $dbresult->MoveNext();
- }
- }
-
-
- function exists($account_lid)
- {
- static $by_id, $by_lid;
-
- $sql = 'SELECT count(account_id) FROM phpgw_accounts
WHERE ';
- if(is_integer($account_lid))
- {
- if(@isset($by_id[$account_lid]) &&
$by_id[$account_lid] != '')
- {
- return $by_id[$account_lid];
- }
- $sql .= 'account_id=' . $account_lid;
- }
- else
- {
- if(@isset($by_lid[$account_lid]) &&
$by_lid[$account_lid] != '')
- {
- return $by_lid[$account_lid];
- }
- $sql .= "account_lid ='" . $account_lid . "'";
- }
-
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- $ret_val = $dbresult->fields[0] > 0;
- if(gettype($account_lid) == 'integer')
- {
- $by_id[$account_lid] = $ret_val;
- $by_lid[$this->id2name($account_lid)] =
$ret_val;
- }
- else
- {
- $by_lid[$account_lid] = $ret_val;
- $by_id[$this->name2id($account_lid)] = $ret_val;
- }
- return $ret_val;
- }
-
-
-
- function cache_rights()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] =
Array('name'=>'grantor','default'=>False, 'type'=>'any');
- $expected_args[4] =
Array('name'=>'no_effective','default'=>false, 'type'=>'any');
-
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
-
if(isset($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']]))
- {
- return;
- }
-
- $sql = "SELECT
acl_rights,acl_type,acl_data,acl_location FROM fm_acl2 WHERE (acl_appid =
'".$args['app_id']."' ";
- $sql .= " and (acl_account in
(".$args['account_id']."".$this->memberships_sql.'))';
- $sql .= " and acl_location = '". $args['location'] .
"'";
-
- if($args['grantor']>0)
- {
- $sql .= " and (grantor=" . $args['grantor'] .
")";
- }
- else
- {
- $sql .= " and (grantor is NULL)";
- }
-
- $sql .= ') ORDER BY acl_location, acl_type DESC';
-
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- while (!$dbresult->EOF)
- {
-
if($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']]
== 0)
- {
-
$this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
= 0;
- }
-
-
if($this->masks_cache[$args['app_id']][$args['account_id']][$args['location']]
== 0)
- {
-
$this->masks_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
= 0;
- }
-
- if((int)$dbresult->fields['acl_type'] == 0)
- {
-
$this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
=
$this->bit_set($this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']],(int)$dbresult->fields['acl_rights']);
- }
- else
- {
-
$this->masks_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
=
$this->bit_set($this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']],(int)$dbresult->fields['acl_rights']);
- }
-
- if(!$dbresult->fields['acl_rights'])
- {
-
$this->rights_cache[$args['app_id']][$args['account_id']][$args['location']]=0;
-
$this->masks_cache[$args['app_id']][$args['account_id']][$args['location']]=0;
- }
-
- if(!$args['no_effective'])
- {
-
$this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
=
$this->bit_mask($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']],
$this->masks_cache[$args['app_id']][$args['account_id']][$args['location']]);
- }
- $dbresult->MoveNext();
-
- }
- }
-
-
- function check_grant()
- {
- $expected_args[0] =
Array('name'=>'grantor','default'=>$this->account_id, 'type'=>'number');
- $expected_args[1] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[2] =
Array('name'=>'required','default'=>1, 'type'=>'number');
- $expected_args[3] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[5] =
Array('name'=>'no_membership','default'=>false, 'type'=>'number');
- $expected_args[6] =
Array('name'=>'acl_type','default'=>0, 'type'=>'number');
- $expected_args[7] =
Array('name'=>'no_effective','default'=>false, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- if(!$args['no_membership'])
- {
- $memberships =
$this->membership($args['account_id']);
-
- while (is_array($memberships) &&
list(,$account) = each($memberships))
- {
- $member_of[] = $account['account_id'];
- }
-
- if($member_of)
- {
- $this->memberships_sql = ',' .
@implode(",",$member_of);
- }
- }
-
-
$this->cache_rights($args['location'],$args['app_id'],$args['account_id'],$args['grantor'],$args['no_effective']);
- if($args['acl_type']==0)
- {
- return
$this->bit_check($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
- }
- else
- {
- return
$this->bit_check($this->masks_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
- }
- }
-
- function check()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'required','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[4] =
Array('name'=>'no_membership','default'=>false, 'type'=>'number');
- $expected_args[5] =
Array('name'=>'acl_type','default'=>0, 'type'=>'number');
- $expected_args[6] =
Array('name'=>'no_effective','default'=>false, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- if(!$args['no_membership'])
- {
- $memberships =
$this->membership($args['account_id']);
-
- while (is_array($memberships) &&
list(,$account) = each($memberships))
- {
- $member_of[] = $account['account_id'];
- }
-
- if($member_of)
- {
- $this->memberships_sql = ',' .
@implode(",",$member_of);
- }
- }
-
-
$this->cache_rights($args['location'],$args['app_id'],$args['account_id'],False,$args['no_effective']);
- if($args['acl_type']==0)
- {
- return
$this->bit_check($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
- }
- else
- {
- return
$this->bit_check($this->masks_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
- }
- }
-
- /*!
- @function add
- @abstract Adds ACL record to $acl->data
- @discussion Adds ACL record to $acl->data. <br>
- Syntax: array add() <br>
- Example1: acl->add();
- @param $appname default False derives value from
$phpgw_info['flags']['currentapp']
- @param $location location
- @param $rights rights
- */
- function add()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
- $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[5] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- $sql = "SELECT acl_rights FROM fm_acl2 WHERE (acl_appid
= '".$args['app_id']."' ";
- $sql .= " and acl_account = ".$args['account_id'];
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor is NULL)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- if($dbresult->_numOfRows != 0)
- {
- $newrights = $this->bit_set($args['rights'],
(int)$dbresult->fields['acl_rights']);
- $sql = "UPDATE fm_acl2 SET acl_rights
=".$newrights;
- $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location='".$args['location']."' AND acl_type=".$args['type'];
- }
- else
- {
- $sql = "INSERT INTO fm_acl2
(acl_host,acl_appid,acl_account,acl_location,acl_rights,acl_type,acl_data)
VALUES
(".$this->host_id.",".$args['app_id'].",".$args['account_id'].",'".$args['location']."',".$args['rights'].",".$args['type'].",'".$args['data']."')";
- }
- $GLOBALS['phpgw']->db->Execute($sql);
- $this->rights_cache = Array();
- $this->masks_cache = Array();
- }
-
- function set_grant() //inheritance is saved to the database
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
- $expected_args[4] =
Array('name'=>'grantor','default'=>NULL, 'type'=>'any');
- $expected_args[5] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[6] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
- if($args['grantor'])
- {
- $grantor = $args['grantor'];
- $grantor_type = 'g';
- }
- else
- {
- $grantor = $GLOBALS['phpgw_data']['user']['id'];
- }
-
- $sql = "SELECT acl_rights, acl_location FROM fm_acl2
WHERE (acl_appid = '".$args['app_id']."' ";
- $sql .= " and acl_account = ".$args['account_id'];
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor = $grantor)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- while (!$dbresult->EOF)
- {
- if((int)$args['rights'] == 0)
- {
- $sql = "DELETE FROM fm_acl2";
- }
- else
- {
- $sql = "UPDATE fm_acl2 SET acl_rights
=".$args['rights'];
- }
- $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location='".$dbresult->fields['acl_location']."' AND
acl_type=".$args['type'] . " AND grantor = $grantor";
- $GLOBALS['phpgw']->db->Execute($sql);
-
-
$updated_locations[]=$dbresult->fields['acl_location'];
- $dbresult->MoveNext();
- }
-
- $sql = "SELECT id FROM fm_acl_location WHERE (id like
'%".$args['location']."%') AND allow_grant=1";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- while (!$dbresult->EOF)
- {
-
- $add_locations[]=$dbresult->fields['id'];
- $dbresult->MoveNext();
- }
-
- if($updated_locations)
- {
- $add_locations = array_diff($add_locations,
$updated_locations);
- }
- $add_locations =
explode("-",implode("-",$add_locations));
- if(is_array($add_locations) && count($add_locations)>0)
- {
- for ($i=0;$i<count($add_locations);$i++)
- {
-
- for ($j=0;$j<($i+1);$j++)
- {
- $location
=$add_locations[$j];
- }
-
-
if(strlen($location)>=strlen($args['location']))
- {
- if($args['rights'] != 0)
- {
- $sql = "SELECT
acl_rights FROM fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
- $sql .= " and
acl_account = ".$args['account_id'];
- $sql .= " and
acl_location = '$location' and acl_type=".$args['type']. " AND grantor =
$grantor)";
- $dbresult =
$GLOBALS['phpgw']->db->Execute($sql);
-
-
if($dbresult->_numOfRows == 0)
- {
- $sql = "INSERT
INTO fm_acl2
(acl_host,acl_appid,acl_account,acl_location,acl_rights,acl_type,acl_data,grantor,grantor_type)
VALUES
(".$this->host_id.",".$args['app_id'].",".$args['account_id'].",'".$location."',".$args['rights'].",".$args['type'].",'".$args['data']."',$grantor,'$grantor_type')";
-
-
$GLOBALS['phpgw']->db->Execute($sql);
- }
- else
- {
- $sql = "UPDATE
fm_acl2 SET acl_rights =".$args['rights'];
- $sql .= " WHERE
acl_host=".$this->host_id." AND acl_appid=".$args['app_id']." AND
acl_account=".$args['account_id']." AND acl_location='".$location."' AND
acl_type=".$args['type'] . " AND grantor = $grantor";
-
$GLOBALS['phpgw']->db->Execute($sql);
- }
- }
- }
- unset($location);
- }
- }
-
- $this->rights_cache = Array();
- $this->masks_cache = Array();
- }
-
- function set() //inheritance is saved to the database
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
- $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[5] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
- $sql = "SELECT acl_rights, acl_location FROM fm_acl2
WHERE (acl_appid = '".$args['app_id']."' ";
- $sql .= " and acl_account = ".$args['account_id'];
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." AND grantor is NULL)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- while (!$dbresult->EOF)
- {
- if((int)$args['rights'] == 0)
- {
- $sql = "DELETE FROM fm_acl2";
- }
- else
- {
- $sql = "UPDATE fm_acl2 SET acl_rights
=".$args['rights'];
- }
- $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location='".$dbresult->fields['acl_location']."' AND
acl_type=".$args['type'] . ' AND grantor is NULL';
- $GLOBALS['phpgw']->db->Execute($sql);
-
$updated_locations[]=$dbresult->fields['acl_location'];
- $dbresult->MoveNext();
- }
-
- $sql = "SELECT id FROM fm_acl_location WHERE (id like
'%".$args['location']."%')";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- while (!$dbresult->EOF)
- {
-
- $add_locations[]=$dbresult->fields['id'];
- $dbresult->MoveNext();
- }
-
- if($updated_locations)
- {
- $add_locations = array_diff($add_locations,
$updated_locations);
- }
- $add_locations =
explode("-",implode("-",$add_locations));
- if(is_array($add_locations) && count($add_locations)>0)
- {
- for ($i=0;$i<count($add_locations);$i++)
- {
-
- for ($j=0;$j<($i+1);$j++)
- {
- $location
=$add_locations[$j];
- }
-
-
if(strlen($location)>=strlen($args['location']))
- {
- if($args['rights'] != 0)
- {
- $sql = "SELECT
acl_rights FROM fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
- $sql .= " and
acl_account = ".$args['account_id'];
- $sql .= " and
acl_location = '$location' and acl_type=".$args['type']." AND grantor is NULL
)";
- $dbresult =
$GLOBALS['phpgw']->db->Execute($sql);
-
if($dbresult->_numOfRows == 0)
- {
- $sql = "INSERT
INTO fm_acl2
(acl_host,acl_appid,acl_account,acl_location,acl_rights,acl_type,acl_data)
VALUES
(".$this->host_id.",".$args['app_id'].",".$args['account_id'].",'".$location."',".$args['rights'].",".$args['type'].",'".$args['data']."')";
-
-
$GLOBALS['phpgw']->db->Execute($sql);
- }
- else
- {
- $sql = "UPDATE
fm_acl2 SET acl_rights =".$args['rights'];
- $sql .= " WHERE
acl_host=".$this->host_id." AND acl_appid=".$args['app_id']." AND
acl_account=".$args['account_id']." AND acl_location='".$location."' AND
acl_type=".$args['type'] . ' AND grantor is NULL';
-
$GLOBALS['phpgw']->db->Execute($sql);
- }
- }
- }
- unset($location);
- }
- }
-
- $this->rights_cache = Array();
- $this->masks_cache = Array();
- }
-
- function remove()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
- $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[5] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- $sql = "SELECT acl_rights FROM fm_acl2 WHERE (acl_appid
= '".$args['app_id']."' ";
- $sql .= " and acl_account = ".$args['account_id'];
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor is NULL)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- if($dbresult->_numOfRows != 0)
- {
- $newrights =
$this->bit_mask((int)$dbresult->fields['acl_rights'],$args['rights']);
- if ($newrights != 0)
- {
- $sql = "UPDATE fm_acl2 SET acl_rights
=".$newrights;
- }
- else
- {
- $sql = "DELETE FROM fm_acl2";
- }
- $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location LIKE '%".$args['location']."%' AND acl_type=".$args['type'] . '
and grantor is NULL';
- $GLOBALS['phpgw']->db->Execute($sql);
- $this->rights_cache = Array();
- $this->masks_cache = Array();
- }
- }
-
- function remove_grant()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
- $expected_args[4] =
Array('name'=>'grantor','default'=>NULL, 'type'=>'any');
- $expected_args[5] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $expected_args[6] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- if($args['grantor'])
- {
- $grantor = $args['grantor'];
- }
- else
- {
- $grantor = $GLOBALS['phpgw_data']['user']['id'];
- }
-
- $sql = "SELECT acl_rights FROM fm_acl2 WHERE (acl_appid
= '".$args['app_id']."' ";
- $sql .= " and acl_account = ".$args['account_id'];
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor = $grantor)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- if($dbresult->_numOfRows != 0)
- {
- $newrights =
$this->bit_mask((int)$dbresult->fields['acl_rights'],$args['rights']);
- if ($newrights != 0)
- {
- $sql = "UPDATE fm_acl2 SET acl_rights
=".$newrights;
- }
- else
- {
- $sql = "DELETE FROM fm_acl2";
- }
- $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location LIKE '%".$args['location']."%' AND acl_type=".$args['type'] . "
and grantor = $grantor";
- $GLOBALS['phpgw']->db->Execute($sql);
- $this->rights_cache = Array();
- $this->masks_cache = Array();
- }
- }
-
-
/*************************************************************************\
- * Non-standard functions. Should only be used for ACL
management needs *
-
\*************************************************************************/
- function check_specific()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'required','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
- $expected_args[3] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- $sql = "SELECT acl_rights,acl_type,acl_data FROM
fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
- $sql .= " and acl_account = ".$args['account_id'];
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=0)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- $rights = 0;
- while (!$dbresult->EOF)
- {
- $rights =
$this->bit_set($rights,(int)$dbresult->fields['acl_rights']);
- $dbresult->MoveNext();
- }
- return $this->bit_check($rights,$args['required']);
- }
-
- /* I dont feel this function will be needed, and plan to remove
it when certain.
- function check_location()
- {
- $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
- $expected_args[1] =
Array('name'=>'required','default'=>1, 'type'=>'number');
- $expected_args[2] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
- $recieved_args = func_get_args();
- $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
-
- $sql = "SELECT acl_rights,acl_type,acl_data FROM
fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
- $sql .= " and (acl_account in
(".$this->account_id.",".$this->memberships_sql.'))';
- $sql .= " and acl_location = '".$args['location']."'
and acl_type=0)";
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- $rights = 0;
- while (!$dbresult->EOF)
- {
- $rights =
$this->bit_set($rights,(int)$dbresult->fields['acl_rights']);
- $dbresult->MoveNext();
- }
- return $this->bit_check($rights,$args['required']);
- }
- */
- function get_grants($app='',$location='')
- {
- if ($app=='')
- {
- $app = 'property';
//$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
-
- $app_id =
$GLOBALS['phpgw']->applications->data[$app]['id'];
-
- $sql = "select grantor,grantor_type, acl_rights from
fm_acl2 where acl_appid = $app_id AND acl_type=0 and acl_location =
'$location' AND grantor is NOT NULL AND"
- . " fm_acl2.acl_account in ";
- $security = "(". $this->account_id ."";
- $myaccounts = CreateObject('phpgwapi_accounts');
- $my_memberships =
$myaccounts->membership($this->account_id);
-
-// unset($myaccounts);
- @reset($my_memberships);
- while($my_memberships && list($key,$group) =
each($my_memberships))
- {
- $security .= "," . $group['account_id'];
- }
- $security .= ')';
- $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
- $rights = 0;
- $accounts = Array();
- if ($dbresult->_numOfRows == 0)
- {
- $grants[$GLOBALS['phpgw_data']['user']['id']] =
31;
- return $grants;
- }
- while (!$dbresult->EOF)
- {
- $grantor = $dbresult->fields['grantor'];
- $rights = $dbresult->fields['acl_rights'];
-
- $grantor_type =
$dbresult->fields['grantor_type'];
-
- if($grantor_type =='g')
- {
- $grantor_members =
$myaccounts->member($grantor);
-
- foreach($grantor_members as $grantor)
- {
-
$accounts[$grantor['account_id']] = array($grantor['account_id']);
-
-
if(!isset($grants[$grantor['account_id']]))
- {
-
$grants[$grantor['account_id']] = 0;
- }
- $grants[$grantor['account_id']]
|= $rights;
-
reset($accounts[$grantor['account_id']]);
- }
- }
- else
- {
- $accounts[$grantor] = Array($grantor);
- foreach($accounts[$grantor] as
$grantors)
- {
- if(!isset($grants[$grantors]))
- {
- $grants[$grantors] = 0;
- }
- $grants[$grantors] |= $rights;
- }
- reset($accounts[$grantor]);
- }
- $dbresult->MoveNext();
- }
-
- $grants[$GLOBALS['phpgw_data']['user']['id']] = 31;
- return $grants;
- }
-
-
/*************************************************************************\
- * Support functions
*
-
\*************************************************************************/
- /*!
- @function bit_set
- @abstract add/turn_on new bit to current value
- */
- function bit_set($rights, $new)
- {
- return $rights |= $new;
- }
-
- /*!
- @function bit_mask
- @abstract mask/turn_off new bit from current value
- */
- function bit_mask($rights, $mask)
- {
- return $rights &= ~$mask;
- }
-
- /*!
- @function bit_check
- @abstract check if required bit is set/turned_on in the rights
- */
- function bit_check($rights, $required)
- {
- return ($rights & $required);
- }
- }
-?>
+<?php
+
/**************************************************************************\
+ * phpGroupWare - property
*
+ * http://www.phpgroupware.org
*
+ *
*
+ * Facilities Management
*
+ * Written by Sigurd Nes [sigurdne at online.no]
*
+ *
------------------------------------------------------------------------ *
+ * Copyright 2000 - 2003 Free Software Foundation, Inc
*
+ * This program is part of the GNU project, see http://www.gnu.org/
*
+ *
------------------------------------------------------------------------ *
+ * This program is free software; you can redistribute it and/or modify
it *
+ * under the terms of the GNU General Public License as published by the
*
+ * Free Software Foundation; either version 2 of the License, or (at
your *
+ * option) any later version.
*
+
\**************************************************************************/
+
+ class property_acl2
+ {
+ var $account_id;
+ var $host_id;
+ var $app_id;
+ var $memberships = Array(0=>1); //group 0 is for all users
+ var $memberships_sql = ',0'; //group 0 is for all users
+ var $rights_cache = Array();
+ var $masks_cache = Array();
+ var $previous_location; // used for inheritance
+ var $db;
+
+
/*************************************************************************\
+ * These lines load up the templates class and set some default
values *
+
\*************************************************************************/
+ function property_acl2()
+ {
+ $expected_args[0] =
Array('name'=>'account_id','default'=>$GLOBALS['phpgw_data']['user']['id'],
'type'=>'number');
+ $expected_args[1] =
Array('name'=>'host_id','default'=>0, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'app_id','default'=>$GLOBALS['phpgw']->applications->data[$GLOBALS['phpgw_info']['flags']['currentapp']]['id'],
'type'=>'number');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+ $this->db = $GLOBALS['phpgw']->db;
+ $this->db2 = $this->db;
+ $this->account_id = $args['account_id'];
+ $this->host_id = $args['host_id'];
+ $this->app_id = $args['app_id'];
+ }
+
+ function get_account_id($account_id = '',$default_id = '')
+ {
+ if (gettype($account_id) == 'integer')
+ {
+ return $account_id;
+ }
+ elseif ($account_id == '')
+ {
+ if ($default_id == '')
+ {
+ return
(isset($GLOBALS['phpgw_data']['user']['id'])?$GLOBALS['phpgw_data']['user']['id']:0);
+ }
+ elseif (is_string($default_id))
+ {
+ return
$GLOBALS['phpgw']->accounts->name2id($default_id);
+ }
+ return intval($default_id);
+ }
+ elseif (is_string($account_id))
+ {
+ if($this->exists(intval($account_id)) == True)
+ {
+ return intval($account_id);
+ }
+ else
+ {
+ return
$GLOBALS['phpgw']->accounts->name2id($account_id);
+ }
+ }
+ }
+
+
+
+ function membership($accountid = '')
+ {
+ $account_id = $this->get_account_id($accountid);
+
+ $security_equals = Array();
+ $security_equals =
$GLOBALS['phpgw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id);
+
+ if($security_equals == False)
+ {
+ return False;
+ }
+
+ $this->memberships = Array();
+
+ for($idx=0; $idx<count($security_equals); $idx++)
+ {
+ $groups = intval($security_equals[$idx]);
+ $this->memberships[] = Array('account_id' =>
$groups, 'account_name' => $this->id2name($groups));
+ }
+
+ return $this->memberships;
+ }
+
+
+ function safe_args($expected, $recieved, $line='??', $file='??')
+ {
+ /* This array will contain all the required fields */
+ $required = Array();
+
+ /* This array will contain all types for sanatization
checking */
+ /* only used when an array is passed as the first arg
*/
+ $types = Array();
+
+ /* start by looping thru the expected list and set
params with */
+ /* the default values
*/
+ $num = count($expected);
+ for ($i = 0; $i < $num; $i++)
+ {
+ $args[$expected[$i]['name']] =
$expected[$i]['default'];
+ if ($expected[$i]['default'] === '##REQUIRED##')
+ {
+ $required[$expected[$i]['name']] = True;
+ }
+ $types[$expected[$i]['name']] =
$expected[$i]['type'];
+ }
+
+ /* Make sure they passed at least one param */
+ if(count($recieved) != 0)
+ {
+ /* if used as standard function we loop thru
and set by position */
+ if(!is_array($recieved[0]))
+ {
+ for ($i = 0; $i < $num; $i++)
+ {
+ if(isset($recieved[$i]) &&
$recieved[$i] !== '##DEFAULT##')
+ {
+
if(sanitize($recieved[$i],$expected[$i]['type']))
+ {
+
$args[$expected[$i]['name']] = $recieved[$i];
+
unset($required[$expected[$i]['name']]);
+ }
+ else
+ {
+ echo 'Fatal
Error: Invalid paramater type for '.$expected[$i]['name'].' on line '.$line.'
of '.$file.'<br>';
+ exit;
+ }
+ }
+ }
+ }
+ /* if used as standard function we loop thru
and set by position */
+ else
+ {
+ for ($i = 0; $i < $num; $i++)
+ {
+ $types[$expected[$i]['name']] =
$expected[$i]['type'];
+ }
+ while(list($key,$val) =
each($recieved[0]))
+ {
+ if($val !== '##DEFAULT##')
+ {
+
if(sanitize($val,$types[$key]) == True)
+ {
+ $args[$key] =
$val;
+
unset($required[$key]);
+ }
+ else
+ {
+ echo 'Fatal
Error: Invalid paramater type for '.$key.' on line '.$line.' of '.$file.'<br>';
+ exit;
+ }
+ }
+ }
+ }
+ }
+ if(count($required) != 0)
+ {
+ while (list($key) = each($required))
+ {
+ echo 'Fatal Error: Missing required
paramater '.$key.' on line '.$line.' of '.$file.'<br>';
+ }
+ exit;
+ }
+ return $args;
+ }
+
+
+ function get_memberships ()
+ {
+ $expected_args[0] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ $sql = "SELECT acl_location,acl_rights FROM fm_acl2
+ WHERE (
acl_host='".$this->host_id."' and acl_appid = 0 and acl_account =
".$args['account_id'].")";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+
+ while (!$dbresult->EOF)
+ {
+
if(!isset($this->memberships[$dbresult->fields['acl_location']]))
+ {
+
$this->memberships[$dbresult->fields['acl_location']] =
$dbresult->fields['acl_rights'];
+ $this->memberships_sql .=
','.$dbresult->fields['acl_location'];
+
$this->get_memberships(Array('account_id'=>$dbresult->fields['acl_location']));
+ }
+ $dbresult->MoveNext();
+ }
+ }
+
+
+ function exists($account_lid)
+ {
+ static $by_id, $by_lid;
+
+ $sql = 'SELECT count(account_id) FROM phpgw_accounts
WHERE ';
+ if(is_integer($account_lid))
+ {
+ if(@isset($by_id[$account_lid]) &&
$by_id[$account_lid] != '')
+ {
+ return $by_id[$account_lid];
+ }
+ $sql .= 'account_id=' . $account_lid;
+ }
+ else
+ {
+ if(@isset($by_lid[$account_lid]) &&
$by_lid[$account_lid] != '')
+ {
+ return $by_lid[$account_lid];
+ }
+ $sql .= "account_lid ='" . $account_lid . "'";
+ }
+
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ $ret_val = $dbresult->fields[0] > 0;
+ if(gettype($account_lid) == 'integer')
+ {
+ $by_id[$account_lid] = $ret_val;
+ $by_lid[$this->id2name($account_lid)] =
$ret_val;
+ }
+ else
+ {
+ $by_lid[$account_lid] = $ret_val;
+ $by_id[$this->name2id($account_lid)] = $ret_val;
+ }
+ return $ret_val;
+ }
+
+
+
+ function cache_rights()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] =
Array('name'=>'grantor','default'=>False, 'type'=>'any');
+ $expected_args[4] =
Array('name'=>'no_effective','default'=>false, 'type'=>'any');
+
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+
if(isset($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']]))
+ {
+ return;
+ }
+
+ $sql = "SELECT
acl_rights,acl_type,acl_data,acl_location FROM fm_acl2 WHERE (acl_appid =
'".$args['app_id']."' ";
+ $sql .= " and (acl_account in
(".$args['account_id']."".$this->memberships_sql.'))';
+ $sql .= " and acl_location = '". $args['location'] .
"'";
+
+ if($args['grantor']>0)
+ {
+ $sql .= " and (grantor=" . $args['grantor'] .
")";
+ }
+ else
+ {
+ $sql .= " and (grantor is NULL)";
+ }
+
+ $sql .= ') ORDER BY acl_location, acl_type DESC';
+
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ while (!$dbresult->EOF)
+ {
+
if($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']]
== 0)
+ {
+
$this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
= 0;
+ }
+
+
if($this->masks_cache[$args['app_id']][$args['account_id']][$args['location']]
== 0)
+ {
+
$this->masks_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
= 0;
+ }
+
+ if((int)$dbresult->fields['acl_type'] == 0)
+ {
+
$this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
=
$this->bit_set($this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']],(int)$dbresult->fields['acl_rights']);
+ }
+ else
+ {
+
$this->masks_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
=
$this->bit_set($this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']],(int)$dbresult->fields['acl_rights']);
+ }
+
+ if(!$dbresult->fields['acl_rights'])
+ {
+
$this->rights_cache[$args['app_id']][$args['account_id']][$args['location']]=0;
+
$this->masks_cache[$args['app_id']][$args['account_id']][$args['location']]=0;
+ }
+
+ if(!$args['no_effective'])
+ {
+
$this->rights_cache[$args['app_id']][$args['account_id']][$dbresult->fields['acl_location']]
=
$this->bit_mask($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']],
$this->masks_cache[$args['app_id']][$args['account_id']][$args['location']]);
+ }
+ $dbresult->MoveNext();
+
+ }
+ }
+
+
+ function check_grant()
+ {
+ $expected_args[0] =
Array('name'=>'grantor','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[1] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[2] =
Array('name'=>'required','default'=>1, 'type'=>'number');
+ $expected_args[3] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[5] =
Array('name'=>'no_membership','default'=>false, 'type'=>'number');
+ $expected_args[6] =
Array('name'=>'acl_type','default'=>0, 'type'=>'number');
+ $expected_args[7] =
Array('name'=>'no_effective','default'=>false, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ if(!$args['no_membership'])
+ {
+ $memberships =
$this->membership($args['account_id']);
+
+ while (is_array($memberships) &&
list(,$account) = each($memberships))
+ {
+ $member_of[] = $account['account_id'];
+ }
+
+ if($member_of)
+ {
+ $this->memberships_sql = ',' .
@implode(",",$member_of);
+ }
+ }
+
+
$this->cache_rights($args['location'],$args['app_id'],$args['account_id'],$args['grantor'],$args['no_effective']);
+ if($args['acl_type']==0)
+ {
+ return
$this->bit_check($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
+ }
+ else
+ {
+ return
$this->bit_check($this->masks_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
+ }
+ }
+
+ function check()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'required','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[4] =
Array('name'=>'no_membership','default'=>false, 'type'=>'number');
+ $expected_args[5] =
Array('name'=>'acl_type','default'=>0, 'type'=>'number');
+ $expected_args[6] =
Array('name'=>'no_effective','default'=>false, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ if(!$args['no_membership'])
+ {
+ $memberships =
$this->membership($args['account_id']);
+
+ while (is_array($memberships) &&
list(,$account) = each($memberships))
+ {
+ $member_of[] = $account['account_id'];
+ }
+
+ if($member_of)
+ {
+ $this->memberships_sql = ',' .
@implode(",",$member_of);
+ }
+ }
+
+
$this->cache_rights($args['location'],$args['app_id'],$args['account_id'],False,$args['no_effective']);
+ if($args['acl_type']==0)
+ {
+ return
$this->bit_check($this->rights_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
+ }
+ else
+ {
+ return
$this->bit_check($this->masks_cache[$args['app_id']][$args['account_id']][$args['location']],$args['required']);
+ }
+ }
+
+ /*!
+ @function add
+ @abstract Adds ACL record to $acl->data
+ @discussion Adds ACL record to $acl->data. <br>
+ Syntax: array add() <br>
+ Example1: acl->add();
+ @param $appname default False derives value from
$phpgw_info['flags']['currentapp']
+ @param $location location
+ @param $rights rights
+ */
+ function add()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
+ $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[5] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ $sql = "SELECT acl_rights FROM fm_acl2 WHERE (acl_appid
= '".$args['app_id']."' ";
+ $sql .= " and acl_account = ".$args['account_id'];
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor is NULL)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ if($dbresult->_numOfRows != 0)
+ {
+ $newrights = $this->bit_set($args['rights'],
(int)$dbresult->fields['acl_rights']);
+ $sql = "UPDATE fm_acl2 SET acl_rights
=".$newrights;
+ $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location='".$args['location']."' AND acl_type=".$args['type'];
+ }
+ else
+ {
+ $sql = "INSERT INTO fm_acl2
(acl_host,acl_appid,acl_account,acl_location,acl_rights,acl_type,acl_data)
VALUES
(".$this->host_id.",".$args['app_id'].",".$args['account_id'].",'".$args['location']."',".$args['rights'].",".$args['type'].",'".$args['data']."')";
+ }
+ $GLOBALS['phpgw']->db->Execute($sql);
+ $this->rights_cache = Array();
+ $this->masks_cache = Array();
+ }
+
+ function set_grant() //inheritance is saved to the database
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
+ $expected_args[4] =
Array('name'=>'grantor','default'=>NULL, 'type'=>'any');
+ $expected_args[5] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[6] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+ if($args['grantor'])
+ {
+ $grantor = $args['grantor'];
+ $grantor_type = 'g';
+ }
+ else
+ {
+ $grantor = $GLOBALS['phpgw_data']['user']['id'];
+ }
+
+ $sql = "SELECT acl_rights, acl_location FROM fm_acl2
WHERE (acl_appid = '".$args['app_id']."' ";
+ $sql .= " and acl_account = ".$args['account_id'];
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor = $grantor)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ while (!$dbresult->EOF)
+ {
+ if((int)$args['rights'] == 0)
+ {
+ $sql = "DELETE FROM fm_acl2";
+ }
+ else
+ {
+ $sql = "UPDATE fm_acl2 SET acl_rights
=".$args['rights'];
+ }
+ $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location='".$dbresult->fields['acl_location']."' AND
acl_type=".$args['type'] . " AND grantor = $grantor";
+ $GLOBALS['phpgw']->db->Execute($sql);
+
+
$updated_locations[]=$dbresult->fields['acl_location'];
+ $dbresult->MoveNext();
+ }
+
+ $sql = "SELECT id FROM fm_acl_location WHERE (id like
'%".$args['location']."%') AND allow_grant=1";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ while (!$dbresult->EOF)
+ {
+
+ $add_locations[]=$dbresult->fields['id'];
+ $dbresult->MoveNext();
+ }
+
+ if($updated_locations)
+ {
+ $add_locations = array_diff($add_locations,
$updated_locations);
+ }
+ $add_locations =
explode("-",implode("-",$add_locations));
+ if(is_array($add_locations) && count($add_locations)>0)
+ {
+ for ($i=0;$i<count($add_locations);$i++)
+ {
+
+ for ($j=0;$j<($i+1);$j++)
+ {
+ $location
=$add_locations[$j];
+ }
+
+
if(strlen($location)>=strlen($args['location']))
+ {
+ if($args['rights'] != 0)
+ {
+ $sql = "SELECT
acl_rights FROM fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
+ $sql .= " and
acl_account = ".$args['account_id'];
+ $sql .= " and
acl_location = '$location' and acl_type=".$args['type']. " AND grantor =
$grantor)";
+ $dbresult =
$GLOBALS['phpgw']->db->Execute($sql);
+
+
if($dbresult->_numOfRows == 0)
+ {
+ $sql = "INSERT
INTO fm_acl2
(acl_host,acl_appid,acl_account,acl_location,acl_rights,acl_type,acl_data,grantor,grantor_type)
VALUES
(".$this->host_id.",".$args['app_id'].",".$args['account_id'].",'".$location."',".$args['rights'].",".$args['type'].",'".$args['data']."',$grantor,'$grantor_type')";
+
+
$GLOBALS['phpgw']->db->Execute($sql);
+ }
+ else
+ {
+ $sql = "UPDATE
fm_acl2 SET acl_rights =".$args['rights'];
+ $sql .= " WHERE
acl_host=".$this->host_id." AND acl_appid=".$args['app_id']." AND
acl_account=".$args['account_id']." AND acl_location='".$location."' AND
acl_type=".$args['type'] . " AND grantor = $grantor";
+
$GLOBALS['phpgw']->db->Execute($sql);
+ }
+ }
+ }
+ unset($location);
+ }
+ }
+
+ $this->rights_cache = Array();
+ $this->masks_cache = Array();
+ }
+
+ function set() //inheritance is saved to the database
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
+ $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[5] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+ $sql = "SELECT acl_rights, acl_location FROM fm_acl2
WHERE (acl_appid = '".$args['app_id']."' ";
+ $sql .= " and acl_account = ".$args['account_id'];
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." AND grantor is NULL)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ while (!$dbresult->EOF)
+ {
+ if((int)$args['rights'] == 0)
+ {
+ $sql = "DELETE FROM fm_acl2";
+ }
+ else
+ {
+ $sql = "UPDATE fm_acl2 SET acl_rights
=".$args['rights'];
+ }
+ $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location='".$dbresult->fields['acl_location']."' AND
acl_type=".$args['type'] . ' AND grantor is NULL';
+ $GLOBALS['phpgw']->db->Execute($sql);
+
$updated_locations[]=$dbresult->fields['acl_location'];
+ $dbresult->MoveNext();
+ }
+
+ $sql = "SELECT id FROM fm_acl_location WHERE (id like
'%".$args['location']."%')";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ while (!$dbresult->EOF)
+ {
+
+ $add_locations[]=$dbresult->fields['id'];
+ $dbresult->MoveNext();
+ }
+
+ if($updated_locations)
+ {
+ $add_locations = array_diff($add_locations,
$updated_locations);
+ }
+ $add_locations =
explode("-",implode("-",$add_locations));
+ if(is_array($add_locations) && count($add_locations)>0)
+ {
+ for ($i=0;$i<count($add_locations);$i++)
+ {
+
+ for ($j=0;$j<($i+1);$j++)
+ {
+ $location
=$add_locations[$j];
+ }
+
+
if(strlen($location)>=strlen($args['location']))
+ {
+ if($args['rights'] != 0)
+ {
+ $sql = "SELECT
acl_rights FROM fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
+ $sql .= " and
acl_account = ".$args['account_id'];
+ $sql .= " and
acl_location = '$location' and acl_type=".$args['type']." AND grantor is NULL
)";
+ $dbresult =
$GLOBALS['phpgw']->db->Execute($sql);
+
if($dbresult->_numOfRows == 0)
+ {
+ $sql = "INSERT
INTO fm_acl2
(acl_host,acl_appid,acl_account,acl_location,acl_rights,acl_type,acl_data)
VALUES
(".$this->host_id.",".$args['app_id'].",".$args['account_id'].",'".$location."',".$args['rights'].",".$args['type'].",'".$args['data']."')";
+
+
$GLOBALS['phpgw']->db->Execute($sql);
+ }
+ else
+ {
+ $sql = "UPDATE
fm_acl2 SET acl_rights =".$args['rights'];
+ $sql .= " WHERE
acl_host=".$this->host_id." AND acl_appid=".$args['app_id']." AND
acl_account=".$args['account_id']." AND acl_location='".$location."' AND
acl_type=".$args['type'] . ' AND grantor is NULL';
+
$GLOBALS['phpgw']->db->Execute($sql);
+ }
+ }
+ }
+ unset($location);
+ }
+ }
+
+ $this->rights_cache = Array();
+ $this->masks_cache = Array();
+ }
+
+ function remove()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
+ $expected_args[4] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[5] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ $sql = "SELECT acl_rights FROM fm_acl2 WHERE (acl_appid
= '".$args['app_id']."' ";
+ $sql .= " and acl_account = ".$args['account_id'];
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor is NULL)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ if($dbresult->_numOfRows != 0)
+ {
+ $newrights =
$this->bit_mask((int)$dbresult->fields['acl_rights'],$args['rights']);
+ if ($newrights != 0)
+ {
+ $sql = "UPDATE fm_acl2 SET acl_rights
=".$newrights;
+ }
+ else
+ {
+ $sql = "DELETE FROM fm_acl2";
+ }
+ $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location LIKE '%".$args['location']."%' AND acl_type=".$args['type'] . '
and grantor is NULL';
+ $GLOBALS['phpgw']->db->Execute($sql);
+ $this->rights_cache = Array();
+ $this->masks_cache = Array();
+ }
+ }
+
+ function remove_grant()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'rights','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] = Array('name'=>'type','default'=>0,
'type'=>'number');
+ $expected_args[4] =
Array('name'=>'grantor','default'=>NULL, 'type'=>'any');
+ $expected_args[5] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $expected_args[6] =
Array('name'=>'data','default'=>NULL, 'type'=>'any');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ if($args['grantor'])
+ {
+ $grantor = $args['grantor'];
+ }
+ else
+ {
+ $grantor = $GLOBALS['phpgw_data']['user']['id'];
+ }
+
+ $sql = "SELECT acl_rights FROM fm_acl2 WHERE (acl_appid
= '".$args['app_id']."' ";
+ $sql .= " and acl_account = ".$args['account_id'];
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=".$args['type']." and grantor = $grantor)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ if($dbresult->_numOfRows != 0)
+ {
+ $newrights =
$this->bit_mask((int)$dbresult->fields['acl_rights'],$args['rights']);
+ if ($newrights != 0)
+ {
+ $sql = "UPDATE fm_acl2 SET acl_rights
=".$newrights;
+ }
+ else
+ {
+ $sql = "DELETE FROM fm_acl2";
+ }
+ $sql .= " WHERE acl_host=".$this->host_id." AND
acl_appid=".$args['app_id']." AND acl_account=".$args['account_id']." AND
acl_location LIKE '%".$args['location']."%' AND acl_type=".$args['type'] . "
and grantor = $grantor";
+ $GLOBALS['phpgw']->db->Execute($sql);
+ $this->rights_cache = Array();
+ $this->masks_cache = Array();
+ }
+ }
+
+
/*************************************************************************\
+ * Non-standard functions. Should only be used for ACL
management needs *
+
\*************************************************************************/
+ function check_specific()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'required','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'account_id','default'=>$this->account_id, 'type'=>'number');
+ $expected_args[3] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ $sql = "SELECT acl_rights,acl_type,acl_data FROM
fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
+ $sql .= " and acl_account = ".$args['account_id'];
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=0)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ $rights = 0;
+ while (!$dbresult->EOF)
+ {
+ $rights =
$this->bit_set($rights,(int)$dbresult->fields['acl_rights']);
+ $dbresult->MoveNext();
+ }
+ return $this->bit_check($rights,$args['required']);
+ }
+
+ /* I dont feel this function will be needed, and plan to remove
it when certain.
+ function check_location()
+ {
+ $expected_args[0] =
Array('name'=>'location','default'=>'##REQUIRED##', 'type'=>'alphanumeric');
+ $expected_args[1] =
Array('name'=>'required','default'=>1, 'type'=>'number');
+ $expected_args[2] =
Array('name'=>'app_id','default'=>$this->app_id, 'type'=>'number');
+ $recieved_args = func_get_args();
+ $args = $this->safe_args($expected_args,
$recieved_args,__LINE__,__FILE__);
+
+ $sql = "SELECT acl_rights,acl_type,acl_data FROM
fm_acl2 WHERE (acl_appid = '".$args['app_id']."' ";
+ $sql .= " and (acl_account in
(".$this->account_id.",".$this->memberships_sql.'))';
+ $sql .= " and acl_location = '".$args['location']."'
and acl_type=0)";
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ $rights = 0;
+ while (!$dbresult->EOF)
+ {
+ $rights =
$this->bit_set($rights,(int)$dbresult->fields['acl_rights']);
+ $dbresult->MoveNext();
+ }
+ return $this->bit_check($rights,$args['required']);
+ }
+ */
+ function get_grants($app='',$location='')
+ {
+ if ($app=='')
+ {
+ $app = 'property';
//$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+
+ $app_id =
$GLOBALS['phpgw']->applications->data[$app]['id'];
+
+ $sql = "select grantor,grantor_type, acl_rights from
fm_acl2 where acl_appid = $app_id AND acl_type=0 and acl_location =
'$location' AND grantor is NOT NULL AND"
+ . " fm_acl2.acl_account in ";
+ $security = "(". $this->account_id ."";
+ $myaccounts = CreateObject('phpgwapi_accounts');
+ $my_memberships =
$myaccounts->membership($this->account_id);
+
+// unset($myaccounts);
+ @reset($my_memberships);
+ while($my_memberships && list($key,$group) =
each($my_memberships))
+ {
+ $security .= "," . $group['account_id'];
+ }
+ $security .= ')';
+ $dbresult = $GLOBALS['phpgw']->db->Execute($sql);
+ $rights = 0;
+ $accounts = Array();
+ if ($dbresult->_numOfRows == 0)
+ {
+ $grants[$GLOBALS['phpgw_data']['user']['id']] =
31;
+ return $grants;
+ }
+ while (!$dbresult->EOF)
+ {
+ $grantor = $dbresult->fields['grantor'];
+ $rights = $dbresult->fields['acl_rights'];
+
+ $grantor_type =
$dbresult->fields['grantor_type'];
+
+ if($grantor_type =='g')
+ {
+ $grantor_members =
$myaccounts->member($grantor);
+
+ foreach($grantor_members as $grantor)
+ {
+
$accounts[$grantor['account_id']] = array($grantor['account_id']);
+
+
if(!isset($grants[$grantor['account_id']]))
+ {
+
$grants[$grantor['account_id']] = 0;
+ }
+ $grants[$grantor['account_id']]
|= $rights;
+
reset($accounts[$grantor['account_id']]);
+ }
+ }
+ else
+ {
+ $accounts[$grantor] = Array($grantor);
+ foreach($accounts[$grantor] as
$grantors)
+ {
+ if(!isset($grants[$grantors]))
+ {
+ $grants[$grantors] = 0;
+ }
+ $grants[$grantors] |= $rights;
+ }
+ reset($accounts[$grantor]);
+ }
+ $dbresult->MoveNext();
+ }
+
+ $grants[$GLOBALS['phpgw_data']['user']['id']] = 31;
+ return $grants;
+ }
+
+
/*************************************************************************\
+ * Support functions
*
+
\*************************************************************************/
+ /*!
+ @function bit_set
+ @abstract add/turn_on new bit to current value
+ */
+ function bit_set($rights, $new)
+ {
+ return $rights |= $new;
+ }
+
+ /*!
+ @function bit_mask
+ @abstract mask/turn_off new bit from current value
+ */
+ function bit_mask($rights, $mask)
+ {
+ return $rights &= ~$mask;
+ }
+
+ /*!
+ @function bit_check
+ @abstract check if required bit is set/turned_on in the rights
+ */
+ function bit_check($rights, $required)
+ {
+ return ($rights & $required);
+ }
+ }
+?>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] property/class.acl2.php, 1.1.1.3,
nomail <=