[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] hrm/inc class.sojob.inc.php, 1.8 class.acl2.inc.php,
From: |
sigurdne |
Subject: |
[Phpgroupware-cvs] hrm/inc class.sojob.inc.php, 1.8 class.acl2.inc.php, 1.3 |
Date: |
Tue, 29 Nov 2005 21:22:00 +0100 |
Update of hrm/inc
Modified Files:
Branch: MAIN
class.sojob.inc.php lines: +508 -513
class.acl2.inc.php lines: +827 -831
Log Message:
no message
====================================================
Index: hrm/inc/class.sojob.inc.php
diff -u hrm/inc/class.sojob.inc.php:1.7 hrm/inc/class.sojob.inc.php:1.8
--- hrm/inc/class.sojob.inc.php:1.7 Tue Nov 29 15:07:58 2005
+++ hrm/inc/class.sojob.inc.php Tue Nov 29 20:22:03 2005
@@ -1,516 +1,511 @@
-<?php
- /**
- * phpGroupWare - HRM: a human resource competence management system.
- *
- * @author Sigurd Nes <address@hidden>
- * @copyright Copyright (C) 2003-2005 Free Software Foundation, Inc.
http://www.fsf.org/
- * @license http://www.gnu.org/licenses/gpl.html GNU General Public
License
- * @internal Development of this application was funded by
http://www.bergen.kommune.no/bbb_/ekstern/
- * @package hrm
- * @subpackage job
- * @version $Id$
- */
-
- /**
- * Description
- * @package hrm
- */
-
- class sojob
- {
- function sojob()
- {
- $this->currentapp =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- $this->db = $GLOBALS['phpgw']->db;
- $this->db2 = $this->db;
- $this->account =
$GLOBALS['phpgw_info']['user']['account_id'];
- $this->bocommon =
CreateObject($this->currentapp.'.bocommon');
-
- $this->left_join =
$this->bocommon->left_join;
- $this->join = $this->bocommon->join;
- $this->like = $this->bocommon->like;
- }
-
- function read($data)
- {
- if(is_array($data))
- {
- if ($data['start'])
- {
- $start=$data['start'];
- }
- else
- {
- $start=0;
- }
- $query =
(isset($data['query'])?$data['query']:'');
- $sort =
(isset($data['sort'])?$data['sort']:'DESC');
- $order =
(isset($data['order'])?$data['order']:'');
- $allrows =
(isset($data['allrows'])?$data['allrows']:'');
- }
-
- if ($order)
- {
- $ordermethod = " order by $order $sort";
-
- }
- else
- {
- $ordermethod = ' order by name asc';
- }
-
- $table = 'hrm_job';
-
- $parent_select = ' WHERE job_level =0';
-
- if($query)
- {
- $query = ereg_replace("'",'',$query);
- $query = ereg_replace('"','',$query);
-
- $where = ' AND';
- $querymethod = " name $this->like '%$query%'";
- }
-
- $sql = "SELECT * FROM $table ";
-
- $this->db->query($sql . $parent_select . $where .
$querymethod . $ordermethod,__LINE__,__FILE__);
- $this->total_records = $this->db->num_rows();
-
- while ($this->db->next_record())
- {
- $jobs[] = array
- (
- 'id' => $this->db->f('id'),
- 'level' =>
(int)$this->db->f('job_level'),
- 'owner' => (int)$this->db->f('owner'),
- 'name' =>
stripslashes($this->db->f('name')),
- 'descr' =>
stripslashes($this->db->f('descr')),
- 'parent'=> 0
- );
- }
-
- if ($querymethod)
- {
- $where = ' WHERE';
- $and = ' AND';
- }
- else
- {
- unset($where);
- $and = ' WHERE';
- }
- $num_jobs = count($jobs);
- for ($i=0;$i < $num_jobs;$i++)
- {
- $sub_select = $and . ' job_parent=' .
$jobs[$i]['id'] . " AND job_level=" . ($jobs[$i]['level']+1);
-
- $this->db->query($sql . $where . $querymethod .
$sub_select . $ordermethod,__LINE__,__FILE__);
-
- $this->total_records += $this->db->num_rows();
-
- $subjobs = array();
- $j = 0;
- while ($this->db->next_record())
- {
- $subjobs[$j]['id'] =
(int)$this->db->f('id');
- $subjobs[$j]['owner'] =
(int)$this->db->f('owner');
- $subjobs[$j]['level'] =
(int)$this->db->f('job_level');
- $subjobs[$j]['parent'] =
(int)$this->db->f('job_parent');
- $subjobs[$j]['name'] =
$this->db->f('name');
- $subjobs[$j]['descr'] =
$this->db->f('descr');
- $j++;
- }
-
- $num_subjobs = count($subjobs);
- if ($num_subjobs != 0)
- {
- $newjobs = array();
- for ($k = 0; $k <= $i; $k++)
- {
- $newjobs[$k] = $jobs[$k];
- }
- for ($k = 0; $k < $num_subjobs; $k++)
- {
- $newjobs[$k+$i+1] =
$subjobs[$k];
- }
- for ($k = $i+1; $k < $num_jobs; $k++)
- {
- $newjobs[$k+$num_subjobs] =
$jobs[$k];
- }
- $jobs = $newjobs;
- $num_jobs = count($jobs);
- }
-
- }
-
- if (!$allrows)
- {
- $max =
$GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs'];
- $max = $max + $start;
-
- $k=0;
- for($i=$start;$i<$max;++$i)
- {
- if(is_array($jobs[$i]))
- {
- $sjobs[$k] = $jobs[$i];
- ++$k;
- }
- }
- if(is_array($sjobs))
- {
- $jobs = $sjobs;
- }
- }
-
- return $jobs;
- }
-
-
- function read_single_job($id)
- {
-
- $table = 'hrm_job';
-
- $sql = "SELECT * FROM $table where id='$id'";
-
- $this->db->query($sql,__LINE__,__FILE__);
-
- if ($this->db->next_record())
- {
- $job['id'] = $id;
- $job['parent_id'] =
(int)$this->db->f('job_parent');
- $job['entry_date'] =
$this->db->f('entry_date');
- $job['name'] =
stripslashes($this->db->f('name'));
- $job['descr'] =
stripslashes($this->db->f('descr'));
-
- return $job;
- }
- }
-
-
- function read_task($job_id)
- {
- $sql = "SELECT * from hrm_task WHERE job_id=" .
intval($job_id);
-
- $this->db->query($sql,__LINE__,__FILE__);
-
- while ($this->db->next_record())
- {
- $training[] = array
- (
- 'task_id' => $this->db->f('id'),
- 'name' =>
stripslashes($this->db->f('name')),
- 'descr' =>
stripslashes($this->db->f('descr'))
- );
-
- }
- return $training;
- }
-
-
- function read_single_task($id)
- {
-
- $sql = 'SELECT * FROM hrm_task where id=' . intval($id);
-
- $this->db->query($sql,__LINE__,__FILE__);
-
- if ($this->db->next_record())
- {
- $values['id'] = $id;
- $values['name'] =
stripslashes($this->db->f('name'));
- $values['descr'] =
stripslashes($this->db->f('descr'));
- $values['job_id'] =
$this->db->f('job_id');
- $values['cat_id'] =
$this->db->f('category');
- $values['entry_date'] =
$this->db->f('entry_date');
+<?php
+ /**
+ * phpGroupWare - HRM: a human resource competence management system.
+ *
+ * @author Sigurd Nes <address@hidden>
+ * @copyright Copyright (C) 2003-2005 Free Software Foundation, Inc.
http://www.fsf.org/
+ * @license http://www.gnu.org/licenses/gpl.html GNU General Public
License
+ * @internal Development of this application was funded by
http://www.bergen.kommune.no/bbb_/ekstern/
+ * @package hrm
+ * @subpackage job
+ * @version $Id$
+ */
+
+ /**
+ * Description
+ * @package hrm
+ */
+
+ class sojob
+ {
+ function sojob()
+ {
+ $this->currentapp =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ $this->db = $GLOBALS['phpgw']->db;
+ $this->db2 = $this->db;
+ $this->account =
$GLOBALS['phpgw_info']['user']['account_id'];
+ $this->bocommon =
CreateObject($this->currentapp.'.bocommon');
+
+ $this->left_join =
$this->bocommon->left_join;
+ $this->join = $this->bocommon->join;
+ $this->like = $this->bocommon->like;
+ }
+
+ function read($data)
+ {
+ if(is_array($data))
+ {
+ if ($data['start'])
+ {
+ $start=$data['start'];
+ }
+ else
+ {
+ $start=0;
+ }
+ $query =
(isset($data['query'])?$data['query']:'');
+ $sort =
(isset($data['sort'])?$data['sort']:'DESC');
+ $order =
(isset($data['order'])?$data['order']:'');
+ $allrows =
(isset($data['allrows'])?$data['allrows']:'');
+ }
+
+ if ($order)
+ {
+ $ordermethod = " order by $order $sort";
+
+ }
+ else
+ {
+ $ordermethod = ' order by name asc';
+ }
+
+ $table = 'hrm_job';
+
+ $parent_select = ' WHERE job_level =0';
+
+ if($query)
+ {
+ $query = ereg_replace("'",'',$query);
+ $query = ereg_replace('"','',$query);
+
+ $where = ' AND';
+ $querymethod = " name $this->like '%$query%'";
+ }
+
+ $sql = "SELECT * FROM $table ";
+
+ $this->db->query($sql . $parent_select . $where .
$querymethod . $ordermethod,__LINE__,__FILE__);
+ $this->total_records = $this->db->num_rows();
+
+ while ($this->db->next_record())
+ {
+ $jobs[] = array
+ (
+ 'id' => $this->db->f('id'),
+ 'level' =>
(int)$this->db->f('job_level'),
+ 'owner' => (int)$this->db->f('owner'),
+ 'name' =>
stripslashes($this->db->f('name')),
+ 'descr' =>
stripslashes($this->db->f('descr')),
+ 'parent'=> 0
+ );
+ }
+
+ if ($querymethod)
+ {
+ $where = ' WHERE';
+ $and = ' AND';
+ }
+ else
+ {
+ unset($where);
+ $and = ' WHERE';
+ }
+ $num_jobs = count($jobs);
+ for ($i=0;$i < $num_jobs;$i++)
+ {
+ $sub_select = $and . ' job_parent=' .
$jobs[$i]['id'] . " AND job_level=" . ($jobs[$i]['level']+1);
+
+ $this->db->query($sql . $where . $querymethod .
$sub_select . $ordermethod,__LINE__,__FILE__);
+
+ $this->total_records += $this->db->num_rows();
+
+ $subjobs = array();
+ $j = 0;
+ while ($this->db->next_record())
+ {
+ $subjobs[$j]['id'] =
(int)$this->db->f('id');
+ $subjobs[$j]['owner'] =
(int)$this->db->f('owner');
+ $subjobs[$j]['level'] =
(int)$this->db->f('job_level');
+ $subjobs[$j]['parent'] =
(int)$this->db->f('job_parent');
+ $subjobs[$j]['name'] =
$this->db->f('name');
+ $subjobs[$j]['descr'] =
$this->db->f('descr');
+ $j++;
+ }
+
+ $num_subjobs = count($subjobs);
+ if ($num_subjobs != 0)
+ {
+ $newjobs = array();
+ for ($k = 0; $k <= $i; $k++)
+ {
+ $newjobs[$k] = $jobs[$k];
+ }
+ for ($k = 0; $k < $num_subjobs; $k++)
+ {
+ $newjobs[$k+$i+1] =
$subjobs[$k];
+ }
+ for ($k = $i+1; $k < $num_jobs; $k++)
+ {
+ $newjobs[$k+$num_subjobs] =
$jobs[$k];
+ }
+ $jobs = $newjobs;
+ $num_jobs = count($jobs);
+ }
+
+ }
+
+ if (!$allrows)
+ {
+ $max =
$GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs'];
+ $max = $max + $start;
+
+ $k=0;
+ for($i=$start;$i<$max;++$i)
+ {
+ if(is_array($jobs[$i]))
+ {
+ $sjobs[$k] = $jobs[$i];
+ ++$k;
+ }
+ }
+ if(is_array($sjobs))
+ {
+ $jobs = $sjobs;
+ }
+ }
+
+ return $jobs;
+ }
+
+
+ function read_single_job($id)
+ {
+
+ $table = 'hrm_job';
+
+ $sql = "SELECT * FROM $table where id='$id'";
+
+ $this->db->query($sql,__LINE__,__FILE__);
+
+ if ($this->db->next_record())
+ {
+ $job['id'] = $id;
+ $job['parent_id'] =
(int)$this->db->f('job_parent');
+ $job['entry_date'] =
$this->db->f('entry_date');
+ $job['name'] =
stripslashes($this->db->f('name'));
+ $job['descr'] =
stripslashes($this->db->f('descr'));
+
+ return $job;
+ }
+ }
+
+
+ function read_task($job_id)
+ {
+ $sql = "SELECT * from hrm_task WHERE job_id=" .
intval($job_id);
+
+ $this->db->query($sql,__LINE__,__FILE__);
+
+ while ($this->db->next_record())
+ {
+ $training[] = array
+ (
+ 'task_id' => $this->db->f('id'),
+ 'name' =>
stripslashes($this->db->f('name')),
+ 'descr' =>
stripslashes($this->db->f('descr'))
+ );
+
+ }
+ return $training;
+ }
+
+
+ function read_single_task($id)
+ {
+
+ $sql = 'SELECT * FROM hrm_task where id=' . intval($id);
+
+ $this->db->query($sql,__LINE__,__FILE__);
+
+ if ($this->db->next_record())
+ {
+ $values['id'] = $id;
+ $values['name'] =
stripslashes($this->db->f('name'));
+ $values['descr'] =
stripslashes($this->db->f('descr'));
+ $values['job_id'] =
$this->db->f('job_id');
+ $values['cat_id'] =
$this->db->f('category');
+ $values['entry_date'] =
$this->db->f('entry_date');
$values['skill_id'] =
$this->db->f('skill_id');
$values['experience_id']=
$this->db->f('experience_id');
$values['owner'] = $this->db->f('owner');
- }
- return $values;
- }
-
- function add_job($values)
- {
- $table = 'hrm_job';
-
- if($values['parent_id'])
- {
- $this->db->query("SELECT job_level FROM $table
where id=" . intval($values['parent_id']),__LINE__,__FILE__);
- $this->db->next_record();
- $level = (int)$this->db->f('job_level') +1;
- }
- else
- {
- $level = 0;
- }
-
- $values['name'] =
$this->db->db_addslashes($values['name']);
- $values['descr'] =
$this->db->db_addslashes($values['descr']);
-
- $insert_values=array(
- $values['name'],
- $values['descr'],
- intval($values['parent_id']),
- $level,
- time(),
- $this->account
- );
-
- $insert_values =
$this->bocommon->validate_db_insert($insert_values);
-
-
- $this->db->query("INSERT INTO $table
(name,descr,job_parent,job_level,entry_date,owner) "
- . "VALUES ($insert_values)",__LINE__,__FILE__);
-
- $receipt['message'][]=array('msg'=>lang('job has been
saved'));
-
- $receipt['id'] =
$this->db->get_last_insert_id($table,'id');
-
- $this->db->transaction_commit();
- return $receipt;
- }
-
- function edit_job($values)
- {
- $this->db->transaction_begin();
- $table = 'hrm_job';
-
- $this->db->query("SELECT job_level FROM $table where
id=" . intval($values['id']),__LINE__,__FILE__);
- $this->db->next_record();
- $old_level = (int)$this->db->f('job_level');
-
- if($values['parent_id'])
- {
- $this->db->query("SELECT job_level FROM $table
where id=" . intval($values['parent_id']),__LINE__,__FILE__);
- $this->db->next_record();
- $level = (int)$this->db->f('job_level') +1;
- }
- else
- {
- $level = 0;
- }
-
- if($old_level !=$level)
- {
- $this->level = $level;
- $this->parent_gap = 1;
- $this->job_parent = $values['id'];
- while ($this->job_parent)
- {
- $this->check_move_child();
-
- }
-
- if (is_array($this->move_child))
- {
- foreach ($this->move_child as $child)
- {
- $new_level =
$child['new_level'];
- $this->db->query("UPDATE $table
set job_level= $new_level WHERE id=" . intval($child['id']),__LINE__,__FILE__);
- }
- }
-
- }
-
- $value_set['descr'] =
$this->db->db_addslashes($values['descr']);
- $value_set['name'] =
$this->db->db_addslashes($values['name']);
- $value_set['job_parent'] =
intval($values['parent_id']);
- $value_set['job_level'] = $level;
-
- $value_set =
$this->bocommon->validate_db_update($value_set);
-
- $this->db->query("UPDATE $table set $value_set WHERE
id=" . $values['id'],__LINE__,__FILE__);
-
- $receipt['id'] = $values['id'];
-
- $this->db->transaction_commit();
-
- $receipt['message'][]=array('msg'=>lang('job has been
edited'));
- return $receipt;
- }
-
- function check_move_child()
- {
- $continue = false;
- $move_child = array();
- $this->db->query("SELECT id FROM hrm_job where
job_parent=" . intval($this->job_parent),__LINE__,__FILE__);
- while ($this->db->next_record())
- {
- $this->move_child[] = array(
- 'id'
=>(int)$this->db->f('id'),
- 'job_parent'
=>(int)$this->job_parent,
- 'new_level' => ($this->level +
$this->parent_gap)
- );
-
- $move_child[] = (int)$this->db->f('id');
- $continue = true;
- }
- if($continue)
- {
- $this->parent_gap++;
- foreach ($move_child as $parent_id)
- {
- $this->job_parent = $parent_id;
- $this->check_move_child();
- }
-
- }
- else
- {
- $this->job_parent = false;
- }
- }
-
-
- function check_move_child_delete()
- {
- $continue = false;
- $move_child = array();
-
- $this->db->query("SELECT id FROM hrm_job where
job_parent=" . intval($this->job_id),__LINE__,__FILE__);
- while ($this->db->next_record())
- {
- $this->move_child[] = array(
- 'id'
=>(int)$this->db->f('id'),
- 'job_parent' =>$this->job_parent,
- 'new_level' => ($this->level)
- );
-
- $move_child[] = (int)$this->db->f('id');
- $continue = true;
- }
- unset ($this->job_parent);
- if($continue)
- {
- $this->level++;
- foreach ($move_child as $job_id)
- {
- $this->job_id = $job_id;
- $this->check_move_child_delete();
- }
-
- }
- else
- {
- $this->check_parent = false;
- }
- }
-
-
- function delete_job($id)
- {
- $this->db->transaction_begin();
-
- $this->db->query("SELECT job_parent,job_level FROM
hrm_job where id=" . intval($id),__LINE__,__FILE__);
- $this->db->next_record();
- $this->level =
(int)$this->db->f('job_level');
- $this->job_parent =
(int)$this->db->f('job_parent');
-
- $this->check_parent = true;
- $this->job_id = $id;
- while ($this->check_parent)
- {
- $this->check_move_child_delete();
- }
-
- if (is_array($this->move_child))
- {
- foreach ($this->move_child as $child)
- {
- $new_level = $child['new_level'];
- $child['job_parent'];
- if($child['job_parent'] ||
$child['job_parent']===0)
- {
- $sql = "UPDATE hrm_job set
job_level= $new_level,job_parent = " . intval($child['job_parent']) . " WHERE
id=" . intval($child['id']);
- }
- else
- {
- $sql = "UPDATE hrm_job set
job_level= $new_level WHERE id=" . intval($child['id']);
- }
-
$this->db->query($sql,__LINE__,__FILE__);
- }
- }
-
- $this->db->query("DELETE FROM hrm_job WHERE id=" .
intval($id),__LINE__,__FILE__);
- $this->db->transaction_commit();
- }
-
- function select_job_list()
- {
- $job = $this->read(array('allrows'=>true));
- return $job;
- }
-
- function reset_job_type_hierarchy()
- {
- $sql = "UPDATE hrm_job set job_level= 0,job_parent = 0";
- $this->db->query($sql,__LINE__,__FILE__);
- }
-
- function add_task($values)
- {
- $values['descr'] =
$this->db->db_addslashes($values['descr']);
- $values['name'] =
$this->db->db_addslashes($values['name']);
-
- $this->db->transaction_begin();
-
- $task_id = $this->bocommon->next_id('hrm_task');
-
- $insert_values=array(
- $task_id,
- $values['job_id'],
- $values['name'],
- $values['descr'],
- $values['cat_id'],
- $values['skill_id'],
- $values['experience_id'],
- time(),
- $this->account
- );
-
- $insert_values =
$this->bocommon->validate_db_insert($insert_values);
-
- $this->db->query("INSERT INTO hrm_task
(id,job_id,name,descr,category,skill_id,experience_id,entry_date,task_owner) "
- . "VALUES ($insert_values)",__LINE__,__FILE__);
-
- $receipt['message'][]=array('msg'=>lang('task item has
been saved'));
-
- $receipt['task_id']= $task_id;
-
- $this->db->transaction_commit();
- return $receipt;
- }
-
- function edit_task($values)
- {
-_debug_array($values);
- $this->db->transaction_begin();
-
- $value_set['descr'] =
$this->db->db_addslashes($values['descr']);
- $value_set['name'] =
$this->db->db_addslashes($values['name']);
- $value_set['category'] =
$values['cat_id'];
- $value_set['skill_id'] =
$values['skill_id'];
- $value_set['experience_id'] =
$values['experience_id'];
-
- $value_set =
$this->bocommon->validate_db_update($value_set);
-
- $table='hrm_task';
-
- $this->db->query("UPDATE $table set $value_set WHERE
id=" . $values['task_id'],__LINE__,__FILE__);
-
- $this->db->transaction_commit();
-
- $receipt['message'][]=array('msg'=>lang('task item has
been edited'));
-
- $receipt['task_id']= $values['task_id'];
- return $receipt;
- }
-
- function delete_task($job_id,$id)
- {
- $this->db->query('DELETE FROM hrm_task WHERE id=' .
intval($id) . ' AND job_id=' . intval($job_id),__LINE__,__FILE__);
- }
- }
+ }
+ return $values;
+ }
+
+ function add_job($values)
+ {
+ $table = 'hrm_job';
+
+ if($values['parent_id'])
+ {
+ $this->db->query("SELECT job_level FROM $table
where id=" . intval($values['parent_id']),__LINE__,__FILE__);
+ $this->db->next_record();
+ $level = (int)$this->db->f('job_level') +1;
+ }
+ else
+ {
+ $level = 0;
+ }
+
+ $values['name'] =
$this->db->db_addslashes($values['name']);
+ $values['descr'] =
$this->db->db_addslashes($values['descr']);
+
+ $insert_values=array(
+ $values['name'],
+ $values['descr'],
+ intval($values['parent_id']),
+ $level,
+ time(),
+ $this->account
+ );
+
+ $insert_values =
$this->bocommon->validate_db_insert($insert_values);
+
+
+ $this->db->query("INSERT INTO $table
(name,descr,job_parent,job_level,entry_date,owner) "
+ . "VALUES ($insert_values)",__LINE__,__FILE__);
+
+ $receipt['message'][]=array('msg'=>lang('job has been
saved'));
+
+ $receipt['id'] =
$this->db->get_last_insert_id($table,'id');
+
+ $this->db->transaction_commit();
+ return $receipt;
+ }
+
+ function edit_job($values)
+ {
+ $this->db->transaction_begin();
+ $table = 'hrm_job';
+
+ $this->db->query("SELECT job_level FROM $table where
id=" . intval($values['id']),__LINE__,__FILE__);
+ $this->db->next_record();
+ $old_level = (int)$this->db->f('job_level');
+
+ if($values['parent_id'])
+ {
+ $this->db->query("SELECT job_level FROM $table
where id=" . intval($values['parent_id']),__LINE__,__FILE__);
+ $this->db->next_record();
+ $level = (int)$this->db->f('job_level') +1;
+ }
+ else
+ {
+ $level = 0;
+ }
+
+ if($old_level !=$level)
+ {
+ $this->level = $level;
+ $this->parent_gap = 1;
+ $this->job_parent = $values['id'];
+ while ($this->job_parent)
+ {
+ $this->check_move_child();
+
+ }
+
+ if (is_array($this->move_child))
+ {
+ foreach ($this->move_child as $child)
+ {
+ $new_level =
$child['new_level'];
+ $this->db->query("UPDATE $table
set job_level= $new_level WHERE id=" . intval($child['id']),__LINE__,__FILE__);
+ }
+ }
+
+ }
+
+ $value_set['descr'] =
$this->db->db_addslashes($values['descr']);
+ $value_set['name'] =
$this->db->db_addslashes($values['name']);
+ $value_set['job_parent'] =
intval($values['parent_id']);
+ $value_set['job_level'] = $level;
+
+ $value_set =
$this->bocommon->validate_db_update($value_set);
+
+ $this->db->query("UPDATE $table set $value_set WHERE
id=" . $values['id'],__LINE__,__FILE__);
+
+ $receipt['id'] = $values['id'];
+
+ $this->db->transaction_commit();
+
+ $receipt['message'][]=array('msg'=>lang('job has been
edited'));
+ return $receipt;
+ }
+
+ function check_move_child()
+ {
+ $continue = false;
+ $move_child = array();
+ $this->db->query("SELECT id FROM hrm_job where
job_parent=" . intval($this->job_parent),__LINE__,__FILE__);
+ while ($this->db->next_record())
+ {
+ $this->move_child[] = array(
+ 'id'
=>(int)$this->db->f('id'),
+ 'job_parent'
=>(int)$this->job_parent,
+ 'new_level' => ($this->level +
$this->parent_gap)
+ );
+
+ $move_child[] = (int)$this->db->f('id');
+ $continue = true;
+ }
+ if($continue)
+ {
+ $this->parent_gap++;
+ foreach ($move_child as $parent_id)
+ {
+ $this->job_parent = $parent_id;
+ $this->check_move_child();
+ }
+
+ }
+ else
+ {
+ $this->job_parent = false;
+ }
+ }
+
+
+ function check_move_child_delete()
+ {
+ $continue = false;
+ $move_child = array();
+
+ $this->db->query("SELECT id FROM hrm_job where
job_parent=" . intval($this->job_id),__LINE__,__FILE__);
+ while ($this->db->next_record())
+ {
+ $this->move_child[] = array(
+ 'id'
=>(int)$this->db->f('id'),
+ 'job_parent' =>$this->job_parent,
+ 'new_level' => ($this->level)
+ );
+
+ $move_child[] = (int)$this->db->f('id');
+ $continue = true;
+ }
+ unset ($this->job_parent);
+ if($continue)
+ {
+ $this->level++;
+ foreach ($move_child as $job_id)
+ {
+ $this->job_id = $job_id;
+ $this->check_move_child_delete();
+ }
+
+ }
+ else
+ {
+ $this->check_parent = false;
+ }
+ }
+
+
+ function delete_job($id)
+ {
+ $this->db->transaction_begin();
+
+ $this->db->query("SELECT job_parent,job_level FROM
hrm_job where id=" . intval($id),__LINE__,__FILE__);
+ $this->db->next_record();
+ $this->level =
(int)$this->db->f('job_level');
+ $this->job_parent =
(int)$this->db->f('job_parent');
+
+ $this->check_parent = true;
+ $this->job_id = $id;
+ while ($this->check_parent)
+ {
+ $this->check_move_child_delete();
+ }
+
+ if (is_array($this->move_child))
+ {
+ foreach ($this->move_child as $child)
+ {
+ $new_level = $child['new_level'];
+ $child['job_parent'];
+ if($child['job_parent'] ||
$child['job_parent']===0)
+ {
+ $sql = "UPDATE hrm_job set
job_level= $new_level,job_parent = " . intval($child['job_parent']) . " WHERE
id=" . intval($child['id']);
+ }
+ else
+ {
+ $sql = "UPDATE hrm_job set
job_level= $new_level WHERE id=" . intval($child['id']);
+ }
+
$this->db->query($sql,__LINE__,__FILE__);
+ }
+ }
+
+ $this->db->query("DELETE FROM hrm_job WHERE id=" .
intval($id),__LINE__,__FILE__);
+ $this->db->transaction_commit();
+ }
+
+ function select_job_list()
+ {
+ $job = $this->read(array('allrows'=>true));
+ return $job;
+ }
+
+ function reset_job_type_hierarchy()
+ {
+ $sql = "UPDATE hrm_job set job_level= 0,job_parent = 0";
+ $this->db->query($sql,__LINE__,__FILE__);
+ }
+
+ function add_task($values)
+ {
+ $values['descr'] =
$this->db->db_addslashes($values['descr']);
+ $values['name'] =
$this->db->db_addslashes($values['name']);
+
+ $this->db->transaction_begin();
+
+ $task_id = $this->bocommon->next_id('hrm_task');
+
+ $insert_values=array(
+ $task_id,
+ $values['job_id'],
+ $values['name'],
+ $values['descr'],
+ $values['cat_id'],
$values['skill_id'],
+ $values['experience_id'],
time(),
+ $this->account
+ );
+
+ $insert_values =
$this->bocommon->validate_db_insert($insert_values);
+
+ $this->db->query("INSERT INTO hrm_task
(id,job_id,name,descr,category,skill_id,experience_id,entry_date,task_owner) "
+ . "VALUES ($insert_values)",__LINE__,__FILE__);
+
+ $receipt['message'][]=array('msg'=>lang('task item has
been saved'));
+
+ $receipt['task_id']= $task_id;
+
+ $this->db->transaction_commit();
+ return $receipt;
+ }
+
+ function edit_task($values)
+ {
+ $this->db->transaction_begin();
+
+ $value_set['descr'] =
$this->db->db_addslashes($values['descr']);
+ $value_set['name'] =
$this->db->db_addslashes($values['name']);
+ $value_set['category'] =
$values['cat_id'];
+ $value_set['skill_id'] =
$values['skill_id']; $value_set['experience_id'] =
$values['experience_id'];
+ $value_set =
$this->bocommon->validate_db_update($value_set);
+
+ $table='hrm_task';
+
+ $this->db->query("UPDATE $table set $value_set WHERE
id=" . $values['task_id'],__LINE__,__FILE__);
+
+ $this->db->transaction_commit();
+
+ $receipt['message'][]=array('msg'=>lang('task item has
been edited'));
+
+ $receipt['task_id']= $values['task_id'];
+ return $receipt;
+ }
+
+ function delete_task($job_id,$id)
+ {
+ $this->db->query('DELETE FROM hrm_task WHERE id=' .
intval($id) . ' AND job_id=' . intval($job_id),__LINE__,__FILE__);
+ }
+ }
\ No newline at end of file
====================================================
Index: hrm/inc/class.acl2.inc.php
diff -u hrm/inc/class.acl2.inc.php:1.2 hrm/inc/class.acl2.inc.php:1.3
--- hrm/inc/class.acl2.inc.php:1.2 Tue Nov 29 13:09:39 2005
+++ hrm/inc/class.acl2.inc.php Tue Nov 29 20:22:03 2005
@@ -1,736 +1,736 @@
-<?php
- /**
- * Access Control List - Security scheme based on ACL design
- * @author Dan Kuykendall <address@hidden>
- * @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
- * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
- * @package phpgwapi
- * @subpackage accounts
- * @version $Id$
- */
-
- /**
- * Access Control List - Security scheme based on ACL design
- *
- * This can manage rights to 'run' applications, and limit certain
features within an application.
- * It is also used for granting a user "membership" to a group, or
making a user have the security
- * equivilance of another user. It is also used for granting a user or
group rights to various records,
- * such as todo or calendar items of another user.
- * @package phpgwapi
- * @subpackage accounts
- * @internal syntax: CreateObject('phpgwapi.acl',int account_id);
- * @internal example: $acl = CreateObject('phpgwapi.acl',5); // 5 is
the user id
- * @internal example: $acl = CreateObject('phpgwapi.acl',10); // 10 is
the user id
- */
- class acl2
- {
- /**
- * Account id
- * @var integer Account id
- */
- var $account_id;
- /**
- * Account type
- * @var string Account type
- */
- var $account_type;
- /**
- * Array with ACL records
- * @var array Array with ACL records
- */
- var $data = Array();
- /**
- * Database connection
- * @var object Database connection
- */
- var $db;
-
- /**
- * ACL constructor for setting account id
- *
- * Sets the ID for $account_id. Can be used to change a current
instances id as well.
- * Some functions are specific to this account, and others are
generic.
- * @param integer $account_id Account id
- */
- function acl2($account_id = '')
- {
- $this->db = $GLOBALS['phpgw']->db;
-
- if (!($this->account_id = intval($account_id)))
- {
- $this->account_id =
get_account_id($account_id,@$GLOBALS['phpgw_info']['user']['account_id']);
- }
- }
-
- /**
- * Get list of xmlrpc or soap functions
- *
- * @param string|array $_type Type of methods to list. Could be
xmlrpc or soap
- * @return array Array with xmlrpc or soap functions. Might also
be empty.
- * This handles introspection or discovery by the logged in
client,
- * in which case the input might be an array. The server always
calls
- * this function to fill the server dispatch map using a string.
- */
- function list_methods($_type='xmlrpc')
- {
- if (is_array($_type))
- {
- $_type = $_type['type'] ? $_type['type'] :
$_type[0];
- }
-
- switch($_type)
- {
- case 'xmlrpc':
- $xml_functions = array(
- 'read_repository' => array(
- 'function' =>
'read_repository',
- 'signature' =>
array(array(xmlrpcStruct)),
- 'docstring' =>
lang('FIXME!')
- ),
- 'get_rights' => array(
- 'function' =>
'get_rights',
- 'signature' =>
array(array(xmlrpcStruct,xmlrpcStruct)),
- 'docstring' =>
lang('FIXME!')
-
- ),
- 'list_methods' => array(
- 'function' =>
'list_methods',
- 'signature' =>
array(array(xmlrpcStruct,xmlrpcString)),
- 'docstring' =>
lang('Read this list of methods.')
- )
- );
- return $xml_functions;
- case 'soap':
- return $this->soap_functions;
- default:
- return array();
- }
- }
-
-
- // These are the standard $account_id specific functions
-
-
- /**
- * Reads ACL records from database and return array along with
storing it
- *
- * @return array Array with ACL records
- * @access private
- */
- function read_repository($account_type=False)
- {
- // For some reason, calling this via XML-RPC doesn't
call the constructor.
- // Here is yet another work around(tm) (jengo)
- if (! $this->account_id)
- {
- $this->acl2();
- }
-
- $sql = 'select * from hrm_acl join phpgw_accounts on
hrm_acl.acl_account = phpgw_accounts.account_id where (acl_account in (';
-
- if(!$account_type || $account_type == 'accounts')
- {
- $sql .= $this->account_id.', 0';
- }
-
- if($account_type == 'groups')
- {
- $groups =
$this->get_location_list_for_id('phpgw_group', 1, $this->account_id);
- while($groups && (list($key,$value) =
each($groups)))
- {
- $group_list[] = $value;
- }
- $group_list = implode(",",$group_list);
- }
-
- $sql .= $group_list . '))';
- $this->db->query($sql ,__LINE__,__FILE__);
- $count = $this->db->num_rows();
- $this->data = Array();
- for ($idx = 0; $idx < $count; ++$idx)
- {
- //reset ($this->data);
- //while(list($idx,$value) = each($this->data)){
- $this->db->next_record();
- $this->data[] = array(
- 'appname' =>
$this->db->f('acl_appname'),
- 'location' =>
$this->db->f('acl_location'),
- 'account' =>
$this->db->f('acl_account'),
- 'rights' => $this->db->f('acl_rights'),
- 'grantor' =>
$this->db->f('acl_grantor'),
- 'type' => $this->db->f('acl_type'),
- 'account_type' =>
$this->db->f('account_type')
- );
- }
- reset ($this->data);
- return $this->data;
- }
-
- /**
- * Get acl records
- *
- * @return array Array with ACL records
- */
- function read()
- {
- if (count($this->data) == 0)
- {
- $this->read_repository();
- }
- reset ($this->data);
- return $this->data;
- }
-
- /**
- * Add ACL record
- *
- * @param string|boolean $appname Application name. Default:
false derives value from $phpgw_info['flags']['currentapp']
- * @param string $location Application location
- * @param integer $rights Access rights in bitmask form
- * @return array Array with ACL records
- */
- function add($appname = False, $location, $rights, $grantor =
False, $type = False)
- {
- if ($appname == False)
- {
- settype($appname,'string');
- $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
- $this->data[] = array('appname' => $appname, 'location'
=> $location, 'account' => $this->account_id, 'rights' => $rights, 'grantor' =>
$grantor, 'type' => $type);
- reset($this->data);
- return $this->data;
- }
-
- /**
- * Delete ACL records
- *
- * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @param string $location Application location
- * @return array Array with ACL records
- */
- function delete($appname = False, $location, $grantor = False,
$type = False)
- {
- if ($appname == False)
- {
- settype($appname,'string');
- $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
- $count = count($this->data);
- reset ($this->data);
- while(list($idx,$value) = each($this->data))
- {
- if ($this->data[$idx]['appname'] == $appname &&
$this->data[$idx]['location'] == $location && $this->data[$idx]['account'] ==
$this->account_id && $this->data[$idx]['grantor'] == $grantor &&
$this->data[$idx]['type'] == $type)
- {
- $this->data[$idx] = Array();
- }
- }
- reset($this->data);
- return $this->data;
- }
-
- /**
- * Save repository in database
- *
- * @return array Array with ACL records
- */
-
- function save_repository()
- {
- reset($this->data);
-
- $sql = 'delete from hrm_acl where acl_account = '.
intval($this->account_id);
- $this->db->query($sql ,__LINE__,__FILE__);
-
- $count = count($this->data);
- reset ($this->data);
- while(list($idx,$value) = each($this->data))
- {
- if ($this->data[$idx]['account'] ==
$this->account_id)
- {
- $sql = 'insert into hrm_acl
(acl_appname, acl_location, acl_account, acl_rights,acl_grantor,acl_type)';
- $sql .= "
values('".$this->data[$idx]['appname']."', '"
- .
$this->data[$idx]['location']."', "
- .$this->account_id.', '
- .
intval($this->data[$idx]['rights']) . ', '
- .
($this->data[$idx]['grantor']?$this->data[$idx]['grantor']:'NULL') . ', '
- .
intval($this->data[$idx]['type'])
- .')';
-
- $this->db->query($sql
,__LINE__,__FILE__);
- }
- }
- reset($this->data);
- return $this->data;
- }
-
-
- // These are the non-standard $account_id specific functions
-
-
- /**
- * Get rights from the repository not specific to this object
- *
- * @param $location Application location
- * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @return integer Access rights in bitmask form
- */
- function get_rights($location,$appname =
False,$grantor=False,$type=False,$account_type=False)
- {
- // For XML-RPC, change this once its working correctly
for passing parameters (jengo)
- if (is_array($location))
- {
- $a = $location;
- $location = $a['location'];
- $appname = $a['appname'];
- $grantor = $a['grantor'];
- $type = $a['type'];
- }
-
- if (count($this->data) == 0)
- {
- $this->read_repository($account_type);
- }
- reset ($this->data);
- if ($appname == False)
- {
- settype($appname,'string');
- $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
- $count = count($this->data);
- if ($count == 0 &&
$GLOBALS['phpgw_info']['server']['acl_default'] != 'deny')
- {
-// return True;
- }
- $rights = 0;
- //for ($idx = 0; $idx < $count; ++$idx){
- reset ($this->data);
- while(list($idx,$value) = each($this->data))
- {
- if ($this->data[$idx]['appname'] == $appname)
- {
- if ($this->data[$idx]['location'] ==
$location || $this->data[$idx]['location'] == 'everywhere')
- {
- if ($this->data[$idx]['type']
== $type)
- {
- if($grantor)
- {
- if
($this->data[$idx]['grantor'] == $grantor)
- {
- if
($this->data[$idx]['rights'] == 0)
- {
-
return False;
- }
- $rights
|= $this->data[$idx]['rights'];
-
$this->account_type = $this->data[$idx]['account_type'];
- }
- }
- else
- {
- if
($this->data[$idx]['rights'] == 0)
- {
- return
False;
- }
- $rights |=
$this->data[$idx]['rights'];
-
$this->account_type = $this->data[$idx]['account_type'];
- }
- }
- }
- }
- }
- return $rights;
- }
- /**
- * Check required rights (not specific to this object)
- *
- * @param string $location Application location
- * @param integer $required Required right (bitmask) to check
against
- * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @return boolean True when $required bitmap matched otherwise
false
- */
- function check($location, $required, $appname = False)
- {
- $rights_right =
$this->check_brutto($location,$required,$appname,$grantor=False,$type=0);
- $rights_mask =
$this->check_brutto($location,$required,$appname,$grantor=False,$type=1);
-
- if(($rights_mask > $rights_right) && $rights_right > 0)
- {
- $rights = $rights_mask - $rights_right;
- }
- else
- {
- $rights = $rights_right;
-
- }
- return !!($rights & $required);
- }
-
- /**
- * Check required rights
- *
- * @param string $location Application location
- * @param integer $required Required right (bitmask) to check
against
- * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @param integer $grantor useraccount to check against
- * @param integer $type mask or right (1 means mask , 0 means
right) to check against
- * @param array $account_type to check for righst given by
groups and accounts separately
- * @return boolean True when $required bitmap matched otherwise
false
- */
- function check_brutto($location, $required, $appname =
False,$grantor=False,$type=false,$account_type='')
- {
- if(is_array($account_type))
- {
- $continue = true;
- while ($continue && list(,$entry) =
each($account_type))
- {
- $this->data=array();
- $rights =
$this->get_rights($location,$appname,$grantor,$type,$entry);
- if(!!($rights & $required)>0)
- {
- $continue = False;
- }
- }
- }
- else
- {
- $rights =
$this->get_rights($location,$appname,$grantor,$type);
- }
- return !!($rights & $required);
- }
-
- /**
- * Get specific rights
- *
- * @param string $location Application location
- * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @return integer Access rights in bitmask form
- */
- function get_specific_rights($location, $appname = False)
- {
- if ($appname == False)
- {
- settype($appname,'string');
- $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
-
- $count = count($this->data);
- if ($count == 0 &&
$GLOBALS['phpgw_info']['server']['acl_default'] != 'deny')
- {
- return True;
- }
- $rights = 0;
-
- reset ($this->data);
- while(list($idx,$value) = each($this->data))
- {
- if ($this->data[$idx]['appname'] == $appname &&
- ($this->data[$idx]['location'] ==
$location ||
- $this->data[$idx]['location'] ==
'everywhere') &&
- $this->data[$idx]['account'] ==
$this->account_id)
- {
- if ($this->data[$idx]['rights'] == 0)
- {
- return False;
- }
- $rights |= $this->data[$idx]['rights'];
- }
- }
- return $rights;
- }
-
- /**
- * Check specific rights
- *
- * @param string $location Application location
- * @param integer $required Required rights as bitmap
- * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @return boolean True when $required bitmap matched otherwise
false
- */
- function check_specific($location, $required, $appname = False)
- {
- $rights =
$this->get_specific_rights($location,$appname);
- return !!($rights & $required);
- }
-
- /**
- * Get location list for an application with specific access
rights
- *
- * @param $app Application name
- * @param integer $required Required rights as bitmap
- * @return boolean|array Array with location list or false
- */
- function get_location_list($app, $required)
- {
- // User piece
- $sql = "select acl_location, acl_rights from hrm_acl
where acl_appname = '$app' ";
- $sql .= " and (acl_account in ('".$this->account_id."',
0"; // group 0 covers all users
- $equalto =
$GLOBALS['phpgw']->accounts->security_equals($this->account_id);
- if (is_array($equalto) && count($equalto) > 0)
- {
- for ($idx = 0; $idx < count($equalto); ++$idx)
- {
- $sql .= ','.$equalto[$idx][0];
- }
- }
- $sql .= ')))';
-
- $this->db->query($sql ,__LINE__,__FILE__);
- $rights = 0;
- if ($this->db->num_rows() == 0 )
- {
- return False;
- }
- while ($this->db->next_record())
- {
- if ($this->db->f('acl_rights') == 0)
- {
- return False;
- }
- $rights |= $this->db->f('acl_rights');
- if (!!($rights & $required) == True)
- {
- $locations[] =
$this->db->f('acl_location');
- }
- else
- {
- return False;
- }
- }
- return $locations;
- }
-
-
- // These are the generic functions. Not specific to $account_id
-
-
- /**
- * Add repository information for an application
- *
- * @param string $app Application name
- * @param string $location Application location
- * @param integer $account_id Account id
- * @param integer $rights Access rights in bitmap form
- * @return boolean Always true
- */
- function add_repository($app, $location, $account_id, $rights)
- {
- $this->delete_repository($app, $location, $account_id);
- $sql = 'insert into hrm_acl (acl_appname, acl_location,
acl_account, acl_rights,acl_grantor,acl_type)';
- $sql .= " values ('" . $app . "','" . $location . "','"
. $account_id . "','" . $rights . ", NULL ,0')";
- $this->db->query($sql ,__LINE__,__FILE__);
- return True;
- }
-
- /**
- * Delete repository information for an application
- *
- * @param string $app Application name
- * @param string $location Application location
- * @param integer $account_id Account id
- * @return integer Number of deleted entries
- */
- function delete_repository($app, $location, $accountid = '')
- {
- static $cache_accountid;
-
- $accountid = intval($accountid);
- if ($accountid > 0)
- {
- if(isset($cache_accountid[$accountid]) &&
$cache_accountid[$accountid])
- {
- $account_id =
$cache_accountid[$accountid];
- }
- else
- {
- $account_id =
get_account_id($accountid,$this->account_id);
- $cache_accountid[$accountid] =
$account_id;
- }
- $account_sel = ' and acl_account=' .
$account_id;
- }
-
- $sql = "delete from hrm_acl where acl_appname like '" .
$app . "' and acl_location like '" . $location . "'" . $account_sel;
- $this->db->query($sql ,__LINE__,__FILE__);
- return $this->db->num_rows();
- }
-
- /**
- * Get application list for an account id
- *
- * @param string $location Application location
- * @param integer $required Access rights as bitmap
- * @param integer $account_id Account id defaults to
$phpgw_info['user']['account_id'];
- * @return boolean|array Array with list of applications or false
- */
- function get_app_list_for_id($location, $required, $accountid =
'')
- {
- static $cache_accountid;
-
- if($cache_accountid[$accountid])
- {
- $account_id = $cache_accountid[$accountid];
- }
- else
- {
- $account_id =
get_account_id($accountid,$this->account_id);
- $cache_accountid[$accountid] = $account_id;
- }
- $sql = 'SELECT acl_appname, acl_rights from hrm_acl ';
- $sql .= "where acl_location = '" .
$this->db->db_addslashes($location) . "' ";
- $sql .= 'AND acl_account = ' . intval($account_id);
- $this->db->query($sql ,__LINE__,__FILE__);
- $rights = 0;
- if ($this->db->num_rows() == 0 )
- {
- return False;
- }
- while ($this->db->next_record())
- {
- if ($this->db->f('acl_rights') == 0)
- {
- return False;
- }
- $rights |= $this->db->f('acl_rights');
- if (!!($rights & $required) == True)
- {
- $apps[] = $this->db->f('acl_appname');
- }
- }
- return $apps;
- }
-
- /**
- * Get location list for id
- *
- * @param string $app Application name
- * @param integer $required Required access rights in bitmap form
- * @param integer $account_id Account id defaults to
$phpgw_info['user']['account_id'];
- * @return array|boolean Array with location list or false
- */
- function get_location_list_for_id($app, $required, $accountid =
'')
- {
- static $cache_accountid;
-
- if($cache_accountid[$accountid])
- {
- $account_id = $cache_accountid[$accountid];
- }
- else
- {
- $account_id =
get_account_id($accountid,$this->account_id);
- $cache_accountid[$accountid] = $account_id;
- }
- $sql = 'SELECT acl_location, acl_rights ';
- $sql .= "FROM phpgw_acl where acl_appname = '" .
$this->db->db_addslashes($app) . "' ";
- $sql .= 'AND acl_account =' . intval($account_id);
-
- $this->db->query($sql ,__LINE__,__FILE__);
- $rights = 0;
- if ($this->db->num_rows() == 0 )
- {
- return False;
- }
- while ($this->db->next_record())
- {
- if ($this->db->f('acl_rights'))
- {
- $rights |= $this->db->f('acl_rights');
- if (!!($rights & $required) == True)
- {
- $locations[] =
$this->db->f('acl_location');
- }
- }
- }
- return $locations;
- }
-
- /**
- * Get ids for location
- *
- * @param string $location Application location
- * @param integer $required Required access rights in bitmap
format
- * @param string $app Application name, defaults to
$phpgw_info['flags']['currentapp'];
- * @return array|boolean Array with account ids or false
- */
- function get_ids_for_location($location, $required, $app =
False)
- {
- if ($app == False)
- {
- $app =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
- $sql = "select acl_account, acl_rights from phpgw_acl
where acl_appname = '$app' and ";
- $sql .= "acl_location = '".$location."'";
- $this->db->query($sql ,__LINE__,__FILE__);
- $rights = 0;
- if ($this->db->num_rows() == 0 )
- {
- return False;
- }
- while ($this->db->next_record())
- {
- $rights = 0;
- $rights |= $this->db->f('acl_rights');
- if (!!($rights & $required) == True)
- {
- $accounts[] =
intval($this->db->f('acl_account'));
- }
- }
- @reset($accounts);
- return $accounts;
- }
-
- /**
- * Get a list of applications a user has rights to
- *
- * @param integer $account_id Account id, defaults to
$phpgw_info['user']['account_id']
- * @return array|boolean Associativ array containing list of
application rights in bitmap form or false
- */
- function get_user_applications($accountid = '')
- {
- static $cache_accountid;
-
- if($cache_accountid[$accountid])
- {
- $account_id = $cache_accountid[$accountid];
- }
- else
- {
- $account_id =
get_account_id($accountid,$this->account_id);
- $cache_accountid[$accountid] = $account_id;
- }
- $db2 = $this->db;
- $memberships =
$GLOBALS['phpgw']->accounts->membership($account_id);
- $sql = "select acl_appname, acl_rights from hrm_acl
where acl_location = 'run' and "
- . 'acl_account in ';
- $security = '('.$account_id;
- while($groups = @each($memberships))
- {
- $group = each($groups);
- $security .= ','.$group[1]['account_id'];
- }
- $security .= ')';
- $db2->query($sql . $security ,__LINE__,__FILE__);
-
- if ($db2->num_rows() == 0)
- {
- return False;
- }
- while ($db2->next_record())
- {
- if(isset($apps[$db2->f('acl_appname')]))
- {
- $rights = $apps[$db2->f('acl_appname')];
- }
- else
- {
- $rights = 0;
- $apps[$db2->f('acl_appname')] = 0;
- }
- $rights |= $db2->f('acl_rights');
- $apps[$db2->f('acl_appname')] |= $rights;
- }
- return $apps;
- }
-
- function get_grants($app='',$location='')
+<?php
+ /**
+ * Access Control List - Security scheme based on ACL design
+ * @author Dan Kuykendall <address@hidden>
+ * @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
+ * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
+ * @package phpgwapi
+ * @subpackage accounts
+ * @version $Id$
+ */
+
+ /**
+ * Access Control List - Security scheme based on ACL design
+ *
+ * This can manage rights to 'run' applications, and limit certain
features within an application.
+ * It is also used for granting a user "membership" to a group, or
making a user have the security
+ * equivilance of another user. It is also used for granting a user or
group rights to various records,
+ * such as todo or calendar items of another user.
+ * @package phpgwapi
+ * @subpackage accounts
+ * @internal syntax: CreateObject('phpgwapi.acl',int account_id);
+ * @internal example: $acl = CreateObject('phpgwapi.acl',5); // 5 is
the user id
+ * @internal example: $acl = CreateObject('phpgwapi.acl',10); // 10 is
the user id
+ */
+ class acl2
+ {
+ /**
+ * Account id
+ * @var integer Account id
+ */
+ var $account_id;
+ /**
+ * Account type
+ * @var string Account type
+ */
+ var $account_type;
+ /**
+ * Array with ACL records
+ * @var array Array with ACL records
+ */
+ var $data = Array();
+ /**
+ * Database connection
+ * @var object Database connection
+ */
+ var $db;
+
+ /**
+ * ACL constructor for setting account id
+ *
+ * Sets the ID for $account_id. Can be used to change a current
instances id as well.
+ * Some functions are specific to this account, and others are
generic.
+ * @param integer $account_id Account id
+ */
+ function acl2($account_id = '')
+ {
+ $this->db = $GLOBALS['phpgw']->db;
+
+ if (!($this->account_id = intval($account_id)))
+ {
+ $this->account_id =
get_account_id($account_id,@$GLOBALS['phpgw_info']['user']['account_id']);
+ }
+ }
+
+ /**
+ * Get list of xmlrpc or soap functions
+ *
+ * @param string|array $_type Type of methods to list. Could be
xmlrpc or soap
+ * @return array Array with xmlrpc or soap functions. Might also
be empty.
+ * This handles introspection or discovery by the logged in
client,
+ * in which case the input might be an array. The server always
calls
+ * this function to fill the server dispatch map using a string.
+ */
+ function list_methods($_type='xmlrpc')
+ {
+ if (is_array($_type))
+ {
+ $_type = $_type['type'] ? $_type['type'] :
$_type[0];
+ }
+
+ switch($_type)
+ {
+ case 'xmlrpc':
+ $xml_functions = array(
+ 'read_repository' => array(
+ 'function' =>
'read_repository',
+ 'signature' =>
array(array(xmlrpcStruct)),
+ 'docstring' =>
lang('FIXME!')
+ ),
+ 'get_rights' => array(
+ 'function' =>
'get_rights',
+ 'signature' =>
array(array(xmlrpcStruct,xmlrpcStruct)),
+ 'docstring' =>
lang('FIXME!')
+
+ ),
+ 'list_methods' => array(
+ 'function' =>
'list_methods',
+ 'signature' =>
array(array(xmlrpcStruct,xmlrpcString)),
+ 'docstring' =>
lang('Read this list of methods.')
+ )
+ );
+ return $xml_functions;
+ case 'soap':
+ return $this->soap_functions;
+ default:
+ return array();
+ }
+ }
+
+
+ // These are the standard $account_id specific functions
+
+
+ /**
+ * Reads ACL records from database and return array along with
storing it
+ *
+ * @return array Array with ACL records
+ * @access private
+ */
+ function read_repository($account_type=False)
+ {
+ // For some reason, calling this via XML-RPC doesn't
call the constructor.
+ // Here is yet another work around(tm) (jengo)
+ if (! $this->account_id)
+ {
+ $this->acl2();
+ }
+
+ $sql = 'select * from hrm_acl join phpgw_accounts on
hrm_acl.acl_account = phpgw_accounts.account_id where (acl_account in (';
+
+ if(!$account_type || $account_type == 'accounts')
+ {
+ $sql .= $this->account_id.', 0';
+ }
+
+ if($account_type == 'groups')
+ {
+ $groups =
$this->get_location_list_for_id('phpgw_group', 1, $this->account_id);
+ while($groups && (list($key,$value) =
each($groups)))
+ {
+ $group_list[] = $value;
+ }
+ $group_list = implode(",",$group_list);
+ }
+
+ $sql .= $group_list . '))';
+ $this->db->query($sql ,__LINE__,__FILE__);
+ $count = $this->db->num_rows();
+ $this->data = Array();
+ for ($idx = 0; $idx < $count; ++$idx)
+ {
+ //reset ($this->data);
+ //while(list($idx,$value) = each($this->data)){
+ $this->db->next_record();
+ $this->data[] = array(
+ 'appname' =>
$this->db->f('acl_appname'),
+ 'location' =>
$this->db->f('acl_location'),
+ 'account' =>
$this->db->f('acl_account'),
+ 'rights' => $this->db->f('acl_rights'),
+ 'grantor' =>
$this->db->f('acl_grantor'),
+ 'type' => $this->db->f('acl_type'),
+ 'account_type' =>
$this->db->f('account_type')
+ );
+ }
+ reset ($this->data);
+ return $this->data;
+ }
+
+ /**
+ * Get acl records
+ *
+ * @return array Array with ACL records
+ */
+ function read()
+ {
+ if (count($this->data) == 0)
+ {
+ $this->read_repository();
+ }
+ reset ($this->data);
+ return $this->data;
+ }
+
+ /**
+ * Add ACL record
+ *
+ * @param string|boolean $appname Application name. Default:
false derives value from $phpgw_info['flags']['currentapp']
+ * @param string $location Application location
+ * @param integer $rights Access rights in bitmask form
+ * @return array Array with ACL records
+ */
+ function add($appname = False, $location, $rights, $grantor =
False, $type = False)
+ {
+ if ($appname == False)
+ {
+ settype($appname,'string');
+ $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+ $this->data[] = array('appname' => $appname, 'location'
=> $location, 'account' => $this->account_id, 'rights' => $rights, 'grantor' =>
$grantor, 'type' => $type);
+ reset($this->data);
+ return $this->data;
+ }
+
+ /**
+ * Delete ACL records
+ *
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @param string $location Application location
+ * @return array Array with ACL records
+ */
+ function delete($appname = False, $location, $grantor = False,
$type = False)
+ {
+ if ($appname == False)
+ {
+ settype($appname,'string');
+ $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+ $count = count($this->data);
+ reset ($this->data);
+ while(list($idx,$value) = each($this->data))
+ {
+ if ($this->data[$idx]['appname'] == $appname &&
$this->data[$idx]['location'] == $location && $this->data[$idx]['account'] ==
$this->account_id && $this->data[$idx]['grantor'] == $grantor &&
$this->data[$idx]['type'] == $type)
+ {
+ $this->data[$idx] = Array();
+ }
+ }
+ reset($this->data);
+ return $this->data;
+ }
+
+ /**
+ * Save repository in database
+ *
+ * @return array Array with ACL records
+ */
+
+ function save_repository()
+ {
+ reset($this->data);
+
+ $sql = 'delete from hrm_acl where acl_account = '.
intval($this->account_id);
+ $this->db->query($sql ,__LINE__,__FILE__);
+
+ $count = count($this->data);
+ reset ($this->data);
+ while(list($idx,$value) = each($this->data))
+ {
+ if ($this->data[$idx]['account'] ==
$this->account_id)
+ {
+ $sql = 'insert into hrm_acl
(acl_appname, acl_location, acl_account, acl_rights,acl_grantor,acl_type)';
+ $sql .= "
values('".$this->data[$idx]['appname']."', '"
+ .
$this->data[$idx]['location']."', "
+ .$this->account_id.', '
+ .
intval($this->data[$idx]['rights']) . ', '
+ .
($this->data[$idx]['grantor']?$this->data[$idx]['grantor']:'NULL') . ', '
+ .
intval($this->data[$idx]['type'])
+ .')';
+
+ $this->db->query($sql
,__LINE__,__FILE__);
+ }
+ }
+ reset($this->data);
+ return $this->data;
+ }
+
+
+ // These are the non-standard $account_id specific functions
+
+
+ /**
+ * Get rights from the repository not specific to this object
+ *
+ * @param $location Application location
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @return integer Access rights in bitmask form
+ */
+ function get_rights($location,$appname =
False,$grantor=False,$type=False,$account_type=False)
+ {
+ // For XML-RPC, change this once its working correctly
for passing parameters (jengo)
+ if (is_array($location))
+ {
+ $a = $location;
+ $location = $a['location'];
+ $appname = $a['appname'];
+ $grantor = $a['grantor'];
+ $type = $a['type'];
+ }
+
+ if (count($this->data) == 0)
+ {
+ $this->read_repository($account_type);
+ }
+ reset ($this->data);
+ if ($appname == False)
+ {
+ settype($appname,'string');
+ $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+ $count = count($this->data);
+ if ($count == 0 &&
$GLOBALS['phpgw_info']['server']['acl_default'] != 'deny')
+ {
+// return True;
+ }
+ $rights = 0;
+ //for ($idx = 0; $idx < $count; ++$idx){
+ reset ($this->data);
+ while(list($idx,$value) = each($this->data))
+ {
+ if ($this->data[$idx]['appname'] == $appname)
+ {
+ if ($this->data[$idx]['location'] ==
$location || $this->data[$idx]['location'] == 'everywhere')
+ {
+ if ($this->data[$idx]['type']
== $type)
+ {
+ if($grantor)
+ {
+ if
($this->data[$idx]['grantor'] == $grantor)
+ {
+ if
($this->data[$idx]['rights'] == 0)
+ {
+
return False;
+ }
+ $rights
|= $this->data[$idx]['rights'];
+
$this->account_type = $this->data[$idx]['account_type'];
+ }
+ }
+ else
+ {
+ if
($this->data[$idx]['rights'] == 0)
+ {
+ return
False;
+ }
+ $rights |=
$this->data[$idx]['rights'];
+
$this->account_type = $this->data[$idx]['account_type'];
+ }
+ }
+ }
+ }
+ }
+ return $rights;
+ }
+ /**
+ * Check required rights (not specific to this object)
+ *
+ * @param string $location Application location
+ * @param integer $required Required right (bitmask) to check
against
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @return boolean True when $required bitmap matched otherwise
false
+ */
+ function check($location, $required, $appname = False)
+ {
+ $rights_right =
$this->check_brutto($location,$required,$appname,$grantor=False,$type=0);
+ $rights_mask =
$this->check_brutto($location,$required,$appname,$grantor=False,$type=1);
+
+ if(($rights_mask > $rights_right) && $rights_right > 0)
+ {
+ $rights = $rights_mask - $rights_right;
+ }
+ else
+ {
+ $rights = $rights_right;
+
+ }
+ return !!($rights & $required);
+ }
+
+ /**
+ * Check required rights
+ *
+ * @param string $location Application location
+ * @param integer $required Required right (bitmask) to check
against
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @param integer $grantor useraccount to check against
+ * @param integer $type mask or right (1 means mask , 0 means
right) to check against
+ * @param array $account_type to check for righst given by
groups and accounts separately
+ * @return boolean True when $required bitmap matched otherwise
false
+ */
+ function check_brutto($location, $required, $appname =
False,$grantor=False,$type=false,$account_type='')
+ {
+ if(is_array($account_type))
+ {
+ $continue = true;
+ while ($continue && list(,$entry) =
each($account_type))
+ {
+ $this->data=array();
+ $rights =
$this->get_rights($location,$appname,$grantor,$type,$entry);
+ if(!!($rights & $required)>0)
+ {
+ $continue = False;
+ }
+ }
+ }
+ else
+ {
+ $rights =
$this->get_rights($location,$appname,$grantor,$type);
+ }
+ return !!($rights & $required);
+ }
+
+ /**
+ * Get specific rights
+ *
+ * @param string $location Application location
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @return integer Access rights in bitmask form
+ */
+ function get_specific_rights($location, $appname = False)
+ {
+ if ($appname == False)
+ {
+ settype($appname,'string');
+ $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+
+ $count = count($this->data);
+ if ($count == 0 &&
$GLOBALS['phpgw_info']['server']['acl_default'] != 'deny')
+ {
+ return True;
+ }
+ $rights = 0;
+
+ reset ($this->data);
+ while(list($idx,$value) = each($this->data))
+ {
+ if ($this->data[$idx]['appname'] == $appname &&
+ ($this->data[$idx]['location'] ==
$location ||
+ $this->data[$idx]['location'] ==
'everywhere') &&
+ $this->data[$idx]['account'] ==
$this->account_id)
+ {
+ if ($this->data[$idx]['rights'] == 0)
+ {
+ return False;
+ }
+ $rights |= $this->data[$idx]['rights'];
+ }
+ }
+ return $rights;
+ }
+
+ /**
+ * Check specific rights
+ *
+ * @param string $location Application location
+ * @param integer $required Required rights as bitmap
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @return boolean True when $required bitmap matched otherwise
false
+ */
+ function check_specific($location, $required, $appname = False)
+ {
+ $rights =
$this->get_specific_rights($location,$appname);
+ return !!($rights & $required);
+ }
+
+ /**
+ * Get location list for an application with specific access
rights
+ *
+ * @param $app Application name
+ * @param integer $required Required rights as bitmap
+ * @return boolean|array Array with location list or false
+ */
+ function get_location_list($app, $required)
+ {
+ // User piece
+ $sql = "select acl_location, acl_rights from hrm_acl
where acl_appname = '$app' ";
+ $sql .= " and (acl_account in ('".$this->account_id."',
0"; // group 0 covers all users
+ $equalto =
$GLOBALS['phpgw']->accounts->security_equals($this->account_id);
+ if (is_array($equalto) && count($equalto) > 0)
+ {
+ for ($idx = 0; $idx < count($equalto); ++$idx)
+ {
+ $sql .= ','.$equalto[$idx][0];
+ }
+ }
+ $sql .= ')))';
+
+ $this->db->query($sql ,__LINE__,__FILE__);
+ $rights = 0;
+ if ($this->db->num_rows() == 0 )
+ {
+ return False;
+ }
+ while ($this->db->next_record())
+ {
+ if ($this->db->f('acl_rights') == 0)
+ {
+ return False;
+ }
+ $rights |= $this->db->f('acl_rights');
+ if (!!($rights & $required) == True)
+ {
+ $locations[] =
$this->db->f('acl_location');
+ }
+ else
+ {
+ return False;
+ }
+ }
+ return $locations;
+ }
+
+
+ // These are the generic functions. Not specific to $account_id
+
+
+ /**
+ * Add repository information for an application
+ *
+ * @param string $app Application name
+ * @param string $location Application location
+ * @param integer $account_id Account id
+ * @param integer $rights Access rights in bitmap form
+ * @return boolean Always true
+ */
+ function add_repository($app, $location, $account_id, $rights)
+ {
+ $this->delete_repository($app, $location, $account_id);
+ $sql = 'insert into hrm_acl (acl_appname, acl_location,
acl_account, acl_rights,acl_grantor,acl_type)';
+ $sql .= " values ('" . $app . "','" . $location . "','"
. $account_id . "','" . $rights . ", NULL ,0')";
+ $this->db->query($sql ,__LINE__,__FILE__);
+ return True;
+ }
+
+ /**
+ * Delete repository information for an application
+ *
+ * @param string $app Application name
+ * @param string $location Application location
+ * @param integer $account_id Account id
+ * @return integer Number of deleted entries
+ */
+ function delete_repository($app, $location, $accountid = '')
+ {
+ static $cache_accountid;
+
+ $accountid = intval($accountid);
+ if ($accountid > 0)
+ {
+ if(isset($cache_accountid[$accountid]) &&
$cache_accountid[$accountid])
+ {
+ $account_id =
$cache_accountid[$accountid];
+ }
+ else
+ {
+ $account_id =
get_account_id($accountid,$this->account_id);
+ $cache_accountid[$accountid] =
$account_id;
+ }
+ $account_sel = ' and acl_account=' .
$account_id;
+ }
+
+ $sql = "delete from hrm_acl where acl_appname like '" .
$app . "' and acl_location like '" . $location . "'" . $account_sel;
+ $this->db->query($sql ,__LINE__,__FILE__);
+ return $this->db->num_rows();
+ }
+
+ /**
+ * Get application list for an account id
+ *
+ * @param string $location Application location
+ * @param integer $required Access rights as bitmap
+ * @param integer $account_id Account id defaults to
$phpgw_info['user']['account_id'];
+ * @return boolean|array Array with list of applications or false
+ */
+ function get_app_list_for_id($location, $required, $accountid =
'')
+ {
+ static $cache_accountid;
+
+ if($cache_accountid[$accountid])
+ {
+ $account_id = $cache_accountid[$accountid];
+ }
+ else
+ {
+ $account_id =
get_account_id($accountid,$this->account_id);
+ $cache_accountid[$accountid] = $account_id;
+ }
+ $sql = 'SELECT acl_appname, acl_rights from hrm_acl ';
+ $sql .= "where acl_location = '" .
$this->db->db_addslashes($location) . "' ";
+ $sql .= 'AND acl_account = ' . intval($account_id);
+ $this->db->query($sql ,__LINE__,__FILE__);
+ $rights = 0;
+ if ($this->db->num_rows() == 0 )
+ {
+ return False;
+ }
+ while ($this->db->next_record())
+ {
+ if ($this->db->f('acl_rights') == 0)
+ {
+ return False;
+ }
+ $rights |= $this->db->f('acl_rights');
+ if (!!($rights & $required) == True)
+ {
+ $apps[] = $this->db->f('acl_appname');
+ }
+ }
+ return $apps;
+ }
+
+ /**
+ * Get location list for id
+ *
+ * @param string $app Application name
+ * @param integer $required Required access rights in bitmap form
+ * @param integer $account_id Account id defaults to
$phpgw_info['user']['account_id'];
+ * @return array|boolean Array with location list or false
+ */
+ function get_location_list_for_id($app, $required, $accountid =
'')
+ {
+ static $cache_accountid;
+
+ if($cache_accountid[$accountid])
+ {
+ $account_id = $cache_accountid[$accountid];
+ }
+ else
+ {
+ $account_id =
get_account_id($accountid,$this->account_id);
+ $cache_accountid[$accountid] = $account_id;
+ }
+ $sql = 'SELECT acl_location, acl_rights ';
+ $sql .= "FROM phpgw_acl where acl_appname = '" .
$this->db->db_addslashes($app) . "' ";
+ $sql .= 'AND acl_account =' . intval($account_id);
+
+ $this->db->query($sql ,__LINE__,__FILE__);
+ $rights = 0;
+ if ($this->db->num_rows() == 0 )
+ {
+ return False;
+ }
+ while ($this->db->next_record())
+ {
+ if ($this->db->f('acl_rights'))
+ {
+ $rights |= $this->db->f('acl_rights');
+ if (!!($rights & $required) == True)
+ {
+ $locations[] =
$this->db->f('acl_location');
+ }
+ }
+ }
+ return $locations;
+ }
+
+ /**
+ * Get ids for location
+ *
+ * @param string $location Application location
+ * @param integer $required Required access rights in bitmap
format
+ * @param string $app Application name, defaults to
$phpgw_info['flags']['currentapp'];
+ * @return array|boolean Array with account ids or false
+ */
+ function get_ids_for_location($location, $required, $app =
False)
+ {
+ if ($app == False)
+ {
+ $app =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+ $sql = "select acl_account, acl_rights from phpgw_acl
where acl_appname = '$app' and ";
+ $sql .= "acl_location = '".$location."'";
+ $this->db->query($sql ,__LINE__,__FILE__);
+ $rights = 0;
+ if ($this->db->num_rows() == 0 )
+ {
+ return False;
+ }
+ while ($this->db->next_record())
+ {
+ $rights = 0;
+ $rights |= $this->db->f('acl_rights');
+ if (!!($rights & $required) == True)
+ {
+ $accounts[] =
intval($this->db->f('acl_account'));
+ }
+ }
+ @reset($accounts);
+ return $accounts;
+ }
+
+ /**
+ * Get a list of applications a user has rights to
+ *
+ * @param integer $account_id Account id, defaults to
$phpgw_info['user']['account_id']
+ * @return array|boolean Associativ array containing list of
application rights in bitmap form or false
+ */
+ function get_user_applications($accountid = '')
+ {
+ static $cache_accountid;
+
+ if($cache_accountid[$accountid])
+ {
+ $account_id = $cache_accountid[$accountid];
+ }
+ else
+ {
+ $account_id =
get_account_id($accountid,$this->account_id);
+ $cache_accountid[$accountid] = $account_id;
+ }
+ $db2 = $this->db;
+ $memberships =
$GLOBALS['phpgw']->accounts->membership($account_id);
+ $sql = "select acl_appname, acl_rights from hrm_acl
where acl_location = 'run' and "
+ . 'acl_account in ';
+ $security = '('.$account_id;
+ while($groups = @each($memberships))
+ {
+ $group = each($groups);
+ $security .= ','.$group[1]['account_id'];
+ }
+ $security .= ')';
+ $db2->query($sql . $security ,__LINE__,__FILE__);
+
+ if ($db2->num_rows() == 0)
+ {
+ return False;
+ }
+ while ($db2->next_record())
+ {
+ if(isset($apps[$db2->f('acl_appname')]))
+ {
+ $rights = $apps[$db2->f('acl_appname')];
+ }
+ else
+ {
+ $rights = 0;
+ $apps[$db2->f('acl_appname')] = 0;
+ }
+ $rights |= $db2->f('acl_rights');
+ $apps[$db2->f('acl_appname')] |= $rights;
+ }
+ return $apps;
+ }
+
+ function get_grants($app='',$location='')
{
$grant_rights =
$this->get_grants_type($app,$location,0);
$grant_mask = $this->get_grants_type($app,$location,1);
@@ -740,7 +740,7 @@
{
if($grant_rights[$user_id])
{
- $grant_rights[$user_id] &= (~
$mask);
+ $grant_rights[$user_id] &= (~
$mask);
if($grant_rights[$user_id]<=0)
{
unset
($grant_rights[$user_id]);
@@ -748,104 +748,100 @@
}
}
}
- return $grant_rights;
+ return $grant_rights;
}
+ /**
+ * Get application specific account based granted rights list
+ *
+ * @param string $app Application name, defaults to
$phpgw_info['flags']['currentapp']
+ * @param string $location location within Application name
+ * @param integer $type mask or right (1 means mask , 0 means
right) to check against
+ * @return array Assoziativ array with granted access rights for
accounts
+ */
+ function get_grants_type($app='',$location='',$type = '')
+ {
+ $db2 = $this->db;
- /**
- * Get application specific account based granted rights list
- *
- * @param string $app Application name, defaults to
$phpgw_info['flags']['currentapp']
- * @param string $location location within Application name
- * @param integer $type mask or right (1 means mask , 0 means
right) to check against
- * @return array Assoziativ array with granted access rights for
accounts
- */
- function get_grants_type($app='',$location='',$type = '')
- {
- $db2 = $this->db;
-
- if ($app=='')
- {
- $app =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
- if ($location)
- {
- $at_location = " AND acl_location =
'$location'";
- }
-
- $sql = "SELECT acl_account,acl_grantor, acl_rights FROM
hrm_acl WHERE acl_appname = '$app' $at_location AND acl_grantor IS NOT NULL AND
acl_type = $type AND "
- . "acl_account in ";
- $security = "('". $this->account_id ."'";
- $myaccounts = CreateObject('phpgwapi.accounts');
- $my_memberships =
$myaccounts->membership($this->account_id);
- unset($myaccounts);
- @reset($my_memberships);
- while($my_memberships && (list($key,$group) =
each($my_memberships)))
- {
- $security .= ",'" . $group['account_id'] . "'";
- }
- $security .= ')';
- $db2->query($sql . $security ,__LINE__,__FILE__);
- $rights = 0;
- $accounts = Array();
- if ($db2->num_rows() == 0 && $type==0)
- {
-
$grants[$GLOBALS['phpgw_info']['user']['account_id']] = 31;
- return $grants;
- }
- while ($db2->next_record())
- {
- $grantor = $db2->f('acl_grantor');
- $rights = $db2->f('acl_rights');
- if(!isset($accounts[$grantor]))
- // cache the group-members for performance
- {
- // if $grantor is a group, get its
members
- $members =
$this->get_ids_for_location($grantor,1,'phpgw_group');
- if(!$members)
- {
- $accounts[$grantor] =
Array($grantor);
- $is_group[$grantor] = False;
- }
- else
- {
- $accounts[$grantor] = $members;
- $is_group[$grantor] = True;
- }
- }
- if(@$is_group[$grantor])
- {
- // Don't allow to override private!
- $rights &= (~ PHPGW_ACL_PRIVATE);
- if(!isset($grants[$grantor]))
- {
- $grants[$grantor] = 0;
- }
- $grants[$grantor] |= $rights;
- if(!!($rights & PHPGW_ACL_READ))
- {
- $grants[$grantor] |=
PHPGW_ACL_READ;
- }
- }
- while(list($nul,$grantors) =
each($accounts[$grantor]))
- {
- if(!isset($grants[$grantors]))
- {
- $grants[$grantors] = 0;
- }
- $grants[$grantors] |= $rights;
- }
- reset($accounts[$grantor]);
- }
- if($type==0)
+ if ($app=='')
+ {
+ $app =
$GLOBALS['phpgw_info']['flags']['currentapp'];
+ }
+ if ($location)
+ {
+ $at_location = " AND acl_location =
'$location'";
+ }
+
+ $sql = "SELECT acl_account,acl_grantor, acl_rights FROM
hrm_acl WHERE acl_appname = '$app' $at_location AND acl_grantor IS NOT NULL AND
acl_type = $type AND "
+ . "acl_account in ";
+ $security = "('". $this->account_id ."'";
+ $myaccounts = CreateObject('phpgwapi.accounts');
+ $my_memberships =
$myaccounts->membership($this->account_id);
+ unset($myaccounts);
+ @reset($my_memberships);
+ while($my_memberships && (list($key,$group) =
each($my_memberships)))
+ {
+ $security .= ",'" . $group['account_id'] . "'";
+ }
+ $security .= ')';
+ $db2->query($sql . $security ,__LINE__,__FILE__);
+ $rights = 0;
+ $accounts = Array();
+ if ($db2->num_rows() == 0 && $type==0)
{
$grants[$GLOBALS['phpgw_info']['user']['account_id']] = 31;
- }
- else
- {
- unset
($grants[$GLOBALS['phpgw_info']['user']['account_id']]);
- }
-
- return $grants;
- }
- }
-?>
+ return $grants;
+ }
+ while ($db2->next_record())
+ {
+ $grantor = $db2->f('acl_grantor');
+ $rights = $db2->f('acl_rights');
+ if(!isset($accounts[$grantor]))
+ // cache the group-members for performance
+ {
+ // if $grantor is a group, get its
members
+ $members =
$this->get_ids_for_location($grantor,1,'phpgw_group');
if(!$members)
+ {
+ $accounts[$grantor] =
Array($grantor);
+ $is_group[$grantor] = False;
+ }
+ else
+ {
+ $accounts[$grantor] = $members;
+ $is_group[$grantor] = True;
+ }
+ }
+ if(@$is_group[$grantor])
+ {
+ // Don't allow to override private!
+ $rights &= (~ PHPGW_ACL_PRIVATE);
+ if(!isset($grants[$grantor]))
+ {
+ $grants[$grantor] = 0;
+ }
+ $grants[$grantor] |= $rights;
+ if(!!($rights & PHPGW_ACL_READ))
+ {
+ $grants[$grantor] |=
PHPGW_ACL_READ;
+ }
+ }
+ while(list($nul,$grantors) =
each($accounts[$grantor]))
+ {
+ if(!isset($grants[$grantors]))
+ {
+ $grants[$grantors] = 0;
+ }
+ $grants[$grantors] |= $rights;
+ }
+ reset($accounts[$grantor]);
+ }
+ if($type==0)
+ {
$grants[$GLOBALS['phpgw_info']['user']['account_id']] = 31;
+ }
+ else
+ {
+ unset
($grants[$GLOBALS['phpgw_info']['user']['account_id']]);
+ }
+
+ return $grants;
+ }
+ }
\ No newline at end of file
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] hrm/inc class.sojob.inc.php, 1.8 class.acl2.inc.php, 1.3,
sigurdne <=