diff options
| -rw-r--r-- | LibertyContent.php | 72 | ||||
| -rw-r--r-- | content_permissions.php | 6 | ||||
| -rw-r--r-- | content_permissions_inc.php | 59 | ||||
| -rw-r--r-- | templates/content_permissions.tpl | 9 | ||||
| -rw-r--r-- | templates/content_permissions_inc.tpl | 74 |
5 files changed, 183 insertions, 37 deletions
diff --git a/LibertyContent.php b/LibertyContent.php index 4a8f7c1..8d3bcaa 100644 --- a/LibertyContent.php +++ b/LibertyContent.php @@ -3,7 +3,7 @@ * Management of Liberty content * * @package liberty -* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertyContent.php,v 1.113 2006/07/17 06:57:01 squareing Exp $ +* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertyContent.php,v 1.114 2006/07/18 14:18:00 squareing Exp $ * @author spider <spider@steelsun.com> */ @@ -631,18 +631,23 @@ class LibertyContent extends LibertyBase { } } + // -------------------------------- Content Permission Funtions + /** * Check permissions for the object that has been loaded against the permission database - */ + * + * @access public + * @return TRUE if permissions were inserted into $this->mPerms + */ function loadPermissions() { if( $this->isValid() && empty( $this->mPerms ) && $this->mContentTypeGuid ) { - //$object_id = md5($object_type . $object_id); - $query = "select uop.`perm_name`, ug.`group_id`, ug.`group_name` + $query = "SELECT uop.`perm_name` AS `hash_key`, uop.`perm_name`, ug.`group_id`, ug.`group_name`, up.`perm_desc` FROM `".BIT_DB_PREFIX."users_object_permissions` uop INNER JOIN `".BIT_DB_PREFIX."users_groups` ug ON( uop.`group_id`=ug.`group_id` ) + LEFT OUTER JOIN `".BIT_DB_PREFIX."users_permissions` up ON( up.`perm_name`=uop.`perm_name` ) WHERE uop.`object_id` = ? AND uop.`object_type` = ?"; $bindVars = array( $this->mContentId, $this->mContentTypeGuid ); - $this->mPerms = $this->mDb->getAssoc($query, $bindVars); + $this->mPerms = $this->mDb->getAssoc( $query, $bindVars ); } return( count( $this->mPerms ) ); } @@ -654,12 +659,11 @@ class LibertyContent extends LibertyBase { * @param bool Generate fatal message if permission denigned * @param string Message if permission denigned * @return bool true if user has permission to access file - * @todo Fatal message still to be implemented */ - function hasUserPermission( $pPermName, $pFatalIfFalse=FALSE, $pFatalMessage=NULL ) { + function hasUserPermission( $pPermName, $pFatalIfFalse = FALSE, $pFatalMessage = NULL ) { global $gBitUser; - if( !$gBitUser->isRegistered() || !($ret = $this->isOwner()) ) { - if( !($ret = $this->hasAdminPermission()) ) { + if( !$gBitUser->isRegistered() || !( $ret = $this->isOwner() ) ) { + if( !( $ret = $this->hasAdminPermission() ) ) { $this->verifyAccessControl(); if( $this->loadPermissions() ) { $userPerms = $this->getUserPermissions( $gBitUser->mUserId ); @@ -672,7 +676,7 @@ class LibertyContent extends LibertyBase { if( !$ret && $pFatalIfFalse ) { global $gBitSystem; - $gBitSystem->fatalPermission( $pPermName, $pFatalIfFalse=FALSE, $pFatalMessage=NULL ); + $gBitSystem->fatalPermission( $pPermName, $pFatalMessage ); } return( $ret ); @@ -688,7 +692,6 @@ class LibertyContent extends LibertyBase { return( $gBitUser->isAdmin() || $gBitUser->hasPermission( $this->mAdminContentPerm ) ); } - /** * Determine if current user has the ability to edit this type of content * @@ -699,7 +702,6 @@ class LibertyContent extends LibertyBase { return( $gBitUser->isAdmin() || $gBitUser->hasPermission( $this->mAdminContentPerm ) || $this->isOwner() ); } - /** * Get specific permissions for the specified user for this content * @@ -729,19 +731,18 @@ class LibertyContent extends LibertyBase { * @param integer Content Itentifier * @return bool true ( will not currently report a failure ) */ - function storePermission( $pGroupId, $perm_name, $object_id=NULL ) { - if( !@$this->verifyId( $object_id ) ) { - $object_id = $this->mContentId; + function storePermission( $pGroupId, $pPermName, $pObjectId=NULL ) { + if( !@$this->verifyId( $pObjectId ) ) { + $pObjectId = $this->mContentId; } - //$object_id = md5($object_type . $object_id); $query = "DELETE FROM `".BIT_DB_PREFIX."users_object_permissions` WHERE `group_id` = ? AND `perm_name` = ? AND `object_id` = ?"; - $result = $this->mDb->query($query, array($pGroupId, $perm_name, $object_id), -1, -1); - $query = "insert into `".BIT_DB_PREFIX."users_object_permissions` + $result = $this->mDb->query( $query, array( $pGroupId, $pPermName, $pObjectId ), -1, -1 ); + $query = "INSERT INTO `".BIT_DB_PREFIX."users_object_permissions` (`group_id`,`object_id`, `object_type`, `perm_name`) VALUES ( ?, ?, ?, ? )"; - $result = $this->mDb->query($query, array($pGroupId, $object_id, $this->mContentTypeGuid, $perm_name)); - return true; + $result = $this->mDb->query( $query, array( $pGroupId, $pObjectId, $this->mContentTypeGuid, $pPermName ) ); + return TRUE; } /** @@ -753,17 +754,17 @@ class LibertyContent extends LibertyBase { * @param string Name of the permission * @return bool true if access is allowed */ - function hasPermission( $pUserId, $object_id, $object_type, $perm_name ) { + function hasPermission( $pUserId, $pObjectId, $pObjectType, $pPermName ) { $ret = FALSE; $groups = $this->get_user_groups( $pUserId ); foreach ( $groups as $group_name ) { - $query = "SELECT count(*) + $query = "SELECT COUNT(*) FROM `".BIT_DB_PREFIX."users_object_permissions` WHERE `group_name` = ? and `object_id` = ? and `object_type` = ? and `perm_name` = ?"; - $bindVars = array($group_name, $object_id, $object_type, $perm_name); + $bindVars = array( $group_name, $pObjectId, $pObjectType, $pPermName ); $result = $this->mDb->getOne( $query, $bindVars ); - if ($result>0) { - $ret = true; + if( $result > 0 ) { + $ret = TRUE; } } return $ret; @@ -776,13 +777,12 @@ class LibertyContent extends LibertyBase { * @param string Name of the permission * @return bool true ( will not currently report a failure ) */ - function removePermission( $pGroupId, $perm_name ) { - //$object_id = md5($object_type . $object_id); + function removePermission( $pGroupId, $pPermName ) { $query = "delete from `".BIT_DB_PREFIX."users_object_permissions` where `group_id` = ? and `object_id` = ? and `object_type` = ? and `perm_name` = ?"; - $bindVars = array($pGroupId, $this->mContentId, $this->mContentTypeGuid, $perm_name); - $result = $this->mDb->query($query, $bindVars); + $bindVars = array( $pGroupId, $this->mContentId, $this->mContentTypeGuid, $pPermName ); + $result = $this->mDb->query( $query, $bindVars ); return true; } @@ -793,22 +793,20 @@ class LibertyContent extends LibertyBase { * @return bool true ( will not currently report a failure ) */ function copyPermissions( $destinationObjectId ) { - //$object_id = md5($object_type.$object_id); - $query = "select `perm_name`, `group_name` - from `".BIT_DB_PREFIX."users_object_permissions` - where `object_id` =? and `object_type` = ?"; + $query = "SELECT `perm_name`, `group_name` + FROM `".BIT_DB_PREFIX."users_object_permissions` + WHERE `object_id` =? AND `object_type` = ?"; $bindVars = array( $this->mContentId, $this->mContentTypeGuid ); - $result = $this->mDb->query($query, $bindVars); - while($res = $result->fetchRow()) { + $result = $this->mDb->query( $query, $bindVars ); + while( $res = $result->fetchRow() ) { $this->storePermission( $res["group_name"], $this->mContentTypeGuid, $res["perm_name"], $destinationObjectId ); } - return true; + return TRUE; } // =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Preferences Functions - /** * Returns the content preferences value for the passed in key. * diff --git a/content_permissions.php b/content_permissions.php new file mode 100644 index 0000000..d45eefb --- /dev/null +++ b/content_permissions.php @@ -0,0 +1,6 @@ +<?php +require_once( '../bit_setup_inc.php' ); +require_once( LIBERTY_PKG_PATH.'content_permissions_inc.php' ); + +$gBitSystem->display( 'bitpackage:liberty/content_permissions.tpl', tra( 'Content Permissions' ) ); +?> diff --git a/content_permissions_inc.php b/content_permissions_inc.php new file mode 100644 index 0000000..39891fa --- /dev/null +++ b/content_permissions_inc.php @@ -0,0 +1,59 @@ +<?php +if( !empty( $verify_permission ) ) { + $gBitSystem->verifyPermission( $verify_permission ); +} else { + $gBitSystem->verifyPermission( 'p_admin' ); +} + +// If we haven't got any content loaded yet, load it +if( empty( $gContent ) ) { + // make sure we have a content_id we can work with + if( empty( $_REQUEST["content_id"] ) || $_REQUEST["content_id"] < 1 ) { + $gBitSmarty->assign( 'msg', tra( "No valid content id given." ) ); + $gBitSystem->display( 'error.tpl' ); +die; + } + + $gContent = new LibertyContent(); + $gContent = $gContent->getLibertyObject( $_REQUEST['content_id'] ); +} +$gBitSmarty->assign_by_ref( 'gContent', $gContent ); + +// Process the form +// send the user to the content page if he wants to +if( !empty( $_REQUEST['back'] ) ) { + header( "Location: ".$gContent->getDisplayUrl() ); + die; +} + +// Update database if needed +if( !empty( $_REQUEST["group_id"] ) && !empty( $gContent->mContentId ) && !empty( $_REQUEST["perm"] ) ) { + if( isset( $_REQUEST["assign"] ) ) { + $gContent->storePermission( $_REQUEST["group_id"], $_REQUEST["perm"], $gContent->mContentId ); + } + + if( isset( $_REQUEST["action"] ) ) { + if( $_REQUEST["action"] == 'remove' ) { + $gContent->removePermission( $_REQUEST["group_id"], $_REQUEST["perm"] ); + } + } +} + +// Now we have to get the individual object permissions if any +$gContent->loadPermissions(); + +// Get a list of groups +$listHash = array( 'sort_mode' => 'group_name_asc' ); +$userGroups = $gBitUser->getAllGroups( $listHash ); +$gBitSmarty->assign_by_ref( 'userGroups', $userGroups["data"] ); + +// Get a list of permissions +if( empty( $assignPerms ) ) { + if( !empty( $gContent->mType['handler_package'] ) ) { + $assignPerms = $gBitUser->getGroupPermissions( NULL, $gContent->mType['handler_package'] ); + } else { + $assignPerms = $gBitUser->mPerms; + } +} +$gBitSmarty->assign_by_ref( 'assignPerms', $assignPerms ); +?> diff --git a/templates/content_permissions.tpl b/templates/content_permissions.tpl new file mode 100644 index 0000000..55f8baa --- /dev/null +++ b/templates/content_permissions.tpl @@ -0,0 +1,9 @@ +<div class="admin permission"> + <div class="header"> + <h1>{tr}Assign permissions{/tr}</h1> + </div> + + <div class="body"> + {include file="bitpackage:liberty/content_permissions_inc.tpl"} + </div><!-- end .body --> +</div><!-- end .permission --> diff --git a/templates/content_permissions_inc.tpl b/templates/content_permissions_inc.tpl new file mode 100644 index 0000000..d977571 --- /dev/null +++ b/templates/content_permissions_inc.tpl @@ -0,0 +1,74 @@ +<h2>{tr}Assign permissions to{/tr}: {$gContent->getTitle()}</h2> + +{form legend="Content Permissions"} + <input type="hidden" name="content_id" value="{$gContent->mContentId}" /> + + <div class="row"> + {formlabel label="Assign this Permission" for="perm"} + {forminput} + <select name="perm" id="perm"> + {foreach from=$assignPerms item=perm} + <option value="{$perm.perm_name}">{$perm.perm_desc}</option> + {/foreach} + </select> + {formhelp note=""} + {/forminput} + </div> + + <div class="row"> + {formlabel label="To this Group" for="group_id"} + {forminput} + <select name="group_id" id="group_id"> + {foreach from=$userGroups item=group} + <option value="{$group.group_id}">{$group.group_name}</option> + {/foreach} + </select> + {formhelp note=""} + {/forminput} + </div> + + <div class="row submit"> + <input type="submit" name="back" value="{tr}Go back to content{/tr}" /> + <input type="submit" name="assign" value="{tr}Assign Permission{/tr}" /> + </div> +{/form} + +<br /> + +<table class="data"> + <caption>{tr}Permissions assigned to this content{/tr}</caption> + <tr> + <th>{tr}Group{/tr}</th> + <th>{tr}Permission{/tr}</th> + <th>{tr}Action{/tr}</th> + </tr> + {foreach from=$gContent->mPerms item=perm} + <tr class="{cycle values="even,odd"}"> + <td>{$perm.group_name}</td> + <td> + {$perm.perm_name} + <br /> + {$perm.perm_desc} + </td> + <td align="right"> + {smartlink ititle="Remove Permission" ibiticon="liberty/delete" action=remove content_id=$gContent->mContentId perm=$perm.perm_name group_id=$perm.group_id} + </td> + </tr> + {foreachelse} + <tr class="norecords"> + <td colspan="3">{tr}No individual permissions, global permissions apply{/tr}</td> + </tr> + {/foreach} +</table> + +{* probably not needed - xing +<br /><hr /><br /> + +<h2>{tr}Permission explanation{/tr}</h2> +{foreach from=$assignPerms item=perm} + <dl class="help"> + <dt>{$perm.perm_name}</dt> + <dd>{$perm.perm_desc}</dd> + </dl> +{/foreach} +*} |
