summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--LibertyContent.php72
-rw-r--r--content_permissions.php6
-rw-r--r--content_permissions_inc.php59
-rw-r--r--templates/content_permissions.tpl9
-rw-r--r--templates/content_permissions_inc.tpl74
5 files changed, 183 insertions, 37 deletions
diff --git a/LibertyContent.php b/LibertyContent.php
index 4a8f7c1..8d3bcaa 100644
--- a/LibertyContent.php
+++ b/LibertyContent.php
@@ -3,7 +3,7 @@
* Management of Liberty content
*
* @package liberty
-* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertyContent.php,v 1.113 2006/07/17 06:57:01 squareing Exp $
+* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertyContent.php,v 1.114 2006/07/18 14:18:00 squareing Exp $
* @author spider <spider@steelsun.com>
*/
@@ -631,18 +631,23 @@ class LibertyContent extends LibertyBase {
}
}
+ // -------------------------------- Content Permission Funtions
+
/**
* Check permissions for the object that has been loaded against the permission database
- */
+ *
+ * @access public
+ * @return TRUE if permissions were inserted into $this->mPerms
+ */
function loadPermissions() {
if( $this->isValid() && empty( $this->mPerms ) && $this->mContentTypeGuid ) {
- //$object_id = md5($object_type . $object_id);
- $query = "select uop.`perm_name`, ug.`group_id`, ug.`group_name`
+ $query = "SELECT uop.`perm_name` AS `hash_key`, uop.`perm_name`, ug.`group_id`, ug.`group_name`, up.`perm_desc`
FROM `".BIT_DB_PREFIX."users_object_permissions` uop
INNER JOIN `".BIT_DB_PREFIX."users_groups` ug ON( uop.`group_id`=ug.`group_id` )
+ LEFT OUTER JOIN `".BIT_DB_PREFIX."users_permissions` up ON( up.`perm_name`=uop.`perm_name` )
WHERE uop.`object_id` = ? AND uop.`object_type` = ?";
$bindVars = array( $this->mContentId, $this->mContentTypeGuid );
- $this->mPerms = $this->mDb->getAssoc($query, $bindVars);
+ $this->mPerms = $this->mDb->getAssoc( $query, $bindVars );
}
return( count( $this->mPerms ) );
}
@@ -654,12 +659,11 @@ class LibertyContent extends LibertyBase {
* @param bool Generate fatal message if permission denigned
* @param string Message if permission denigned
* @return bool true if user has permission to access file
- * @todo Fatal message still to be implemented
*/
- function hasUserPermission( $pPermName, $pFatalIfFalse=FALSE, $pFatalMessage=NULL ) {
+ function hasUserPermission( $pPermName, $pFatalIfFalse = FALSE, $pFatalMessage = NULL ) {
global $gBitUser;
- if( !$gBitUser->isRegistered() || !($ret = $this->isOwner()) ) {
- if( !($ret = $this->hasAdminPermission()) ) {
+ if( !$gBitUser->isRegistered() || !( $ret = $this->isOwner() ) ) {
+ if( !( $ret = $this->hasAdminPermission() ) ) {
$this->verifyAccessControl();
if( $this->loadPermissions() ) {
$userPerms = $this->getUserPermissions( $gBitUser->mUserId );
@@ -672,7 +676,7 @@ class LibertyContent extends LibertyBase {
if( !$ret && $pFatalIfFalse ) {
global $gBitSystem;
- $gBitSystem->fatalPermission( $pPermName, $pFatalIfFalse=FALSE, $pFatalMessage=NULL );
+ $gBitSystem->fatalPermission( $pPermName, $pFatalMessage );
}
return( $ret );
@@ -688,7 +692,6 @@ class LibertyContent extends LibertyBase {
return( $gBitUser->isAdmin() || $gBitUser->hasPermission( $this->mAdminContentPerm ) );
}
-
/**
* Determine if current user has the ability to edit this type of content
*
@@ -699,7 +702,6 @@ class LibertyContent extends LibertyBase {
return( $gBitUser->isAdmin() || $gBitUser->hasPermission( $this->mAdminContentPerm ) || $this->isOwner() );
}
-
/**
* Get specific permissions for the specified user for this content
*
@@ -729,19 +731,18 @@ class LibertyContent extends LibertyBase {
* @param integer Content Itentifier
* @return bool true ( will not currently report a failure )
*/
- function storePermission( $pGroupId, $perm_name, $object_id=NULL ) {
- if( !@$this->verifyId( $object_id ) ) {
- $object_id = $this->mContentId;
+ function storePermission( $pGroupId, $pPermName, $pObjectId=NULL ) {
+ if( !@$this->verifyId( $pObjectId ) ) {
+ $pObjectId = $this->mContentId;
}
- //$object_id = md5($object_type . $object_id);
$query = "DELETE FROM `".BIT_DB_PREFIX."users_object_permissions`
WHERE `group_id` = ? AND `perm_name` = ? AND `object_id` = ?";
- $result = $this->mDb->query($query, array($pGroupId, $perm_name, $object_id), -1, -1);
- $query = "insert into `".BIT_DB_PREFIX."users_object_permissions`
+ $result = $this->mDb->query( $query, array( $pGroupId, $pPermName, $pObjectId ), -1, -1 );
+ $query = "INSERT INTO `".BIT_DB_PREFIX."users_object_permissions`
(`group_id`,`object_id`, `object_type`, `perm_name`)
VALUES ( ?, ?, ?, ? )";
- $result = $this->mDb->query($query, array($pGroupId, $object_id, $this->mContentTypeGuid, $perm_name));
- return true;
+ $result = $this->mDb->query( $query, array( $pGroupId, $pObjectId, $this->mContentTypeGuid, $pPermName ) );
+ return TRUE;
}
/**
@@ -753,17 +754,17 @@ class LibertyContent extends LibertyBase {
* @param string Name of the permission
* @return bool true if access is allowed
*/
- function hasPermission( $pUserId, $object_id, $object_type, $perm_name ) {
+ function hasPermission( $pUserId, $pObjectId, $pObjectType, $pPermName ) {
$ret = FALSE;
$groups = $this->get_user_groups( $pUserId );
foreach ( $groups as $group_name ) {
- $query = "SELECT count(*)
+ $query = "SELECT COUNT(*)
FROM `".BIT_DB_PREFIX."users_object_permissions`
WHERE `group_name` = ? and `object_id` = ? and `object_type` = ? and `perm_name` = ?";
- $bindVars = array($group_name, $object_id, $object_type, $perm_name);
+ $bindVars = array( $group_name, $pObjectId, $pObjectType, $pPermName );
$result = $this->mDb->getOne( $query, $bindVars );
- if ($result>0) {
- $ret = true;
+ if( $result > 0 ) {
+ $ret = TRUE;
}
}
return $ret;
@@ -776,13 +777,12 @@ class LibertyContent extends LibertyBase {
* @param string Name of the permission
* @return bool true ( will not currently report a failure )
*/
- function removePermission( $pGroupId, $perm_name ) {
- //$object_id = md5($object_type . $object_id);
+ function removePermission( $pGroupId, $pPermName ) {
$query = "delete from `".BIT_DB_PREFIX."users_object_permissions`
where `group_id` = ? and `object_id` = ?
and `object_type` = ? and `perm_name` = ?";
- $bindVars = array($pGroupId, $this->mContentId, $this->mContentTypeGuid, $perm_name);
- $result = $this->mDb->query($query, $bindVars);
+ $bindVars = array( $pGroupId, $this->mContentId, $this->mContentTypeGuid, $pPermName );
+ $result = $this->mDb->query( $query, $bindVars );
return true;
}
@@ -793,22 +793,20 @@ class LibertyContent extends LibertyBase {
* @return bool true ( will not currently report a failure )
*/
function copyPermissions( $destinationObjectId ) {
- //$object_id = md5($object_type.$object_id);
- $query = "select `perm_name`, `group_name`
- from `".BIT_DB_PREFIX."users_object_permissions`
- where `object_id` =? and `object_type` = ?";
+ $query = "SELECT `perm_name`, `group_name`
+ FROM `".BIT_DB_PREFIX."users_object_permissions`
+ WHERE `object_id` =? AND `object_type` = ?";
$bindVars = array( $this->mContentId, $this->mContentTypeGuid );
- $result = $this->mDb->query($query, $bindVars);
- while($res = $result->fetchRow()) {
+ $result = $this->mDb->query( $query, $bindVars );
+ while( $res = $result->fetchRow() ) {
$this->storePermission( $res["group_name"], $this->mContentTypeGuid, $res["perm_name"], $destinationObjectId );
}
- return true;
+ return TRUE;
}
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Preferences Functions
-
/**
* Returns the content preferences value for the passed in key.
*
diff --git a/content_permissions.php b/content_permissions.php
new file mode 100644
index 0000000..d45eefb
--- /dev/null
+++ b/content_permissions.php
@@ -0,0 +1,6 @@
+<?php
+require_once( '../bit_setup_inc.php' );
+require_once( LIBERTY_PKG_PATH.'content_permissions_inc.php' );
+
+$gBitSystem->display( 'bitpackage:liberty/content_permissions.tpl', tra( 'Content Permissions' ) );
+?>
diff --git a/content_permissions_inc.php b/content_permissions_inc.php
new file mode 100644
index 0000000..39891fa
--- /dev/null
+++ b/content_permissions_inc.php
@@ -0,0 +1,59 @@
+<?php
+if( !empty( $verify_permission ) ) {
+ $gBitSystem->verifyPermission( $verify_permission );
+} else {
+ $gBitSystem->verifyPermission( 'p_admin' );
+}
+
+// If we haven't got any content loaded yet, load it
+if( empty( $gContent ) ) {
+ // make sure we have a content_id we can work with
+ if( empty( $_REQUEST["content_id"] ) || $_REQUEST["content_id"] < 1 ) {
+ $gBitSmarty->assign( 'msg', tra( "No valid content id given." ) );
+ $gBitSystem->display( 'error.tpl' );
+die;
+ }
+
+ $gContent = new LibertyContent();
+ $gContent = $gContent->getLibertyObject( $_REQUEST['content_id'] );
+}
+$gBitSmarty->assign_by_ref( 'gContent', $gContent );
+
+// Process the form
+// send the user to the content page if he wants to
+if( !empty( $_REQUEST['back'] ) ) {
+ header( "Location: ".$gContent->getDisplayUrl() );
+ die;
+}
+
+// Update database if needed
+if( !empty( $_REQUEST["group_id"] ) && !empty( $gContent->mContentId ) && !empty( $_REQUEST["perm"] ) ) {
+ if( isset( $_REQUEST["assign"] ) ) {
+ $gContent->storePermission( $_REQUEST["group_id"], $_REQUEST["perm"], $gContent->mContentId );
+ }
+
+ if( isset( $_REQUEST["action"] ) ) {
+ if( $_REQUEST["action"] == 'remove' ) {
+ $gContent->removePermission( $_REQUEST["group_id"], $_REQUEST["perm"] );
+ }
+ }
+}
+
+// Now we have to get the individual object permissions if any
+$gContent->loadPermissions();
+
+// Get a list of groups
+$listHash = array( 'sort_mode' => 'group_name_asc' );
+$userGroups = $gBitUser->getAllGroups( $listHash );
+$gBitSmarty->assign_by_ref( 'userGroups', $userGroups["data"] );
+
+// Get a list of permissions
+if( empty( $assignPerms ) ) {
+ if( !empty( $gContent->mType['handler_package'] ) ) {
+ $assignPerms = $gBitUser->getGroupPermissions( NULL, $gContent->mType['handler_package'] );
+ } else {
+ $assignPerms = $gBitUser->mPerms;
+ }
+}
+$gBitSmarty->assign_by_ref( 'assignPerms', $assignPerms );
+?>
diff --git a/templates/content_permissions.tpl b/templates/content_permissions.tpl
new file mode 100644
index 0000000..55f8baa
--- /dev/null
+++ b/templates/content_permissions.tpl
@@ -0,0 +1,9 @@
+<div class="admin permission">
+ <div class="header">
+ <h1>{tr}Assign permissions{/tr}</h1>
+ </div>
+
+ <div class="body">
+ {include file="bitpackage:liberty/content_permissions_inc.tpl"}
+ </div><!-- end .body -->
+</div><!-- end .permission -->
diff --git a/templates/content_permissions_inc.tpl b/templates/content_permissions_inc.tpl
new file mode 100644
index 0000000..d977571
--- /dev/null
+++ b/templates/content_permissions_inc.tpl
@@ -0,0 +1,74 @@
+<h2>{tr}Assign permissions to{/tr}: {$gContent->getTitle()}</h2>
+
+{form legend="Content Permissions"}
+ <input type="hidden" name="content_id" value="{$gContent->mContentId}" />
+
+ <div class="row">
+ {formlabel label="Assign this Permission" for="perm"}
+ {forminput}
+ <select name="perm" id="perm">
+ {foreach from=$assignPerms item=perm}
+ <option value="{$perm.perm_name}">{$perm.perm_desc}</option>
+ {/foreach}
+ </select>
+ {formhelp note=""}
+ {/forminput}
+ </div>
+
+ <div class="row">
+ {formlabel label="To this Group" for="group_id"}
+ {forminput}
+ <select name="group_id" id="group_id">
+ {foreach from=$userGroups item=group}
+ <option value="{$group.group_id}">{$group.group_name}</option>
+ {/foreach}
+ </select>
+ {formhelp note=""}
+ {/forminput}
+ </div>
+
+ <div class="row submit">
+ <input type="submit" name="back" value="{tr}Go back to content{/tr}" />
+ <input type="submit" name="assign" value="{tr}Assign Permission{/tr}" />
+ </div>
+{/form}
+
+<br />
+
+<table class="data">
+ <caption>{tr}Permissions assigned to this content{/tr}</caption>
+ <tr>
+ <th>{tr}Group{/tr}</th>
+ <th>{tr}Permission{/tr}</th>
+ <th>{tr}Action{/tr}</th>
+ </tr>
+ {foreach from=$gContent->mPerms item=perm}
+ <tr class="{cycle values="even,odd"}">
+ <td>{$perm.group_name}</td>
+ <td>
+ {$perm.perm_name}
+ <br />
+ {$perm.perm_desc}
+ </td>
+ <td align="right">
+ {smartlink ititle="Remove Permission" ibiticon="liberty/delete" action=remove content_id=$gContent->mContentId perm=$perm.perm_name group_id=$perm.group_id}
+ </td>
+ </tr>
+ {foreachelse}
+ <tr class="norecords">
+ <td colspan="3">{tr}No individual permissions, global permissions apply{/tr}</td>
+ </tr>
+ {/foreach}
+</table>
+
+{* probably not needed - xing
+<br /><hr /><br />
+
+<h2>{tr}Permission explanation{/tr}</h2>
+{foreach from=$assignPerms item=perm}
+ <dl class="help">
+ <dt>{$perm.perm_name}</dt>
+ <dd>{$perm.perm_desc}</dd>
+ </dl>
+{/foreach}
+*}