From 3acb24c80ff096fa757229e5113a08b071ed4251 Mon Sep 17 00:00:00 2001 From: Max Kremmel Date: Sat, 31 Mar 2007 13:01:09 +0000 Subject: lots of content permissions work. tentatively added updateUserPermissions() to service load function. --- LibertyContent.php | 36 ++++--- LibertySystem.php | 25 ++++- bit_setup_inc.php | 6 +- content_permissions.php | 57 ++++++++++- content_permissions_inc.php | 8 +- templates/content_permissions_inc.tpl | 155 +++++++++++++++++------------ templates/service_content_edit_tab_inc.tpl | 16 +-- templates/service_content_icon_inc.tpl | 10 ++ 8 files changed, 208 insertions(+), 105 deletions(-) diff --git a/LibertyContent.php b/LibertyContent.php index 74c96b7..fd1aa47 100644 --- a/LibertyContent.php +++ b/LibertyContent.php @@ -3,7 +3,7 @@ * Management of Liberty content * * @package liberty -* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertyContent.php,v 1.190 2007/03/31 10:41:11 squareing Exp $ +* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertyContent.php,v 1.191 2007/03/31 13:01:08 squareing Exp $ * @author spider */ @@ -73,12 +73,12 @@ class LibertyContent extends LibertyBase { * Permissions hash specific to this LibertyContent object * @public */ - var $mPerms; + var $mPerms = array(); /** * Preferences hash specific to this LibertyContent object - accessed via getPreference/storePreference * @private */ - var $mPrefs; + var $mPrefs = array(); /** * Admin control permission specific to this LibertyContent type * @private @@ -919,7 +919,7 @@ class LibertyContent extends LibertyBase { } LibertyContent::prepGetList( $pParamHash ); - if( $this->isValid() && empty( $this->mPerms ) && $this->mContentTypeGuid ) { + if( $this->isValid() && $this->mContentTypeGuid ) { $query = " SELECT lcperm.`perm_name`, ug.`group_id`, ug.`group_name`, up.`perm_desc` FROM `".BIT_DB_PREFIX."liberty_content_permissions` lcperm @@ -930,7 +930,7 @@ class LibertyContent extends LibertyBase { $bindVars = array( $this->mContentId ); $ret = $this->mDb->getAll( $query, $bindVars ); } - return( $ret ); + return $ret; } /** @@ -957,10 +957,11 @@ class LibertyContent extends LibertyBase { foreach( $perms as $perm ) { if( in_array( $perm['group_id'], $userGroups ) ) { $this->mPerms[$perm['perm_name']] = $perm; + $this->mPerms[$perm['perm_name']]['package'] = $this->mType['handler_package']; } } } - return( count( $perms ) ); + return( count( $perms )); } /** @@ -972,7 +973,7 @@ class LibertyContent extends LibertyBase { */ function updateUserPermissions( $pPackage = NULL ) { $ret = FALSE; - if( $this->isValid() && $this->loadPermissions() ) { + if( $this->isValid() && $this->hasAssignedPermissions() ) { global $gBitUser; if( empty( $pPackage ) ) { @@ -992,15 +993,20 @@ class LibertyContent extends LibertyBase { return $ret; } + /** + * Check to see if the loaded content has individually assigned permissions + * + * @access public + * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure + */ function hasAssignedPermissions() { $ret = FALSE; if( $this->isValid() ) { - $ret = count( $this->mPerms ); + $ret = $this->loadPermissions(); } return $ret; } - /** * Function that determines if this content specified permission for the current gBitUser, and will throw a fatal error if not. * @@ -1103,21 +1109,21 @@ class LibertyContent extends LibertyBase { * @param integer Content Itentifier * @return bool true ( will not currently report a failure ) */ - function storePermission( $pGroupId, $pPermName, $pObjectId=NULL ) { - if( !@$this->verifyId( $pObjectId )) { - $pObjectId = $this->mContentId; + function storePermission( $pGroupId, $pPermName, $pContentId=NULL ) { + if( !@$this->verifyId( $pContentId )) { + $pContentId = $this->mContentId; } - if( @BitBase::verifyId( $pGroupId ) && !empty( $pPermName )) { + if( @BitBase::verifyId( $pGroupId ) && !empty( $pPermName ) && @BitBase::verifyId( $pContentId )) { $query = " DELETE FROM `".BIT_DB_PREFIX."liberty_content_permissions` WHERE `group_id` = ? AND `perm_name` = ? AND `content_id` = ?"; - $result = $this->mDb->query( $query, array( $pGroupId, $pPermName, $pObjectId ), -1, -1 ); + $result = $this->mDb->query( $query, array( $pGroupId, $pPermName, $pContentId ), -1, -1 ); $query = " INSERT INTO `".BIT_DB_PREFIX."liberty_content_permissions` ( `group_id`,`content_id`, `perm_name` ) VALUES( ?, ?, ? )"; - $result = $this->mDb->query( $query, array( $pGroupId, $pObjectId, $pPermName )); + $result = $this->mDb->query( $query, array( $pGroupId, $pContentId, $pPermName )); return TRUE; } return FALSE; diff --git a/LibertySystem.php b/LibertySystem.php index d676ccf..257d67e 100755 --- a/LibertySystem.php +++ b/LibertySystem.php @@ -3,7 +3,7 @@ * System class for handling the liberty package * * @package liberty -* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertySystem.php,v 1.65 2007/03/21 18:08:07 wjames5 Exp $ +* @version $Header: /cvsroot/bitweaver/_bit_liberty/LibertySystem.php,v 1.66 2007/03/31 13:01:08 squareing Exp $ * @author spider */ @@ -745,6 +745,8 @@ function liberty_plugins_div_style( $pParamHash ) { return $ret; } + +// ================== Liberty Service Functions ================== function liberty_content_load_sql() { global $gBitSystem, $gBitUser; $ret = array(); @@ -767,7 +769,7 @@ function liberty_content_list_sql() { return $ret; } -function liberty_content_preview(&$pObject) { +function liberty_content_preview( &$pObject ) { global $gBitSystem, $gBitUser; if ($gBitSystem->isFeatureActive('liberty_display_status') && ($gBitUser->hasPermission('p_liberty_edit_content_status') || $gBitUser->hasPermission('p_libert_edit_all_status'))) { $pObject->mInfo['content_status_id'] = $_REQUEST['content_status_id']; @@ -777,4 +779,23 @@ function liberty_content_preview(&$pObject) { } } +function liberty_content_load( &$pObject ) { + if( $pObject->isValid() ) { + // transparently update user permissions for this content object + // this might not be the wisest course of action since it distorts permissions on the entire site with respect to the active package - xing + $pObject->updateUserPermissions(); + } +} + +function liberty_content_display( &$pObject, &$pParamHash ) { + if( $pObject->isValid() ) { + global $gBitUser, $gBitSystem; + + // make sure user has appropriate permissions to view this content + if( !empty( $pParamHash['perm_name'] )) { + $pObject->verifyPermission( $pParamHash['perm_name'] ); + } + } +} + ?> diff --git a/bit_setup_inc.php b/bit_setup_inc.php index 443f6b7..86d0121 100644 --- a/bit_setup_inc.php +++ b/bit_setup_inc.php @@ -3,7 +3,7 @@ * base package include * * @author spider - * @version $Revision: 1.14 $ + * @version $Revision: 1.15 $ * @package liberty * @subpackage functions */ @@ -21,6 +21,10 @@ $gLibertySystem->registerService( 'liberty', LIBERTY_PKG_NAME, array( 'content_edit_mini_tpl' => 'bitpackage:liberty/service_content_edit_mini_inc.tpl', 'content_edit_tab_tpl' => 'bitpackage:liberty/service_content_edit_tab_inc.tpl', 'content_icon_tpl' => 'bitpackage:liberty/service_content_icon_inc.tpl', + 'content_display_function' => 'liberty_content_display', + 'content_load_function' => 'liberty_content_load', + //'content_edit_function' => 'liberty_content_edit', + //'content_store_function' => 'liberty_content_store', 'content_load_sql_function' => 'liberty_content_load_sql', 'content_list_sql_function' => 'liberty_content_list_sql', 'content_preview_function' => 'liberty_content_preview', diff --git a/content_permissions.php b/content_permissions.php index 3e60a9a..b694116 100644 --- a/content_permissions.php +++ b/content_permissions.php @@ -1,6 +1,6 @@ display( 'bitpackage:liberty/content_permissions.tpl', tra( 'Content Permissions' ) ); +$gBitSystem->verifyPermission( 'p_liberty_assign_content_perms' ); + +// If we haven't got any content loaded yet, load it +if( empty( $gContent )) { + // make sure we have a content_id we can work with + if( empty( $_REQUEST["content_id"] ) || $_REQUEST["content_id"] < 1 ) { + $gBitSmarty->assign( 'msg', tra( "No valid content id given." )); + $gBitSystem->display( 'error.tpl' ); +die; + } + + $gContent = new LibertyContent(); + $gContent = $gContent->getLibertyObject( $_REQUEST['content_id'] ); +} +$gBitSmarty->assign_by_ref( 'gContent', $gContent ); + +// Process the form +// send the user to the content page if he wants to +if( !empty( $_REQUEST['back'] )) { + header( "Location: ".$gContent->getDisplayUrl() ); + die; +} + +// Update database if needed +if( @BitBase::verifyId( $_REQUEST["group_id"] ) && @BitBase::verifyId( $gContent->mContentId ) && !empty( $_REQUEST["perm"] ) && !empty( $_REQUEST['action'] )) { + $gBitUser->verifyTicket( TRUE ); + if( $_REQUEST["action"] == 'assign' ) { + $gContent->storePermission( $_REQUEST["group_id"], $_REQUEST["perm"], $gContent->mContentId ); + } elseif( $_REQUEST["action"] == 'remove' ) { + $gContent->removePermission( $_REQUEST["group_id"], $_REQUEST["perm"] ); + } +} + +// Now we have to get the individual object permissions if any +$contentPerms['assigned'] = $gContent->loadAllObjectPermissions( $_REQUEST ); + +// Get a list of groups +$listHash = array( 'sort_mode' => 'group_name_asc' ); +$userGroups = $gBitUser->getAllGroups( $listHash ); +$contentPerms['groups'] = $userGroups["data"]; + +// Get a list of permissions +if( empty( $assignPerms )) { + if( !empty( $gContent->mType['handler_package'] )) { + $contentPerms['assignable'] = $gBitUser->getGroupPermissions( NULL, $gContent->mType['handler_package'] ); + } else { + // this is a last resort and will dump all perms a user has + $contentPerms['assignable'] = $gBitUser->mPerms; + } +} +$gBitSmarty->assign( 'contentPerms', $contentPerms ); + +$gBitSystem->display( 'bitpackage:liberty/content_permissions.tpl', tra( 'Content Permissions' )); ?> diff --git a/content_permissions_inc.php b/content_permissions_inc.php index 40b38e6..1e1d277 100644 --- a/content_permissions_inc.php +++ b/content_permissions_inc.php @@ -1,14 +1,10 @@ verifyPermission( $verify_permission ); -} else { - $gBitSystem->verifyPermission( 'p_admin' ); -} +$gBitSystem->verifyPermission( 'p_liberty_assign_content_perms' ); // If we haven't got any content loaded yet, load it if( empty( $gContent ) ) { diff --git a/templates/content_permissions_inc.tpl b/templates/content_permissions_inc.tpl index 70bd4e2..f90e1f2 100644 --- a/templates/content_permissions_inc.tpl +++ b/templates/content_permissions_inc.tpl @@ -1,75 +1,98 @@ +{strip}

{tr}Assign permissions to{/tr}: {$gContent->getTitle()}

-{* you can't have a form within a form - services are inserted into forms - xing -form legend="Content Permissions"*} - +{if !$contentPerms.assigned} + {formhelp warning="No Individual permissions set. Global Permissions apply."} +{/if} -
- {formlabel label="Assign this Permission" for="perm"} - {forminput} - - {formhelp note=""} - {/forminput} -
+{if $contentPerms.groups|count > 10} -
- {formlabel label="To this Group" for="group_id"} - {forminput} - - {formhelp note=""} - {/forminput} -
+ {foreach from=$contentPerms.groups item=group} +

{tr}Permissions for{/tr}: {$group.group_name}

+ + + + + + {foreach from=$contentPerms.assignable item=perm} + + + {assign var=icon value="icons/media-playback-stop"} + {assign var=action value="assign"} + {foreach from=$contentPerms.assigned item=ass} + {if $ass.group_id == $group.group_id and $ass.perm_name == $perm.perm_name} + {assign var=icon value="icons/dialog-ok"} + {assign var=action value="remove"} + {/if} + {/foreach} + + + {/foreach} +
{tr}Permission{/tr}{tr}Status{/tr}
{$perm.perm_desc} ({$perm.perm_name}){smartlink ititle=Allow ibiticon=$icon action=$action content_id=$gContent->mContentId perm=$perm.perm_name group_id=$group.group_id}
+


+ {/foreach} -
- - -
-{*/form*} +{else} -
+ {form} + + - - - - - - - - {foreach from=$assignedPerms item=perm} - - - - - - {foreachelse} - - - - {/foreach} -
{tr}Permissions assigned to this content{/tr}
{smartlink content_id=$gContent->mContentId ititle=Group isort=group_name idefault=1}{smartlink content_id=$gContent->mContentId ititle=Permission isort=perm_name}{tr}Action{/tr}
{$perm.group_name} - {$perm.perm_name} -
- {$perm.perm_desc} -
- {smartlink ititle="Remove Permission" ibiticon="icons/edit-delete" action=remove perm_content_id=$gContent->mContentId perm=$perm.perm_name group_id=$perm.group_id} -
{tr}No individual permissions, global permissions apply{/tr}
+
+ {formlabel label="Assign this Permission" for="perm"} + {forminput} + + {formhelp note=""} + {/forminput} +
+ +
+ {formlabel label="To this Group" for="group_id"} + {forminput} + + {formhelp note=""} + {/forminput} +
+ +
+ + +
+ {/form} + + {if $contentPerms.assigned} +
-{* probably not needed - xing -


+ + + + + + + + {foreach from=$contentPerms.assigned item=perm} + + + + + + {foreachelse} + + + + {/foreach} +
{tr}Permissions assigned to this content{/tr}
{smartlink content_id=$gContent->mContentId ititle=Group isort=group_name idefault=1}{smartlink content_id=$gContent->mContentId ititle=Permission isort=perm_name}{tr}Action{/tr}
{$perm.group_name}{$perm.perm_desc} ({$perm.perm_name}) + {smartlink ititle="Remove Permission" ibiticon="icons/edit-delete" action=remove content_id=$gContent->mContentId perm=$perm.perm_name group_id=$perm.group_id} +
{tr}No individual permissions, global permissions apply{/tr}
+ {/if} -

{tr}Permission explanation{/tr}

-{foreach from=$assignPerms item=perm} -
-
{$perm.perm_name}
-
{$perm.perm_desc}
-
-{/foreach} -*} +{/if} +{/strip} diff --git a/templates/service_content_edit_tab_inc.tpl b/templates/service_content_edit_tab_inc.tpl index a177f30..7c7bb43 100644 --- a/templates/service_content_edit_tab_inc.tpl +++ b/templates/service_content_edit_tab_inc.tpl @@ -1,13 +1,5 @@ - -{php} -global $gContent; -//vd( $gContent ); -{/php} - -{if $gBitUser->hasPermission('p_liberty_assign_content_perms')} -{jstab title="Permissions"} - -{include file="bitpackage:liberty/content_permissions_inc.tpl"} - -{/jstab} +{if $gBitUser->hasPermission( 'p_liberty_assign_content_perms' )} + {jstab title="Permissions"} + {include file="bitpackage:liberty/content_permissions_inc.tpl"} + {/jstab} {/if} diff --git a/templates/service_content_icon_inc.tpl b/templates/service_content_icon_inc.tpl index 83b072e..a99c121 100644 --- a/templates/service_content_icon_inc.tpl +++ b/templates/service_content_icon_inc.tpl @@ -1,3 +1,13 @@ +{strip} {if $gBitSystem->isFeatureActive( 'liberty_cache' ) && $gContent->isCached()} {biticon ipackage="icons" iname="view-refresh" iexplain="Refresh cache"} {/if} +{if $gBitUser->hasPermission( 'p_liberty_assign_content_perms' ) and $serviceHash.content_id} + {if $gContent->mPerms} {* don't think there is a serviceHash way of working out if there are individual permissions set *} + {assign var=perm_icon value="icons/emblem-readonly"} + {else} + {assign var=perm_icon value="icons/emblem-shared"} + {/if} + {smartlink ipackage=liberty ifile=content_permissions.php ititle="Assign Permissions" ibiticon=$perm_icon ipackage=liberty ifile="content_permissions.php" content_id=$serviceHash.content_id} +{/if} +{/strip} -- cgit v1.3