From 58f4e000b37f4bfddf7b3869e8ee9a84d0fd3f71 Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Fri, 21 Aug 2015 11:44:10 +0000
Subject: [PATCH] dblayerauthzgroups : add the support to dblayer with
 authzgroups right

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2268 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 dblayerauthzgroups.php | 231 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 231 insertions(+)
 create mode 100644 dblayerauthzgroups.php

diff --git a/dblayerauthzgroups.php b/dblayerauthzgroups.php
new file mode 100644
index 0000000..4c3ab27
--- /dev/null
+++ b/dblayerauthzgroups.php
@@ -0,0 +1,231 @@
+<?php
+/** DomFramework
+    @package domframework
+    @author Dominique Fournier <dominique@fournier38.fr> */
+
+require_once ("domframework/dblayer.php");
+
+/** DBLayer with authorization
+    All the actions in database are conditionned to the rights in authzgroups */
+class dblayerauthzgroups extends dblayer
+{
+  /** The authzgroups object, connected to the database */
+  public $authzgroups = null;
+  /** The module name for authzgroups */
+  public $module = null;
+  /** The user name for authzgroups */
+  public $user = null;
+  /** The default group(s) when creating a new object. Can be a string or an
+      array with multiple groups */
+  public $createGroup = null;
+  /** The default right when creating a new object */
+  public $createRight = "RW";
+  /** Pre-Path in object authzgroups */
+  public $path = "";
+  /** Flag when primary key is added before search */
+  private $primaryKeyAdded = false;
+
+  /** Hook preread
+      This hook is run before selecting the data in the database, after the
+      verification
+      @param array|null &$select Rows to select with
+         $select = array (array ($key, $val, $operator), ...)
+         $key=>column, $val=>value to found, $operator=>'LIKE', =...
+      @param array|null &$display Columns displayed
+         $display = array ($col1, $col2...);
+      @param array|null &$order Sort the columns by orientation
+         $order = array (array ($key, $orientation), ...)
+         $key=>column, $orientation=ASC/DESC
+      @param bool|null &$whereOr The WHERE parameters are separated by OR
+                                 instead of AND
+      @param array|null &$foreignSelect Add a filter on foreign keys */
+  public function hookpreread (&$select, &$display, &$order, &$whereOr,
+                               &$foreignSelect)
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    if ($display === null || ! in_array ($this->primary, $display))
+    {
+      // Need the primary key to allow/deny access. Add it and remove the data
+      // after the access verification
+      $display[] = $this->primary;
+      $this->primaryKeyAdded = true;
+    }
+  }
+
+  /** Hook postread 
+      This hook is run after selecting the data. Return only the allowed data to
+      the user. It must have at least the RO flag.
+      @param array $data the data selected by the select
+      @return array The data modified by the hook */
+  public function hookpostread ($data)
+  {
+    // TODO : If foreign keys, do we check if the access is allowed too ?
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    $this->allowPath ();
+    foreach ($data as $key=>$line)
+    {
+      try
+      {
+        $this->authzgroups->accessRight ($this->module, $this->user,
+                                 $this->path."/".$line[$this->primary]);
+      }
+      catch (Exception $e)
+      {
+        unset ($data[$key]);
+      }
+      if ($this->primaryKeyAdded === true)
+        unset ($line[$this->primary]);
+    } 
+    return $data;
+  }
+
+  /** Hook preinsert
+      This hook is run before inserting a new data in the database, after the 
+      verification 
+      @param array the data to insert in the database
+      @return the modified datas */
+  public function hookpreinsert ($data)
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    if ($this->createGroup === null)
+      throw new Exception ("No createGroup defined for dblayerauthzgroups",
+                           500);
+    $this->allowPath ();
+    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
+    return $data;
+  }
+
+  /** Hook postinsert
+      This hook is run after successfuly insert a new data in the database
+      @return the modified lastID */
+  public function hookpostinsert ($data, $lastID)
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    if ($this->createGroup === null)
+      throw new Exception ("No createGroup defined for dblayerauthzgroups",
+                           500);
+    $this->authzgroups->objectAdd ($this->module, $this->path."/$lastID");
+    if (is_array ($this->createGroup))
+    {
+      foreach ($this->createGroup as $group)
+      {
+        $this->authzgroups->rightAdd ($this->module, $group,
+                                      $this->path."/$lastID",
+                                      $this->createRight);
+      }
+    }
+    elseif (is_string ($this->createGroup))
+    {
+      $this->authzgroups->rightAdd ($this->module, $this->createGroup,
+                                    $this->path."/$lastID", $this->createRight);
+    }
+    else
+    {
+      throw new Exception ("createGroup defined for dblayerauthzgroups is not ".
+                           "an array or a string", 500);
+    }
+    return $lastID;
+  }
+
+  /** Hook preupdate
+      This hook is run before updating a data in the database, after the
+      verification
+      @return the modified datas */
+  public function hookpreupdate ($updatekey, $data)
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    $this->allowPath ();
+    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
+    $this->authzgroups->accessWrite ($this->module, $this->user, 
+                                     $this->path."/$updatekey");
+    return $data;
+  }
+
+  /** Hook predelete
+      This hook is run before deleting a data in the database
+      @return the modified $deletekey */
+  public function hookpredelete ($deletekey)
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    $this->allowPath ();
+    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
+    $this->authzgroups->accessWrite ($this->module, $this->user, 
+                                     $this->path."/$deletekey");
+    return $deletekey;
+  }
+
+  /** Hook postdelete
+      This hook is run after successfuly deleting a data in the database
+      @return $nbLinesUpdated */
+  public function hookpostdelete ($deletekey, $nbLinesDeleted)
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    $this->authzgroups->objectDel ($this->module, $this->path."/$deletekey");
+    return $nbLinesDeleted;
+  }
+
+  /** Return true if all the paths are allowed. Throw an exception elsewhere */
+  private function allowPath ()
+  {
+    if ($this->module === null)
+      throw new Exception ("No module defined for dblayerauthzgroups", 500);
+    if ($this->user === null)
+      throw new Exception ("No user defined for dblayerauthzgroups", 500);
+    if ($this->authzgroups === null)
+      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
+                           500);
+    if (substr ($this->path, -1) === "/")
+      $this->path = substr ($this->path, 0, -1);
+    $paths = explode ("/", $this->path);
+    $path = "";
+    foreach ($paths as $pathTmp)
+    {
+      $path .= "/$pathTmp";
+      $path = str_replace ("//", "/", $path);
+	    $this->authzgroups->accessRight ($this->module, $this->user, $path);
+    }
+    return true;
+  }
+}