Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

dblayerauthzgroups : add the support to dblayer with authzgroups right

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2268 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2015-08-21 11:44:10 +00:00
parent cfa429df0f
commit 58f4e000b3
1 changed files with 231 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

231
dblayerauthzgroups.php Normal file
View File

@@ -0,0 +1,231 @@
<?php
/** DomFramework
@package domframework
@author Dominique Fournier <dominique@fournier38.fr> */
require_once ("domframework/dblayer.php");
/** DBLayer with authorization
All the actions in database are conditionned to the rights in authzgroups */
class dblayerauthzgroups extends dblayer
{
/** The authzgroups object, connected to the database */
public $authzgroups = null;
/** The module name for authzgroups */
public $module = null;
/** The user name for authzgroups */
public $user = null;
/** The default group(s) when creating a new object. Can be a string or an
array with multiple groups */
public $createGroup = null;
/** The default right when creating a new object */
public $createRight = "RW";
/** Pre-Path in object authzgroups */
public $path = "";
/** Flag when primary key is added before search */
private $primaryKeyAdded = false;
/** Hook preread
This hook is run before selecting the data in the database, after the
verification
@param array|null &$select Rows to select with
$select = array (array ($key, $val, $operator), ...)
$key=>column, $val=>value to found, $operator=>'LIKE', =...
@param array|null &$display Columns displayed
$display = array ($col1, $col2...);
@param array|null &$order Sort the columns by orientation
$order = array (array ($key, $orientation), ...)
$key=>column, $orientation=ASC/DESC
@param bool|null &$whereOr The WHERE parameters are separated by OR
instead of AND
@param array|null &$foreignSelect Add a filter on foreign keys */
public function hookpreread (&$select, &$display, &$order, &$whereOr,
&$foreignSelect)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if ($display === null || ! in_array ($this->primary, $display))
{
// Need the primary key to allow/deny access. Add it and remove the data
// after the access verification
$display[] = $this->primary;
$this->primaryKeyAdded = true;
}
}
/** Hook postread
This hook is run after selecting the data. Return only the allowed data to
the user. It must have at least the RO flag.
@param array $data the data selected by the select
@return array The data modified by the hook */
public function hookpostread ($data)
{
// TODO : If foreign keys, do we check if the access is allowed too ?
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->allowPath ();
foreach ($data as $key=>$line)
{
try
{
$this->authzgroups->accessRight ($this->module, $this->user,
$this->path."/".$line[$this->primary]);
}
catch (Exception $e)
{
unset ($data[$key]);
}
if ($this->primaryKeyAdded === true)
unset ($line[$this->primary]);
}
return $data;
}
/** Hook preinsert
This hook is run before inserting a new data in the database, after the
verification
@param array the data to insert in the database
@return the modified datas */
public function hookpreinsert ($data)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if ($this->createGroup === null)
throw new Exception ("No createGroup defined for dblayerauthzgroups",
500);
$this->allowPath ();
$this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
return $data;
}
/** Hook postinsert
This hook is run after successfuly insert a new data in the database
@return the modified lastID */
public function hookpostinsert ($data, $lastID)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if ($this->createGroup === null)
throw new Exception ("No createGroup defined for dblayerauthzgroups",
500);
$this->authzgroups->objectAdd ($this->module, $this->path."/$lastID");
if (is_array ($this->createGroup))
{
foreach ($this->createGroup as $group)
{
$this->authzgroups->rightAdd ($this->module, $group,
$this->path."/$lastID",
$this->createRight);
}
}
elseif (is_string ($this->createGroup))
{
$this->authzgroups->rightAdd ($this->module, $this->createGroup,
$this->path."/$lastID", $this->createRight);
}
else
{
throw new Exception ("createGroup defined for dblayerauthzgroups is not ".
"an array or a string", 500);
}
return $lastID;
}
/** Hook preupdate
This hook is run before updating a data in the database, after the
verification
@return the modified datas */
public function hookpreupdate ($updatekey, $data)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->allowPath ();
$this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
$this->authzgroups->accessWrite ($this->module, $this->user,
$this->path."/$updatekey");
return $data;
}
/** Hook predelete
This hook is run before deleting a data in the database
@return the modified $deletekey */
public function hookpredelete ($deletekey)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->allowPath ();
$this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
$this->authzgroups->accessWrite ($this->module, $this->user,
$this->path."/$deletekey");
return $deletekey;
}
/** Hook postdelete
This hook is run after successfuly deleting a data in the database
@return $nbLinesUpdated */
public function hookpostdelete ($deletekey, $nbLinesDeleted)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->authzgroups->objectDel ($this->module, $this->path."/$deletekey");
return $nbLinesDeleted;
}
/** Return true if all the paths are allowed. Throw an exception elsewhere */
private function allowPath ()
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if (substr ($this->path, -1) === "/")
$this->path = substr ($this->path, 0, -1);
$paths = explode ("/", $this->path);
$path = "";
foreach ($paths as $pathTmp)
{
$path .= "/$pathTmp";
$path = str_replace ("//", "/", $path);
$this->authzgroups->accessRight ($this->module, $this->user, $path);
}
return true;
}
}