diff --git a/Tests/authzgroupsooTest.php b/Tests/authzgroupsooTest.php new file mode 100644 index 0000000..88d3998 --- /dev/null +++ b/Tests/authzgroupsooTest.php @@ -0,0 +1,325 @@ + + */ + +/** Test the authzgroupsoo.php file */ +class test_authzgroupsoo extends PHPUnit_Framework_TestCase +{ + private $dbconfig = array ( + "dsn" => "sqlite:/tmp/databaseAuthzGroupsoo.db", + "username" => null, + "password" => null, + "driver_options" => null, + "tableprefix" => "", + ); + public function test_Initialization () + { + @unlink ("/tmp/databaseAuthzGroupsoo.db"); + } + + public function test_createTables1 () + { + $authz = new authzgroupsoo (); + $this->setExpectedException ("Exception"); + $authz->createTables (); + } + + public function test_connect () + { + // Must use the model to create the database structure as there is no + // creation of tables in controller + $authz = new authzgroupsoo (); + $res = $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $this->assertSame (true, $res); + } + + public function test_createTables2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->createTables (); + $this->assertSame (true, $res); + } + + //////////////// + // OBJECT // + //////////////// + public function test_objectCreate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->objectAdd ("MODULE", "/object"); + $this->assertSame ("1", $res); + } + + public function test_objectUpdate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->objectUpdate ("MODULE", "/object", "/object2"); + $this->assertSame (1, $res); + } + + public function test_objectDelete1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // The object was renamed and is not available + $this->setExpectedException ("Exception"); + $res = $authz->objectDel ("MODULE", "/object"); + } + + //////////////// + // GROUPS // + //////////////// + public function test_groupCreate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupAdd ("MODULE", "group"); + $this->assertSame ("1", $res); + } + + public function test_groupUpdate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupUpdate ("MODULE", "group", "group2"); + $this->assertSame (1, $res); + } + + public function test_groupDelete1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // The group doesn't exists + $this->setExpectedException ("Exception"); + $res = $authz->groupDel ("MODULE", "group"); + } + + ///////////////////// + // GROUPMEMBER // + ///////////////////// + public function test_groupmemberCreate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // The group doesn't exists + $this->setExpectedException ("Exception"); + $res = $authz->groupmemberAdd ("MODULE", "group", "userKnown"); + } + + public function test_groupmemberCreate2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupmemberAdd ("MODULE", "group2", "userKnown"); + $this->assertSame ("1", $res); + } + + public function test_groupmemberDelete1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // The group doesn't exists + $this->setExpectedException ("Exception"); + $res = $authz->groupmemberDel ("MODULE", "group","userKnown"); + } + + public function test_groupmemberReadGroup1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // The group doesn't exists + $this->setExpectedException ("Exception"); + $res = $authz->groupmemberReadGroup ("MODULE", "group"); + } + + public function test_groupmemberReadGroup2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupmemberReadGroup ("MODULE", "group2"); + $this->assertSame (array (array ("user"=>"userKnown")), $res); + } + + public function test_groupmemberReadUser1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupmemberReadUser ("MODULE", "userKnown"); + $this->assertSame (array (1=>"group2"), $res); + } + + //////////////// + // RIGHTS // + //////////////// + public function test_rightCreate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->rightAdd ("MODULE", "group2","/object2", "RW"); + $this->assertSame ("1", $res); + } + + public function test_rightUpdate1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->rightUpdate ("MODULE", "group2", "/object2", "RO"); + $this->assertSame (1, $res); + } + + public function test_rightDelete1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // The object doesn't exists + $this->setExpectedException ("Exception"); + $res = $authz->rightDel ("MODULE", "group2", "/object"); + } + + + ////////////////////////////////////////////// + // CLEANING DATABASE : REMOVING ENTRIES // + ////////////////////////////////////////////// + public function test_deleteGroupmember2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupmemberDel ("MODULE", "group2","userKnown"); + $this->assertSame (1, $res); + } + + public function test_deleteObject2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->objectDel ("MODULE", "/object2"); + $this->assertSame (1, $res); + } + + public function test_deleteGroup2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->groupDel ("MODULE", "group2"); + $this->assertSame (1, $res); + } + + ///////////////////// + // USER RIGHTS // + ///////////////////// + public function test_userrightsget1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + // Create infos to tests the userrightsget method + $authz->objectAdd ("MODULE1", "/"); + $authz->objectAdd ("MODULE1", "/rep1"); + $authz->objectAdd ("MODULE1", "/rep1/rep2"); + $authz->objectAdd ("MODULE1", "/rep1/rep2/rep3"); + $authz->objectAdd ("MODULE2", "/"); + $authz->objectAdd ("MODULE2", "/rep1"); + $authz->objectAdd ("MODULE2", "/rep1/rep2"); + $authz->objectAdd ("MODULE2", "/rep1/rep2/rep3"); + $authz->groupAdd ("MODULE1", "group1"); + $authz->groupAdd ("MODULE1", "group2"); + $authz->groupAdd ("MODULE1", "group3"); + $authz->groupAdd ("MODULE2", "group3"); + $authz->groupmemberAdd ("MODULE1", "group2", "userKnown"); + $authz->groupmemberAdd ("MODULE1", "group3", "userKnown"); + $authz->groupmemberAdd ("MODULE2", "group3", "userKnown"); + $authz->rightAdd ("MODULE1", "group2","/rep1/rep2","RW"); + $authz->rightAdd ("MODULE1", "group3","/rep1/rep2","RO"); + + $res = $authz->userrightsget ("MODULE1", "userKnown"); + $this->assertSame (array ("/rep1/rep2"=>"RW"), $res); + } + + public function test_allow1 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->allow ("MODULE1", "userKnown", "/rep1/rep2"); + $this->assertSame ("RW", $res); + } + + public function test_allow2 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $authz->rightAdd ("MODULE1", "group2","/","RW"); + $res = $authz->allow ("MODULE1", "userKnown", "/rep1/rep2"); + $this->assertSame ("RW", $res); + } + + public function test_allow3 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $authz->rightAdd ("MODULE1", "group2","/rep1","RO"); + $res = $authz->allow ("MODULE1", "userKnown", "/rep1/rep2"); + $this->assertSame ("RW", $res); + } + + public function test_allow4 () + { + $authz = new authzgroupsoo (); + $authz->connect ($this->dbconfig["dsn"], $this->dbconfig["username"], + $this->dbconfig["password"], + $this->dbconfig["driver_options"]); + $res = $authz->allow ("MODULE1", "userKnown", "/rep1/rep2/rep3"); + $this->assertSame ("NO", $res); + } +} diff --git a/authzgroupsoo.php b/authzgroupsoo.php new file mode 100644 index 0000000..74d37f3 --- /dev/null +++ b/authzgroupsoo.php @@ -0,0 +1,1315 @@ + + */ + +require_once ("domframework/dblayeroo.php"); + +/** All the needed functions to authorize or deny access to an authenticated + * user by its groups membership + * Based on dblayeroo + */ +class authzgroupsoo +{ + /** The table prefix to use */ + public $tableprefix = ""; + /** The dblayeroo object use to manage the Object table */ + private $dbObject = null; + /** The dblayeroo object use to manage the Group table */ + private $dbGroup = null; + /** The dblayeroo object use to manage the GroupMember table */ + private $dbGroupMember = null; + /** The dblayeroo object use to manage the Right table */ + private $dbRight = null; + /** Set the debug level */ + public $debug = 0; + /** A local cache of the rights if multiple tests are needed */ + private $rightCache = null; + + ///////////////////// + // USER RIGHTS // + ///////////////////// + /** Return an array with all the rights of the user in the module. + * Cache this information to be quicker with next requests + * Remove the entries where path is not at least readable + * @param string $module The module to use + * @param string $user The user to get the rights + */ + public function userrightsget ($module, $user) + { +// if (isset ($_SESSION["domframework"]["authzgroups"][$module][$user])) +// return $_SESSION["domframework"]["authzgroups"][$module][$user]; + if ($this->rightCache !== null) + return $this->rightCache; + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + // Do the SQL request in hard to be more performant on jointures + if ($user === "cli" || $user === "root") + { + $this->dbObject->clearRequest (); + $resTmp = $this->dbObject->select () + ->displayAdd ("object", "object") + ->displayAdd ("2", "right") + ->whereAdd ("module", "=", $module) + ->execute (); + } + else + { + $this->dbObject->clearRequest (); + $this->dbGroupMember->clearRequest (); + $this->dbGroup->clearRequest (); + $this->dbGroupMember->whereAdd ("user", "=", $user); + $this->dbGroup->joinInner ($this->dbGroupMember, + array ("idgroup" => "idgroup")) + ->whereAdd ("module", "=", $module); + $this->dbRight->displayAdd ("MAX(right)", "right") + ->joinInner ($this->dbGroup, + array ("idgroup" => "idgroup")); + $resTmp = $this->dbObject->select () + ->displayAdd ("object", "object") + ->orderAdd ("object", "ASC") + ->joinInner ($this->dbRight, + array ("idobject" => "idobject")) + ->execute (); + } + + $res = array (); + foreach ($resTmp as $row) + $res[$row["object"]] = $row["right"]; + // Transform the numerical rights to RO/RW + foreach ($res as $k => $r) + { + switch ($r) + { + case "2": $res[$k] = "RW"; break; + case "1": $res[$k] = "RO"; break; + default: + throw new \Exception (dgettext ("domframework", + "Unknown right stored"), 500); + } + } + if (isset ($_SESSION)) + $_SESSION["domframework"]["authzgroups"][$module][$user] = $res; + $this->rightCache = $res; + return $res; + } + + /** Return the right defined for this user in the module for one object + * @param string $module The module to use + * @param string $user The user to get the rights + * @param string $object The object to return the rights for the user + */ + public function allow ($module, $user, $object) + { + $ressource = $this->userrightsget ($module, $user); + // The complete tree should not be readable for the user : it can have + // access to a card, but not to all the cards (group -> reject, + // group/XXX->allow) + /*// Limit to allowed trees : if a member of the path is not recorded (is + // unreadable), return NO. + // Can be the last entry (the complete object) too + $path = explode ("/", $object); + $completePath = "/"; + foreach ($path as $k => $p) + { + if ($k>1) + $completePath .= "/"; + $completePath .= "$p"; + if (! isset ($ressource[$completePath])) + { + if ($this->debug) + echo "DEBUG allow : REJECT because $completePath is not found\n"; + return "NO"; + } + }*/ + if (! isset ($ressource[$object])) + return "NO"; + return $ressource[$object]; + } + + /** Return TRUE if the user right allow to see the object (RO or RW) + * Return a 403 Exception if the user don't have the right + * Return a 401 Exception if the user is not connected + * @param string $module The module to use + * @param string $user The user to get the rights + * @param string $object The object to check the rights for the user + */ + public function accessRight ($module, $user, $object) + { + if ($this->dbObject === null) + throw new \Exception ("Can't use authzgroups\\accessRight without ". + "connected database", 500); + if ($module === null || ! is_string ($module) || trim ($module) === "") + throw new \Exception ("Module not provided to authzgroups\\accessRight", + 500); + if ($user === null || ! is_string ($user) || trim ($user) === "") + throw new \Exception ("User not provided to authzgroups\\accessright", + 500); + if ($object === null || ! is_string ($object)) + throw new \Exception ("Object not provided to authzgroups\\accessRight", + 500); + if ($object{0} !== "/") + $object = "/$object"; + $rc = $this->allow ($module, $user, "$object"); + if ($this->debug) + trigger_error ("authzgroups : accessRight ('$module','$user','$object')". + "=$rc", E_USER_NOTICE); + if ($rc !== "NO") + return TRUE; + if ($user === "anonymous") + throw new \Exception (dgettext("domframework", "Anonymous not allowed"), + 401); + throw new \Exception (dgettext("domframework", "Access forbidden"), 403); + } + + /** Return TRUE if the user right allow to edit the object (RW only) + * Return a 403 Exception if the user don't have the right + * Return a 401 Exception if the user is not connected + * @param string $module The module to use + * @param string $user The user to get the rights + * @param string $object The object to check the rights for the user + */ + public function accessWrite ($module, $user, $object) + { + if ($this->dbObject === null) + throw new \Exception ("Can't use authzgroups\\accessWrite without ". + "connected database", 500); + if ($module === null || ! is_string ($module) || trim ($module) === "") + throw new \Exception ("Module not provided to authzgroups\\accessWrite", + 500); + if ($user === null || ! is_string ($user) || trim ($user) === "") + throw new \Exception ("User not provided to authzgroups\\accessWrite", + 500); + if ($object === null || ! is_string ($object)) + throw new \Exception ("Object not provided to authzgroups\\accessWrite", + 500); + if ($object{0} !== "/") + $object = "/$object"; + $rc = $this->allow ($module, $user, $object); + if ($this->debug) + trigger_error ("authzgroups : accessWrite ('$module','$user','$object')". + "=$rc", E_USER_NOTICE); + if ($rc === "RW") + return TRUE; + if ($user === "anonymous") + throw new \Exception (dgettext("domframework", "Anonymous not allowed"), + 401); + throw new \Exception (dgettext("domframework", "Modification forbidden"), + 403); + } + + /** Return TRUE if the user right allow to see but without modification + * the object (RO only) + * Return a 403 Exception if the user don't have the right + * Return a 401 Exception if the user is not connected + * @param string $module The module to use + * @param string $user The user to get the rights + * @param string $object The object to check the rights for the user + */ + public function accessReadOnly ($module, $user, $object) + { + if ($this->dbObject === null) + throw new \Exception ("Can't use authzgroups\\accessReadOnly without ". + "connected database", 500); + if ($module === null || ! is_string ($module) || trim ($module) === "") + throw new \Exception ( + "Module not provided to authzgroups\\accessReadOnly", 500); + if ($user === null || ! is_string ($user) || trim ($user) === "") + throw new \Exception ("User not provided to authzgroups\\accessReadOnly", + 500); + if ($object === null || ! is_string ($object)) + throw new \Exception ( + "Object not provided to authzgroups\\accessReadOnly", 500); + if ($object{0} !== "/") + $object = "/$object"; + $rc = $this->allow ($module, $user, $object); + if ($this->debug) + trigger_error ("authzgroups : accessReadOnly ('$module','$user',". + "'$object')" ."=$rc", E_USER_NOTICE); + if ($rc === "RO") + return TRUE; + if ($user === "anonymous") + throw new \Exception (dgettext("domframework", "Anonymous not allowed"), + 401); + throw new \Exception (dgettext("domframework", "Access forbidden"), 403); + } + + ///////////////////////// + // DATABASE STORAGE // + ///////////////////////// + /** Connect to the database before using it + * @param string $dsn The DSN to use to connect to the database + * @param string|null $username The username to use to connect to the + * database + * @param string|null $password The password to use to connect to the + * database + * @param array|null $driver_options The options to pass to PDO driver + */ + public function connect ($dsn, $username=null, $password=null, + $driver_options=null) + { + $this->dbObject = new dblayeroo ($dsn, $username, $password, + $driver_options); + $this->dbObject->debug ($this->debug); + $this->dbObject->table ("authzobject"); + $this->dbObject->tableprefix ($this->tableprefix); + $this->dbObject->fields (array ( + "idobject" => array ("integer", "not null", "autoincrement"), + "module" => array ("varchar(255)", "not null"), + "object" => array ("varchar(255)", "not null"), + "comment" => array ("varchar(255)"))); + $this->dbObject->primary ("idobject"); + $this->dbObject->unique (array ("idobject", array ("object", "module"))); + $this->dbObject->titles (array ( + "idobject" => dgettext("domframework", "idobject"), + "module" => dgettext("domframework", "Module"), + "object" => dgettext("domframework", "Object"), + "comment" => dgettext("domframework", "Comment"))); + + $this->dbGroup = new dblayeroo ($dsn, $username, $password, + $driver_options); + $this->dbGroup->debug ($this->debug); + $this->dbGroup->table ("authzgroup"); + $this->dbGroup->tableprefix ($this->tableprefix); + $this->dbGroup->fields (array ( + "idgroup" => array ("integer", "not null", "autoincrement"), + "module" => array ("varchar(255)", "not null"), + "group" => array ("varchar(255)", "not null"), + "comment" => array ("varchar(255)"))); + $this->dbGroup->primary ("idgroup"); + $this->dbGroup->unique (array ("idgroup", array ("module","group"))); + $this->dbGroup->titles (array ( + "idgroup" => dgettext("domframework", "idgroup"), + "module" => dgettext("domframework", "Module"), + "group" => dgettext("domframework", "Group"), + "comment" => dgettext("domframework", "Comment"))); + + $this->dbGroupMember = new dblayeroo ($dsn, $username, $password, + $driver_options); + $this->dbGroupMember->debug ($this->debug); + $this->dbGroupMember->table ("authzgroupmember"); + $this->dbGroupMember->tableprefix ($this->tableprefix); + $this->dbGroupMember->fields (array ( + "idgroupmember" => array ("integer", "not null", "autoincrement"), + "user" => array ("varchar(255)", "not null"), + "idgroup" => array ("integer", "not null"), + "comment" => array ("varchar(255)"))); + $this->dbGroupMember->primary ("idgroupmember"); + $this->dbGroupMember->unique (array ("idgroupmember", + array ("user","idgroup"))); + $this->dbGroupMember->foreign (array ( + "idgroup" => array ("authzgroup", "idgroup", + "ON UPDATE CASCADE ON DELETE CASCADE"))); + $this->dbGroupMember->setForeignObj ($this->dbGroup); + $this->dbGroupMember->titles (array ( + "idgroupmember" => dgettext("domframework", "idgroupmember"), + "user" => dgettext("domframework", "User"), + "idgroup" => dgettext("domframework", "idgroup"), + "comment" => dgettext("domframework", "Comment"))); + + $this->dbRight = new dblayeroo ($dsn, $username, $password, + $driver_options); + $this->dbRight->debug ($this->debug); + $this->dbRight->table ("authzright"); + $this->dbRight->tableprefix ($this->tableprefix); + $this->dbRight->fields (array ( + "idright" => array ("integer", "not null", "autoincrement"), + "idgroup" => array ("integer", "not null"), + "idobject" => array ("integer", "not null"), + "right" => array ("varchar(2)", "not null"), // RO,RW + "comment" => array ("varchar(255)"))); + $this->dbRight->primary ("idright"); + $this->dbRight->unique (array ("idright", array ("idgroup","idobject"))); + $this->dbRight->foreign (array ( + "idgroup" => array ("authzgroup", "idgroup", + "ON UPDATE CASCADE ON DELETE CASCADE"), + "idobject" => array ("authzobject", "idobject", + "ON UPDATE CASCADE ON DELETE CASCADE"), + )); + $this->dbRight->setForeignObj ($this->dbGroup); + $this->dbRight->setForeignObj ($this->dbObject); + $this->dbRight->titles (array ( + "idright" => dgettext("domframework", "idright"), + "idgroup" => dgettext("domframework", "idgroup"), + "idobject" => dgettext("domframework", "idobject"), + "right" => dgettext("domframework", "Right"), + "comment" => dgettext("domframework", "Comment"))); + return TRUE; + } + + /** Disconnect from the database. Should be only used in the unit tests + */ + public function disconnect () + { + $this->dbObject->disconnect (); + } + + /** Create the tables in the database to store the data + */ + public function createTables () + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $tables = array ("Object", "Group", "GroupMember", "Right"); + foreach ($tables as $table) + { + try + { + $class= "db$table"; + $this->$class->createTable (); + } + catch (\Exception $e) + { + echo $e->getMessage()."\n"; + } + } + return TRUE; + } + + ///////////////// + // OBJECTS // + ///////////////// + /** Add a new object to object list + * Return the idobject created + * @param string $module The module to use + * @param string $object The object to create + * @param string|null $comment The comment to save + */ + public function objectAdd ($module, $object, $comment="") + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + // TODO : Check parameters before saving them + $this->rightCache = null; + $this->dbObject->clearRequest (); + return $this->dbObject->insert () + ->setValues (array ("module" => $module, + "object" => $object, + "comment" => $comment)) + ->execute (); + } + + /** Remove an object from database and all the rights using it + * @param string $module The module to use + * @param string $object The object to delete + */ + public function objectDel ($module, $object) + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + $idobjects = $this->objectRead ($module, $object); + if (! isset ($idobjects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->rightCache = null; + $this->dbObject->clearRequest (); + return $this->dbObject->delete () + ->whereAdd ("idobject", "=", + $idobjects[0]["idobject"]) + ->execute (); + } + + /** Remove an object from database and all the rights using it + * @param string $module The module to use + * @param integer $idobject The object to delete + */ + public function objectDelByID ($module, $idobject) + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + $idobjects = $this->objectReadByID ($module, $idobject); + if (! isset ($idobjects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->rightCache = null; + $this->dbObject->clearRequest (); + return $this->dbObject->delete () + ->whereAdd ("idobject", "=", + $idobjects[0]["idobject"]) + ->execute (); + } + + /** Update an object in the database + * @param string $module The module to use + * @param string $object The object to update + * @param string $newobject The new name of the object + * @param string|null $newcomment The new comment of the object + */ + public function objectUpdate ($module, $object, $newobject, $newcomment="") + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + $idobjects = $this->objectRead ($module, $object); + if (! isset ($idobjects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->rightCache = null; + $this->dbObject->clearRequest (); + return $this->dbObject->update () + ->whereAdd ("idobject", "=", + $idobjects[0]["idobject"]) + ->setValues (array ("object" => $newobject, + "comment" => $newcomment)) + ->execute (); + } + + /** Update an object in the database + * @param string $module The module to use + * @param integer $idobject The object to update + * @param string $newobject The new name of the object + * @param string|null $newcomment The new comment of the object + */ + public function objectUpdateByID ($module, $idobject, $newobject, + $newcomment="") + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + $idobjects = $this->objectReadByID ($module, $idobject); + if (! isset ($idobjects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->rightCache = null; + $this->dbObject->clearRequest (); + return $this->dbObject->update () + ->whereAdd ("idobject", "=", + $idobjects[0]["idobject"]) + ->setValues (array ("object" => $newobject, + "comment" => $newcomment)) + ->execute (); + } + + /** Return an array with all the available objects in the module, or only + * one object if $object is provided + * @param string $module The module to use + * @param string $object The name of the object to get + */ + public function objectRead ($module, $object=null) + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + $this->dbObject->clearRequest (); + if ($object !== null) + $this->dbObject->whereAdd ("object", "=", $object); + return $this->dbObject->select () + ->whereAdd ("module", "=", $module) + ->orderAdd ("object","ASC") + ->execute (); + } + + /** Return an array with all the available objects in the module, or only + * one object if $object is provided + * @param string $module The module to use + * @param integer $idobject The name of the object to get + */ + public function objectReadByID ($module, $idobject=null) + { + if ($this->dbObject == null) + throw new \Exception (dgettext ("domframework", + "DB for Object is not connected"), 500); + $this->dbObject->clearRequest (); + if ($idobject !== null) + $this->dbObject->whereAdd ("idobject", "=", $idobject); + return $this->dbObject->select () + ->whereAdd ("module", "=", $module) + ->execute (); + } + + /** Return an array containing the titles of the table translating in the user + * language + */ + public function objectTitles () + { + return $this->dbObject->titles (); + } + + /** Check if the provided data are compliant with the object specification + * @param array $data The name of the object to get + * @param integer|null $idobject The object to check + * @return array The errors found in the data + */ + public function objectVerify ($data, $idobject=false) + { + return $this->dbObject->verify ($data, $idobject); + } + + //////////////// + // GROUPS // + //////////////// + /** Add a new group to group list + * Return the idgroup created + * @param string $module The module to use + * @param string $group The group to create + * @param string|null $comment The comment to add with the group + */ + public function groupAdd ($module, $group, $comment="") + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $this->dbGroup->clearRequest (); + // TODO : Check parameters before saving them + return $this->dbGroup->insert () + ->setValues (array ("module" => $module, + "group" => $group, + "comment" => $comment)) + ->execute (); + } + + /** Remove an group from database and all the rights using it + * @param string $module The module to use + * @param string $group The group to delete + */ + public function groupDel ($module, $group) + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $idgroups = $this->groupRead ($module, $group); + if (! isset ($idgroups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroup->clearRequest (); + return $this->dbGroup->delete () + ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) + ->execute (); + } + + /** Remove an group from database and all the rights using it + * @param string $module The module to use + * @param integer $idgroup The group to delete + */ + public function groupDelByID ($module, $idgroup) + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $idgroups = $this->groupReadByID ($module, $idgroup); + if (! isset ($idgroups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroup->clearRequest (); + return $this->dbGroup->delete () + ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) + ->execute (); + } + + /** Update an group in the database + * @param string $module The module to use + * @param string $group The group to update + * @param string $newgroup The new group name + * @param string|null $comment The comment for the group + */ + public function groupUpdate ($module, $group, $newgroup, $comment="") + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $idgroups = $this->groupRead ($module, $group); + if (! isset ($idgroups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroup->clearRequest (); + return $this->dbGroup->update () + ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) + ->setValues (array ("group" => $newgroup, + "comment" => $comment)) + ->execute (); + } + + /** Update an group in the database + * @param string $module The module to use + * @param integer $idgroup The group to update + * @param string $newgroup The new group name + * @param string|null $comment The comment for the group + */ + public function groupUpdateByID ($module, $idgroup, $newgroup, $comment="") + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $idgroups = $this->groupReadByID ($module, $idgroup); + if (! isset ($idgroups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroup->clearRequest (); + return $this->dbGroup->update () + ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) + ->setValues (array ("group" => $newgroup, + "comment" => $comment)) + ->execute (); + } + + /** Return an array with all the available groups in the module + * @param string $module The module to use + * @param string|null $group The group to check if exists + */ + public function groupRead ($module, $group=null) + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $this->dbGroup->clearRequest (); + if ($group !== null) + $this->dbGroup->whereAdd ("group", "=", $group); + return $this->dbGroup->select () + ->whereAdd ("module", "=", $module) + ->orderAdd ("group", "ASC") + ->execute (); + } + + + /** Return an array with all the available groups in the module + * @param string $module The module to use + * @param integer $idgroup The group to check if exists + */ + public function groupReadByID ($module, $idgroup) + { + if ($this->dbGroup == null) + throw new \Exception (dgettext ("domframework", + "DB for Group is not connected"), 500); + $this->dbGroup->clearRequest (); + return $this->dbGroup->select () + ->whereAdd ("module", "=", $module) + ->whereAdd ("idgroup", "=", $idgroup) + ->execute (); + } + + /** Return an array containing the titles of the table translating in the user + * language + */ + public function groupTitles () + { + return $this->dbGroup->titles (); + } + + /** Check if the provided data are compilant with the group specification + * @param array $data The data to check + * @param integer|null $idgroup The idgroup to check + * @return array The errors found in the data + */ + public function groupVerify ($data, $idgroup=false) + { + return $this->dbGroup->verify ($data, $idgroup); + } + + ////////////////////// + // GROUP MEMBER // + ////////////////////// + /** Add a new groupmember to groupmember list + * Return the idgroupmember created + * @param string $module The module to use + * @param string $group The group to use + * @param string $user The user to add in group + * @param string|null $comment The comment to save + */ + public function groupmemberAdd ($module, $group, $user, $comment="") + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->rightCache = null; + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->insert () + ->setValues (array ( + "user" => $user, + "idgroup" => $groups[0]["idgroup"], + "comment" => $comment)) + ->execute (); + } + + /** Remove an groupmember from database and all the rights using it + * @param string $module The module to use + * @param string $group The group to use + * @param string $user The user to remove + */ + public function groupmemberDel ($module, $group, $user) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroupMember->clearRequest (); + $groupsMembers = $this->dbGroupMember->select () + ->whereAdd ("user", "=", $user) + ->whereAdd ("idgroup", "=", + $groups[0]["idgroup"]) + ->execute (); + if (! isset ($groupsMembers[0]["idgroupmember"])) + throw new \Exception (dgettext ("domframework", + "Wanted GroupMember not found"), 404); + $this->rightCache = null; + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->delete () + ->whereAdd ("idgroupmember", "=", + $groupsMembers[0]["idgroupmember"]) + ->execute (); + } + + /** Remove an groupmember from database and all the rights using it + * @param string $module The module to use + * @param integer $idgroup The group to use + * @param integer $idgroupmember The user to remove + */ + public function groupmemberDelByID ($module, $idgroup, $idgroupmember) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroupMember->clearRequest (); + $groupsMembers = $this->dbGroupMember->select () + ->whereAdd ("idgroupmember", "=", + $idgroupmember) + ->whereAdd ("idgroup", "=", $idgroup) + ->execute (); + if (! isset ($groupsMembers[0]["idgroupmember"])) + throw new \Exception (dgettext ("domframework", + "Wanted GroupMember not found"), 404); + $this->rightCache = null; + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->delete () + ->whereAdd ("idgroupmember", "=", + $groupsMembers[0]["idgroupmember"]) + ->execute (); + } + + /** Update an groupmember in the database + * @param string $module The module to use + * @param string $group The group to use + * @param string $user The user to update + * @param string|null $comment The comment to update + */ + public function groupmemberUpdate ($module, $group, $user, $comment="") + { + $this->rightCache = null; + die ("This function is not available : contact us if you need it\n"); + } + + /** Update an groupmember in the database + * @param string $module The module to use + * @param integer $idgroup The group to use + * @param integer $iduser The user to update + * @param string $user The new user name + * @param string|null $comment The comment to update + */ + public function groupmemberUpdateByID ($module, $idgroup, $iduser, $user, + $comment="") + { + $data = $this->groupmemberReadUserDataByID ($module, $idgroup, $iduser); + if (count ($data) === 0) + throw new \Exception (dgettext ("domframework", + "IDUser in IDGroup not found"), 404); + $this->rightCache = null; + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->update () + ->whereAdd ("idgroupmember", "=", + $data[0]["idgroupmember"]) + ->setValues (array ("user" => $user, + "comment" => $comment)) + ->execute (); + } + + + /** Return an array with all the groups where the user is in and in the module + * @param string $module The module to use + * @param string $user The user to search + */ + public function groupmemberReadUser ($module, $user) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $idgrouptmps = $this->groupRead ($module); + // Create an array with idgroup=>group + $idgroups = array (); + foreach ($idgrouptmps as $val) + $idgroups[$val["idgroup"]] = $val["group"]; + $this->dbGroupMember->clearRequest (); + $idgroupmembers = $this->dbGroupMember->select () + ->whereAdd ("user", "=", $user) + ->execute (); + $res = array (); + foreach ($idgroupmembers as $idmembers) + { + $res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]]; + } + return $res; + } + + /** Return an array with all the groups where the user is in and in the module + * @param string $module The module to use + * @param integer $idgroupmember The user to search + */ + public function groupmemberReadUserByID ($module, $idgroupmember) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $idgrouptmps = $this->groupRead ($module); + // Create an array with idgroup=>group + $idgroups = array (); + foreach ($idgrouptmps as $val) + $idgroups[$val["idgroup"]] = $val["group"]; + $this->dbGroupMember->clearRequest (); + $this->dbGroupMember->whereAdd ("idgroupmember", "=", $idgroupmember); + $idgroupmembers = $this->dbGroupMember->select ()->execute (); + $res = array (); + foreach ($idgroupmembers as $idmembers) + { + $res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]]; + } + return $res; + } + + /** Return an array with all the available users in the group and in the + * module + * @param string $module The module to use + * @param string $group The group to search + */ + public function groupmemberReadGroup ($module, $group) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->select () + ->whereAdd ("idgroup", "=", + $groups[0]["idgroup"]) + ->displayAdd ("user") + ->execute (); + } + + /** Return an array with all the available users in the group and in the + * module + * @param string $module The module to use + * @param integer $idgroup The group to search + */ + public function groupmemberReadGroupByID ($module, $idgroup) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->select () + ->whereAdd ("idgroup", "=", + $groups[0]["idgroup"]) + ->execute (); + } + + /** Return an array containing the information of a user in a specific group + * @param string $module The module to use + * @param integer $idgroup The group to search + * @param integer $iduser The user to search + */ + public function groupmemberReadUserDataByID ($module, $idgroup, $iduser) + { + if ($this->dbGroupMember == null) + throw new \Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $this->dbGroupMember->clearRequest (); + return $this->dbGroupMember->select () + ->whereAdd ("idgroup", "=", + $groups[0]["idgroup"]) + ->whereAdd ("idgroupmember", "=", $iduser) + ->execute (); + } + + /** Return an array containing the titles of the table translating in the user + * language + */ + public function groupmembersTitles () + { + return $this->dbGroupMember->titles (); + } + + /** Check if the provided data are compilant with the group specification + * @param array $data The data to check + * @param integer|null $idgroupmember The group member associated to verify + * @return array The errors found in the data + */ + public function groupmembersVerify ($data, $idgroupmember=false) + { + return $this->dbGroupMember->verify ($data, $idgroupmember); + } + + //////////////// + // RIGHTS // + //////////////// + /** Add a new right to right list + * Return the idright created + * @param string $module The module to use + * @param string $group The group to use + * @param string $object The object to use + * @param string $right The right to add + * @param string|null $comment The comment to add + */ + public function rightAdd ($module, $group, $object, $right, $comment="") + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + switch ($right) + { + case "RW": $right=2;break; + case "RO": $right=1;break; + default: + throw new \Exception (dgettext ("domframework", + "Unknown right provided (RO/RW only)"), + 500); + } + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $objects = $this->objectRead ($module, $object); + if (! isset ($objects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->rightCache = null; + $this->dbRight->clearRequest (); + return $this->dbRight->insert () + ->setValues (array ( + "idgroup" => $groups[0]["idgroup"], + "idobject" => $objects[0]["idobject"], + "right" => $right, + "comment" => $comment)) + ->execute (); + } + + /** Add a new right to right list by ID + * Return the idright created + * @param string $module The module to use + * @param integer $idgroup The group to use + * @param integer $idobject The object to use + * @param integer $idright The right to add + * @param string|null $comment The comment to add + */ + public function rightAddByID ($module, $idgroup, $idobject, $idright, + $comment="") + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + switch ($idright) + { + case "2": $right=2;break; + case "1": $right=1;break; + default: + throw new \Exception (dgettext ("domframework", + "Unknown right provided (RO/RW only)"), + 500); + } + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $objects = $this->objectReadByID ($module, $idobject); + if (! isset ($objects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->rightCache = null; + $this->dbRight->clearRequest (); + return $this->dbRight->insert () + ->setValues (array ( + "idgroup" => $groups[0]["idgroup"], + "idobject" => $objects[0]["idobject"], + "right" => $right, + "comment" => $comment)) + ->execute (); + } + + /** Remove an right from database and all the rights using it + * @param string $module The module to use + * @param string $group The group to use + * @param string $object The object to remove the rights + */ + public function rightDel ($module, $group, $object) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $idrights = $this->rightRead ($module, $group, $object); + if (!isset ($idrights[0]["idright"])) + throw new \Exception (dgettext ("domframework", + "Wanted right not found"), 404); + $this->rightCache = null; + $this->dbRight->clearRequest (); + return $this->dbRight->delete () + ->whereAdd ("idright", "=", $idrights[0]["idright"]) + ->execute (); + } + + /** Remove an right from database by ID and all the rights using it + * @param string $module The module to use + * @param integer $idright The idright to be deleted + */ + public function rightDelByID ($module, $idright) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $idrights = $this->rightReadByID ($module, $idright); + if (!isset ($idrights[0]["idright"])) + throw new \Exception (dgettext ("domframework", + "Wanted right not found"), 404); + $this->rightCache = null; + $this->dbRight->clearRequest (); + return $this->dbRight->delete () + ->whereAdd ("idright", "=", $idrights[0]["idright"]) + ->execute (); + } + + /** Update a right in the database + * @param string $module The module to use + * @param string $group The group to update the right + * @param string $object The object ot update the right + * @param string $newright The new right to save + * @param string|null $newcomment The new comment to save + */ + public function rightUpdate ($module, $group, $object, $newright, + $newcomment="") + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + switch ($newright) + { + case "RW": $newright=2;break; + case "RO": $newright=1;break; + default: + throw new \Exception (dgettext ("domframework", + "Unknown right provided (RO/RW only)"), + 500); + } + $idrights = $this->rightRead ($module, $group, $object); + if (!isset ($idrights[0]["idright"])) + throw new \Exception (dgettext ("domframework", + "Wanted right not found"), 404); + $this->rightCache = null; + $this->dbRight->clearRequest (); + return $this->dbRight->update () + ->whereAdd ("idright", "=", $idrights[0]["idright"]) + ->setValues (array ("right" => $newright, + "comment" => $newcomment)) + ->execute (); + } + + /** Update a right by ID in the database + * @param string $module The module to use + * @param integer $idright The idright to update the right + * @param integer $newidobject The object ot update the right + * @param integer $newright The new right to save + * @param string|null $newcomment The new comment to save + */ + public function rightUpdateByID ($module, $idright, $newidobject, $newright, + $newcomment="") + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + switch ($newright) + { + case "2": $newright=2;break; + case "1": $newright=1;break; + default: + throw new \Exception (dgettext ("domframework", + "Unknown right provided (RO/RW only)"), + 500); + } + $idrights = $this->rightReadByID ($module, $idright); + if (!isset ($idrights[0]["idright"])) + throw new \Exception (dgettext ("domframework", + "Wanted right not found"), 404); + $this->rightCache = null; + $this->dbRight->clearRequest (); + return $this->dbRight->update () + ->whereAdd ("idright", "=", $idrights[0]["idright"]) + ->setValues (array ("idobject" => $newidobject, + "right" => $newright, + "comment" => $newcomment)) + ->execute (); + } + + + /** Return an array with all the available rights in the module, for a group, + * and concerning an object + * @param string $module The module to use + * @param string $group The group to get the rights + * @param string $object The object to get the rights + */ + public function rightRead ($module, $group, $object) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $objects = $this->objectRead ($module, $object); + if (! isset ($objects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->dbRight->clearRequest (); + return $this->dbRight->select () + ->whereAdd ("idgroup", "=", $groups[0]["idgroup"]) + ->whereAdd ("idobject", "=", $objects[0]["idobject"]) + ->execute (); + } + + /** Return an array with all the available rights for a module and a group + * @param string $module The module to use + * @param string $group The group to get the rights + */ + public function rightReadByGroup ($module, $group) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new \Exception (dgettext ("domframework", + "Wanted group not found"), 404); + return $this->rightReadByGroupByID ($module, $objects[0]["idgroup"]); + } + + /** Return an array with all the available rights for a module and a group + * @param string $module The module to use + * @param integer $idgroup The group to get the rights + */ + public function rightReadByGroupByID ($module, $idgroup) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $this->dbRight->clearRequest (); + return $this->dbRight->select () + ->whereAdd ("idgroup", "=", $idgroup) + ->execute (); + } + + /** Return an array with all the information concerning a right selected by + * @param string $module The module to use + * @param integer $idright The right to search + * ID + */ + public function rightReadByID ($module, $idright) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $this->dbRight->clearRequest (); + return $this->dbRight->select () + ->whereAdd ("idright", "=", $idright) + ->execute (); + } + + /** Return an array with all the available rights for a module and an object + * @param string $module The module to use + * @param string $object The object to search + */ + public function rightReadByObject ($module, $object) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $objects = $this->objectRead ($module, $object); + if (! isset ($objects[0]["idobject"])) + throw new \Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $this->dbRight->clearRequest (); + return $this->dbRight->select () + ->whereAdd ("idobject", "=", $objects[0]["idobject"]) + ->execute (); + } + + /** Return an array with all the available rights for a module and an idobject + * @param string $module The module to use + * @param integer $idobject The object to search + */ + public function rightReadByObjectByID ($module, $idobject) + { + if ($this->dbRight == null) + throw new \Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $this->dbRight->clearRequest (); + return $this->dbRight->select () + ->whereAdd ("idobject", "=", $idobject) + ->execute (); + } + + + /** Return an array containing the titles of the table translating in the user + * language + */ + public function rightTitles () + { + return $this->dbRight->titles (); + } + + /** Return all the types of rights available (RO and RW) + */ + public function rightTypes () + { + return array ("1" => "RO", "2" => "RW"); + } + + /** Check if the provided data are compilant with the group specification + * @param array $data The data of the right to check + * @param integer $idright The right to search + * @return array The errors found in the data + */ + public function rightVerify ($data, $idright=false) + { + return $this->dbRight->verify ($data, $idright); + } +}