From bf4d1e036ea809df17fd90ffdf051d9158a05076 Mon Sep 17 00:00:00 2001 From: Dominique Fournier Date: Mon, 17 Aug 2015 12:10:21 +0000 Subject: [PATCH] authzgroups : add the functions to check the accessRight, accessWrite, accessReadOnly git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2256 bf3deb0d-5f1a-0410-827f-c0cc1f45334c --- authzgroups.php | 81 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/authzgroups.php b/authzgroups.php index 5732223..d5460ba 100644 --- a/authzgroups.php +++ b/authzgroups.php @@ -120,6 +120,87 @@ class authzgroups return $ressource[$object]; } + /** Return TRUE if the user right allow to see the object + Return a 403 Exception if the user don't have the right + Return a 401 Exception if the user is not connected */ + public function accessRight ($module, $user, $object) + { + if ($this->dbObject === null) + throw new Exception ("Can't use authzgroups\\accessRight without ". + "connected database", 500); + if ($module === null || ! is_string ($module) || trim ($module) === "") + throw new Exception ("Module not provided to authzgroups\\accessRight", + 500); + if ($user === null || ! is_string ($user) || trim ($user) === "") + throw new Exception ("User not provided to authzgroups\\accessright", + 500); + if ($object === null || ! is_string ($object)) + throw new Exception ("Object not provided to authzgroups\\accessRight", + 500); + $rc = $this->allow ($module, $user, "/$object"); + trigger_error ("authzgroups : accessRight ('$module','$user','/$object')". + "=$rc", E_USER_NOTICE); + if ($rc !== "NO") + return TRUE; + if ($user === "anonymous") + throw new Exception (_("Anonymous not allowed"), 401); + throw new Exception (_("Access forbidden"), 403); + } + + /** Return TRUE if the user right allow to edit the object + Return a 403 Exception if the user don't have the right + Return a 401 Exception if the user is not connected */ + public function accessWrite ($module, $user, $object) + { + if ($this->dbObject === null) + throw new Exception ("Can't use authzgroups\\accessWrite without ". + "connected database", 500); + if ($module === null || ! is_string ($module) || trim ($module) === "") + throw new Exception ("Module not provided to authzgroups\\accessWrite", + 500); + if ($user === null || ! is_string ($user) || trim ($user) === "") + throw new Exception ("User not provided to authzgroups\\accessWrite", + 500); + if ($object === null || ! is_string ($object)) + throw new Exception ("Object not provided to authzgroups\\accessWrite", + 500); + $rc = $this->allow ($module, $user, "/$object"); + trigger_error ("authzgroups : accessWrite ('$module','$user','/$object')". + "=$rc", E_USER_NOTICE); + if ($rc === "RW") + return TRUE; + if ($user === "anonymous") + throw new Exception (_("Anonymous not allowed"), 401); + throw new Exception (_("Modification forbidden"), 403); + } + + /** Return TRUE if the user right allow to see but without modification + the object + Return a 403 Exception if the user don't have the right + Return a 401 Exception if the user is not connected */ + public function accessReadOnly ($module, $user, $object) + { + if ($this->dbObject === null) + throw new Exception ("Can't use authzgroups\\accessReadOnly without ". + "connected database", 500); + if ($module === null || ! is_string ($module) || trim ($module) === "") + throw new Exception ("Module not provided to authzgroups\\accessReadOnly", + 500); + if ($user === null || ! is_string ($user) || trim ($user) === "") + throw new Exception ("User not provided to authzgroups\\accessReadOnly", + 500); + if ($object === null || ! is_string ($object)) + throw new Exception ("Object not provided to authzgroups\\accessReadOnly", + 500); + $rc = $this->allow ($module, $user, "/$object"); + trigger_error ("authzgroups : accessReadOnly ('$module','$user','/$object')" + ."=$rc", E_USER_NOTICE); + if ($rc === "RO") + return TRUE; + if ($user === "anonymous") + throw new Exception (_("Anonymous not allowed"), 401); + throw new Exception (_("Access forbidden"), 403); + } ///////////////////////// // DATABASE STORAGE // /////////////////////////