From fdf1e9e6f19143c4b7651c2277fc66a9e2bde5bc Mon Sep 17 00:00:00 2001 From: Dominique Fournier Date: Wed, 7 Jan 2015 03:26:38 +0000 Subject: [PATCH] authzgroups : add rights support git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@1918 bf3deb0d-5f1a-0410-827f-c0cc1f45334c --- authzgroups.php | 285 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 270 insertions(+), 15 deletions(-) diff --git a/authzgroups.php b/authzgroups.php index 3357e37..b611b3a 100644 --- a/authzgroups.php +++ b/authzgroups.php @@ -31,15 +31,26 @@ class authzgroups throw new Exception (dgettext ("domframework", "DB for Object is not connected"), 500); // Do the SQL request in hard to be more performant on jointures - $req = "SELECT o.object,MAX(r.right) AS right - FROM ".$this->tableprefix."authzright AS r, - ".$this->tableprefix."authzobject AS o, - ".$this->tableprefix."authzgroup AS g, - ".$this->tableprefix."authzgroupmember AS gm - WHERE r.idgroup=g.idgroup AND r.idobject=o.idobject AND gm.idgroup=g.idgroup - AND gm.user=:user AND g.module=:module - GROUP BY o.object - ORDER BY o.object"; + if ($user === "cli" || $user === "root") + { + $req = "SELECT o.object,'2' AS right + FROM ".$this->tableprefix."authzobject AS o + WHERE o.module=:module"; + } + else + { + $req = "SELECT o.object,MAX(r.right) AS right + FROM ".$this->tableprefix."authzright AS r, + ".$this->tableprefix."authzobject AS o, + ".$this->tableprefix."authzgroup AS g, + ".$this->tableprefix."authzgroupmember AS gm + WHERE r.idgroup=g.idgroup AND r.idobject=o.idobject AND + gm.idgroup=g.idgroup + AND gm.user=:user AND g.module=:module + GROUP BY o.object + ORDER BY o.object"; + } + if ($this->debug) echo "$req\n"; try { @@ -52,7 +63,8 @@ class authzgroups throw new Exception ($e->getMessage(), 500); } - $st->bindValue (":user", $user); + if ($user !== "cli" && $user !== "root") + $st->bindValue (":user", $user); $st->bindValue (":module", $module); $rc = $st->execute (); if ($rc === false) @@ -163,6 +175,10 @@ class authzgroups $this->dbGroupMember->foreign = array ( "idgroup"=>array ("authzgroup", "idgroup", "ON UPDATE CASCADE ON DELETE CASCADE")); + $this->dbGroupMember->titles = array ("idgroupmember"=>_("idgroupmember"), + "user"=>_("User"), + "idgroup"=>_("idgroup"), + "comment"=>_("Comment")); $this->dbRight = new dblayer ($dsn, $username, $password, $driver_options); $this->dbRight->debug = $this->debug; @@ -172,7 +188,7 @@ class authzgroups "idright"=> array ("integer", "not null", "autoincrement"), "idgroup"=> array ("integer", "not null"), "idobject"=>array ("integer", "not null"), - "right"=> array ("integer", "not null"), // 1=RO,2=RW + "right"=> array ("varchar", "2", "not null"), // RO,RW "comment"=> array ("varchar", "255")); $this->dbRight->primary = "idright"; $this->dbRight->unique = array ("idright", array ("idgroup","idobject")); @@ -182,6 +198,11 @@ class authzgroups "idobject"=>array ("authzobject", "idobject", "ON UPDATE CASCADE ON DELETE CASCADE"), ); + $this->dbRight->titles = array ("idright"=>_("idright"), + "idgroup"=>_("idgroup"), + "idobject"=>_("idobject"), + "right"=>_("Right"), + "comment"=>_("Comment")); return TRUE; } @@ -410,7 +431,7 @@ class authzgroups $select[] = array ("module", $module); if ($group !== null) $select[] = array ("group", $group); - return $this->dbGroup->read ($select); + return $this->dbGroup->read ($select, null, array (array ("group", "ASC"))); } public function groupReadByID ($module, $idgroup) @@ -436,6 +457,7 @@ class authzgroups { return $this->dbGroup->verify ($datas, $idgroup); } + ////////////////////// // GROUP MEMBER // ////////////////////// @@ -477,12 +499,46 @@ class authzgroups return $this->dbGroupMember->delete ($groupsMembers[0]["idgroupmember"]); } + /** Remove an groupmember from database and all the rights using it */ + public function groupmemberDelByID ($module, $idgroup, $idgroupmember) + { + if ($this->dbGroupMember == null) + throw new Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $groupsMembers = $this->dbGroupMember->read (array ( + array ("idgroupmember",$idgroupmember), + array ("idgroup",$idgroup))); + if (! isset ($groupsMembers[0]["idgroupmember"])) + throw new Exception (dgettext ("domframework", + "Wanted GroupMember not found"), 404); + return $this->dbGroupMember->delete ($groupsMembers[0]["idgroupmember"]); + } + /** Update an groupmember in the database */ public function groupmemberUpdate ($module, $group, $user, $comment="") { die ("This function is not available : contact us if you need it\n"); } + /** Update an groupmember in the database */ + public function groupmemberUpdateByID ($module, $idgroup, $iduser, $user, + $comment="") + { + $datas = $this->groupmemberReadUserDataByID ($module, $idgroup, $iduser); + if (count ($datas) === 0) + throw new Exception (dgettext ("domframework", + "IDUser in IDGroup not found"), 404); + return $this->dbGroupMember->update ($iduser, + array ("user"=>$user, + "comment"=>$comment)); + } + + /** Return an array with all the groups where the user is in and in the module */ public function groupmemberReadUser ($module, $user) @@ -523,6 +579,53 @@ class authzgroups return $this->dbGroupMember->read ($select, array ("user")); } + /** Return an array with all the available users in the group and in the + module */ + public function groupmemberReadGroupByID ($module, $idgroup) + { + if ($this->dbGroupMember == null) + throw new Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $select[] = array ("idgroup", $groups[0]["idgroup"]); + return $this->dbGroupMember->read ($select); + } + + /** Return an array containing the informations of a user in a specific group + */ + public function groupmemberReadUserDataByID ($module, $idgroup, $iduser) + { + if ($this->dbGroupMember == null) + throw new Exception (dgettext ("domframework", + "DB for GroupMember is not connected"), + 500); + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $select[] = array ("idgroup", $groups[0]["idgroup"]); + $select[] = array ("idgroupmember", $iduser); + return $this->dbGroupMember->read ($select); + } + + /** Return an array containing the titles of the table translating in the user + language */ + public function groupmembersTitles () + { + return $this->dbGroupMember->titles; + } + + /** Check if the provided datas are compilant with the group specification + @return array The errors found in the datas */ + public function groupmembersVerify ($datas, $idgroupmember=false) + { + return $this->dbGroupMember->verify ($datas, $idgroupmember); + } + //////////////// // RIGHTS // //////////////// @@ -555,6 +658,37 @@ class authzgroups "right"=>$right, "comment"=>$comment)); } + /** Add a new right to right list by ID + Return the idright created */ + public function rightAddByID ($module, $idgroup, $idobject, $idright, + $comment="") + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + switch ($idright) + { + case "2": $right=2;break; + case "1": $right=1;break; + default: + throw new Exception (dgettext ("domframework", + "Unknown right provided (RO/RW only)"), + 500); + } + $groups = $this->groupReadByID ($module, $idgroup); + if (! isset ($groups[0]["idgroup"])) + throw new Exception (dgettext ("domframework", + "Wanted group not found"), 404); + $objects = $this->objectReadByID ($module, $idobject); + if (! isset ($objects[0]["idobject"])) + throw new Exception (dgettext ("domframework", + "Wanted object not found"), 404); + return $this->dbRight->insert (array ("idgroup"=>$groups[0]["idgroup"], + "idobject"=>$objects[0]["idobject"], + "right"=>$right, + "comment"=>$comment)); + } + /** Remove an right from database and all the rights using it */ public function rightDel ($module, $group, $object) @@ -569,7 +703,20 @@ class authzgroups return $this->dbRight->delete ($idrights[0]["idright"]); } - /** Update an right in the database */ + /** Remove an right from database by ID and all the rights using it */ + public function rightDelByID ($module, $idright) + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $idrights = $this->rightReadByID ($module, $idright); + if (!isset ($idrights[0]["idright"])) + throw new Exception (dgettext ("domframework", + "Wanted right not found"), 404); + return $this->dbRight->delete ($idrights[0]["idright"]); + } + + /** Update a right in the database */ public function rightUpdate ($module, $group, $object, $newright, $newcomment="") { @@ -594,8 +741,35 @@ class authzgroups "comment"=>$newcomment)); } - /** Return an array with all the available rights in the module, or the - right if provided */ + /** Update a right by ID in the database */ + public function rightUpdateByID ($module, $idright, $newidobject, $newright, + $newcomment="") + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + switch ($newright) + { + case "2": $newright=2;break; + case "1": $newright=1;break; + default: + throw new Exception (dgettext ("domframework", + "Unknown right provided (RO/RW only)"), + 500); + } + $idrights = $this->rightReadByID ($module, $idright); + if (!isset ($idrights[0]["idright"])) + throw new Exception (dgettext ("domframework", + "Wanted right not found"), 404); + return $this->dbRight->update ($idrights[0]["idright"], + array ("idobject"=>$newidobject, + "right"=>$newright, + "comment"=>$newcomment)); + } + + + /** Return an array with all the available rights in the module, for a group, + and concerning an object */ public function rightRead ($module, $group, $object) { if ($this->dbRight == null) @@ -613,4 +787,85 @@ class authzgroups $select[] = array ("idobject",$objects[0]["idobject"]); return $this->dbRight->read ($select); } + + /** Return an array with all the available rights for a module and a group */ + public function rightReadByGroup ($module, $group) + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $groups = $this->groupRead ($module, $group); + if (! isset ($groups[0]["idgroup"])) + throw new Exception (dgettext ("domframework", + "Wanted group not found"), 404); + return $this->rightReadByGroupByID ($module, $objects[0]["idgroup"]); + } + + /** Return an array with all the available rights for a module and a group */ + public function rightReadByGroupByID ($module, $idgroup) + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $select[] = array ("idgroup", $idgroup); + return $this->dbRight->read ($select); + } + + /** Return an array with all the informations concerning a right selected by + ID*/ + public function rightReadByID ($module, $idright) + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $select[] = array ("idright", $idright); + return $this->dbRight->read ($select); + } + + /** Return an array with all the available rights for a module and an object + */ + public function rightReadByObject ($module, $object) + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $objects = $this->objectRead ($module, $object); + if (! isset ($objects[0]["idobject"])) + throw new Exception (dgettext ("domframework", + "Wanted object not found"), 404); + $select[] = array ("idobject", $objects[0]["idobject"]); + return $this->dbRight->read ($select); + } + + /** Return an array with all the available rights for a module and an idobject + */ + public function rightReadByObjectByID ($module, $idobject) + { + if ($this->dbRight == null) + throw new Exception (dgettext ("domframework", + "DB for Right is not connected"), 500); + $select[] = array ("idobject", $idobject); + return $this->dbRight->read ($select); + } + + + /** Return an array containing the titles of the table translating in the user + language */ + public function rightTitles () + { + return $this->dbRight->titles; + } + + /** Return all the types of rights available (RO and RW) */ + public function rightTypes () + { + return array ("1"=>"RO", "2"=>"RW"); + } + + /** Check if the provided datas are compilant with the group specification + @return array The errors found in the datas */ + public function rightVerify ($datas, $idright=false) + { + return $this->dbRight->verify ($datas, $idright); + } }