*/ require_once ("domframework/dblayeroo.php"); /** All the needed functions to authorize or deny access to an authenticated * user by its groups membership * Based on dblayeroo */ class authzgroupsoo { /** The table prefix to use */ public $tableprefix = ""; /** The dblayeroo object use to manage the Object table */ private $dbObject = null; /** The dblayeroo object use to manage the Group table */ private $dbGroup = null; /** The dblayeroo object use to manage the GroupMember table */ private $dbGroupMember = null; /** The dblayeroo object use to manage the Right table */ private $dbRight = null; /** Set the debug level */ public $debug = 0; /** A local cache of the rights if multiple tests are needed */ private $rightCache = null; ///////////////////// // USER RIGHTS // ///////////////////// /** Return an array with all the rights of the user in the module. * Cache this information to be quicker with next requests * Remove the entries where path is not at least readable * @param string $module The module to use * @param string $user The user to get the rights */ public function userrightsget ($module, $user) { // if (isset ($_SESSION["domframework"]["authzgroups"][$module][$user])) // return $_SESSION["domframework"]["authzgroups"][$module][$user]; if ($this->rightCache !== null) return $this->rightCache; if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); // Do the SQL request in hard to be more performant on jointures if ($user === "cli" || $user === "root") { $this->dbObject->clearRequest (); $resTmp = $this->dbObject->select () ->displayAdd ("object", "object") ->displayAdd ("2", "right") ->whereAdd ("module", "=", $module) ->execute (); } else { $this->dbObject->clearRequest (); $this->dbGroupMember->clearRequest (); $this->dbGroup->clearRequest (); $this->dbGroupMember->whereAdd ("user", "=", $user); $this->dbGroup->joinInner ($this->dbGroupMember, array ("idgroup" => "idgroup")) ->whereAdd ("module", "=", $module); $this->dbRight->displayAdd ("MAX(right)", "right") ->joinInner ($this->dbGroup, array ("idgroup" => "idgroup")); $resTmp = $this->dbObject->select () ->displayAdd ("object", "object") ->orderAdd ("object", "ASC") ->joinInner ($this->dbRight, array ("idobject" => "idobject")) ->execute (); } $res = array (); foreach ($resTmp as $row) $res[$row["object"]] = $row["right"]; // Transform the numerical rights to RO/RW foreach ($res as $k => $r) { switch ($r) { case "2": $res[$k] = "RW"; break; case "1": $res[$k] = "RO"; break; default: throw new \Exception (dgettext ("domframework", "Unknown right stored"), 500); } } if (isset ($_SESSION)) $_SESSION["domframework"]["authzgroups"][$module][$user] = $res; $this->rightCache = $res; return $res; } /** Return the right defined for this user in the module for one object * @param string $module The module to use * @param string $user The user to get the rights * @param string $object The object to return the rights for the user */ public function allow ($module, $user, $object) { $ressource = $this->userrightsget ($module, $user); // The complete tree should not be readable for the user : it can have // access to a card, but not to all the cards (group -> reject, // group/XXX->allow) /*// Limit to allowed trees : if a member of the path is not recorded (is // unreadable), return NO. // Can be the last entry (the complete object) too $path = explode ("/", $object); $completePath = "/"; foreach ($path as $k => $p) { if ($k>1) $completePath .= "/"; $completePath .= "$p"; if (! isset ($ressource[$completePath])) { if ($this->debug) echo "DEBUG allow : REJECT because $completePath is not found\n"; return "NO"; } }*/ if (! isset ($ressource[$object])) return "NO"; return $ressource[$object]; } /** Return TRUE if the user right allow to see the object (RO or RW) * Return a 403 Exception if the user don't have the right * Return a 401 Exception if the user is not connected * @param string $module The module to use * @param string $user The user to get the rights * @param string $object The object to check the rights for the user */ public function accessRight ($module, $user, $object) { if ($this->dbObject === null) throw new \Exception ("Can't use authzgroups\\accessRight without ". "connected database", 500); if ($module === null || ! is_string ($module) || trim ($module) === "") throw new \Exception ("Module not provided to authzgroups\\accessRight", 500); if ($user === null || ! is_string ($user) || trim ($user) === "") throw new \Exception ("User not provided to authzgroups\\accessright", 500); if ($object === null || ! is_string ($object)) throw new \Exception ("Object not provided to authzgroups\\accessRight", 500); if ($object{0} !== "/") $object = "/$object"; $rc = $this->allow ($module, $user, "$object"); if ($this->debug) trigger_error ("authzgroups : accessRight ('$module','$user','$object')". "=$rc", E_USER_NOTICE); if ($rc !== "NO") return TRUE; if ($user === "anonymous") throw new \Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new \Exception (dgettext("domframework", "Access forbidden"), 403); } /** Return TRUE if the user right allow to edit the object (RW only) * Return a 403 Exception if the user don't have the right * Return a 401 Exception if the user is not connected * @param string $module The module to use * @param string $user The user to get the rights * @param string $object The object to check the rights for the user */ public function accessWrite ($module, $user, $object) { if ($this->dbObject === null) throw new \Exception ("Can't use authzgroups\\accessWrite without ". "connected database", 500); if ($module === null || ! is_string ($module) || trim ($module) === "") throw new \Exception ("Module not provided to authzgroups\\accessWrite", 500); if ($user === null || ! is_string ($user) || trim ($user) === "") throw new \Exception ("User not provided to authzgroups\\accessWrite", 500); if ($object === null || ! is_string ($object)) throw new \Exception ("Object not provided to authzgroups\\accessWrite", 500); if ($object{0} !== "/") $object = "/$object"; $rc = $this->allow ($module, $user, $object); if ($this->debug) trigger_error ("authzgroups : accessWrite ('$module','$user','$object')". "=$rc", E_USER_NOTICE); if ($rc === "RW") return TRUE; if ($user === "anonymous") throw new \Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new \Exception (dgettext("domframework", "Modification forbidden"), 403); } /** Return TRUE if the user right allow to see but without modification * the object (RO only) * Return a 403 Exception if the user don't have the right * Return a 401 Exception if the user is not connected * @param string $module The module to use * @param string $user The user to get the rights * @param string $object The object to check the rights for the user */ public function accessReadOnly ($module, $user, $object) { if ($this->dbObject === null) throw new \Exception ("Can't use authzgroups\\accessReadOnly without ". "connected database", 500); if ($module === null || ! is_string ($module) || trim ($module) === "") throw new \Exception ( "Module not provided to authzgroups\\accessReadOnly", 500); if ($user === null || ! is_string ($user) || trim ($user) === "") throw new \Exception ("User not provided to authzgroups\\accessReadOnly", 500); if ($object === null || ! is_string ($object)) throw new \Exception ( "Object not provided to authzgroups\\accessReadOnly", 500); if ($object{0} !== "/") $object = "/$object"; $rc = $this->allow ($module, $user, $object); if ($this->debug) trigger_error ("authzgroups : accessReadOnly ('$module','$user',". "'$object')" ."=$rc", E_USER_NOTICE); if ($rc === "RO") return TRUE; if ($user === "anonymous") throw new \Exception (dgettext("domframework", "Anonymous not allowed"), 401); throw new \Exception (dgettext("domframework", "Access forbidden"), 403); } ///////////////////////// // DATABASE STORAGE // ///////////////////////// /** Connect to the database before using it * @param string $dsn The DSN to use to connect to the database * @param string|null $username The username to use to connect to the * database * @param string|null $password The password to use to connect to the * database * @param array|null $driver_options The options to pass to PDO driver */ public function connect ($dsn, $username=null, $password=null, $driver_options=null) { $this->dbObject = new dblayeroo ($dsn, $username, $password, $driver_options); $this->dbObject->debug ($this->debug); $this->dbObject->table ("authzobject"); $this->dbObject->tableprefix ($this->tableprefix); $this->dbObject->fields (array ( "idobject" => array ("integer", "not null", "autoincrement"), "module" => array ("varchar(255)", "not null"), "object" => array ("varchar(255)", "not null"), "comment" => array ("varchar(255)"))); $this->dbObject->primary ("idobject"); $this->dbObject->unique (array ("idobject", array ("object", "module"))); $this->dbObject->titles (array ( "idobject" => dgettext("domframework", "idobject"), "module" => dgettext("domframework", "Module"), "object" => dgettext("domframework", "Object"), "comment" => dgettext("domframework", "Comment"))); $this->dbGroup = new dblayeroo ($dsn, $username, $password, $driver_options); $this->dbGroup->debug ($this->debug); $this->dbGroup->table ("authzgroup"); $this->dbGroup->tableprefix ($this->tableprefix); $this->dbGroup->fields (array ( "idgroup" => array ("integer", "not null", "autoincrement"), "module" => array ("varchar(255)", "not null"), "group" => array ("varchar(255)", "not null"), "comment" => array ("varchar(255)"))); $this->dbGroup->primary ("idgroup"); $this->dbGroup->unique (array ("idgroup", array ("module","group"))); $this->dbGroup->titles (array ( "idgroup" => dgettext("domframework", "idgroup"), "module" => dgettext("domframework", "Module"), "group" => dgettext("domframework", "Group"), "comment" => dgettext("domframework", "Comment"))); $this->dbGroupMember = new dblayeroo ($dsn, $username, $password, $driver_options); $this->dbGroupMember->debug ($this->debug); $this->dbGroupMember->table ("authzgroupmember"); $this->dbGroupMember->tableprefix ($this->tableprefix); $this->dbGroupMember->fields (array ( "idgroupmember" => array ("integer", "not null", "autoincrement"), "user" => array ("varchar(255)", "not null"), "idgroup" => array ("integer", "not null"), "comment" => array ("varchar(255)"))); $this->dbGroupMember->primary ("idgroupmember"); $this->dbGroupMember->unique (array ("idgroupmember", array ("user","idgroup"))); $this->dbGroupMember->foreign (array ( "idgroup" => array ($this->tableprefix."authzgroup", "idgroup", "ON UPDATE CASCADE ON DELETE CASCADE"))); $this->dbGroupMember->setForeignObj ($this->dbGroup); $this->dbGroupMember->titles (array ( "idgroupmember" => dgettext("domframework", "idgroupmember"), "user" => dgettext("domframework", "User"), "idgroup" => dgettext("domframework", "idgroup"), "comment" => dgettext("domframework", "Comment"))); $this->dbRight = new dblayeroo ($dsn, $username, $password, $driver_options); $this->dbRight->debug ($this->debug); $this->dbRight->table ("authzright"); $this->dbRight->tableprefix ($this->tableprefix); $this->dbRight->fields (array ( "idright" => array ("integer", "not null", "autoincrement"), "idgroup" => array ("integer", "not null"), "idobject" => array ("integer", "not null"), "right" => array ("varchar(2)", "not null"), // RO,RW "comment" => array ("varchar(255)"))); $this->dbRight->primary ("idright"); $this->dbRight->unique (array ("idright", array ("idgroup","idobject"))); $this->dbRight->foreign (array ( "idgroup" => array ($this->tableprefix."authzgroup", "idgroup", "ON UPDATE CASCADE ON DELETE CASCADE"), "idobject" => array ($this->tableprefix."authzobject", "idobject", "ON UPDATE CASCADE ON DELETE CASCADE"), )); $this->dbRight->setForeignObj ($this->dbGroup); $this->dbRight->setForeignObj ($this->dbObject); $this->dbRight->titles (array ( "idright" => dgettext("domframework", "idright"), "idgroup" => dgettext("domframework", "idgroup"), "idobject" => dgettext("domframework", "idobject"), "right" => dgettext("domframework", "Right"), "comment" => dgettext("domframework", "Comment"))); return TRUE; } /** Disconnect from the database. Should be only used in the unit tests */ public function disconnect () { $this->dbObject->disconnect (); } /** Create the tables in the database to store the data */ public function createTables () { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $tables = array ("Object", "Group", "GroupMember", "Right"); foreach ($tables as $table) { try { $class= "db$table"; $this->$class->createTable (); } catch (\Exception $e) { echo $e->getMessage()."\n"; } } return TRUE; } /** Return true if all the tables are created, false otherwise */ public function stateTables () { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $tables = $this->dbObject->listTables (); $needed = array ("authzobject", "authzgroup", "authzgroupmember", "authzright"); foreach ($needed as $table) { if (! in_array ($this->tableprefix.$table, $tables)) return false; } return true; } /** Return true if all the tables are deleted, false otherwise */ public function deleteTables () { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $tables = $this->dbObject->listTables (); $needed = array ("Object", "Group", "GroupMember", "Right"); $needed = array_reverse ($needed); foreach ($needed as $table) { $class= "db$table"; $this->$class->dropTable (); } return true; } ///////////////// // OBJECTS // ///////////////// /** Add a new object to object list * Return the idobject created * @param string $module The module to use * @param string $object The object to create * @param string|null $comment The comment to save */ public function objectAdd ($module, $object, $comment="") { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); // TODO : Check parameters before saving them $this->rightCache = null; $this->dbObject->clearRequest (); return $this->dbObject->insert () ->setValues (array ("module" => $module, "object" => $object, "comment" => $comment)) ->execute (); } /** Remove an object from database and all the rights using it * @param string $module The module to use * @param string $object The object to delete */ public function objectDel ($module, $object) { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $idobjects = $this->objectRead ($module, $object); if (! isset ($idobjects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->rightCache = null; $this->dbObject->clearRequest (); return $this->dbObject->delete () ->whereAdd ("idobject", "=", $idobjects[0]["idobject"]) ->execute (); } /** Remove an object from database and all the rights using it * @param string $module The module to use * @param integer $idobject The object to delete */ public function objectDelByID ($module, $idobject) { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $idobjects = $this->objectReadByID ($module, $idobject); if (! isset ($idobjects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->rightCache = null; $this->dbObject->clearRequest (); return $this->dbObject->delete () ->whereAdd ("idobject", "=", $idobjects[0]["idobject"]) ->execute (); } /** Update an object in the database * @param string $module The module to use * @param string $object The object to update * @param string $newobject The new name of the object * @param string|null $newcomment The new comment of the object */ public function objectUpdate ($module, $object, $newobject, $newcomment="") { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $idobjects = $this->objectRead ($module, $object); if (! isset ($idobjects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->rightCache = null; $this->dbObject->clearRequest (); return $this->dbObject->update () ->whereAdd ("idobject", "=", $idobjects[0]["idobject"]) ->setValues (array ("object" => $newobject, "comment" => $newcomment)) ->execute (); } /** Update an object in the database * @param string $module The module to use * @param integer $idobject The object to update * @param string $newobject The new name of the object * @param string|null $newcomment The new comment of the object */ public function objectUpdateByID ($module, $idobject, $newobject, $newcomment="") { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $idobjects = $this->objectReadByID ($module, $idobject); if (! isset ($idobjects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->rightCache = null; $this->dbObject->clearRequest (); return $this->dbObject->update () ->whereAdd ("idobject", "=", $idobjects[0]["idobject"]) ->setValues (array ("object" => $newobject, "comment" => $newcomment)) ->execute (); } /** Return an array with all the available objects in the module, or only * one object if $object is provided * @param string $module The module to use * @param string $object The name of the object to get */ public function objectRead ($module, $object=null) { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $this->dbObject->clearRequest (); if ($object !== null) $this->dbObject->whereAdd ("object", "=", $object); return $this->dbObject->select () ->whereAdd ("module", "=", $module) ->orderAdd ("object","ASC") ->execute (); } /** Return an array with all the available objects in the module, or only * one object if $object is provided * @param string $module The module to use * @param integer $idobject The name of the object to get */ public function objectReadByID ($module, $idobject=null) { if ($this->dbObject == null) throw new \Exception (dgettext ("domframework", "DB for Object is not connected"), 500); $this->dbObject->clearRequest (); if ($idobject !== null) $this->dbObject->whereAdd ("idobject", "=", $idobject); return $this->dbObject->select () ->whereAdd ("module", "=", $module) ->execute (); } /** Return an array containing the titles of the table translating in the user * language */ public function objectTitles () { return $this->dbObject->titles (); } /** Check if the provided data are compliant with the object specification * @param array $data The name of the object to get * @param integer|null $idobject The object to check * @return array The errors found in the data */ public function objectVerify ($data, $idobject=false) { return $this->dbObject->verify ($data, $idobject); } //////////////// // GROUPS // //////////////// /** Add a new group to group list * Return the idgroup created * @param string $module The module to use * @param string $group The group to create * @param string|null $comment The comment to add with the group */ public function groupAdd ($module, $group, $comment="") { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $this->dbGroup->clearRequest (); // TODO : Check parameters before saving them return $this->dbGroup->insert () ->setValues (array ("module" => $module, "group" => $group, "comment" => $comment)) ->execute (); } /** Remove an group from database and all the rights using it * @param string $module The module to use * @param string $group The group to delete */ public function groupDel ($module, $group) { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $idgroups = $this->groupRead ($module, $group); if (! isset ($idgroups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroup->clearRequest (); return $this->dbGroup->delete () ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) ->execute (); } /** Remove an group from database and all the rights using it * @param string $module The module to use * @param integer $idgroup The group to delete */ public function groupDelByID ($module, $idgroup) { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $idgroups = $this->groupReadByID ($module, $idgroup); if (! isset ($idgroups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroup->clearRequest (); return $this->dbGroup->delete () ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) ->execute (); } /** Update an group in the database * @param string $module The module to use * @param string $group The group to update * @param string $newgroup The new group name * @param string|null $comment The comment for the group */ public function groupUpdate ($module, $group, $newgroup, $comment="") { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $idgroups = $this->groupRead ($module, $group); if (! isset ($idgroups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroup->clearRequest (); return $this->dbGroup->update () ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) ->setValues (array ("group" => $newgroup, "comment" => $comment)) ->execute (); } /** Update an group in the database * @param string $module The module to use * @param integer $idgroup The group to update * @param string $newgroup The new group name * @param string|null $comment The comment for the group */ public function groupUpdateByID ($module, $idgroup, $newgroup, $comment="") { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $idgroups = $this->groupReadByID ($module, $idgroup); if (! isset ($idgroups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroup->clearRequest (); return $this->dbGroup->update () ->whereAdd ("idgroup", "=", $idgroups[0]["idgroup"]) ->setValues (array ("group" => $newgroup, "comment" => $comment)) ->execute (); } /** Return an array with all the available groups in the module * @param string $module The module to use * @param string|null $group The group to check if exists */ public function groupRead ($module, $group=null) { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $this->dbGroup->clearRequest (); if ($group !== null) $this->dbGroup->whereAdd ("group", "=", $group); return $this->dbGroup->select () ->whereAdd ("module", "=", $module) ->orderAdd ("group", "ASC") ->execute (); } /** Return an array with all the available groups in the module * @param string $module The module to use * @param integer $idgroup The group to check if exists */ public function groupReadByID ($module, $idgroup) { if ($this->dbGroup == null) throw new \Exception (dgettext ("domframework", "DB for Group is not connected"), 500); $this->dbGroup->clearRequest (); return $this->dbGroup->select () ->whereAdd ("module", "=", $module) ->whereAdd ("idgroup", "=", $idgroup) ->execute (); } /** Return an array containing the titles of the table translating in the user * language */ public function groupTitles () { return $this->dbGroup->titles (); } /** Check if the provided data are compilant with the group specification * @param array $data The data to check * @param integer|null $idgroup The idgroup to check * @return array The errors found in the data */ public function groupVerify ($data, $idgroup=false) { return $this->dbGroup->verify ($data, $idgroup); } ////////////////////// // GROUP MEMBER // ////////////////////// /** Add a new groupmember to groupmember list * Return the idgroupmember created * @param string $module The module to use * @param string $group The group to use * @param string $user The user to add in group * @param string|null $comment The comment to save */ public function groupmemberAdd ($module, $group, $user, $comment="") { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $groups = $this->groupRead ($module, $group); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->rightCache = null; $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->insert () ->setValues (array ( "user" => $user, "idgroup" => $groups[0]["idgroup"], "comment" => $comment)) ->execute (); } /** Remove an groupmember from database and all the rights using it * @param string $module The module to use * @param string $group The group to use * @param string $user The user to remove */ public function groupmemberDel ($module, $group, $user) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $groups = $this->groupRead ($module, $group); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroupMember->clearRequest (); $groupsMembers = $this->dbGroupMember->select () ->whereAdd ("user", "=", $user) ->whereAdd ("idgroup", "=", $groups[0]["idgroup"]) ->execute (); if (! isset ($groupsMembers[0]["idgroupmember"])) throw new \Exception (dgettext ("domframework", "Wanted GroupMember not found"), 404); $this->rightCache = null; $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->delete () ->whereAdd ("idgroupmember", "=", $groupsMembers[0]["idgroupmember"]) ->execute (); } /** Remove an groupmember from database and all the rights using it * @param string $module The module to use * @param integer $idgroup The group to use * @param integer $idgroupmember The user to remove */ public function groupmemberDelByID ($module, $idgroup, $idgroupmember) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $groups = $this->groupReadByID ($module, $idgroup); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroupMember->clearRequest (); $groupsMembers = $this->dbGroupMember->select () ->whereAdd ("idgroupmember", "=", $idgroupmember) ->whereAdd ("idgroup", "=", $idgroup) ->execute (); if (! isset ($groupsMembers[0]["idgroupmember"])) throw new \Exception (dgettext ("domframework", "Wanted GroupMember not found"), 404); $this->rightCache = null; $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->delete () ->whereAdd ("idgroupmember", "=", $groupsMembers[0]["idgroupmember"]) ->execute (); } /** Update an groupmember in the database * @param string $module The module to use * @param string $group The group to use * @param string $user The user to update * @param string|null $comment The comment to update */ public function groupmemberUpdate ($module, $group, $user, $comment="") { $this->rightCache = null; die ("This function is not available : contact us if you need it\n"); } /** Update an groupmember in the database * @param string $module The module to use * @param integer $idgroup The group to use * @param integer $iduser The user to update * @param string $user The new user name * @param string|null $comment The comment to update */ public function groupmemberUpdateByID ($module, $idgroup, $iduser, $user, $comment="") { $data = $this->groupmemberReadUserDataByID ($module, $idgroup, $iduser); if (count ($data) === 0) throw new \Exception (dgettext ("domframework", "IDUser in IDGroup not found"), 404); $this->rightCache = null; $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->update () ->whereAdd ("idgroupmember", "=", $data[0]["idgroupmember"]) ->setValues (array ("user" => $user, "comment" => $comment)) ->execute (); } /** Return an array with all the groups where the user is in and in the module * @param string $module The module to use * @param string $user The user to search */ public function groupmemberReadUser ($module, $user) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $idgrouptmps = $this->groupRead ($module); // Create an array with idgroup=>group $idgroups = array (); foreach ($idgrouptmps as $val) $idgroups[$val["idgroup"]] = $val["group"]; $this->dbGroupMember->clearRequest (); $idgroupmembers = $this->dbGroupMember->select () ->whereAdd ("user", "=", $user) ->execute (); $res = array (); foreach ($idgroupmembers as $idmembers) { $res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]]; } return $res; } /** Return an array with all the groups where the user is in and in the module * @param string $module The module to use * @param integer $idgroupmember The user to search */ public function groupmemberReadUserByID ($module, $idgroupmember) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $idgrouptmps = $this->groupRead ($module); // Create an array with idgroup=>group $idgroups = array (); foreach ($idgrouptmps as $val) $idgroups[$val["idgroup"]] = $val["group"]; $this->dbGroupMember->clearRequest (); $this->dbGroupMember->whereAdd ("idgroupmember", "=", $idgroupmember); $idgroupmembers = $this->dbGroupMember->select ()->execute (); $res = array (); foreach ($idgroupmembers as $idmembers) { $res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]]; } return $res; } /** Return an array with all the available users in the group and in the * module * @param string $module The module to use * @param string $group The group to search */ public function groupmemberReadGroup ($module, $group) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $groups = $this->groupRead ($module, $group); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->select () ->whereAdd ("idgroup", "=", $groups[0]["idgroup"]) ->displayAdd ("user") ->execute (); } /** Return an array with all the available users in the group and in the * module * @param string $module The module to use * @param integer $idgroup The group to search */ public function groupmemberReadGroupByID ($module, $idgroup) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $groups = $this->groupReadByID ($module, $idgroup); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->select () ->whereAdd ("idgroup", "=", $groups[0]["idgroup"]) ->execute (); } /** Return an array containing the information of a user in a specific group * @param string $module The module to use * @param integer $idgroup The group to search * @param integer $iduser The user to search */ public function groupmemberReadUserDataByID ($module, $idgroup, $iduser) { if ($this->dbGroupMember == null) throw new \Exception (dgettext ("domframework", "DB for GroupMember is not connected"), 500); $groups = $this->groupReadByID ($module, $idgroup); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $this->dbGroupMember->clearRequest (); return $this->dbGroupMember->select () ->whereAdd ("idgroup", "=", $groups[0]["idgroup"]) ->whereAdd ("idgroupmember", "=", $iduser) ->execute (); } /** Return an array containing the titles of the table translating in the user * language */ public function groupmembersTitles () { return $this->dbGroupMember->titles (); } /** Check if the provided data are compilant with the group specification * @param array $data The data to check * @param integer|null $idgroupmember The group member associated to verify * @return array The errors found in the data */ public function groupmembersVerify ($data, $idgroupmember=false) { return $this->dbGroupMember->verify ($data, $idgroupmember); } //////////////// // RIGHTS // //////////////// /** Add a new right to right list * Return the idright created * @param string $module The module to use * @param string $group The group to use * @param string $object The object to use * @param string $right The right to add * @param string|null $comment The comment to add */ public function rightAdd ($module, $group, $object, $right, $comment="") { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); switch ($right) { case "RW": $right=2;break; case "RO": $right=1;break; default: throw new \Exception (dgettext ("domframework", "Unknown right provided (RO/RW only)"), 500); } $groups = $this->groupRead ($module, $group); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $objects = $this->objectRead ($module, $object); if (! isset ($objects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->rightCache = null; $this->dbRight->clearRequest (); return $this->dbRight->insert () ->setValues (array ( "idgroup" => $groups[0]["idgroup"], "idobject" => $objects[0]["idobject"], "right" => $right, "comment" => $comment)) ->execute (); } /** Add a new right to right list by ID * Return the idright created * @param string $module The module to use * @param integer $idgroup The group to use * @param integer $idobject The object to use * @param integer $idright The right to add * @param string|null $comment The comment to add */ public function rightAddByID ($module, $idgroup, $idobject, $idright, $comment="") { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); switch ($idright) { case "2": $right=2;break; case "1": $right=1;break; default: throw new \Exception (dgettext ("domframework", "Unknown right provided (RO/RW only)"), 500); } $groups = $this->groupReadByID ($module, $idgroup); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $objects = $this->objectReadByID ($module, $idobject); if (! isset ($objects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->rightCache = null; $this->dbRight->clearRequest (); return $this->dbRight->insert () ->setValues (array ( "idgroup" => $groups[0]["idgroup"], "idobject" => $objects[0]["idobject"], "right" => $right, "comment" => $comment)) ->execute (); } /** Remove an right from database and all the rights using it * @param string $module The module to use * @param string $group The group to use * @param string $object The object to remove the rights */ public function rightDel ($module, $group, $object) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $idrights = $this->rightRead ($module, $group, $object); if (!isset ($idrights[0]["idright"])) throw new \Exception (dgettext ("domframework", "Wanted right not found"), 404); $this->rightCache = null; $this->dbRight->clearRequest (); return $this->dbRight->delete () ->whereAdd ("idright", "=", $idrights[0]["idright"]) ->execute (); } /** Remove an right from database by ID and all the rights using it * @param string $module The module to use * @param integer $idright The idright to be deleted */ public function rightDelByID ($module, $idright) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $idrights = $this->rightReadByID ($module, $idright); if (!isset ($idrights[0]["idright"])) throw new \Exception (dgettext ("domframework", "Wanted right not found"), 404); $this->rightCache = null; $this->dbRight->clearRequest (); return $this->dbRight->delete () ->whereAdd ("idright", "=", $idrights[0]["idright"]) ->execute (); } /** Update a right in the database * @param string $module The module to use * @param string $group The group to update the right * @param string $object The object ot update the right * @param string $newright The new right to save * @param string|null $newcomment The new comment to save */ public function rightUpdate ($module, $group, $object, $newright, $newcomment="") { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); switch ($newright) { case "RW": $newright=2;break; case "RO": $newright=1;break; default: throw new \Exception (dgettext ("domframework", "Unknown right provided (RO/RW only)"), 500); } $idrights = $this->rightRead ($module, $group, $object); if (!isset ($idrights[0]["idright"])) throw new \Exception (dgettext ("domframework", "Wanted right not found"), 404); $this->rightCache = null; $this->dbRight->clearRequest (); return $this->dbRight->update () ->whereAdd ("idright", "=", $idrights[0]["idright"]) ->setValues (array ("right" => $newright, "comment" => $newcomment)) ->execute (); } /** Update a right by ID in the database * @param string $module The module to use * @param integer $idright The idright to update the right * @param integer $newidobject The object ot update the right * @param integer $newright The new right to save * @param string|null $newcomment The new comment to save */ public function rightUpdateByID ($module, $idright, $newidobject, $newright, $newcomment="") { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); switch ($newright) { case "2": $newright=2;break; case "1": $newright=1;break; default: throw new \Exception (dgettext ("domframework", "Unknown right provided (RO/RW only)"), 500); } $idrights = $this->rightReadByID ($module, $idright); if (!isset ($idrights[0]["idright"])) throw new \Exception (dgettext ("domframework", "Wanted right not found"), 404); $this->rightCache = null; $this->dbRight->clearRequest (); return $this->dbRight->update () ->whereAdd ("idright", "=", $idrights[0]["idright"]) ->setValues (array ("idobject" => $newidobject, "right" => $newright, "comment" => $newcomment)) ->execute (); } /** Return an array with all the available rights in the module, for a group, * and concerning an object * @param string $module The module to use * @param string $group The group to get the rights * @param string $object The object to get the rights */ public function rightRead ($module, $group, $object) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $groups = $this->groupRead ($module, $group); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); $objects = $this->objectRead ($module, $object); if (! isset ($objects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->dbRight->clearRequest (); return $this->dbRight->select () ->whereAdd ("idgroup", "=", $groups[0]["idgroup"]) ->whereAdd ("idobject", "=", $objects[0]["idobject"]) ->execute (); } /** Return an array with all the available rights for a module and a group * @param string $module The module to use * @param string $group The group to get the rights */ public function rightReadByGroup ($module, $group) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $groups = $this->groupRead ($module, $group); if (! isset ($groups[0]["idgroup"])) throw new \Exception (dgettext ("domframework", "Wanted group not found"), 404); return $this->rightReadByGroupByID ($module, $objects[0]["idgroup"]); } /** Return an array with all the available rights for a module and a group * @param string $module The module to use * @param integer $idgroup The group to get the rights */ public function rightReadByGroupByID ($module, $idgroup) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $this->dbRight->clearRequest (); return $this->dbRight->select () ->whereAdd ("idgroup", "=", $idgroup) ->execute (); } /** Return an array with all the information concerning a right selected by * @param string $module The module to use * @param integer $idright The right to search * ID */ public function rightReadByID ($module, $idright) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $this->dbRight->clearRequest (); return $this->dbRight->select () ->whereAdd ("idright", "=", $idright) ->execute (); } /** Return an array with all the available rights for a module and an object * @param string $module The module to use * @param string $object The object to search */ public function rightReadByObject ($module, $object) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $objects = $this->objectRead ($module, $object); if (! isset ($objects[0]["idobject"])) throw new \Exception (dgettext ("domframework", "Wanted object not found"), 404); $this->dbRight->clearRequest (); return $this->dbRight->select () ->whereAdd ("idobject", "=", $objects[0]["idobject"]) ->execute (); } /** Return an array with all the available rights for a module and an idobject * @param string $module The module to use * @param integer $idobject The object to search */ public function rightReadByObjectByID ($module, $idobject) { if ($this->dbRight == null) throw new \Exception (dgettext ("domframework", "DB for Right is not connected"), 500); $this->dbRight->clearRequest (); return $this->dbRight->select () ->whereAdd ("idobject", "=", $idobject) ->execute (); } /** Return an array containing the titles of the table translating in the user * language */ public function rightTitles () { return $this->dbRight->titles (); } /** Return all the types of rights available (RO and RW) */ public function rightTypes () { return array ("1" => "RO", "2" => "RW"); } /** Check if the provided data are compilant with the group specification * @param array $data The data of the right to check * @param integer $idright The right to search * @return array The errors found in the data */ public function rightVerify ($data, $idright=false) { return $this->dbRight->verify ($data, $idright); } }