Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Files
0b80c58282cbcce2bb3f9363595a63a7dff25cef
DomFramework/dblayerauthzgroups.php

313 lines
11 KiB
PHP
Raw Blame History

<?php
/** DomFramework
@package domframework
@author Dominique Fournier <dominique@fournier38.fr> */
require_once ("domframework/dblayer.php");
/** DBLayer with authorization
All the actions in database are conditionned to the rights in authzgroups */
class dblayerauthzgroups extends dblayer
{
/** The authzgroups object, connected to the database */
public $authzgroups = null;
/** The module name for authzgroups */
public $module = null;
/** The user name for authzgroups */
public $user = null;
/** The auth information (email, lastname, firstname) */
public $auth = null;
/** The default group(s) when creating a new object. Can be a string or an
array with multiple groups */
public $createGroup = null;
/** The default right when creating a new object */
public $createRight = "RW";
/** Pre-Path in object authzgroups */
public $path = "";
/** Flag when primary key is added before search */
private $primaryKeyAdded = false;
////////////////////////
/// MAIN METHODS ///
////////////////////////
/** Hook preread
This hook is run before selecting the data in the database, after the
verification
@param array|null &$select Rows to select with
$select = array (array ($key, $val, $operator), ...)
$key=>column, $val=>value to found, $operator=>'LIKE', =...
@param array|null &$display Columns displayed
$display = array ($col1, $col2...);
@param array|null &$order Sort the columns by orientation
$order = array (array ($key, $orientation), ...)
$key=>column, $orientation=ASC/DESC
@param bool|null &$whereOr The WHERE parameters are separated by OR
instead of AND
@param array|null &$foreignSelect Add a filter on foreign keys */
public function hookpreread (&$select, &$display, &$order, &$whereOr,
&$foreignSelect)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if ($display === null || ! in_array ($this->primary, $display))
{
// Need the primary key to allow/deny access. Add it and remove the data
// after the access verification
$display[] = $this->primary;
$this->primaryKeyAdded = true;
}
}
/** Hook postread
This hook is run after selecting the data. Return only the allowed data to
the user. It must have at least the RO flag.
@param array $data the data selected by the select
@return array The data modified by the hook */
public function hookpostread ($data)
{
// TODO : If foreign keys, do we check if the access is allowed too ?
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->allowPath ();
foreach ($data as $key=>$line)
{
try
{
$this->authzgroups->accessRight ($this->module, $this->user,
$this->path."/".$line[$this->primary]);
}
catch (Exception $e)
{
unset ($data[$key]);
}
if ($this->primaryKeyAdded === true)
unset ($data[$key][$this->primary]);
}
return $data;
}
/** Hook preinsert
This hook is run before inserting a new data in the database, after the
verification
@param array the data to insert in the database
@return the modified datas */
public function hookpreinsert ($data)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if ($this->createGroup === null)
throw new Exception ("No createGroup defined for dblayerauthzgroups",
500);
$this->allowPath ();
$this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
return $data;
}
/** Hook postinsert
This hook is run after successfuly insert a new data in the database
@return the modified lastID */
public function hookpostinsert ($data, $lastID)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if ($this->createGroup === null)
throw new Exception ("No createGroup defined for dblayerauthzgroups",
500);
$this->authzgroups->objectAdd ($this->module, $this->path."/$lastID");
if (is_array ($this->createGroup))
{
foreach ($this->createGroup as $group)
{
$this->authzgroups->rightAdd ($this->module, $group,
$this->path."/$lastID",
$this->createRight);
}
}
elseif (is_string ($this->createGroup))
{
$this->authzgroups->rightAdd ($this->module, $this->createGroup,
$this->path."/$lastID", $this->createRight);
}
else
{
throw new Exception ("createGroup defined for dblayerauthzgroups is not ".
"an array or a string", 500);
}
return $lastID;
}
/** Hook preupdate
This hook is run before updating a data in the database, after the
verification
@return the modified datas */
public function hookpreupdate ($updatekey, $data)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->allowPath ();
$this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
$this->authzgroups->accessWrite ($this->module, $this->user,
$this->path."/$updatekey");
return $data;
}
/** Hook predelete
This hook is run before deleting a data in the database
@return the modified $deletekey */
public function hookpredelete ($deletekey)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->allowPath ();
$this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
$this->authzgroups->accessWrite ($this->module, $this->user,
$this->path."/$deletekey");
return $deletekey;
}
/** Hook postdelete
This hook is run after successfuly deleting a data in the database
@return $nbLinesUpdated */
public function hookpostdelete ($deletekey, $nbLinesDeleted)
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
$this->authzgroups->objectDel ($this->module, $this->path."/$deletekey");
return $nbLinesDeleted;
}
/** Return true if all the paths are allowed. Throw an exception elsewhere */
private function allowPath ()
{
if ($this->module === null)
throw new Exception ("No module defined for dblayerauthzgroups", 500);
if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
$this->user === null)
$this->user = $this->auth["email"];
if ($this->user === null)
throw new Exception ("No user defined for dblayerauthzgroups", 500);
if ($this->authzgroups === null)
throw new Exception ("No authzgroups defined for dblayerauthzgroups",
500);
if (substr ($this->path, -1) === "/")
$this->path = substr ($this->path, 0, -1);
$paths = explode ("/", $this->path);
$path = "";
foreach ($paths as $pathTmp)
{
$path .= "/$pathTmp";
$path = str_replace ("//", "/", $path);
$this->authzgroups->accessRight ($this->module, $this->user, $path);
}
return true;
}
///////////////////
/// SETTERS ///
///////////////////
/** Set the authzgroups property */
public function authzgroupsSet ($authzgroups)
{
$this->authzgroups = $authzgroups;
return $this;
}
/** Set the module property */
public function moduleSet ($module)
{
$this->module = $module;
return $this;
}
/** Set the auth property */
public function authSet ($auth)
{
$this->auth = $auth;
return $this;
}
/** Set the user property */
public function userSet ($user)
{
$this->user = $user;
return $this;
}
/** Set the createGroup property */
public function createGroupSet ($createGroup)
{
$this->createGroup = $createGroup;
return $this;
}
/** Set the createRight property */
public function createRightSet ($createRight)
{
$this->createRight = $createRight;
return $this;
}
/** Set the path property */
public function pathSet ($path)
{
$this->path = $path;
return $this;
}
}
Reference in New Issue View Git Blame Copy Permalink