1573 lines
54 KiB
PHP
1573 lines
54 KiB
PHP
<?php
|
|
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
* @license BSD
|
|
*/
|
|
|
|
namespace Domframework;
|
|
|
|
/** All the needed functions to authorize or deny access to an authenticated
|
|
user by its groups membership */
|
|
class Authzgroups
|
|
{
|
|
/**
|
|
* The table prefix to use
|
|
* @var string
|
|
*/
|
|
public $tableprefix = "";
|
|
/** The dblayer object use to manage the Object table */
|
|
private $dbObject = null;
|
|
/** The dblayer object use to manage the Group table */
|
|
private $dbGroup = null;
|
|
/** The dblayer object use to manage the GroupMember table */
|
|
private $dbGroupMember = null;
|
|
/** The dblayer object use to manage the Right table */
|
|
private $dbRight = null;
|
|
/** Set the debug level */
|
|
public $debug = 0;
|
|
/** A local cache of the rights if multiple tests are needed */
|
|
private $rightCache = null;
|
|
|
|
/////////////////////
|
|
// USER RIGHTS //
|
|
/////////////////////
|
|
/** Return an array with all the rights of the user in the module.
|
|
* Cache this information to be quicker with next requests
|
|
* Remove the entries where path is not at least readable
|
|
* @param string $module The module to use
|
|
* @param string $user The user to get the rights
|
|
*/
|
|
public function userrightsget($module, $user)
|
|
{
|
|
// if (isset ($_SESSION["domframework"]["authzgroups"][$module][$user]))
|
|
// return $_SESSION["domframework"]["authzgroups"][$module][$user];
|
|
if ($this->rightCache !== null) {
|
|
return $this->rightCache;
|
|
}
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
// Do the SQL request in hard to be more performant on jointures
|
|
if ($user === "cli" || $user === "root") {
|
|
$req = "SELECT o.object,'2' AS right
|
|
FROM " . $this->tableprefix . "authzobject AS o
|
|
WHERE o.module=:module";
|
|
} else {
|
|
$req = "SELECT o.object,MAX(r.right) AS \"right\"
|
|
FROM " . $this->tableprefix . "authzright AS r,
|
|
" . $this->tableprefix . "authzobject AS o,
|
|
" . $this->tableprefix . "authzgroup AS g,
|
|
" . $this->tableprefix . "authzgroupmember AS gm
|
|
WHERE r.idgroup=g.idgroup AND r.idobject=o.idobject AND
|
|
gm.idgroup=g.idgroup
|
|
AND gm.user=:user AND g.module=:module
|
|
GROUP BY o.object
|
|
ORDER BY o.object";
|
|
}
|
|
|
|
if ($this->debug) {
|
|
echo "$req\n";
|
|
}
|
|
try {
|
|
$st = $this->dbObject->prepare($req);
|
|
} catch (\Exception $e) {
|
|
if ($this->dbObject->debug) {
|
|
echo "DEBUG : PREPARE ERROR ! Return FALSE" .
|
|
$e->getMessage() . "\n";
|
|
}
|
|
throw new \Exception($e->getMessage(), 500);
|
|
}
|
|
|
|
if ($user !== "cli" && $user !== "root") {
|
|
$st->bindValue(":user", $user);
|
|
}
|
|
$st->bindValue(":module", $module);
|
|
try {
|
|
$rc = $st->execute();
|
|
if ($rc === false) {
|
|
throw new \Exception("Can't execute SQL request", 500);
|
|
}
|
|
} catch (\Exception $e) {
|
|
if ($this->dbObject->debug) {
|
|
echo "DEBUG : EXECUTE ERROR ! Return FALSE" .
|
|
$e->getMessage() . "\n";
|
|
}
|
|
throw new \Exception($e->getMessage(), 500);
|
|
}
|
|
$res = array();
|
|
while ($d = $st->fetch(\PDO::FETCH_ASSOC)) {
|
|
$res[$d["object"]] = $d["right"];
|
|
}
|
|
// Transform the numerical rights to RO/RW
|
|
foreach ($res as $k => $r) {
|
|
switch ($r) {
|
|
case "2":
|
|
$res[$k] = "RW";
|
|
break;
|
|
case "1":
|
|
$res[$k] = "RO";
|
|
break;
|
|
default:
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Unknown right stored"
|
|
), 500);
|
|
}
|
|
}
|
|
if (isset($_SESSION)) {
|
|
$_SESSION["domframework"]["authzgroups"][$module][$user] = $res;
|
|
}
|
|
$this->rightCache = $res;
|
|
return $res;
|
|
}
|
|
|
|
/** Return the right defined for this user in the module for one object
|
|
* @param string $module The module to use
|
|
* @param string $user The user to get the rights
|
|
* @param string $object The object to return the rights for the user
|
|
*/
|
|
public function allow($module, $user, $object)
|
|
{
|
|
$ressource = $this->userrightsget($module, $user);
|
|
// The complete tree should not be readable for the user : it can have
|
|
// access to a card, but not to all the cards (group -> reject,
|
|
// group/XXX->allow)
|
|
/*// Limit to allowed trees : if a member of the path is not recorded (is
|
|
// unreadable), return NO.
|
|
// Can be the last entry (the complete object) too
|
|
$path = explode ("/", $object);
|
|
$completePath = "/";
|
|
foreach ($path as $k=>$p)
|
|
{
|
|
if ($k>1)
|
|
$completePath .= "/";
|
|
$completePath .= "$p";
|
|
if (! isset ($ressource[$completePath]))
|
|
{
|
|
if ($this->debug)
|
|
echo "DEBUG allow : REJECT because $completePath is not found\n";
|
|
return "NO";
|
|
}
|
|
}*/
|
|
if (! isset($ressource[$object])) {
|
|
return "NO";
|
|
}
|
|
return $ressource[$object];
|
|
}
|
|
|
|
/** Return TRUE if the user right allow to see the object (RO or RW)
|
|
* Return a 403 Exception if the user don't have the right
|
|
* Return a 401 Exception if the user is not connected
|
|
* @param string $module The module to use
|
|
* @param string $user The user to get the rights
|
|
* @param string $object The object to check the rights for the user
|
|
*/
|
|
public function accessRight($module, $user, $object)
|
|
{
|
|
if ($this->dbObject === null) {
|
|
throw new \Exception("Can't use authzgroups\\accessRight without " .
|
|
"connected database", 500);
|
|
}
|
|
if ($module === null || ! is_string($module) || trim($module) === "") {
|
|
throw new \Exception(
|
|
"Module not provided to authzgroups\\accessRight",
|
|
500
|
|
);
|
|
}
|
|
if ($user === null || ! is_string($user) || trim($user) === "") {
|
|
throw new \Exception(
|
|
"User not provided to authzgroups\\accessright",
|
|
500
|
|
);
|
|
}
|
|
if ($object === null || ! is_string($object)) {
|
|
throw new \Exception(
|
|
"Object not provided to authzgroups\\accessRight",
|
|
500
|
|
);
|
|
}
|
|
if ($object[0] !== "/") {
|
|
$object = "/$object";
|
|
}
|
|
$rc = $this->allow($module, $user, "$object");
|
|
if ($this->debug) {
|
|
trigger_error("authzgroups : accessRight ('$module', '$user', " .
|
|
"'$object')=$rc", E_USER_NOTICE);
|
|
}
|
|
if ($rc !== "NO") {
|
|
return true;
|
|
}
|
|
if ($user === "anonymous") {
|
|
throw new \Exception(
|
|
dgettext("domframework", "Anonymous not allowed"),
|
|
401
|
|
);
|
|
}
|
|
throw new \Exception(dgettext("domframework", "Access forbidden"), 403);
|
|
}
|
|
|
|
/** Return TRUE if the user right allow to edit the object (RW only)
|
|
* Return a 403 Exception if the user don't have the right
|
|
* Return a 401 Exception if the user is not connected
|
|
* @param string $module The module to use
|
|
* @param string $user The user to get the rights
|
|
* @param string $object The object to check the rights for the user
|
|
*/
|
|
public function accessWrite($module, $user, $object)
|
|
{
|
|
if ($this->dbObject === null) {
|
|
throw new \Exception("Can't use authzgroups\\accessWrite without " .
|
|
"connected database", 500);
|
|
}
|
|
if ($module === null || ! is_string($module) || trim($module) === "") {
|
|
throw new \Exception(
|
|
"Module not provided to authzgroups\\accessWrite",
|
|
500
|
|
);
|
|
}
|
|
if ($user === null || ! is_string($user) || trim($user) === "") {
|
|
throw new \Exception(
|
|
"User not provided to authzgroups\\accessWrite",
|
|
500
|
|
);
|
|
}
|
|
if ($object === null || ! is_string($object)) {
|
|
throw new \Exception(
|
|
"Object not provided to authzgroups\\accessWrite",
|
|
500
|
|
);
|
|
}
|
|
if ($object[0] !== "/") {
|
|
$object = "/$object";
|
|
}
|
|
$rc = $this->allow($module, $user, $object);
|
|
if ($this->debug) {
|
|
trigger_error("authzgroups : accessWrite ('$module', '$user', " .
|
|
"'$object')=$rc", E_USER_NOTICE);
|
|
}
|
|
if ($rc === "RW") {
|
|
return true;
|
|
}
|
|
if ($user === "anonymous") {
|
|
throw new \Exception(
|
|
dgettext("domframework", "Anonymous not allowed"),
|
|
401
|
|
);
|
|
}
|
|
throw new \Exception(
|
|
dgettext("domframework", "Modification forbidden"),
|
|
403
|
|
);
|
|
}
|
|
|
|
/** Return TRUE if the user right allow to see but without modification
|
|
* the object (RO only)
|
|
* Return a 403 Exception if the user don't have the right
|
|
* Return a 401 Exception if the user is not connected
|
|
* @param string $module The module to use
|
|
* @param string $user The user to get the rights
|
|
* @param string $object The object to check the rights for the user
|
|
*/
|
|
public function accessReadOnly($module, $user, $object)
|
|
{
|
|
if ($this->dbObject === null) {
|
|
throw new \Exception("Can't use authzgroups\\accessReadOnly without " .
|
|
"connected database", 500);
|
|
}
|
|
if ($module === null || ! is_string($module) || trim($module) === "") {
|
|
throw new \Exception(
|
|
"Module not provided to authzgroups\\accessReadOnly",
|
|
500
|
|
);
|
|
}
|
|
if ($user === null || ! is_string($user) || trim($user) === "") {
|
|
throw new \Exception(
|
|
"User not provided to authzgroups\\accessReadOnly",
|
|
500
|
|
);
|
|
}
|
|
if ($object === null || ! is_string($object)) {
|
|
throw new \Exception(
|
|
"Object not provided to authzgroups\\accessReadOnly",
|
|
500
|
|
);
|
|
}
|
|
if ($object[0] !== "/") {
|
|
$object = "/$object";
|
|
}
|
|
$rc = $this->allow($module, $user, $object);
|
|
if ($this->debug) {
|
|
trigger_error("authzgroups : accessReadOnly ('$module', '$user', " .
|
|
"'$object')" . "=$rc", E_USER_NOTICE);
|
|
}
|
|
if ($rc === "RO") {
|
|
return true;
|
|
}
|
|
if ($user === "anonymous") {
|
|
throw new \Exception(
|
|
dgettext("domframework", "Anonymous not allowed"),
|
|
401
|
|
);
|
|
}
|
|
throw new \Exception(dgettext("domframework", "Access forbidden"), 403);
|
|
}
|
|
|
|
/////////////////////////
|
|
// DATABASE STORAGE //
|
|
/////////////////////////
|
|
/** Connect to the database before using it
|
|
* @param string $dsn The DSN to use to connect to the database
|
|
* @param string|null $username The username to use to connect to the
|
|
* database
|
|
* @param string|null $password The password to use to connect to the
|
|
* database
|
|
* @param array|null $driver_options The options to pass to PDO driver
|
|
*/
|
|
public function connect(
|
|
$dsn,
|
|
$username = null,
|
|
$password = null,
|
|
$driver_options = null
|
|
) {
|
|
$this->dbObject = new Dblayer($dsn, $username, $password, $driver_options);
|
|
$this->dbObject->debug = $this->debug;
|
|
$this->dbObject->table = "authzobject";
|
|
$this->dbObject->tableprefix = $this->tableprefix;
|
|
$this->dbObject->fields = array(
|
|
"idobject" => array("integer", "not null", "autoincrement"),
|
|
"module" => array("varchar", "255", "not null"),
|
|
"object" => array("varchar", "255", "not null"),
|
|
"comment" => array("varchar", "255"));
|
|
$this->dbObject->primary = "idobject";
|
|
$this->dbObject->unique = array("idobject", array("object", "module"));
|
|
$this->dbObject->titles = array(
|
|
"idobject" => dgettext("domframework", "idobject"),
|
|
"module" => dgettext("domframework", "Module"),
|
|
"object" => dgettext("domframework", "Object"),
|
|
"comment" => dgettext("domframework", "Comment"));
|
|
|
|
$this->dbGroup = new Dblayer($dsn, $username, $password, $driver_options);
|
|
$this->dbGroup->debug = $this->debug;
|
|
$this->dbGroup->table = "authzgroup";
|
|
$this->dbGroup->tableprefix = $this->tableprefix;
|
|
$this->dbGroup->fields = array(
|
|
"idgroup" => array("integer", "not null", "autoincrement"),
|
|
"module" => array("varchar", "255", "not null"),
|
|
"group" => array("varchar", "255", "not null"),
|
|
"comment" => array("varchar", "255"));
|
|
$this->dbGroup->primary = "idgroup";
|
|
$this->dbGroup->unique = array("idgroup", array("module", "group"));
|
|
$this->dbGroup->titles = array(
|
|
"idgroup" => dgettext("domframework", "idgroup"),
|
|
"module" => dgettext("domframework", "Module"),
|
|
"group" => dgettext("domframework", "Group"),
|
|
"comment" => dgettext("domframework", "Comment"));
|
|
|
|
$this->dbGroupMember = new Dblayer(
|
|
$dsn,
|
|
$username,
|
|
$password,
|
|
$driver_options
|
|
);
|
|
$this->dbGroupMember->debug = $this->debug;
|
|
$this->dbGroupMember->table = "authzgroupmember";
|
|
$this->dbGroupMember->tableprefix = $this->tableprefix;
|
|
$this->dbGroupMember->fields = array(
|
|
"idgroupmember" => array("integer", "not null", "autoincrement"),
|
|
"user" => array("varchar", "255", "not null"),
|
|
"idgroup" => array("integer", "not null"),
|
|
"comment" => array("varchar", "255"));
|
|
$this->dbGroupMember->primary = "idgroupmember";
|
|
$this->dbGroupMember->unique = array("idgroupmember",
|
|
array("user", "idgroup"));
|
|
$this->dbGroupMember->foreign = array(
|
|
"idgroup" => array("authzgroup", "idgroup",
|
|
"ON UPDATE CASCADE ON DELETE CASCADE"));
|
|
$this->dbGroupMember->titles = array(
|
|
"idgroupmember" => dgettext("domframework", "idgroupmember"),
|
|
"user" => dgettext("domframework", "User"),
|
|
"idgroup" => dgettext("domframework", "idgroup"),
|
|
"comment" => dgettext("domframework", "Comment"));
|
|
|
|
$this->dbRight = new Dblayer($dsn, $username, $password, $driver_options);
|
|
$this->dbRight->debug = $this->debug;
|
|
$this->dbRight->table = "authzright";
|
|
$this->dbRight->tableprefix = $this->tableprefix;
|
|
$this->dbRight->fields = array(
|
|
"idright" => array("integer", "not null", "autoincrement"),
|
|
"idgroup" => array("integer", "not null"),
|
|
"idobject" => array("integer", "not null"),
|
|
"right" => array("varchar", "2", "not null"), // RO, RW
|
|
"comment" => array("varchar", "255"));
|
|
$this->dbRight->primary = "idright";
|
|
$this->dbRight->unique = array("idright", array("idgroup", "idobject"));
|
|
$this->dbRight->foreign = array(
|
|
"idgroup" => array("authzgroup", "idgroup",
|
|
"ON UPDATE CASCADE ON DELETE CASCADE"),
|
|
"idobject" => array("authzobject", "idobject",
|
|
"ON UPDATE CASCADE ON DELETE CASCADE"),
|
|
);
|
|
$this->dbRight->titles = array(
|
|
"idright" => dgettext("domframework", "idright"),
|
|
"idgroup" => dgettext("domframework", "idgroup"),
|
|
"idobject" => dgettext("domframework", "idobject"),
|
|
"right" => dgettext("domframework", "Right"),
|
|
"comment" => dgettext("domframework", "Comment"));
|
|
return true;
|
|
}
|
|
|
|
/** Disconnect from the database. Should be only used in the unit tests
|
|
*/
|
|
public function disconnect()
|
|
{
|
|
$this->dbObject->disconnect();
|
|
}
|
|
|
|
/** Create the tables in the database to store the data
|
|
*/
|
|
public function createTables()
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$tables = array("Object", "Group", "GroupMember", "Right");
|
|
foreach ($tables as $table) {
|
|
try {
|
|
$class = "db$table";
|
|
$this->$class->createTable();
|
|
} catch (\Exception $e) {
|
|
echo $e->getMessage() . "\n";
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/////////////////
|
|
// OBJECTS //
|
|
/////////////////
|
|
/** Add a new object to object list
|
|
* Return the idobject created
|
|
* @param string $module The module to use
|
|
* @param string $object The object to create
|
|
* @param string|null $comment The comment to save
|
|
*/
|
|
public function objectAdd($module, $object, $comment = "")
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
// TODO : Check parameters before saving them
|
|
$this->rightCache = null;
|
|
return $this->dbObject->insert(array("module" => $module,
|
|
"object" => $object,
|
|
"comment" => $comment));
|
|
}
|
|
|
|
/** Remove an object from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param string $object The object to delete
|
|
*/
|
|
public function objectDel($module, $object)
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
$idobjects = $this->objectRead($module, $object);
|
|
if (! isset($idobjects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbObject->delete($idobjects[0]["idobject"]);
|
|
}
|
|
|
|
/** Remove an object from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param integer $idobject The object to delete
|
|
*/
|
|
public function objectDelByID($module, $idobject)
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
$idobjects = $this->objectReadByID($module, $idobject);
|
|
if (! isset($idobjects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbObject->delete($idobjects[0]["idobject"]);
|
|
}
|
|
|
|
/** Update an object in the database
|
|
* @param string $module The module to use
|
|
* @param string $object The object to update
|
|
* @param string $newobject The new name of the object
|
|
* @param string|null $newcomment The new comment of the object
|
|
*/
|
|
public function objectUpdate($module, $object, $newobject, $newcomment = "")
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
$idobjects = $this->objectRead($module, $object);
|
|
if (! isset($idobjects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbObject->update(
|
|
$idobjects[0]["idobject"],
|
|
array("object" => $newobject,
|
|
"comment" => $newcomment)
|
|
);
|
|
}
|
|
|
|
/** Update an object in the database
|
|
* @param string $module The module to use
|
|
* @param integer $idobject The object to update
|
|
* @param string $newobject The new name of the object
|
|
* @param string|null $newcomment The new comment of the object
|
|
*/
|
|
public function objectUpdateByID(
|
|
$module,
|
|
$idobject,
|
|
$newobject,
|
|
$newcomment = ""
|
|
) {
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
$idobjects = $this->objectReadByID($module, $idobject);
|
|
if (! isset($idobjects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbObject->update(
|
|
$idobjects[0]["idobject"],
|
|
array("object" => $newobject,
|
|
"comment" => $newcomment)
|
|
);
|
|
}
|
|
|
|
/** Return an array with all the available objects in the module, or only
|
|
* one object if $object is provided
|
|
* @param string $module The module to use
|
|
* @param string $object The name of the object to get
|
|
*/
|
|
public function objectRead($module, $object = null)
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
$select[] = array("module", $module);
|
|
if ($object !== null) {
|
|
$select[] = array("object", $object);
|
|
}
|
|
return $this->dbObject->read(
|
|
$select,
|
|
null,
|
|
array(array("object", "ASC"))
|
|
);
|
|
}
|
|
|
|
/** Return an array with all the available objects in the module, or only
|
|
* one object if $object is provided
|
|
* @param string $module The module to use
|
|
* @param integer $idobject The name of the object to get
|
|
*/
|
|
public function objectReadByID($module, $idobject = null)
|
|
{
|
|
if ($this->dbObject == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Object is not connected"
|
|
), 500);
|
|
}
|
|
$select[] = array("module", $module);
|
|
if ($idobject !== null) {
|
|
$select[] = array("idobject", $idobject);
|
|
}
|
|
return $this->dbObject->read($select);
|
|
}
|
|
|
|
/** Return an array containing the titles of the table translating in the user
|
|
* language
|
|
*/
|
|
public function objectTitles()
|
|
{
|
|
return $this->dbObject->titles;
|
|
}
|
|
|
|
/** Check if the provided data are compliant with the object specification
|
|
* @param array $data The name of the object to get
|
|
* @param integer|null $idobject The object to check
|
|
* @return array The errors found in the data
|
|
*/
|
|
public function objectVerify($data, $idobject = false)
|
|
{
|
|
return $this->dbObject->verify($data, $idobject);
|
|
}
|
|
|
|
////////////////
|
|
// GROUPS //
|
|
////////////////
|
|
/** Add a new group to group list
|
|
* Return the idgroup created
|
|
* @param string $module The module to use
|
|
* @param string $group The group to create
|
|
* @param string|null $comment The comment to add with the group
|
|
*/
|
|
public function groupAdd($module, $group, $comment = "")
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
// TODO : Check parameters before saving them
|
|
return $this->dbGroup->insert(array("module" => $module,
|
|
"group" => $group,
|
|
"comment" => $comment));
|
|
}
|
|
|
|
/** Remove an group from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param string $group The group to delete
|
|
*/
|
|
public function groupDel($module, $group)
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
$idgroups = $this->groupRead($module, $group);
|
|
if (! isset($idgroups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
return $this->dbGroup->delete($idgroups[0]["idgroup"]);
|
|
}
|
|
|
|
/** Remove an group from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to delete
|
|
*/
|
|
public function groupDelByID($module, $idgroup)
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
$idgroups = $this->groupReadByID($module, $idgroup);
|
|
if (! isset($idgroups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
return $this->dbGroup->delete($idgroups[0]["idgroup"]);
|
|
}
|
|
|
|
/** Update an group in the database
|
|
* @param string $module The module to use
|
|
* @param string $group The group to update
|
|
* @param string $newgroup The new group name
|
|
* @param string|null $comment The comment for the group
|
|
*/
|
|
public function groupUpdate($module, $group, $newgroup, $comment = "")
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
$idgroups = $this->groupRead($module, $group);
|
|
if (! isset($idgroups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
return $this->dbGroup->update(
|
|
$idgroups[0]["idgroup"],
|
|
array("group" => $newgroup,
|
|
"comment" => $comment)
|
|
);
|
|
}
|
|
|
|
/** Update an group in the database
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to update
|
|
* @param string $newgroup The new group name
|
|
* @param string|null $comment The comment for the group
|
|
*/
|
|
public function groupUpdateByID($module, $idgroup, $newgroup, $comment = "")
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
$idgroups = $this->groupReadByID($module, $idgroup);
|
|
if (! isset($idgroups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
return $this->dbGroup->update(
|
|
$idgroups[0]["idgroup"],
|
|
array("group" => $newgroup,
|
|
"comment" => $comment)
|
|
);
|
|
}
|
|
|
|
/** Return an array with all the available groups in the module
|
|
* @param string $module The module to use
|
|
* @param string|null $group The group to check if exists
|
|
*/
|
|
public function groupRead($module, $group = null)
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
$select[] = array("module", $module);
|
|
if ($group !== null) {
|
|
$select[] = array("group", $group);
|
|
}
|
|
return $this->dbGroup->read($select, null, array(array("group", "ASC")));
|
|
}
|
|
|
|
|
|
/** Return an array with all the available groups in the module
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to check if exists
|
|
*/
|
|
public function groupReadByID($module, $idgroup)
|
|
{
|
|
if ($this->dbGroup == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Group is not connected"
|
|
), 500);
|
|
}
|
|
$select[] = array("module", $module);
|
|
$select[] = array("idgroup", $idgroup);
|
|
return $this->dbGroup->read($select);
|
|
}
|
|
|
|
/** Return an array containing the titles of the table translating in the user
|
|
* language
|
|
*/
|
|
public function groupTitles()
|
|
{
|
|
return $this->dbGroup->titles;
|
|
}
|
|
|
|
/** Check if the provided data are compilant with the group specification
|
|
* @param array $data The data to check
|
|
* @param integer|null $idgroup The idgroup to check
|
|
* @return array The errors found in the data
|
|
*/
|
|
public function groupVerify($data, $idgroup = false)
|
|
{
|
|
return $this->dbGroup->verify($data, $idgroup);
|
|
}
|
|
|
|
//////////////////////
|
|
// GROUP MEMBER //
|
|
//////////////////////
|
|
/** Add a new groupmember to groupmember list
|
|
* Return the idgroupmember created
|
|
* @param string $module The module to use
|
|
* @param string $group The group to use
|
|
* @param string $user The user to add in group
|
|
* @param string|null $comment The comment to save
|
|
*/
|
|
public function groupmemberAdd($module, $group, $user, $comment = "")
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupRead($module, $group);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbGroupMember->insert(array(
|
|
"user" => $user,
|
|
"idgroup" => $groups[0]["idgroup"],
|
|
"comment" => $comment));
|
|
}
|
|
|
|
/** Remove an groupmember from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param string $group The group to use
|
|
* @param string $user The user to remove
|
|
*/
|
|
public function groupmemberDel($module, $group, $user)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupRead($module, $group);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$groupsMembers = $this->dbGroupMember->read(array(
|
|
array("user", $user),
|
|
array("idgroup", $groups[0]["idgroup"])));
|
|
if (! isset($groupsMembers[0]["idgroupmember"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted GroupMember not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbGroupMember->delete($groupsMembers[0]["idgroupmember"]);
|
|
}
|
|
|
|
/** Remove an groupmember from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to use
|
|
* @param integer $idgroupmember The user to remove
|
|
*/
|
|
public function groupmemberDelByID($module, $idgroup, $idgroupmember)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
), 500);
|
|
}
|
|
$groups = $this->groupReadByID($module, $idgroup);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$groupsMembers = $this->dbGroupMember->read(array(
|
|
array("idgroupmember", $idgroupmember),
|
|
array("idgroup", $idgroup)));
|
|
if (! isset($groupsMembers[0]["idgroupmember"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted GroupMember not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbGroupMember->delete($groupsMembers[0]["idgroupmember"]);
|
|
}
|
|
|
|
/** Update an groupmember in the database
|
|
* @param string $module The module to use
|
|
* @param string $group The group to use
|
|
* @param string $user The user to update
|
|
* @param string|null $comment The comment to update
|
|
*/
|
|
public function groupmemberUpdate($module, $group, $user, $comment = "")
|
|
{
|
|
$this->rightCache = null;
|
|
die("This function is not available : contact us if you need it\n");
|
|
}
|
|
|
|
/** Update an groupmember in the database
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to use
|
|
* @param integer $iduser The user to update
|
|
* @param string $user The new user name
|
|
* @param string|null $comment The comment to update
|
|
*/
|
|
public function groupmemberUpdateByID(
|
|
$module,
|
|
$idgroup,
|
|
$iduser,
|
|
$user,
|
|
$comment = ""
|
|
) {
|
|
$data = $this->groupmemberReadUserDataByID($module, $idgroup, $iduser);
|
|
if (count($data) === 0) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"IDUser in IDGroup not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbGroupMember->update(
|
|
$iduser,
|
|
array("user" => $user,
|
|
"comment" => $comment)
|
|
);
|
|
}
|
|
|
|
|
|
/** Return an array with all the groups where the user is in and in the module
|
|
* @param string $module The module to use
|
|
* @param string $user The user to search
|
|
*/
|
|
public function groupmemberReadUser($module, $user)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$idgrouptmps = $this->groupRead($module);
|
|
// Create an array with idgroup=>group
|
|
$idgroups = array();
|
|
foreach ($idgrouptmps as $val) {
|
|
$idgroups[$val["idgroup"]] = $val["group"];
|
|
}
|
|
$select = array();
|
|
$select[] = array("user", $user);
|
|
$idgroupmembers = $this->dbGroupMember->read($select);
|
|
$res = array();
|
|
foreach ($idgroupmembers as $idmembers) {
|
|
$res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]];
|
|
}
|
|
return $res;
|
|
}
|
|
|
|
/** Return an array with all the groups where the user is in and in the module
|
|
* @param string $module The module to use
|
|
* @param integer $idgroupmember The user to search
|
|
*/
|
|
public function groupmemberReadUserByID($module, $idgroupmember)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$idgrouptmps = $this->groupRead($module);
|
|
// Create an array with idgroup=>group
|
|
$idgroups = array();
|
|
foreach ($idgrouptmps as $val) {
|
|
$idgroups[$val["idgroup"]] = $val["group"];
|
|
}
|
|
$select = array();
|
|
$select[] = array("idgroupmember", $idgroupmember);
|
|
$idgroupmembers = $this->dbGroupMember->read($select);
|
|
$res = array();
|
|
foreach ($idgroupmembers as $idmembers) {
|
|
$res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]];
|
|
}
|
|
return $res;
|
|
}
|
|
|
|
/** Return an array with all the available users in the group and in the
|
|
* module
|
|
* @param string $module The module to use
|
|
* @param string $group The group to search
|
|
*/
|
|
public function groupmemberReadGroup($module, $group)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupRead($module, $group);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$select[] = array("idgroup", $groups[0]["idgroup"]);
|
|
return $this->dbGroupMember->read($select, array("user"));
|
|
}
|
|
|
|
/** Return an array with all the available users in the group and in the
|
|
* module
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to search
|
|
*/
|
|
public function groupmemberReadGroupByID($module, $idgroup)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupReadByID($module, $idgroup);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$select[] = array("idgroup", $groups[0]["idgroup"]);
|
|
return $this->dbGroupMember->read($select);
|
|
}
|
|
|
|
/** Return an array containing the information of a user in a specific group
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to search
|
|
* @param integer $iduser The user to search
|
|
*/
|
|
public function groupmemberReadUserDataByID($module, $idgroup, $iduser)
|
|
{
|
|
if ($this->dbGroupMember == null) {
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"DB for GroupMember is not connected"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupReadByID($module, $idgroup);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$select[] = array("idgroup", $groups[0]["idgroup"]);
|
|
$select[] = array("idgroupmember", $iduser);
|
|
return $this->dbGroupMember->read($select);
|
|
}
|
|
|
|
/** Return an array containing the titles of the table translating in the user
|
|
* language
|
|
*/
|
|
public function groupmembersTitles()
|
|
{
|
|
return $this->dbGroupMember->titles;
|
|
}
|
|
|
|
/** Check if the provided data are compilant with the group specification
|
|
* @param array $data The data to check
|
|
* @param integer|null $idgroupmember The group member associated to verify
|
|
* @return array The errors found in the data
|
|
*/
|
|
public function groupmembersVerify($data, $idgroupmember = false)
|
|
{
|
|
return $this->dbGroupMember->verify($data, $idgroupmember);
|
|
}
|
|
|
|
////////////////
|
|
// RIGHTS //
|
|
////////////////
|
|
/** Add a new right to right list
|
|
* Return the idright created
|
|
* @param string $module The module to use
|
|
* @param string $group The group to use
|
|
* @param string $object The object to use
|
|
* @param string $right The right to add
|
|
* @param string|null $comment The comment to add
|
|
*/
|
|
public function rightAdd($module, $group, $object, $right, $comment = "")
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
switch ($right) {
|
|
case "RW":
|
|
$right = 2;
|
|
break;
|
|
case "RO":
|
|
$right = 1;
|
|
break;
|
|
default:
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"Unknown right provided (RO/RW only)"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupRead($module, $group);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$objects = $this->objectRead($module, $object);
|
|
if (! isset($objects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbRight->insert(array("idgroup" => $groups[0]["idgroup"],
|
|
"idobject" => $objects[0]["idobject"],
|
|
"right" => $right,
|
|
"comment" => $comment));
|
|
}
|
|
|
|
/** Add a new right to right list by ID
|
|
* Return the idright created
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to use
|
|
* @param integer $idobject The object to use
|
|
* @param integer $idright The right to add
|
|
* @param string|null $comment The comment to add
|
|
*/
|
|
public function rightAddByID(
|
|
$module,
|
|
$idgroup,
|
|
$idobject,
|
|
$idright,
|
|
$comment = ""
|
|
) {
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
switch ($idright) {
|
|
case "2":
|
|
$right = 2;
|
|
break;
|
|
case "1":
|
|
$right = 1;
|
|
break;
|
|
default:
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"Unknown right provided (RO/RW only)"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$groups = $this->groupReadByID($module, $idgroup);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$objects = $this->objectReadByID($module, $idobject);
|
|
if (! isset($objects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbRight->insert(array("idgroup" => $groups[0]["idgroup"],
|
|
"idobject" => $objects[0]["idobject"],
|
|
"right" => $right,
|
|
"comment" => $comment));
|
|
}
|
|
|
|
/** Remove an right from database and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param string $group The group to use
|
|
* @param string $object The object to remove the rights
|
|
*/
|
|
public function rightDel($module, $group, $object)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$idrights = $this->rightRead($module, $group, $object);
|
|
if (!isset($idrights[0]["idright"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted right not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbRight->delete($idrights[0]["idright"]);
|
|
}
|
|
|
|
/** Remove an right from database by ID and all the rights using it
|
|
* @param string $module The module to use
|
|
* @param integer $idright The idright to be deleted
|
|
*/
|
|
public function rightDelByID($module, $idright)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$idrights = $this->rightReadByID($module, $idright);
|
|
if (!isset($idrights[0]["idright"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted right not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbRight->delete($idrights[0]["idright"]);
|
|
}
|
|
|
|
/** Update a right in the database
|
|
* @param string $module The module to use
|
|
* @param string $group The group to update the right
|
|
* @param string $object The object ot update the right
|
|
* @param string $newright The new right to save
|
|
* @param string|null $newcomment The new comment to save
|
|
*/
|
|
public function rightUpdate(
|
|
$module,
|
|
$group,
|
|
$object,
|
|
$newright,
|
|
$newcomment = ""
|
|
) {
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
switch ($newright) {
|
|
case "RW":
|
|
$newright = 2;
|
|
break;
|
|
case "RO":
|
|
$newright = 1;
|
|
break;
|
|
default:
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"Unknown right provided (RO/RW only)"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$idrights = $this->rightRead($module, $group, $object);
|
|
if (!isset($idrights[0]["idright"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted right not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbRight->update(
|
|
$idrights[0]["idright"],
|
|
array("right" => $newright,
|
|
"comment" => $newcomment)
|
|
);
|
|
}
|
|
|
|
/** Update a right by ID in the database
|
|
* @param string $module The module to use
|
|
* @param integer $idright The idright to update the right
|
|
* @param integer $newidobject The object ot update the right
|
|
* @param integer $newright The new right to save
|
|
* @param string|null $newcomment The new comment to save
|
|
*/
|
|
public function rightUpdateByID(
|
|
$module,
|
|
$idright,
|
|
$newidobject,
|
|
$newright,
|
|
$newcomment = ""
|
|
) {
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
switch ($newright) {
|
|
case "2":
|
|
$newright = 2;
|
|
break;
|
|
case "1":
|
|
$newright = 1;
|
|
break;
|
|
default:
|
|
throw new \Exception(
|
|
dgettext(
|
|
"domframework",
|
|
"Unknown right provided (RO/RW only)"
|
|
),
|
|
500
|
|
);
|
|
}
|
|
$idrights = $this->rightReadByID($module, $idright);
|
|
if (!isset($idrights[0]["idright"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted right not found"
|
|
), 404);
|
|
}
|
|
$this->rightCache = null;
|
|
return $this->dbRight->update(
|
|
$idrights[0]["idright"],
|
|
array("idobject" => $newidobject,
|
|
"right" => $newright,
|
|
"comment" => $newcomment)
|
|
);
|
|
}
|
|
|
|
|
|
/** Return an array with all the available rights in the module, for a group,
|
|
* and concerning an object
|
|
* @param string $module The module to use
|
|
* @param string $group The group to get the rights
|
|
* @param string $object The object to get the rights
|
|
*/
|
|
public function rightRead($module, $group, $object)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$groups = $this->groupRead($module, $group);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
$objects = $this->objectRead($module, $object);
|
|
if (! isset($objects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$select[] = array("idgroup", $groups[0]["idgroup"]);
|
|
$select[] = array("idobject", $objects[0]["idobject"]);
|
|
return $this->dbRight->read($select);
|
|
}
|
|
|
|
/** Return an array with all the available rights for a module and a group
|
|
* @param string $module The module to use
|
|
* @param string $group The group to get the rights
|
|
*/
|
|
public function rightReadByGroup($module, $group)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$groups = $this->groupRead($module, $group);
|
|
if (! isset($groups[0]["idgroup"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted group not found"
|
|
), 404);
|
|
}
|
|
return $this->rightReadByGroupByID($module, $objects[0]["idgroup"]);
|
|
}
|
|
|
|
/** Return an array with all the available rights for a module and a group
|
|
* @param string $module The module to use
|
|
* @param integer $idgroup The group to get the rights
|
|
*/
|
|
public function rightReadByGroupByID($module, $idgroup)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$select[] = array("idgroup", $idgroup);
|
|
return $this->dbRight->read($select);
|
|
}
|
|
|
|
/** Return an array with all the information concerning a right selected by
|
|
* @param string $module The module to use
|
|
* @param integer $idright The right to search
|
|
* ID
|
|
*/
|
|
public function rightReadByID($module, $idright)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$select[] = array("idright", $idright);
|
|
return $this->dbRight->read($select);
|
|
}
|
|
|
|
/** Return an array with all the available rights for a module and an object
|
|
* @param string $module The module to use
|
|
* @param string $object The object to search
|
|
*/
|
|
public function rightReadByObject($module, $object)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
$objects = $this->objectRead($module, $object);
|
|
if (! isset($objects[0]["idobject"])) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"Wanted object not found"
|
|
), 404);
|
|
}
|
|
$select[] = array("idobject", $objects[0]["idobject"]);
|
|
return $this->dbRight->read($select);
|
|
}
|
|
|
|
/** Return an array with all the available rights for a module and an idobject
|
|
* @param string $module The module to use
|
|
* @param integer $idobject The object to search
|
|
*/
|
|
public function rightReadByObjectByID($module, $idobject)
|
|
{
|
|
if ($this->dbRight == null) {
|
|
throw new \Exception(dgettext(
|
|
"domframework",
|
|
"DB for Right is not connected"
|
|
), 500);
|
|
}
|
|
// FIXME : Do not use $module ?
|
|
$select[] = array("idobject", $idobject);
|
|
return $this->dbRight->read($select);
|
|
}
|
|
|
|
|
|
/** Return an array containing the titles of the table translating in the user
|
|
* language
|
|
*/
|
|
public function rightTitles()
|
|
{
|
|
return $this->dbRight->titles;
|
|
}
|
|
|
|
/** Return all the types of rights available (RO and RW)
|
|
*/
|
|
public function rightTypes()
|
|
{
|
|
return array("1" => "RO", "2" => "RW");
|
|
}
|
|
|
|
/** Check if the provided data are compilant with the group specification
|
|
* @param array $data The data of the right to check
|
|
* @param integer $idright The right to search
|
|
* @return array The errors found in the data
|
|
*/
|
|
public function rightVerify($data, $idright = false)
|
|
{
|
|
return $this->dbRight->verify($data, $idright);
|
|
}
|
|
}
|