426 lines
14 KiB
PHP
426 lines
14 KiB
PHP
<?php
|
|
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
* @license BSD
|
|
*/
|
|
|
|
namespace Domframework;
|
|
|
|
/** DBLayer with authorization
|
|
* All the actions in database are conditionned to the rights in authzgroups
|
|
*/
|
|
class Dblayerauthzgroups extends Dblayer
|
|
{
|
|
/** The authzgroups object, connected to the database */
|
|
public $authzgroups = null;
|
|
/** The module name for authzgroups */
|
|
public $module = null;
|
|
/** The user name for authzgroups */
|
|
public $user = null;
|
|
/** The auth information (email, lastname, firstname) */
|
|
public $auth = null;
|
|
/** The default group(s) when creating a new object. Can be a string or an
|
|
array with multiple groups */
|
|
public $createGroup = null;
|
|
/** The default right when creating a new object */
|
|
public $createRight = "RW";
|
|
/** Pre-Path in object authzgroups */
|
|
public $path = "";
|
|
/** Flag when primary key is added before search */
|
|
private $primaryKeyAdded = false;
|
|
|
|
////////////////////////
|
|
/// MAIN METHODS ///
|
|
////////////////////////
|
|
/** Hook preread
|
|
* This hook is run before selecting the data in the database, after the
|
|
* verification
|
|
* @param array|null &$select Rows to select with
|
|
* $select = array (array ($key, $val, $operator), ...)
|
|
* $key=>column, $val=>value to found, $operator=>'LIKE', =...
|
|
* @param array|null &$display Columns displayed
|
|
* $display = array ($col1, $col2...);
|
|
* @param array|null &$order Sort the columns by orientation
|
|
* $order = array (array ($key, $orientation), ...)
|
|
* $key=>column, $orientation=ASC/DESC
|
|
* @param boolean|null &$whereOr The WHERE parameters are separated by OR
|
|
* instead of AND
|
|
* @param array|null &$foreignSelect Add a filter on foreign keys
|
|
*/
|
|
public function hookpreread(
|
|
&$select,
|
|
&$display,
|
|
&$order,
|
|
&$whereOr,
|
|
&$foreignSelect
|
|
) {
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
if ($display === null || ! in_array($this->primary, $display)) {
|
|
// Need the primary key to allow/deny access. Add it and remove the data
|
|
// after the access verification
|
|
$display[] = $this->primary;
|
|
$this->primaryKeyAdded = true;
|
|
}
|
|
}
|
|
|
|
/** Hook postread
|
|
* This hook is run after selecting the data. Return only the allowed data to
|
|
* the user. It must have at least the RO flag.
|
|
* @param array $data the data selected by the select
|
|
* @return array The data modified by the hook
|
|
*/
|
|
public function hookpostread($data)
|
|
{
|
|
// TODO : If foreign keys, do we check if the access is allowed too ?
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
$this->allowPath();
|
|
foreach ($data as $key => $line) {
|
|
try {
|
|
$this->authzgroups->accessRight(
|
|
$this->module,
|
|
$this->user,
|
|
$this->path . "/" . $line[$this->primary]
|
|
);
|
|
} catch (\Exception $e) {
|
|
unset($data[$key]);
|
|
}
|
|
if ($this->primaryKeyAdded === true) {
|
|
unset($data[$key][$this->primary]);
|
|
}
|
|
}
|
|
return $data;
|
|
}
|
|
|
|
/** Hook preinsert
|
|
* This hook is run before inserting a new data in the database, after the
|
|
* verification
|
|
* @param array $data the data to insert in the database
|
|
* @return the modified data
|
|
*/
|
|
public function hookpreinsert($data)
|
|
{
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
if ($this->createGroup === null) {
|
|
throw new \Exception(
|
|
"No createGroup defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
$this->allowPath();
|
|
$this->authzgroups->accessWrite($this->module, $this->user, $this->path);
|
|
return $data;
|
|
}
|
|
|
|
/** Hook postinsert
|
|
* This hook is run after successfuly insert a new data in the database
|
|
* @param array $data The data stored in the database
|
|
* @param integer $lastID The lastID stored
|
|
* @return the modified lastID
|
|
*/
|
|
public function hookpostinsert($data, $lastID)
|
|
{
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
if ($this->createGroup === null) {
|
|
throw new \Exception(
|
|
"No createGroup defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
$this->authzgroups->objectAdd($this->module, $this->path . "/$lastID");
|
|
if (is_array($this->createGroup)) {
|
|
foreach ($this->createGroup as $group) {
|
|
$this->authzgroups->rightAdd(
|
|
$this->module,
|
|
$group,
|
|
$this->path . "/$lastID",
|
|
$this->createRight
|
|
);
|
|
}
|
|
} elseif (is_string($this->createGroup)) {
|
|
$this->authzgroups->rightAdd(
|
|
$this->module,
|
|
$this->createGroup,
|
|
$this->path . "/$lastID",
|
|
$this->createRight
|
|
);
|
|
} else {
|
|
throw new \Exception("createGroup defined for dblayerauthzgroups is not " .
|
|
"an array or a string", 500);
|
|
}
|
|
return $lastID;
|
|
}
|
|
|
|
/** Hook preupdate
|
|
* This hook is run before updating a data in the database, after the
|
|
* verification
|
|
* @param integer $updatekey The key which will be updated
|
|
* @param array $data The data to store in the provided key
|
|
* @return the modified data
|
|
*/
|
|
public function hookpreupdate($updatekey, $data)
|
|
{
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
$this->allowPath();
|
|
$this->authzgroups->accessWrite($this->module, $this->user, $this->path);
|
|
$this->authzgroups->accessWrite(
|
|
$this->module,
|
|
$this->user,
|
|
$this->path . "/$updatekey"
|
|
);
|
|
return $data;
|
|
}
|
|
|
|
/** Hook predelete
|
|
* This hook is run before deleting a data in the database
|
|
* @param string $deletekey The key to delete
|
|
* @return the modified $deletekey
|
|
*/
|
|
public function hookpredelete($deletekey)
|
|
{
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
$this->allowPath();
|
|
$this->authzgroups->accessWrite($this->module, $this->user, $this->path);
|
|
$this->authzgroups->accessWrite(
|
|
$this->module,
|
|
$this->user,
|
|
$this->path . "/$deletekey"
|
|
);
|
|
return $deletekey;
|
|
}
|
|
|
|
/** Hook postdelete
|
|
* This hook is run after successfuly deleting a data in the database
|
|
* @param string $deletekey The key to delete
|
|
* @param integer $nbLinesDeleted The number of deleted lines
|
|
* @return $nbLinesUpdated
|
|
*/
|
|
public function hookpostdelete($deletekey, $nbLinesDeleted)
|
|
{
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
$this->authzgroups->objectDel($this->module, $this->path . "/$deletekey");
|
|
return $nbLinesDeleted;
|
|
}
|
|
|
|
/** Return true if all the paths are allowed. Throw an exception elsewhere
|
|
*/
|
|
private function allowPath()
|
|
{
|
|
if ($this->module === null) {
|
|
throw new \Exception("No module defined for dblayerauthzgroups", 500);
|
|
}
|
|
if (
|
|
$this->auth !== null && array_key_exists("email", $this->auth) &&
|
|
$this->user === null
|
|
) {
|
|
$this->user = $this->auth["email"];
|
|
}
|
|
if ($this->user === null) {
|
|
throw new \Exception("No user defined for dblayerauthzgroups", 500);
|
|
}
|
|
if ($this->authzgroups === null) {
|
|
throw new \Exception(
|
|
"No authzgroups defined for dblayerauthzgroups",
|
|
500
|
|
);
|
|
}
|
|
if (substr($this->path, -1) === "/") {
|
|
$this->path = substr($this->path, 0, -1);
|
|
}
|
|
$paths = explode("/", $this->path);
|
|
$path = "";
|
|
foreach ($paths as $pathTmp) {
|
|
$path .= "/$pathTmp";
|
|
$path = str_replace("//", "/", $path);
|
|
$this->authzgroups->accessRight($this->module, $this->user, $path);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
///////////////////
|
|
/// SETTERS ///
|
|
///////////////////
|
|
/** Set the authzgroups property
|
|
* @param object $authzgroups The object of the authzgroups
|
|
*/
|
|
public function authzgroupsSet($authzgroups)
|
|
{
|
|
$this->authzgroups = $authzgroups;
|
|
return $this;
|
|
}
|
|
|
|
/** Set the module property
|
|
* @param string $module The module name to use
|
|
*/
|
|
public function moduleSet($module)
|
|
{
|
|
$this->module = $module;
|
|
return $this;
|
|
}
|
|
|
|
/** Set the auth property
|
|
* @param array $auth The auth array
|
|
*/
|
|
public function authSet($auth)
|
|
{
|
|
$this->auth = $auth;
|
|
return $this;
|
|
}
|
|
|
|
/** Set the user property
|
|
* @param string $user The user to authorize
|
|
*/
|
|
public function userSet($user)
|
|
{
|
|
$this->user = $user;
|
|
return $this;
|
|
}
|
|
|
|
/** Set the createGroup property
|
|
* @param array|string $createGroup The createGroup to set
|
|
*/
|
|
public function createGroupSet($createGroup)
|
|
{
|
|
$this->createGroup = $createGroup;
|
|
return $this;
|
|
}
|
|
|
|
/** Set the createRight property
|
|
* @param string $createRight The right to create
|
|
*/
|
|
public function createRightSet($createRight)
|
|
{
|
|
$this->createRight = $createRight;
|
|
return $this;
|
|
}
|
|
|
|
/** Set the path property
|
|
* @param string $path The pre-path to use
|
|
*/
|
|
public function pathSet($path)
|
|
{
|
|
$this->path = $path;
|
|
return $this;
|
|
}
|
|
}
|