commit 1fc5e959a414cb0c388e1f8953aadd8c34fe1be0 parent d7b9d6ac86e65762d9370842c867388ca9b3d9ca Author: Jan Dankert <develop@jandankert.de> Date: Mon, 4 Jan 2021 19:03:18 +0100 Refactoring: ACL class is renamed to Permission, because most RBAC/DMAC concepts are calling it a permission. Diffstat:
39 files changed, 735 insertions(+), 735 deletions(-)
diff --git a/modules/cms/action/FolderAction.class.php b/modules/cms/action/FolderAction.class.php @@ -11,7 +11,7 @@ use cms\generator\PageGenerator; use cms\generator\Producer; use cms\generator\Publisher; use cms\generator\PublishOrder; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use cms\model\Folder; diff --git a/modules/cms/action/GroupAction.class.php b/modules/cms/action/GroupAction.class.php @@ -2,7 +2,7 @@ namespace cms\action; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Group; use cms\model\Language; diff --git a/modules/cms/action/ObjectAction.class.php b/modules/cms/action/ObjectAction.class.php @@ -2,7 +2,7 @@ namespace cms\action; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use cms\model\Folder; @@ -68,6 +68,6 @@ class ObjectAction extends BaseAction $project = new Project( $this->baseObject->projectid ); $rootFolder = new Folder( $project->getRootObjectId() ); - return $rootFolder->hasRight(Acl::ACL_PROP); + return $rootFolder->hasRight(Permission::ACL_PROP); } } \ No newline at end of file diff --git a/modules/cms/action/PageAction.class.php b/modules/cms/action/PageAction.class.php @@ -8,7 +8,7 @@ use cms\generator\PageGenerator; use cms\generator\Producer; use cms\generator\Publisher; use cms\generator\PublishOrder; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Element; use cms\model\Folder; diff --git a/modules/cms/action/PageelementAction.class.php b/modules/cms/action/PageelementAction.class.php @@ -12,7 +12,7 @@ use cms\generator\PublishOrder; use cms\generator\PublishPreview; use cms\generator\ValueContext; use cms\generator\ValueGenerator; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Element; use cms\model\Folder; @@ -361,7 +361,7 @@ class PageelementAction extends BaseAction // Inhalt sofort freigegeben, wenn // - Recht vorhanden // - Freigabe gewuenscht - if ( $value->page->hasRight( Acl::ACL_RELEASE ) && $this->hasRequestVar('release') ) + if ( $value->page->hasRight( Permission::ACL_RELEASE ) && $this->hasRequestVar('release') ) $value->publish = true; else $value->publish = false; @@ -395,7 +395,7 @@ class PageelementAction extends BaseAction $this->page->setTimestamp(); // "Letzte Aenderung" setzen // Falls ausgewaehlt die Seite sofort veroeffentlichen - if ( $value->page->hasRight( Acl::ACL_PUBLISH ) && $this->hasRequestVar('publish') ) + if ( $value->page->hasRight( Permission::ACL_PUBLISH ) && $this->hasRequestVar('publish') ) { $this->publishPage(); } diff --git a/modules/cms/action/ProjectAction.class.php b/modules/cms/action/ProjectAction.class.php @@ -3,7 +3,7 @@ namespace cms\action; use cms\base\Configuration; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Folder; use cms\model\Project; use language\Messages; @@ -65,7 +65,7 @@ class ProjectAction extends BaseAction $rootFolder = new Folder( $this->project->getRootObjectId() ); - return $rootFolder->hasRight(Acl::ACL_PROP); + return $rootFolder->hasRight(Permission::ACL_PROP); } diff --git a/modules/cms/action/ProjectlistAction.class.php b/modules/cms/action/ProjectlistAction.class.php @@ -2,7 +2,7 @@ namespace cms\action; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Folder; use cms\model\Project; use language\Messages; diff --git a/modules/cms/action/SearchAction.class.php b/modules/cms/action/SearchAction.class.php @@ -3,7 +3,7 @@ namespace cms\action; use cms\base\Configuration as C; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use cms\model\Project; @@ -164,7 +164,7 @@ class SearchAction extends BaseAction { $o = new BaseObject( $objectid ); $o->load(); - if ($o->hasRight( Acl::ACL_READ )) + if ($o->hasRight( Permission::ACL_READ )) $resultList[] = array( 'id' => $objectid, 'type' => $o->getType(), @@ -180,7 +180,7 @@ class SearchAction extends BaseAction $t->load(); $p = new Project( $t->projectid ); $o = new BaseObject( $p->getRootObjectId() ); - if ($o->hasRight( Acl::ACL_READ )) + if ($o->hasRight( Permission::ACL_READ )) $resultList[] = array( 'id' => $templateid, 'type'=> 'template', diff --git a/modules/cms/action/TemplateAction.class.php b/modules/cms/action/TemplateAction.class.php @@ -4,7 +4,7 @@ namespace cms\action; namespace cms\action; use cms\generator\PublishPublic; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Element; use cms\model\Page; use cms\model\Project; diff --git a/modules/cms/action/UserAction.class.php b/modules/cms/action/UserAction.class.php @@ -4,7 +4,7 @@ namespace cms\action; use cms\base\Configuration; use cms\base\Startup; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Group; use cms\model\Language; diff --git a/modules/cms/action/folder/FolderAddAction.class.php b/modules/cms/action/folder/FolderAddAction.class.php @@ -2,19 +2,19 @@ namespace cms\action\folder; use cms\action\FolderAction; use cms\action\Method; -use cms\model\Acl; +use cms\model\Permission; class FolderAddAction extends FolderAction implements Method { public function view() { - $this->setTemplateVar('mayCreateFolder',$this->folder->hasRight( Acl::ACL_CREATE_FOLDER ) ); - $this->setTemplateVar('mayCreateFile' ,$this->folder->hasRight( Acl::ACL_CREATE_FILE ) ); - $this->setTemplateVar('mayCreateText' ,$this->folder->hasRight( Acl::ACL_CREATE_FILE ) ); - $this->setTemplateVar('mayCreateImage' ,$this->folder->hasRight( Acl::ACL_CREATE_FILE ) ); - $this->setTemplateVar('mayCreatePage' ,$this->folder->hasRight( Acl::ACL_CREATE_PAGE ) ); - $this->setTemplateVar('mayCreateUrl' ,$this->folder->hasRight( Acl::ACL_CREATE_LINK ) ); - $this->setTemplateVar('mayCreateLink' ,$this->folder->hasRight( Acl::ACL_CREATE_LINK ) ); + $this->setTemplateVar('mayCreateFolder',$this->folder->hasRight( Permission::ACL_CREATE_FOLDER ) ); + $this->setTemplateVar('mayCreateFile' ,$this->folder->hasRight( Permission::ACL_CREATE_FILE ) ); + $this->setTemplateVar('mayCreateText' ,$this->folder->hasRight( Permission::ACL_CREATE_FILE ) ); + $this->setTemplateVar('mayCreateImage' ,$this->folder->hasRight( Permission::ACL_CREATE_FILE ) ); + $this->setTemplateVar('mayCreatePage' ,$this->folder->hasRight( Permission::ACL_CREATE_PAGE ) ); + $this->setTemplateVar('mayCreateUrl' ,$this->folder->hasRight( Permission::ACL_CREATE_LINK ) ); + $this->setTemplateVar('mayCreateLink' ,$this->folder->hasRight( Permission::ACL_CREATE_LINK ) ); } diff --git a/modules/cms/action/folder/FolderAdvancedAction.class.php b/modules/cms/action/folder/FolderAdvancedAction.class.php @@ -4,7 +4,7 @@ use cms\action\Action; use cms\action\FolderAction; use cms\action\Method; use cms\base\Startup; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use cms\model\Folder; @@ -20,7 +20,7 @@ use util\Html; class FolderAdvancedAction extends FolderAction implements Method { public function view() { - $this->setTemplateVar('writable',$this->folder->hasRight(Acl::ACL_WRITE) ); + $this->setTemplateVar('writable',$this->folder->hasRight(Permission::ACL_WRITE) ); $list = array(); @@ -30,7 +30,7 @@ class FolderAdvancedAction extends FolderAction implements Method { /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(Acl::ACL_READ) ) + if ( $o->hasRight(Permission::ACL_READ) ) { $list[$id]['objectid'] = $id; $list[$id]['id' ] = 'obj'.$id; @@ -54,7 +54,7 @@ class FolderAdvancedAction extends FolderAction implements Method { } } - if ( $this->folder->hasRight(Acl::ACL_WRITE) ) + if ( $this->folder->hasRight(Permission::ACL_WRITE) ) { // Alle anderen Ordner ermitteln $otherfolder = array(); @@ -62,7 +62,7 @@ class FolderAdvancedAction extends FolderAction implements Method { foreach( $project->getAllFolders() as $id ) { $f = new Folder( $id ); - if ( $f->hasRight( Acl::ACL_WRITE ) ) + if ( $f->hasRight( Permission::ACL_WRITE ) ) $otherfolder[$id] = Startup::FILE_SEP.implode( Startup::FILE_SEP,$f->parentObjectNames(false,true) ); } asort( $otherfolder ); @@ -78,7 +78,7 @@ class FolderAdvancedAction extends FolderAction implements Method { $actionList[] = 'link'; $actionList[] = 'archive'; - if ( $this->folder->hasRight(Acl::ACL_WRITE) ) + if ( $this->folder->hasRight(Permission::ACL_WRITE) ) { $actionList[] = 'move'; $actionList[] = 'delete'; @@ -118,9 +118,9 @@ class FolderAdvancedAction extends FolderAction implements Method { // // Beim Verschieben und Kopieren muss im Zielordner die Berechtigung // zum Erstellen von Ordner, Dateien oder Seiten vorhanden sein. - if ( ( $type=='link' && $f->hasRight( Acl::ACL_CREATE_LINK ) ) || + if ( ( $type=='link' && $f->hasRight( Permission::ACL_CREATE_LINK ) ) || ( ( $type=='move' || $type == 'copy' ) && - ( $f->hasRight(Acl::ACL_CREATE_FOLDER) || $f->hasRight(Acl::ACL_CREATE_FILE) || $f->hasRight(Acl::ACL_CREATE_PAGE) ) ) ) + ( $f->hasRight(Permission::ACL_CREATE_FOLDER) || $f->hasRight(Permission::ACL_CREATE_FILE) || $f->hasRight(Permission::ACL_CREATE_PAGE) ) ) ) { // OK } @@ -149,11 +149,11 @@ class FolderAdvancedAction extends FolderAction implements Method { // Fuer die gewuenschte Aktion muessen pro Objekt die entsprechenden Rechte // vorhanden sein. - if ( $type == 'copy' && $o->hasRight( Acl::ACL_READ ) || - $type == 'move' && $o->hasRight( Acl::ACL_WRITE ) || - $type == 'link' && $o->hasRight( Acl::ACL_READ ) || - $type == 'archive' && $o->hasRight( Acl::ACL_READ ) || - $type == 'delete' && $o->hasRight( Acl::ACL_DELETE ) ) + if ( $type == 'copy' && $o->hasRight( Permission::ACL_READ ) || + $type == 'move' && $o->hasRight( Permission::ACL_WRITE ) || + $type == 'link' && $o->hasRight( Permission::ACL_READ ) || + $type == 'archive' && $o->hasRight( Permission::ACL_READ ) || + $type == 'delete' && $o->hasRight( Permission::ACL_DELETE ) ) $objectList[ $id ] = $o->getProperties(); else $this->addNoticeFor($o,Messages::NO_RIGHTS ); diff --git a/modules/cms/action/folder/FolderContentAction.class.php b/modules/cms/action/folder/FolderContentAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\folder; use cms\action\FolderAction; use cms\action\Method; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use util\Html; @@ -13,7 +13,7 @@ class FolderContentAction extends FolderAction implements Method { if ( ! $this->folder->isRoot ) $this->setTemplateVar('up_url',Html::url('folder','show',$this->folder->parentid)); - $this->setTemplateVar('writable',$this->folder->hasRight(Acl::ACL_WRITE) ); + $this->setTemplateVar('writable',$this->folder->hasRight(Permission::ACL_WRITE) ); $list = array(); @@ -23,7 +23,7 @@ class FolderContentAction extends FolderAction implements Method { /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(Acl::ACL_READ) ) + if ( $o->hasRight(Permission::ACL_READ) ) { $list[$id]['name'] = \util\Text::maxLength($o->name, 30); $list[$id]['filename'] = \util\Text::maxLength($o->filename, 20); diff --git a/modules/cms/action/folder/FolderEditAction.class.php b/modules/cms/action/folder/FolderEditAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\folder; use cms\action\FolderAction; use cms\action\Method; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use util\Html; @@ -22,7 +22,7 @@ class FolderEditAction extends FolderAction implements Method { $id = $o->objectid; - if ( $o->hasRight(Acl::ACL_READ) ) + if ( $o->hasRight(Permission::ACL_READ) ) { $list[$id]['name'] = \util\Text::maxLength($o->name, 30); $list[$id]['filename'] = \util\Text::maxLength($o->filename, 20); diff --git a/modules/cms/action/folder/FolderOrderAction.class.php b/modules/cms/action/folder/FolderOrderAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\folder; use cms\action\FolderAction; use cms\action\Method; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use language\Messages; @@ -18,7 +18,7 @@ class FolderOrderAction extends FolderAction implements Method { $id = $o->objectid; $name = $o->getDefaultName(); - if ( $o->hasRight(Acl::ACL_READ) ) + if ( $o->hasRight(Permission::ACL_READ) ) { $list[$id]['id' ] = $id; $list[$id]['name'] = $name->name; diff --git a/modules/cms/action/folder/FolderPubAction.class.php b/modules/cms/action/folder/FolderPubAction.class.php @@ -10,7 +10,7 @@ use cms\generator\PageGenerator; use cms\generator\Producer; use cms\generator\Publisher; use cms\generator\PublishOrder; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Folder; use util\Session; @@ -34,7 +34,7 @@ class FolderPubAction extends FolderAction implements Method { public function post() { - if ( !$this->folder->hasRight( Acl::ACL_PUBLISH ) ) + if ( !$this->folder->hasRight( Permission::ACL_PUBLISH ) ) throw new \util\exception\SecurityException('no rights for publish'); $project = $this->folder->getProject(); diff --git a/modules/cms/action/folder/FolderShowAction.class.php b/modules/cms/action/folder/FolderShowAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\folder; use cms\action\FolderAction; use cms\action\Method; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use util\Html; @@ -27,7 +27,7 @@ class FolderShowAction extends FolderAction implements Method { /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(Acl::ACL_READ) ) + if ( $o->hasRight(Permission::ACL_READ) ) { echo '<li><a href="'. Html::url($o->getType(),'show',$id).'">'.$o->filename.'</a></li>'; diff --git a/modules/cms/action/group/GroupRightsAction.class.php b/modules/cms/action/group/GroupRightsAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\group; use cms\action\GroupAction; use cms\action\Method; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Group; use cms\model\Language; @@ -65,7 +65,7 @@ class GroupRightsAction extends GroupAction implements Method { $this->setTemplateVar('projects' ,$projects ); - $this->setTemplateVar('show',Acl::getAvailableRights() ); + $this->setTemplateVar('show',Permission::getAvailableRights() ); } diff --git a/modules/cms/action/object/ObjectAclformAction.class.php b/modules/cms/action/object/ObjectAclformAction.class.php @@ -4,7 +4,7 @@ use cms\action\Action; use cms\action\Method; use cms\action\ObjectAction; use cms\action\RequestParams; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Folder; use cms\model\Group; @@ -33,24 +33,24 @@ class ObjectAclformAction extends ObjectAction implements Method { $this->setTemplateVar('action' ,$this->request->action); } public function post() { - $acl = new Acl(); + $permission = new Permission(); - $acl->objectid = $this->getRequestId(); + $permission->objectid = $this->getRequestId(); // Nachschauen, ob der Benutzer ueberhaupt berechtigt ist, an // diesem Objekt die ACLs zu aendern. - $o = new BaseObject( $acl->objectid ); + $o = new BaseObject( $permission->objectid ); - if ( !$o->hasRight( Acl::ACL_GRANT ) ) + if ( !$o->hasRight( Permission::ACL_GRANT ) ) throw new \util\exception\SecurityException('Not allowed to insert permissions.'); // Scheiss Hacker ;) // Handelt es sich um eine Benutzer- oder Gruppen ACL? switch( $this->getRequestVar('type') ) { case 'user': - $acl->userid = $this->getRequestVar('userid' ); + $permission->userid = $this->getRequestVar('userid' ); - if ( $acl->userid <= 0 ) + if ( $permission->userid <= 0 ) { $this->addValidationError('type' ); $this->addValidationError('userid',''); @@ -58,8 +58,8 @@ class ObjectAclformAction extends ObjectAction implements Method { } break; case 'group': - $acl->groupid = $this->getRequestVar('groupid'); - if ( $acl->groupid <= 0 ) + $permission->groupid = $this->getRequestVar('groupid'); + if ( $permission->groupid <= 0 ) { $this->addValidationError('type' ); $this->addValidationError('groupid',''); @@ -73,27 +73,27 @@ class ObjectAclformAction extends ObjectAction implements Method { return; } - $acl->languageid = $this->getRequestVar(RequestParams::PARAM_LANGUAGE_ID); + $permission->languageid = $this->getRequestVar(RequestParams::PARAM_LANGUAGE_ID); - $acl->write = ( $this->hasRequestVar('write' ) ); - $acl->prop = ( $this->hasRequestVar('prop' ) ); - $acl->delete = ( $this->hasRequestVar('delete' ) ); - $acl->release = ( $this->hasRequestVar('release' ) ); - $acl->publish = ( $this->hasRequestVar('publish' ) ); - $acl->create_folder = ( $this->hasRequestVar('create_folder') ); - $acl->create_file = ( $this->hasRequestVar('create_file' ) ); - $acl->create_link = ( $this->hasRequestVar('create_link' ) ); - $acl->create_page = ( $this->hasRequestVar('create_page' ) ); - $acl->grant = ( $this->hasRequestVar('grant' ) ); - $acl->transmit = ( $this->hasRequestVar('transmit' ) ); + $permission->write = ( $this->hasRequestVar('write' ) ); + $permission->prop = ( $this->hasRequestVar('prop' ) ); + $permission->delete = ( $this->hasRequestVar('delete' ) ); + $permission->release = ( $this->hasRequestVar('release' ) ); + $permission->publish = ( $this->hasRequestVar('publish' ) ); + $permission->create_folder = ( $this->hasRequestVar('create_folder') ); + $permission->create_file = ( $this->hasRequestVar('create_file' ) ); + $permission->create_link = ( $this->hasRequestVar('create_link' ) ); + $permission->create_page = ( $this->hasRequestVar('create_page' ) ); + $permission->grant = ( $this->hasRequestVar('grant' ) ); + $permission->transmit = ( $this->hasRequestVar('transmit' ) ); - $acl->persist(); + $permission->persist(); // Falls die Berechtigung vererbbar ist, dann diese sofort an // Unterobjekte vererben. - if ( $acl->transmit ) + if ( $permission->transmit ) { - $folder = new Folder( $acl->objectid ); + $folder = new Folder( $permission->objectid ); $oids = $folder->getObjectIds(); foreach( $folder->getAllSubfolderIds() as $sfid ) { @@ -103,9 +103,9 @@ class ObjectAclformAction extends ObjectAction implements Method { foreach( $oids as $oid ) { - $acl->aclid = null; - $acl->objectid = $oid; - $acl->persist(); + $permission->aclid = null; + $permission->objectid = $oid; + $permission->persist(); } } diff --git a/modules/cms/action/object/ObjectCopyAction.class.php b/modules/cms/action/object/ObjectCopyAction.class.php @@ -4,7 +4,7 @@ use cms\action\Action; use cms\action\Method; use cms\action\ObjectAction; use cms\action\RequestParams; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\File; use cms\model\Folder; @@ -27,7 +27,7 @@ class ObjectCopyAction extends ObjectAction implements Method { $this->setTemplateVar('targetId',$targetFolder->objectid ); $this->setTemplateVar('types' ,array('move'=>'move','moveandlink'=>'moveandlink','copy'=>'copy','link'=>'link') ); - if ( ! $targetFolder->hasRight(Acl::ACL_WRITE) ) + if ( ! $targetFolder->hasRight(Permission::ACL_WRITE) ) { $this->addErrorFor( $this->baseObject,Messages::FOLDER_NOT_WRITABLE ); } @@ -44,7 +44,7 @@ class ObjectCopyAction extends ObjectAction implements Method { $targetFolder->load(); // Prüfen, ob Schreibrechte im Zielordner bestehen. - if ( ! $targetFolder->hasRight(Acl::ACL_WRITE) ) + if ( ! $targetFolder->hasRight(Permission::ACL_WRITE) ) { $this->addErrorFor( $targetFolder,Messages::FOLDER_NOT_WRITABLE ); return; @@ -149,7 +149,7 @@ class ObjectCopyAction extends ObjectAction implements Method { // Beim Verkn�pfen muss im Zielordner die Berechtigung zum Erstellen // von Verkn�pfungen vorhanden sein. - if ( ! $targetFolder->hasRight(Acl::ACL_CREATE_LINK) ) + if ( ! $targetFolder->hasRight(Permission::ACL_CREATE_LINK) ) { $this->addErrorFor($targetFolder,Messages::FOLDER_NOT_WRITABLE); return; diff --git a/modules/cms/action/object/ObjectDelaclAction.class.php b/modules/cms/action/object/ObjectDelaclAction.class.php @@ -3,7 +3,7 @@ namespace cms\action\object; use cms\action\Action; use cms\action\Method; use cms\action\ObjectAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use language\Messages; use util\Http; @@ -12,17 +12,17 @@ class ObjectDelaclAction extends ObjectAction implements Method { public function view() { } public function post() { - $acl = new Acl($this->getRequestVar('aclid')); - $acl->load(); + $permission = new Permission($this->getRequestVar('aclid')); + $permission->load(); // Nachschauen, ob der Benutzer ueberhaupt berechtigt ist, an // diesem Objekt die ACLs zu aendern. - $o = new BaseObject( $acl->objectid ); + $o = new BaseObject( $permission->objectid ); - if ( !$o->hasRight( Acl::ACL_GRANT ) ) + if ( !$o->hasRight( Permission::ACL_GRANT ) ) Http::notAuthorized('no grant rights'); // Da wollte uns wohl einer vereimern. - $acl->delete(); // Weg mit der ACL + $permission->delete(); // Weg mit der ACL $this->addNoticeFor( $o,Messages::DELETED ); } diff --git a/modules/cms/action/object/ObjectInheritAction.class.php b/modules/cms/action/object/ObjectInheritAction.class.php @@ -3,7 +3,7 @@ namespace cms\action\object; use cms\action\Action; use cms\action\Method; use cms\action\ObjectAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Folder; use language\Messages; @@ -37,10 +37,10 @@ class ObjectInheritAction extends ObjectAction implements Method { $newAclList = array(); foreach( $aclids as $aclid ) { - $acl = new Acl( $aclid ); - $acl->load(); - if ( $acl->transmit ) - $newAclList[] = $acl; + $permission = new Permission( $aclid ); + $permission->load(); + if ( $permission->transmit ) + $newAclList[] = $permission; } Logger::debug('inheriting '.count($newAclList).' acls'); @@ -60,9 +60,9 @@ class ObjectInheritAction extends ObjectAction implements Method { // Die alten ACLs des Objektes löschen. foreach( $object->getAllAclIds() as $aclid ) { - $acl = new Acl( $aclid ); - $acl->objectid = $oid; - $acl->delete(); + $permission = new Permission( $aclid ); + $permission->objectid = $oid; + $permission->delete(); Logger::debug('removing acl '.$aclid.' for object '.$oid); } diff --git a/modules/cms/action/object/ObjectRightsAction.class.php b/modules/cms/action/object/ObjectRightsAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\object; use cms\action\Method; use cms\action\ObjectAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; @@ -19,10 +19,10 @@ class ObjectRightsAction extends ObjectAction implements Method { foreach( $o->getAllAclIds() as $aclid ) { - $acl = new Acl( $aclid ); - $acl->load(); - $key = 'bu'.$acl->username.'g'.$acl->groupname.'a'.$aclid; - $acllist[$key] = $acl->getProperties(); + $permission = new Permission( $aclid ); + $permission->load(); + $key = 'bu'.$permission->username.'g'.$permission->groupname.'a'.$aclid; + $acllist[$key] = $permission->getProperties(); $acllist[$key]['aclid'] = $aclid; } ksort( $acllist ); diff --git a/modules/cms/action/page/PageEditAction.class.php b/modules/cms/action/page/PageEditAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\page; use cms\action\Method; use cms\action\PageAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Element; use cms\model\Folder; @@ -115,8 +115,8 @@ class PageEditAction extends PageAction implements Method { asort($objects); $this->setTemplateVar( 'objects' ,$objects ); - $this->setTemplateVar( 'release' ,$this->page->hasRight(Acl::ACL_RELEASE) ); - $this->setTemplateVar( 'publish' ,$this->page->hasRight(Acl::ACL_PUBLISH) ); + $this->setTemplateVar( 'release' ,$this->page->hasRight(Permission::ACL_RELEASE) ); + $this->setTemplateVar( 'publish' ,$this->page->hasRight(Permission::ACL_PUBLISH) ); $this->setTemplateVar( 'html' ,$value->element->html ); $this->setTemplateVar( 'wiki' ,$value->element->wiki ); $this->setTemplateVar( 'text' ,$value->text ); @@ -150,7 +150,7 @@ class PageEditAction extends PageAction implements Method { // Inhalt sofort freigegeben, wenn // - Recht vorhanden // - Freigabe gewuenscht - if ( $value->page->hasRight( Acl::ACL_RELEASE ) && $this->getRequestVar('release')!='' ) + if ( $value->page->hasRight( Permission::ACL_RELEASE ) && $this->getRequestVar('release')!='' ) $value->publish = true; else $value->publish = false; diff --git a/modules/cms/action/page/PageFormAction.class.php b/modules/cms/action/page/PageFormAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\page; use cms\action\Method; use cms\action\PageAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Element; use cms\model\Folder; @@ -93,8 +93,8 @@ class PageFormAction extends PageAction implements Method { } } - $this->setTemplateVar( 'release',$this->page->hasRight(Acl::ACL_RELEASE) ); - $this->setTemplateVar( 'publish',$this->page->hasRight(Acl::ACL_PUBLISH) ); + $this->setTemplateVar( 'release',$this->page->hasRight(Permission::ACL_RELEASE) ); + $this->setTemplateVar( 'publish',$this->page->hasRight(Permission::ACL_PUBLISH) ); $this->setTemplateVar('el',$list); } @@ -142,7 +142,7 @@ class PageFormAction extends PageAction implements Method { $value->page = &$this->page; // Ermitteln, ob Inhalt sofort freigegeben werden kann und soll - if ( $this->page->hasRight( Acl::ACL_RELEASE ) && $this->hasRequestVar('release') ) + if ( $this->page->hasRight( Permission::ACL_RELEASE ) && $this->hasRequestVar('release') ) $value->publish = true; else $value->publish = false; diff --git a/modules/cms/action/page/PagePubAction.class.php b/modules/cms/action/page/PagePubAction.class.php @@ -7,7 +7,7 @@ use cms\generator\PageGenerator; use cms\generator\Producer; use cms\generator\Publisher; use cms\generator\PublishOrder; -use cms\model\Acl; +use cms\model\Permission; use util\Session; class PagePubAction extends PageAction implements Method { @@ -15,7 +15,7 @@ class PagePubAction extends PageAction implements Method { } public function post() { - if ( !$this->page->hasRight( Acl::ACL_PUBLISH ) ) + if ( !$this->page->hasRight( Permission::ACL_PUBLISH ) ) throw new \util\exception\SecurityException( 'no right for publish' ); $project = $this->page->getProject(); diff --git a/modules/cms/action/pageelement/PageelementLinkAction.class.php b/modules/cms/action/pageelement/PageelementLinkAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\pageelement; use cms\action\Method; use cms\action\PageelementAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Folder; use cms\model\Page; @@ -62,8 +62,8 @@ class PageelementLinkAction extends PageelementAction implements Method { $this->value->page->languageid = $this->value->languageid; $this->value->page->load(); - $this->setTemplateVar( 'release',$this->value->page->hasRight(Acl::ACL_RELEASE) ); - $this->setTemplateVar( 'publish',$this->value->page->hasRight(Acl::ACL_PUBLISH) ); + $this->setTemplateVar( 'release',$this->value->page->hasRight(Permission::ACL_RELEASE) ); + $this->setTemplateVar( 'publish',$this->value->page->hasRight(Permission::ACL_PUBLISH) ); $this->setTemplateVar( 'objectid',$this->value->page->objectid ); } diff --git a/modules/cms/action/pageelement/PageelementPubAction.class.php b/modules/cms/action/pageelement/PageelementPubAction.class.php @@ -2,14 +2,14 @@ namespace cms\action\pageelement; use cms\action\Method; use cms\action\PageelementAction; -use cms\model\Acl; +use cms\model\Permission; use util\exception\SecurityException; class PageelementPubAction extends PageelementAction implements Method { public function view() { } public function post() { - if ( !$this->page->hasRight( Acl::ACL_PUBLISH ) ) + if ( !$this->page->hasRight( Permission::ACL_PUBLISH ) ) throw new SecurityException( 'no right for publish' ); $this->publishPage(); diff --git a/modules/cms/action/pageelement/PageelementReleaseAction.class.php b/modules/cms/action/pageelement/PageelementReleaseAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\pageelement; use cms\action\Method; use cms\action\PageelementAction; -use cms\model\Acl; +use cms\model\Permission; use language\Messages; use LogicException; use util\exception\SecurityException; @@ -25,7 +25,7 @@ class PageelementReleaseAction extends PageelementAction implements Method { throw new LogicException( 'cannot release, bad page' ); // Pruefen, ob Berechtigung zum Freigeben besteht - if ( !$this->page->hasRight(Acl::ACL_RELEASE) ) + if ( !$this->page->hasRight(Permission::ACL_RELEASE) ) throw new SecurityException( 'Cannot release','no right' ); // Inhalt freigeben diff --git a/modules/cms/action/pageelement/PageelementValueAction.class.php b/modules/cms/action/pageelement/PageelementValueAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\pageelement; use cms\action\Method; use cms\action\PageelementAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Page; class PageelementValueAction extends PageelementAction implements Method { @@ -40,9 +40,9 @@ class PageelementValueAction extends PageelementAction implements Method { $this->setTemplateVar( 'objectid',$this->value->page->objectid ); - if ( $this->value->page->hasRight(Acl::ACL_RELEASE) ) + if ( $this->value->page->hasRight(Permission::ACL_RELEASE) ) $this->setTemplateVar( 'release',true ); - if ( $this->value->page->hasRight(Acl::ACL_PUBLISH) ) + if ( $this->value->page->hasRight(Permission::ACL_PUBLISH) ) $this->setTemplateVar( 'publish',false ); $funktionName = 'edit'.$this->value->element->type; diff --git a/modules/cms/action/projectlist/ProjectlistEditAction.class.php b/modules/cms/action/projectlist/ProjectlistEditAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\projectlist; use cms\action\Method; use cms\action\ProjectlistAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Folder; use cms\model\Project; @@ -22,7 +22,7 @@ class ProjectlistEditAction extends ProjectlistAction implements Method { $rootFolder->load(); // Berechtigt für das Projekt? - if ($rootFolder->hasRight(Acl::ACL_READ)) { + if ($rootFolder->hasRight(Permission::ACL_READ)) { $list[$id] = array(); $list[$id]['id' ] = $id; $list[$id]['name' ] = $name; diff --git a/modules/cms/action/template/TemplatePubAction.class.php b/modules/cms/action/template/TemplatePubAction.class.php @@ -2,7 +2,7 @@ namespace cms\action\template; use cms\action\Method; use cms\action\TemplateAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Page; use language\Messages; use util\Session; @@ -25,7 +25,7 @@ class TemplatePubAction extends TemplateAction implements Method { $page = new Page( $objectid ); $page->load(); - if ( !$page->hasRight( Acl::ACL_PUBLISH ) ) + if ( !$page->hasRight( Permission::ACL_PUBLISH ) ) continue; $page->publisher = $publisher; diff --git a/modules/cms/action/user/UserRightsAction.class.php b/modules/cms/action/user/UserRightsAction.class.php @@ -3,7 +3,7 @@ namespace cms\action\user; use cms\action\Action; use cms\action\Method; use cms\action\UserAction; -use cms\model\Acl; +use cms\model\Permission; use cms\model\BaseObject; use cms\model\Group; use cms\model\Language; @@ -20,7 +20,7 @@ class UserRightsAction extends UserAction implements Method { foreach( $rights as $acl ) { - /* @var $acl Acl */ + /* @var $acl Permission */ if ( !isset($projects[$acl->projectid])) { $p = Project::create( $acl->projectid ); @@ -80,7 +80,7 @@ class UserRightsAction extends UserAction implements Method { $this->setTemplateVar('projects' ,$projects ); - $this->setTemplateVar('show',Acl::getAvailableRights() ); + $this->setTemplateVar('show',Permission::getAvailableRights() ); if ( $this->user->isAdmin ) $this->addWarningFor($this->user,Messages::ADMIN_NEEDS_NO_RIGHTS); diff --git a/modules/cms/model/Acl.class.php b/modules/cms/model/Acl.class.php @@ -1,538 +0,0 @@ -<?php - -namespace cms\model; - -use cms\base\DB as Db;/** - * <editor-fold defaultstate="collapsed" desc="license"> - * - * OpenRat Content Management System - * Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * </editor-fold> - */ - - - - - - - -/** - * Darstellen einer Berechtigung (ACL "Access Control List") - * Die Berechtigung zu einem Objekt wird mit einer Liste dieser Objekte dargestellt - * - * Falls es mehrere ACLs zu einem Objekt gibt, werden die Berechtigung-Flags addiert. - * - * @author Jan Dankert - */ -class Acl extends ModelBase -{ - // Definition der Berechtigungs-Flags - const ACL_READ = 1; - const ACL_WRITE = 2; - const ACL_PROP = 4; - const ACL_DELETE = 8; - const ACL_RELEASE = 16; - const ACL_PUBLISH = 32; - const ACL_CREATE_FOLDER = 64; - const ACL_CREATE_FILE = 128; - const ACL_CREATE_LINK = 256; - const ACL_CREATE_PAGE = 512; - const ACL_GRANT = 1024; - const ACL_TRANSMIT = 2048; - - /** - * eindeutige ID dieser ACL - * @type Integer - */ - public $aclid; - - /** - * ID des Objektes, f?r das diese Berechtigung gilt - * @type Integer - */ - public $objectid = 0; - - /** - * ID des Benutzers - * ( = 0 falls die Berechtigung f?r eine Gruppe gilt) - * @type Integer - */ - public $userid = 0; - - /** - * ID der Gruppe - * ( = 0 falls die Berechtigung f?r einen Benutzer gilt) - * @type Integer - */ - public $groupid = 0; - - /** - * ID der Sprache - * @type Integer - */ - public $languageid = 0; - - /** - * Name der Sprache - * @type String - */ - public $languagename = ''; - - /** - * Es handelt sich um eine Standard-Berechtigung - * (Falls false, dann Zugriffs-Berechtigung) - * @type Boolean - */ - public $isDefault = false; - - /** - * Name des Benutzers, f?r den diese Berechtigung gilt - * @type String - */ - public $username = ''; - - /** - * Name der Gruppe, f?r die diese Berechtigung gilt - * @type String - */ - public $groupname = ''; - - /** - * Inhalt lesen (ist immer wahr) - * @type Boolean - */ - public $read = true; - - /** - * Inhalt bearbeiten - * @type Boolean - */ - public $write = false; - - /** - * Eigenschaften bearbeiten - * @type Boolean - */ - public $prop = false; - - /** - * Objekt l?schen - * @type Boolean - */ - public $delete = false; - - /** - * Objektinhalt freigeben - * @type Boolean - */ - public $release = false; - - /** - * Objekt ver?ffentlichen - * @type Boolean - */ - public $publish = false; - - /** - * Unterordner anlegen - * @type Boolean - */ - public $create_folder = false; - - /** - * Datei anlegen (bzw. hochladen) - * @type Boolean - */ - public $create_file = false; - - /** - * Verknuepfung anlegen - * @type Boolean - */ - public $create_link = false; - - /** - * Seite anlegen - * @type Boolean - */ - public $create_page = false; - - /** - * Berechtigungen vergeben - * @type Boolean - */ - public $grant = false; - - /** - * Berechtigungen an Unterobjekte vererben - * @type Boolean - */ - public $transmit = false; - - - public $projectid; - - - /** - * Konstruktor. - * - * @param Integer Acl-ID - */ - public function __construct( $aclid = 0 ) - { - if ( $aclid != 0 ) - $this->aclid = $aclid; - } - - - /** - * Laden einer ACL inklusive Benutzer-, Gruppen- und Sprachbezeichnungen. - * Zum einfachen Laden sollte #loadRaw() benutzt werden. - */ - public function load() - { - $sql = Db::sql( 'SELECT {{acl}}.*,{{user}}.name as username,{{group}}.name as groupname,{{language}}.name as languagename'. - ' FROM {{acl}} '. - ' LEFT JOIN {{user}} ON {{user}}.id = {{acl}}.userid '. - ' LEFT JOIN {{group}} ON {{group}}.id = {{acl}}.groupid '. - ' LEFT JOIN {{language}} ON {{language}}.id = {{acl}}.languageid '. - ' WHERE {{acl}}.id={aclid}' ); - - $sql->setInt('aclid',$this->aclid); - - $row = $sql->getRow(); - - $this->setDatabaseRow( $row ); - - if ( intval($this->languageid)==0 ) - $this->languagename = \cms\base\Language::lang('ALL_LANGUAGES'); - else $this->languagename = $row['languagename']; - $this->username = $row['username' ]; - $this->groupname = $row['groupname' ]; - } - - - /** - * Laden einer ACL (ohne verknuepfte Namen). - * Diese Methode ist schneller als #load(). - */ - public function loadRaw() - { - $sql = Db::sql( 'SELECT * '. - ' FROM {{acl}} '. - ' WHERE {{acl}}.id={aclid}' ); - - $sql->setInt('aclid',$this->aclid); - - $row = $sql->getRow(); - - $this->setDatabaseRow( $row ); - } - - - /** - * Setzt die Eigenschaften des Objektes mit einer Datenbank-Ergebniszeile. - * - * @param array row Ergebniszeile aus ACL-Datenbanktabelle - */ - public function setDatabaseRow( $row ) - { - $this->aclid = $row['id']; - - $this->write = ( $row['is_write' ] == '1' ); - $this->prop = ( $row['is_prop' ] == '1' ); - $this->delete = ( $row['is_delete' ] == '1' ); - $this->release = ( $row['is_release' ] == '1' ); - $this->publish = ( $row['is_publish' ] == '1' ); - $this->create_folder = ( $row['is_create_folder'] == '1' ); - $this->create_file = ( $row['is_create_file' ] == '1' ); - $this->create_page = ( $row['is_create_page' ] == '1' ); - $this->create_link = ( $row['is_create_link' ] == '1' ); - $this->grant = ( $row['is_grant' ] == '1' ); - $this->transmit = ( $row['is_transmit' ] == '1' ); - - $this->objectid = intval($row['objectid' ]); - $this->languageid = intval($row['languageid']); - $this->userid = intval($row['userid' ]); - $this->groupid = intval($row['groupid' ]); - } - - - /** - * Erzeugt eine Liste aller Berechtigungsbits dieser ACL. - * - * @return array (Schluessel=Berechtigungstyp, Wert=boolean) - */ - public function getProperties() - { - return Array( 'read' => true, - 'write' => $this->write, - 'prop' => $this->prop, - 'create_folder'=> $this->create_folder, - 'create_file' => $this->create_file, - 'create_link' => $this->create_link, - 'create_page' => $this->create_page, - 'delete' => $this->delete, - 'release' => $this->release, - 'publish' => $this->publish, - 'grant' => $this->grant, - 'transmit' => $this->transmit, - 'is_default' => $this->isDefault, - 'userid' => $this->userid, - 'username' => $this->username, - 'groupid' => $this->groupid, - 'groupname' => $this->groupname, - 'languageid' => $this->languageid, - 'languagename' => $this->languagename, - 'objectid' => $this->objectid ); - - } - - - /** - * Erzeugt eine Liste aller möglichen Berechtigungstypen. - * - * @return 0..n-Array - */ - public static function getAvailableRights() - { - return array( 'read', - 'write', - 'prop', - 'create_folder', - 'create_file', - 'create_link', - 'create_page', - 'delete', - 'release', - 'publish', - 'grant', - 'transmit' ); - - } - - - /** - * Erzeugt eine Bitmaske mit den Berechtigungen dieser ACL. - * - * @return Integer Bitmaske - */ - public function getMask() - { - // intval(boolean) erzeugt numerisch 0 oder 1 :) - $this->mask = self::ACL_READ; // immer lesen - $this->mask += self::ACL_WRITE *intval($this->write ); - $this->mask += self::ACL_PROP *intval($this->prop ); - $this->mask += self::ACL_DELETE *intval($this->delete ); - $this->mask += self::ACL_RELEASE *intval($this->release ); - $this->mask += self::ACL_PUBLISH *intval($this->publish ); - $this->mask += self::ACL_CREATE_FOLDER *intval($this->create_folder); - $this->mask += self::ACL_CREATE_FILE *intval($this->create_file ); - $this->mask += self::ACL_CREATE_LINK *intval($this->create_link ); - $this->mask += self::ACL_CREATE_PAGE *intval($this->create_page ); - $this->mask += self::ACL_GRANT *intval($this->grant ); - $this->mask += self::ACL_TRANSMIT *intval($this->transmit ); - - \logger\Logger::trace('mask of acl '.$this->aclid.': '.$this->mask ); - return $this->mask; - } - - - /** - * Erzeugt eine Liste aller gesetzten Berechtigungstypen. - * Beispiel: Array (0:'read',1:'write',2:'transmit') - * - * @return 0..n-Array - */ - public function getTrueProperties() - { - $erg = array('read'); - if ( $this->write ) $erg[] = 'write'; - if ( $this->prop ) $erg[] = 'prop'; - if ( $this->create_folder ) $erg[] = 'create_folder'; - if ( $this->create_file ) $erg[] = 'create_file'; - if ( $this->create_link ) $erg[] = 'create_link'; - if ( $this->create_page ) $erg[] = 'create_page'; - if ( $this->delete ) $erg[] = 'delete'; - if ( $this->release ) $erg[] = 'release'; - if ( $this->publish ) $erg[] = 'publish'; - if ( $this->grant ) $erg[] = 'grant'; - if ( $this->transmit ) $erg[] = 'transmit'; - - return $erg; - } - - - - /** - * ACL unwiderruflich loeschen. - */ - public function delete() - { - $sql = Db::sql( 'DELETE FROM {{acl}} '. - ' WHERE id = {aclid} '. - ' AND objectid= {objectid}' ); - - $sql->setInt('aclid' ,$this->aclid ); - $sql->setInt('objectid',$this->objectid); - - $sql->query(); - - $this->aclid = 0; - } - - - public function save() { - // TODO updating the ACL is not implemented. - } - - /** - * ACL der Datenbank hinzufügen. - */ - public function add() - { - if ( $this->delete ) - $this->prop = true; - - // Pruefen, ob die ACL schon existiert - $user_comp = intval($this->userid )>0?'={userid}':'IS NULL'; - $group_comp = intval($this->groupid )>0?'={groupid}':'IS NULL'; - $language_comp = intval($this->languageid)>0?'={languageid}':'IS NULL'; - - $stmt = Db::sql( <<<SQL - SELECT id FROM {{acl}} - WHERE userid $user_comp AND - groupid $group_comp AND - languageid $language_comp AND - objectid = {objectid} AND - is_write = {write} AND - is_prop = {prop} AND - is_create_folder = {create_folder} AND - is_create_file = {create_file} AND - is_create_link = {create_link} AND - is_create_page = {create_page} AND - is_delete = {delete} AND - is_release = {release} AND - is_publish = {publish} AND - is_grant = {grant} AND - is_transmit = {transmit} -SQL -); - - if ( intval($this->userid) > 0 ) - $stmt->setInt ('userid',$this->userid); - - if ( intval($this->groupid) > 0 ) - $stmt->setInt ('groupid',$this->groupid); - - if ( intval($this->languageid) > 0 ) - $stmt->setInt ('languageid',$this->languageid); - - $stmt->setInt('objectid',$this->objectid); - $stmt->setBoolean('write' ,$this->write ); - $stmt->setBoolean('prop' ,$this->prop ); - $stmt->setBoolean('create_folder',$this->create_folder ); - $stmt->setBoolean('create_file' ,$this->create_file ); - $stmt->setBoolean('create_link' ,$this->create_link ); - $stmt->setBoolean('create_page' ,$this->create_page ); - $stmt->setBoolean('delete' ,$this->delete ); - $stmt->setBoolean('release' ,$this->release ); - $stmt->setBoolean('publish' ,$this->publish ); - $stmt->setBoolean('grant' ,$this->grant ); - $stmt->setBoolean('transmit' ,$this->transmit ); - - - $aclid = intval($stmt->getOne()); - if ( $aclid > 0 ) - { - // Eine ACL existiert bereits, wir übernehmen diese ID - $this->aclid = $aclid; - return; - } - - - - - $stmt = Db::sql('SELECT MAX(id) FROM {{acl}}'); - $this->aclid = intval($stmt->getOne())+1; - - $stmt = Db::sql( <<<SQL - INSERT INTO {{acl}} - (id,userid,groupid,objectid,is_write,is_prop,is_create_folder,is_create_file,is_create_link,is_create_page,is_delete,is_release,is_publish,is_grant,is_transmit,languageid) - VALUES( {aclid},{userid},{groupid},{objectid},{write},{prop},{create_folder},{create_file},{create_link},{create_page},{delete},{release},{publish},{grant},{transmit},{languageid} ) -SQL -); - - $stmt->setInt('aclid' ,$this->aclid ); - - if ( intval($this->userid) == 0 ) - $stmt->setNull('userid'); - else - $stmt->setInt ('userid',$this->userid); - - if ( intval($this->groupid) == 0 ) - $stmt->setNull('groupid'); - else - $stmt->setInt ('groupid',$this->groupid); - - $stmt->setInt('objectid',$this->objectid); - $stmt->setBoolean('write' ,$this->write ); - $stmt->setBoolean('prop' ,$this->prop ); - $stmt->setBoolean('create_folder',$this->create_folder ); - $stmt->setBoolean('create_file' ,$this->create_file ); - $stmt->setBoolean('create_link' ,$this->create_link ); - $stmt->setBoolean('create_page' ,$this->create_page ); - $stmt->setBoolean('delete' ,$this->delete ); - $stmt->setBoolean('release' ,$this->release ); - $stmt->setBoolean('publish' ,$this->publish ); - $stmt->setBoolean('grant' ,$this->grant ); - $stmt->setBoolean('transmit' ,$this->transmit ); - - if ( intval($this->languageid) == 0 ) - $stmt->setNull('languageid'); - else - $stmt->setInt ('languageid',$this->languageid); - - $stmt->query(); - - - } - - /** - * Liefert das Projekt-Objekt. - * - * @return Project - * @throws \util\exception\ObjectNotFoundException - */ - public function getProject() { - return Project::create( $this->projectid ); - } - - - public function getName() - { - return ''; - } - - - public function getId() - { - return $this->aclid; - } - - -}- \ No newline at end of file diff --git a/modules/cms/model/BaseObject.class.php b/modules/cms/model/BaseObject.class.php @@ -289,10 +289,10 @@ SQL foreach($sql->getAll() as $row ) { - $acl = new Acl(); - $acl->setDatabaseRow( $row ); + $permission = new Permission(); + $permission->setDatabaseRow( $row ); - $this->aclMask |= $acl->getMask(); + $this->aclMask |= $permission->getMask(); } $guestMask = 0; @@ -300,10 +300,10 @@ SQL { case 'read': case 'readonly': - $guestMask = Acl::ACL_READ; + $guestMask = Permission::ACL_READ; break; case 'write': - $guestMask = Acl::ACL_READ + Acl::ACL_WRITE; + $guestMask = Permission::ACL_READ + Permission::ACL_WRITE; break; default: // nothing allowed for guests. @@ -315,18 +315,18 @@ SQL elseif ( $user->isAdmin ) { // Administratoren erhalten eine Maske mit allen Rechten - $this->aclMask = Acl::ACL_READ + - Acl::ACL_WRITE + - Acl::ACL_PROP + - Acl::ACL_DELETE + - Acl::ACL_RELEASE + - Acl::ACL_PUBLISH + - Acl::ACL_CREATE_FOLDER + - Acl::ACL_CREATE_FILE + - Acl::ACL_CREATE_LINK + - Acl::ACL_CREATE_PAGE + - Acl::ACL_GRANT + - Acl::ACL_TRANSMIT; + $this->aclMask = Permission::ACL_READ + + Permission::ACL_WRITE + + Permission::ACL_PROP + + Permission::ACL_DELETE + + Permission::ACL_RELEASE + + Permission::ACL_PUBLISH + + Permission::ACL_CREATE_FOLDER + + Permission::ACL_CREATE_FILE + + Permission::ACL_CREATE_LINK + + Permission::ACL_CREATE_PAGE + + Permission::ACL_GRANT + + Permission::ACL_TRANSMIT; } else { @@ -348,17 +348,17 @@ SQL foreach($sql->getAll() as $row ) { - $acl = new Acl(); - $acl->setDatabaseRow( $row ); + $permission = new Permission(); + $permission->setDatabaseRow( $row ); - $this->aclMask |= $acl->getMask(); + $this->aclMask |= $permission->getMask(); } } } if ( Startup::readonly() ) // System ist im Nur-Lese-Zustand - $this->aclMask = Acl::ACL_READ && $this->aclMask; + $this->aclMask = Permission::ACL_READ && $this->aclMask; // Ermittelte Maske auswerten return $this->aclMask & $type; @@ -1040,35 +1040,36 @@ SQL // Standard-Rechte fuer dieses neue Objekt setzen. // Der angemeldete Benutzer erhaelt alle Rechte auf // das neue Objekt. Legitim, denn er hat es ja angelegt. - $acl = new Acl(); - $acl->userid = $user->userid; - $acl->objectid = $this->objectid; + //FIXME we shoul delete this. + $permission = new Permission(); + $permission->userid = $user->userid; + $permission->objectid = $this->objectid; - $acl->read = true; - $acl->write = true; - $acl->prop = true; - $acl->delete = true; - $acl->grant = true; + $permission->read = true; + $permission->write = true; + $permission->prop = true; + $permission->delete = true; + $permission->grant = true; - $acl->create_file = true; - $acl->create_page = true; - $acl->create_folder = true; - $acl->create_link = true; + $permission->create_file = true; + $permission->create_page = true; + $permission->create_folder = true; + $permission->create_link = true; - $acl->persist(); + $permission->persist(); // Aus dem Eltern-Ordner vererbbare Berechtigungen uebernehmen. $parent = new BaseObject( $this->parentid ); foreach( $parent->getAllAclIds() as $aclid ) { - $acl = new Acl( $aclid ); - $acl->load(); + $permission = new Permission( $aclid ); + $permission->load(); - if ( $acl->transmit ) // ACL is vererbbar, also kopieren. + if ( $permission->transmit ) // ACL is vererbbar, also kopieren. { - $acl->aclid = null; - $acl->objectid = $this->objectid; - $acl->persist(); // ... und hinzufuegen. + $permission->aclid = null; + $permission->objectid = $this->objectid; + $permission->persist(); // ... und hinzufuegen. } } } @@ -1175,9 +1176,9 @@ SQL { foreach( $this->getAllAclIds() as $aclid ) { - $acl = new Acl( $aclid ); - $acl->load(); - $acl->delete(); + $permission = new Permission( $aclid ); + $permission->load(); + $permission->delete(); } } diff --git a/modules/cms/model/Group.class.php b/modules/cms/model/Group.class.php @@ -328,14 +328,14 @@ SQL foreach($sql->getAll() as $row ) { - $acl = new Acl(); - $acl->setDatabaseRow( $row ); - $acl->projectid = $row['projectid' ]; - if ( intval($acl->languageid) == 0 ) - $acl->languagename = \cms\base\Language::lang('ALL_LANGUAGES'); + $permission = new Permission(); + $permission->setDatabaseRow( $row ); + $permission->projectid = $row['projectid' ]; + if ( intval($permission->languageid) == 0 ) + $permission->languagename = \cms\base\Language::lang('ALL_LANGUAGES'); else - $acl->languagename = $row['languagename']; - $aclList[] = $acl; + $permission->languagename = $row['languagename']; + $aclList[] = $permission; } return $aclList; diff --git a/modules/cms/model/Permission.class.php b/modules/cms/model/Permission.class.php @@ -0,0 +1,537 @@ +<?php + +namespace cms\model; + +use cms\base\DB as Db; +/** + * <editor-fold defaultstate="collapsed" desc="license"> + * + * OpenRat Content Management System + * Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + * </editor-fold> + */ + + + + + + + +/** + * A Permssion. + * If there are more Permissions for an object, the flags are added. + * + * @author Jan Dankert + */ +class Permission extends ModelBase +{ + // Definition der Berechtigungs-Flags + const ACL_READ = 1; + const ACL_WRITE = 2; + const ACL_PROP = 4; + const ACL_DELETE = 8; + const ACL_RELEASE = 16; + const ACL_PUBLISH = 32; + const ACL_CREATE_FOLDER = 64; + const ACL_CREATE_FILE = 128; + const ACL_CREATE_LINK = 256; + const ACL_CREATE_PAGE = 512; + const ACL_GRANT = 1024; + const ACL_TRANSMIT = 2048; + + /** + * eindeutige ID dieser ACL + * @type Integer + */ + public $aclid; + + /** + * ID des Objektes, f?r das diese Berechtigung gilt + * @type Integer + */ + public $objectid = 0; + + /** + * ID des Benutzers + * ( = 0 falls die Berechtigung f?r eine Gruppe gilt) + * @type Integer + */ + public $userid = 0; + + /** + * ID der Gruppe + * ( = 0 falls die Berechtigung f?r einen Benutzer gilt) + * @type Integer + */ + public $groupid = 0; + + /** + * ID der Sprache + * @type Integer + */ + public $languageid = 0; + + /** + * Name der Sprache + * @type String + */ + public $languagename = ''; + + /** + * Es handelt sich um eine Standard-Berechtigung + * (Falls false, dann Zugriffs-Berechtigung) + * @type Boolean + */ + public $isDefault = false; + + /** + * Name des Benutzers, f?r den diese Berechtigung gilt + * @type String + */ + public $username = ''; + + /** + * Name der Gruppe, f?r die diese Berechtigung gilt + * @type String + */ + public $groupname = ''; + + /** + * Inhalt lesen (ist immer wahr) + * @type Boolean + */ + public $read = true; + + /** + * Inhalt bearbeiten + * @type Boolean + */ + public $write = false; + + /** + * Eigenschaften bearbeiten + * @type Boolean + */ + public $prop = false; + + /** + * Objekt l?schen + * @type Boolean + */ + public $delete = false; + + /** + * Objektinhalt freigeben + * @type Boolean + */ + public $release = false; + + /** + * Objekt ver?ffentlichen + * @type Boolean + */ + public $publish = false; + + /** + * Unterordner anlegen + * @type Boolean + */ + public $create_folder = false; + + /** + * Datei anlegen (bzw. hochladen) + * @type Boolean + */ + public $create_file = false; + + /** + * Verknuepfung anlegen + * @type Boolean + */ + public $create_link = false; + + /** + * Seite anlegen + * @type Boolean + */ + public $create_page = false; + + /** + * Berechtigungen vergeben + * @type Boolean + */ + public $grant = false; + + /** + * Berechtigungen an Unterobjekte vererben + * @type Boolean + */ + public $transmit = false; + + + public $projectid; + + + /** + * Konstruktor. + * + * @param Integer Acl-ID + */ + public function __construct( $aclid = 0 ) + { + if ( $aclid != 0 ) + $this->aclid = $aclid; + } + + + /** + * Laden einer ACL inklusive Benutzer-, Gruppen- und Sprachbezeichnungen. + * Zum einfachen Laden sollte #loadRaw() benutzt werden. + */ + public function load() + { + $sql = Db::sql( 'SELECT {{acl}}.*,{{user}}.name as username,{{group}}.name as groupname,{{language}}.name as languagename'. + ' FROM {{acl}} '. + ' LEFT JOIN {{user}} ON {{user}}.id = {{acl}}.userid '. + ' LEFT JOIN {{group}} ON {{group}}.id = {{acl}}.groupid '. + ' LEFT JOIN {{language}} ON {{language}}.id = {{acl}}.languageid '. + ' WHERE {{acl}}.id={aclid}' ); + + $sql->setInt('aclid',$this->aclid); + + $row = $sql->getRow(); + + $this->setDatabaseRow( $row ); + + if ( intval($this->languageid)==0 ) + $this->languagename = \cms\base\Language::lang('ALL_LANGUAGES'); + else $this->languagename = $row['languagename']; + $this->username = $row['username' ]; + $this->groupname = $row['groupname' ]; + } + + + /** + * Laden einer ACL (ohne verknuepfte Namen). + * Diese Methode ist schneller als #load(). + */ + public function loadRaw() + { + $sql = Db::sql( 'SELECT * '. + ' FROM {{acl}} '. + ' WHERE {{acl}}.id={aclid}' ); + + $sql->setInt('aclid',$this->aclid); + + $row = $sql->getRow(); + + $this->setDatabaseRow( $row ); + } + + + /** + * Setzt die Eigenschaften des Objektes mit einer Datenbank-Ergebniszeile. + * + * @param array row Ergebniszeile aus ACL-Datenbanktabelle + */ + public function setDatabaseRow( $row ) + { + $this->aclid = $row['id']; + + $this->write = ( $row['is_write' ] == '1' ); + $this->prop = ( $row['is_prop' ] == '1' ); + $this->delete = ( $row['is_delete' ] == '1' ); + $this->release = ( $row['is_release' ] == '1' ); + $this->publish = ( $row['is_publish' ] == '1' ); + $this->create_folder = ( $row['is_create_folder'] == '1' ); + $this->create_file = ( $row['is_create_file' ] == '1' ); + $this->create_page = ( $row['is_create_page' ] == '1' ); + $this->create_link = ( $row['is_create_link' ] == '1' ); + $this->grant = ( $row['is_grant' ] == '1' ); + $this->transmit = ( $row['is_transmit' ] == '1' ); + + $this->objectid = intval($row['objectid' ]); + $this->languageid = intval($row['languageid']); + $this->userid = intval($row['userid' ]); + $this->groupid = intval($row['groupid' ]); + } + + + /** + * Erzeugt eine Liste aller Berechtigungsbits dieser ACL. + * + * @return array (Schluessel=Berechtigungstyp, Wert=boolean) + */ + public function getProperties() + { + return Array( 'read' => true, + 'write' => $this->write, + 'prop' => $this->prop, + 'create_folder'=> $this->create_folder, + 'create_file' => $this->create_file, + 'create_link' => $this->create_link, + 'create_page' => $this->create_page, + 'delete' => $this->delete, + 'release' => $this->release, + 'publish' => $this->publish, + 'grant' => $this->grant, + 'transmit' => $this->transmit, + 'is_default' => $this->isDefault, + 'userid' => $this->userid, + 'username' => $this->username, + 'groupid' => $this->groupid, + 'groupname' => $this->groupname, + 'languageid' => $this->languageid, + 'languagename' => $this->languagename, + 'objectid' => $this->objectid ); + + } + + + /** + * Erzeugt eine Liste aller möglichen Berechtigungstypen. + * + * @return 0..n-Array + */ + public static function getAvailableRights() + { + return array( 'read', + 'write', + 'prop', + 'create_folder', + 'create_file', + 'create_link', + 'create_page', + 'delete', + 'release', + 'publish', + 'grant', + 'transmit' ); + + } + + + /** + * Erzeugt eine Bitmaske mit den Berechtigungen dieser ACL. + * + * @return Integer Bitmaske + */ + public function getMask() + { + // intval(boolean) erzeugt numerisch 0 oder 1 :) + $this->mask = self::ACL_READ; // immer lesen + $this->mask += self::ACL_WRITE *intval($this->write ); + $this->mask += self::ACL_PROP *intval($this->prop ); + $this->mask += self::ACL_DELETE *intval($this->delete ); + $this->mask += self::ACL_RELEASE *intval($this->release ); + $this->mask += self::ACL_PUBLISH *intval($this->publish ); + $this->mask += self::ACL_CREATE_FOLDER *intval($this->create_folder); + $this->mask += self::ACL_CREATE_FILE *intval($this->create_file ); + $this->mask += self::ACL_CREATE_LINK *intval($this->create_link ); + $this->mask += self::ACL_CREATE_PAGE *intval($this->create_page ); + $this->mask += self::ACL_GRANT *intval($this->grant ); + $this->mask += self::ACL_TRANSMIT *intval($this->transmit ); + + \logger\Logger::trace('mask of acl '.$this->aclid.': '.$this->mask ); + return $this->mask; + } + + + /** + * Erzeugt eine Liste aller gesetzten Berechtigungstypen. + * Beispiel: Array (0:'read',1:'write',2:'transmit') + * + * @return 0..n-Array + */ + public function getTrueProperties() + { + $erg = array('read'); + if ( $this->write ) $erg[] = 'write'; + if ( $this->prop ) $erg[] = 'prop'; + if ( $this->create_folder ) $erg[] = 'create_folder'; + if ( $this->create_file ) $erg[] = 'create_file'; + if ( $this->create_link ) $erg[] = 'create_link'; + if ( $this->create_page ) $erg[] = 'create_page'; + if ( $this->delete ) $erg[] = 'delete'; + if ( $this->release ) $erg[] = 'release'; + if ( $this->publish ) $erg[] = 'publish'; + if ( $this->grant ) $erg[] = 'grant'; + if ( $this->transmit ) $erg[] = 'transmit'; + + return $erg; + } + + + + /** + * ACL unwiderruflich loeschen. + */ + public function delete() + { + $sql = Db::sql( 'DELETE FROM {{acl}} '. + ' WHERE id = {aclid} '. + ' AND objectid= {objectid}' ); + + $sql->setInt('aclid' ,$this->aclid ); + $sql->setInt('objectid',$this->objectid); + + $sql->query(); + + $this->aclid = 0; + } + + + public function save() { + // TODO updating the ACL is not implemented. + } + + /** + * ACL der Datenbank hinzufügen. + */ + public function add() + { + if ( $this->delete ) + $this->prop = true; + + // Pruefen, ob die ACL schon existiert + $user_comp = intval($this->userid )>0?'={userid}':'IS NULL'; + $group_comp = intval($this->groupid )>0?'={groupid}':'IS NULL'; + $language_comp = intval($this->languageid)>0?'={languageid}':'IS NULL'; + + $stmt = Db::sql( <<<SQL + SELECT id FROM {{acl}} + WHERE userid $user_comp AND + groupid $group_comp AND + languageid $language_comp AND + objectid = {objectid} AND + is_write = {write} AND + is_prop = {prop} AND + is_create_folder = {create_folder} AND + is_create_file = {create_file} AND + is_create_link = {create_link} AND + is_create_page = {create_page} AND + is_delete = {delete} AND + is_release = {release} AND + is_publish = {publish} AND + is_grant = {grant} AND + is_transmit = {transmit} +SQL +); + + if ( intval($this->userid) > 0 ) + $stmt->setInt ('userid',$this->userid); + + if ( intval($this->groupid) > 0 ) + $stmt->setInt ('groupid',$this->groupid); + + if ( intval($this->languageid) > 0 ) + $stmt->setInt ('languageid',$this->languageid); + + $stmt->setInt('objectid',$this->objectid); + $stmt->setBoolean('write' ,$this->write ); + $stmt->setBoolean('prop' ,$this->prop ); + $stmt->setBoolean('create_folder',$this->create_folder ); + $stmt->setBoolean('create_file' ,$this->create_file ); + $stmt->setBoolean('create_link' ,$this->create_link ); + $stmt->setBoolean('create_page' ,$this->create_page ); + $stmt->setBoolean('delete' ,$this->delete ); + $stmt->setBoolean('release' ,$this->release ); + $stmt->setBoolean('publish' ,$this->publish ); + $stmt->setBoolean('grant' ,$this->grant ); + $stmt->setBoolean('transmit' ,$this->transmit ); + + + $aclid = intval($stmt->getOne()); + if ( $aclid > 0 ) + { + // Eine ACL existiert bereits, wir übernehmen diese ID + $this->aclid = $aclid; + return; + } + + + + + $stmt = Db::sql('SELECT MAX(id) FROM {{acl}}'); + $this->aclid = intval($stmt->getOne())+1; + + $stmt = Db::sql( <<<SQL + INSERT INTO {{acl}} + (id,userid,groupid,objectid,is_write,is_prop,is_create_folder,is_create_file,is_create_link,is_create_page,is_delete,is_release,is_publish,is_grant,is_transmit,languageid) + VALUES( {aclid},{userid},{groupid},{objectid},{write},{prop},{create_folder},{create_file},{create_link},{create_page},{delete},{release},{publish},{grant},{transmit},{languageid} ) +SQL +); + + $stmt->setInt('aclid' ,$this->aclid ); + + if ( intval($this->userid) == 0 ) + $stmt->setNull('userid'); + else + $stmt->setInt ('userid',$this->userid); + + if ( intval($this->groupid) == 0 ) + $stmt->setNull('groupid'); + else + $stmt->setInt ('groupid',$this->groupid); + + $stmt->setInt('objectid',$this->objectid); + $stmt->setBoolean('write' ,$this->write ); + $stmt->setBoolean('prop' ,$this->prop ); + $stmt->setBoolean('create_folder',$this->create_folder ); + $stmt->setBoolean('create_file' ,$this->create_file ); + $stmt->setBoolean('create_link' ,$this->create_link ); + $stmt->setBoolean('create_page' ,$this->create_page ); + $stmt->setBoolean('delete' ,$this->delete ); + $stmt->setBoolean('release' ,$this->release ); + $stmt->setBoolean('publish' ,$this->publish ); + $stmt->setBoolean('grant' ,$this->grant ); + $stmt->setBoolean('transmit' ,$this->transmit ); + + if ( intval($this->languageid) == 0 ) + $stmt->setNull('languageid'); + else + $stmt->setInt ('languageid',$this->languageid); + + $stmt->query(); + + + } + + /** + * Liefert das Projekt-Objekt. + * + * @return Project + * @throws \util\exception\ObjectNotFoundException + */ + public function getProject() { + return Project::create( $this->projectid ); + } + + + public function getName() + { + return ''; + } + + + public function getId() + { + return $this->aclid; + } + + +}+ \ No newline at end of file diff --git a/modules/cms/model/User.class.php b/modules/cms/model/User.class.php @@ -863,14 +863,14 @@ SQL foreach($sql->getAll() as $row ) { - $acl = new Acl(); - $acl->setDatabaseRow( $row ); - $acl->projectid = $row['projectid' ]; - if ( intval($acl->languageid) == 0 ) - $acl->languagename = Language::lang( Messages::ALL_LANGUAGES); + $permission = new Permission(); + $permission->setDatabaseRow( $row ); + $permission->projectid = $row['projectid' ]; + if ( intval($permission->languageid) == 0 ) + $permission->languagename = Language::lang( Messages::ALL_LANGUAGES); else - $acl->languagename = $row['languagename']; - $aclList[] = $acl; + $permission->languagename = $row['languagename']; + $aclList[] = $permission; } return $aclList; @@ -956,7 +956,7 @@ SQL */ public function hasRight( $objectid,$type ) { - if ( Startup::readonly() && ! $type & Acl::ACL_READ ) + if ( Startup::readonly() && ! $type & Permission::ACL_READ ) return false; // Nothing is writable in Readonly-Mode. if ( $this->isAdmin ) @@ -980,13 +980,13 @@ SQL $securityconfig = Configuration::subset('security'); if ( $securityconfig->is('readonly') ) - if ( $type & Acl::ACL_READ ) - $type = Acl::ACL_READ; + if ( $type & Permission::ACL_READ ) + $type = Permission::ACL_READ; else $type = 0; - if ( $type & Acl::ACL_PUBLISH && $securityconfig->is('nopublish') ) - $type -= Acl::ACL_PUBLISH; + if ( $type & Permission::ACL_PUBLISH && $securityconfig->is('nopublish') ) + $type -= Permission::ACL_PUBLISH; if ( !isset($this->rights[$objectid]) ) diff --git a/modules/util/Tree.class.php b/modules/util/Tree.class.php @@ -4,7 +4,7 @@ namespace util; use cms\action\RequestParams; use cms\base\Language as L; -use cms\model\Acl; +use cms\model\Permission; use cms\model\Alias; use cms\model\Element; use cms\model\File; @@ -125,7 +125,7 @@ class Tree $rootFolder->load(); // Berechtigt für das Projekt? - if ($rootFolder->hasRight(Acl::ACL_READ)) { + if ($rootFolder->hasRight(Permission::ACL_READ)) { $treeElement = new TreeElement(); $treeElement->internalId = $id; @@ -155,9 +155,9 @@ class Tree // Ermitteln, ob der Benutzer Projektadministrator ist // Projektadministratoren haben das Recht, im Root-Ordner die Eigenschaften zu aendern. - $userIsProjectAdmin = $folder->hasRight(Acl::ACL_PROP); + $userIsProjectAdmin = $folder->hasRight(Permission::ACL_PROP); - if ($folder->hasRight(Acl::ACL_READ)) { + if ($folder->hasRight(Permission::ACL_READ)) { $treeElement = new TreeElement(); $treeElement->id = $folder->objectid; // $treeElement->text = $folder->name; @@ -457,7 +457,7 @@ class Tree if ($o->isPage) { // Nur wenn die Seite beschreibbar ist, werden die // Elemente im Baum angezeigt - if ($o->hasRight(Acl::ACL_WRITE)) + if ($o->hasRight(Permission::ACL_WRITE)) $treeElement->type = 'pageelements'; } $this->addTreeElement($treeElement); @@ -485,7 +485,7 @@ class Tree if ($o->isPage) { // Nur wenn die Seite beschreibbar ist, werden die // Elemente im Baum angezeigt - if ($o->hasRight(Acl::ACL_WRITE)) + if ($o->hasRight(Permission::ACL_WRITE)) $treeElement->type = 'page'; } @@ -513,7 +513,7 @@ class Tree /** @var BaseObject $o */ foreach ($f->getObjects() as $o) { // Wenn keine Leseberechtigung - if (!$o->hasRight(Acl::ACL_READ)) + if (!$o->hasRight(Permission::ACL_READ)) continue; $treeElement = new TreeElement();