Acl.class.php (14751B)
1 <?php 2 3 namespace cms\model; 4 5 /** 6 * <editor-fold defaultstate="collapsed" desc="license"> 7 * 8 * OpenRat Content Management System 9 * Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de 10 11 * This program is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU General Public License 13 * as published by the Free Software Foundation; either version 2 14 * of the License, or (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 24 * 25 * </editor-fold> 26 */ 27 28 29 30 31 32 33 34 /** 35 * Darstellen einer Berechtigung (ACL "Access Control List") 36 * Die Berechtigung zu einem Objekt wird mit einer Liste dieser Objekte dargestellt 37 * 38 * Falls es mehrere ACLs zu einem Objekt gibt, werden die Berechtigung-Flags addiert. 39 * 40 * @author Jan Dankert 41 */ 42 class Acl extends ModelBase 43 { 44 // Definition der Berechtigungs-Flags 45 const ACL_READ = 1; 46 const ACL_WRITE = 2; 47 const ACL_PROP = 4; 48 const ACL_DELETE = 8; 49 const ACL_RELEASE = 16; 50 const ACL_PUBLISH = 32; 51 const ACL_CREATE_FOLDER = 64; 52 const ACL_CREATE_FILE = 128; 53 const ACL_CREATE_LINK = 256; 54 const ACL_CREATE_PAGE = 512; 55 const ACL_GRANT = 1024; 56 const ACL_TRANSMIT = 2048; 57 58 /** 59 * eindeutige ID dieser ACL 60 * @type Integer 61 */ 62 public $aclid; 63 64 /** 65 * ID des Objektes, f?r das diese Berechtigung gilt 66 * @type Integer 67 */ 68 public $objectid = 0; 69 70 /** 71 * ID des Benutzers 72 * ( = 0 falls die Berechtigung f?r eine Gruppe gilt) 73 * @type Integer 74 */ 75 public $userid = 0; 76 77 /** 78 * ID der Gruppe 79 * ( = 0 falls die Berechtigung f?r einen Benutzer gilt) 80 * @type Integer 81 */ 82 public $groupid = 0; 83 84 /** 85 * ID der Sprache 86 * @type Integer 87 */ 88 public $languageid = 0; 89 90 /** 91 * Name der Sprache 92 * @type String 93 */ 94 public $languagename = ''; 95 96 /** 97 * Es handelt sich um eine Standard-Berechtigung 98 * (Falls false, dann Zugriffs-Berechtigung) 99 * @type Boolean 100 */ 101 public $isDefault = false; 102 103 /** 104 * Name des Benutzers, f?r den diese Berechtigung gilt 105 * @type String 106 */ 107 public $username = ''; 108 109 /** 110 * Name der Gruppe, f?r die diese Berechtigung gilt 111 * @type String 112 */ 113 public $groupname = ''; 114 115 /** 116 * Inhalt lesen (ist immer wahr) 117 * @type Boolean 118 */ 119 public $read = true; 120 121 /** 122 * Inhalt bearbeiten 123 * @type Boolean 124 */ 125 public $write = false; 126 127 /** 128 * Eigenschaften bearbeiten 129 * @type Boolean 130 */ 131 public $prop = false; 132 133 /** 134 * Objekt l?schen 135 * @type Boolean 136 */ 137 public $delete = false; 138 139 /** 140 * Objektinhalt freigeben 141 * @type Boolean 142 */ 143 public $release = false; 144 145 /** 146 * Objekt ver?ffentlichen 147 * @type Boolean 148 */ 149 public $publish = false; 150 151 /** 152 * Unterordner anlegen 153 * @type Boolean 154 */ 155 public $create_folder = false; 156 157 /** 158 * Datei anlegen (bzw. hochladen) 159 * @type Boolean 160 */ 161 public $create_file = false; 162 163 /** 164 * Verknuepfung anlegen 165 * @type Boolean 166 */ 167 public $create_link = false; 168 169 /** 170 * Seite anlegen 171 * @type Boolean 172 */ 173 public $create_page = false; 174 175 /** 176 * Berechtigungen vergeben 177 * @type Boolean 178 */ 179 public $grant = false; 180 181 /** 182 * Berechtigungen an Unterobjekte vererben 183 * @type Boolean 184 */ 185 public $transmit = false; 186 187 188 public $projectid; 189 190 191 /** 192 * Konstruktor. 193 * 194 * @param Integer Acl-ID 195 */ 196 public function __construct( $aclid = 0 ) 197 { 198 if ( $aclid != 0 ) 199 $this->aclid = $aclid; 200 } 201 202 203 /** 204 * Laden einer ACL inklusive Benutzer-, Gruppen- und Sprachbezeichnungen. 205 * Zum einfachen Laden sollte #loadRaw() benutzt werden. 206 */ 207 public function load() 208 { 209 $sql = db()->sql( 'SELECT {{acl}}.*,{{user}}.name as username,{{group}}.name as groupname,{{language}}.name as languagename'. 210 ' FROM {{acl}} '. 211 ' LEFT JOIN {{user}} ON {{user}}.id = {{acl}}.userid '. 212 ' LEFT JOIN {{group}} ON {{group}}.id = {{acl}}.groupid '. 213 ' LEFT JOIN {{language}} ON {{language}}.id = {{acl}}.languageid '. 214 ' WHERE {{acl}}.id={aclid}' ); 215 216 $sql->setInt('aclid',$this->aclid); 217 218 $row = $sql->getRow(); 219 220 $this->setDatabaseRow( $row ); 221 222 if ( intval($this->languageid)==0 ) 223 $this->languagename = lang('GLOBAL_ALL_LANGUAGES'); 224 else $this->languagename = $row['languagename']; 225 $this->username = $row['username' ]; 226 $this->groupname = $row['groupname' ]; 227 } 228 229 230 /** 231 * Laden einer ACL (ohne verknuepfte Namen). 232 * Diese Methode ist schneller als #load(). 233 */ 234 public function loadRaw() 235 { 236 $sql = db()->sql( 'SELECT * '. 237 ' FROM {{acl}} '. 238 ' WHERE {{acl}}.id={aclid}' ); 239 240 $sql->setInt('aclid',$this->aclid); 241 242 $row = $sql->getRow(); 243 244 $this->setDatabaseRow( $row ); 245 } 246 247 248 /** 249 * Setzt die Eigenschaften des Objektes mit einer Datenbank-Ergebniszeile. 250 * 251 * @param row Ergebniszeile aus ACL-Datenbanktabelle 252 */ 253 public function setDatabaseRow( $row ) 254 { 255 $this->aclid = $row['id']; 256 257 $this->write = ( $row['is_write' ] == '1' ); 258 $this->prop = ( $row['is_prop' ] == '1' ); 259 $this->delete = ( $row['is_delete' ] == '1' ); 260 $this->release = ( $row['is_release' ] == '1' ); 261 $this->publish = ( $row['is_publish' ] == '1' ); 262 $this->create_folder = ( $row['is_create_folder'] == '1' ); 263 $this->create_file = ( $row['is_create_file' ] == '1' ); 264 $this->create_page = ( $row['is_create_page' ] == '1' ); 265 $this->create_link = ( $row['is_create_link' ] == '1' ); 266 $this->grant = ( $row['is_grant' ] == '1' ); 267 $this->transmit = ( $row['is_transmit' ] == '1' ); 268 269 $this->objectid = intval($row['objectid' ]); 270 $this->languageid = intval($row['languageid']); 271 $this->userid = intval($row['userid' ]); 272 $this->groupid = intval($row['groupid' ]); 273 } 274 275 276 /** 277 * Erzeugt eine Liste aller Berechtigungsbits dieser ACL. 278 * 279 * @return Array (Schluessel=Berechtigungstyp, Wert=boolean) 280 */ 281 public function getProperties() 282 { 283 return Array( 'read' => true, 284 'write' => $this->write, 285 'prop' => $this->prop, 286 'create_folder'=> $this->create_folder, 287 'create_file' => $this->create_file, 288 'create_link' => $this->create_link, 289 'create_page' => $this->create_page, 290 'delete' => $this->delete, 291 'release' => $this->release, 292 'publish' => $this->publish, 293 'grant' => $this->grant, 294 'transmit' => $this->transmit, 295 'is_default' => $this->isDefault, 296 'userid' => $this->userid, 297 'username' => $this->username, 298 'groupid' => $this->groupid, 299 'groupname' => $this->groupname, 300 'languageid' => $this->languageid, 301 'languagename' => $this->languagename, 302 'objectid' => $this->objectid ); 303 304 } 305 306 307 /** 308 * Erzeugt eine Liste aller möglichen Berechtigungstypen. 309 * 310 * @return 0..n-Array 311 */ 312 public static function getAvailableRights() 313 { 314 return array( 'read', 315 'write', 316 'prop', 317 'create_folder', 318 'create_file', 319 'create_link', 320 'create_page', 321 'delete', 322 'release', 323 'publish', 324 'grant', 325 'transmit' ); 326 327 } 328 329 330 /** 331 * Erzeugt eine Bitmaske mit den Berechtigungen dieser ACL. 332 * 333 * @return Integer Bitmaske 334 */ 335 public function getMask() 336 { 337 // intval(boolean) erzeugt numerisch 0 oder 1 :) 338 $this->mask = self::ACL_READ; // immer lesen 339 $this->mask += self::ACL_WRITE *intval($this->write ); 340 $this->mask += self::ACL_PROP *intval($this->prop ); 341 $this->mask += self::ACL_DELETE *intval($this->delete ); 342 $this->mask += self::ACL_RELEASE *intval($this->release ); 343 $this->mask += self::ACL_PUBLISH *intval($this->publish ); 344 $this->mask += self::ACL_CREATE_FOLDER *intval($this->create_folder); 345 $this->mask += self::ACL_CREATE_FILE *intval($this->create_file ); 346 $this->mask += self::ACL_CREATE_LINK *intval($this->create_link ); 347 $this->mask += self::ACL_CREATE_PAGE *intval($this->create_page ); 348 $this->mask += self::ACL_GRANT *intval($this->grant ); 349 $this->mask += self::ACL_TRANSMIT *intval($this->transmit ); 350 351 \Logger::trace('mask of acl '.$this->aclid.': '.$this->mask ); 352 return $this->mask; 353 } 354 355 356 /** 357 * Erzeugt eine Liste aller gesetzten Berechtigungstypen. 358 * Beispiel: Array (0:'read',1:'write',2:'transmit') 359 * 360 * @return 0..n-Array 361 */ 362 public function getTrueProperties() 363 { 364 $erg = array('read'); 365 if ( $this->write ) $erg[] = 'write'; 366 if ( $this->prop ) $erg[] = 'prop'; 367 if ( $this->create_folder ) $erg[] = 'create_folder'; 368 if ( $this->create_file ) $erg[] = 'create_file'; 369 if ( $this->create_link ) $erg[] = 'create_link'; 370 if ( $this->create_page ) $erg[] = 'create_page'; 371 if ( $this->delete ) $erg[] = 'delete'; 372 if ( $this->release ) $erg[] = 'release'; 373 if ( $this->publish ) $erg[] = 'publish'; 374 if ( $this->grant ) $erg[] = 'grant'; 375 if ( $this->transmit ) $erg[] = 'transmit'; 376 377 return $erg; 378 } 379 380 381 382 /** 383 * ACL unwiderruflich loeschen. 384 */ 385 public function delete() 386 { 387 $sql = db()->sql( 'DELETE FROM {{acl}} '. 388 ' WHERE id = {aclid} '. 389 ' AND objectid= {objectid}' ); 390 391 $sql->setInt('aclid' ,$this->aclid ); 392 $sql->setInt('objectid',$this->objectid); 393 394 $sql->query(); 395 396 $this->aclid = 0; 397 } 398 399 400 /** 401 * ACL der Datenbank hinzufügen. 402 */ 403 public function add() 404 { 405 if ( $this->delete ) 406 $this->prop = true; 407 408 // Pruefen, ob die ACL schon existiert 409 $user_comp = intval($this->userid )>0?'={userid}':'IS NULL'; 410 $group_comp = intval($this->groupid )>0?'={groupid}':'IS NULL'; 411 $language_comp = intval($this->languageid)>0?'={languageid}':'IS NULL'; 412 413 $stmt = db()->sql( <<<SQL 414 SELECT id FROM {{acl}} 415 WHERE userid $user_comp AND 416 groupid $group_comp AND 417 languageid $language_comp AND 418 objectid = {objectid} AND 419 is_write = {write} AND 420 is_prop = {prop} AND 421 is_create_folder = {create_folder} AND 422 is_create_file = {create_file} AND 423 is_create_link = {create_link} AND 424 is_create_page = {create_page} AND 425 is_delete = {delete} AND 426 is_release = {release} AND 427 is_publish = {publish} AND 428 is_grant = {grant} AND 429 is_transmit = {transmit} 430 SQL 431 ); 432 433 if ( intval($this->userid) > 0 ) 434 $stmt->setInt ('userid',$this->userid); 435 436 if ( intval($this->groupid) > 0 ) 437 $stmt->setInt ('groupid',$this->groupid); 438 439 if ( intval($this->languageid) > 0 ) 440 $stmt->setInt ('languageid',$this->languageid); 441 442 $stmt->setInt('objectid',$this->objectid); 443 $stmt->setBoolean('write' ,$this->write ); 444 $stmt->setBoolean('prop' ,$this->prop ); 445 $stmt->setBoolean('create_folder',$this->create_folder ); 446 $stmt->setBoolean('create_file' ,$this->create_file ); 447 $stmt->setBoolean('create_link' ,$this->create_link ); 448 $stmt->setBoolean('create_page' ,$this->create_page ); 449 $stmt->setBoolean('delete' ,$this->delete ); 450 $stmt->setBoolean('release' ,$this->release ); 451 $stmt->setBoolean('publish' ,$this->publish ); 452 $stmt->setBoolean('grant' ,$this->grant ); 453 $stmt->setBoolean('transmit' ,$this->transmit ); 454 455 456 $aclid = intval($stmt->getOne()); 457 if ( $aclid > 0 ) 458 { 459 // Eine ACL existiert bereits, wir übernehmen diese ID 460 $this->aclid = $aclid; 461 return; 462 } 463 464 465 466 467 $stmt = db()->sql('SELECT MAX(id) FROM {{acl}}'); 468 $this->aclid = intval($stmt->getOne())+1; 469 470 $stmt = db()->sql( <<<SQL 471 INSERT INTO {{acl}} 472 (id,userid,groupid,objectid,is_write,is_prop,is_create_folder,is_create_file,is_create_link,is_create_page,is_delete,is_release,is_publish,is_grant,is_transmit,languageid) 473 VALUES( {aclid},{userid},{groupid},{objectid},{write},{prop},{create_folder},{create_file},{create_link},{create_page},{delete},{release},{publish},{grant},{transmit},{languageid} ) 474 SQL 475 ); 476 477 $stmt->setInt('aclid' ,$this->aclid ); 478 479 if ( intval($this->userid) == 0 ) 480 $stmt->setNull('userid'); 481 else 482 $stmt->setInt ('userid',$this->userid); 483 484 if ( intval($this->groupid) == 0 ) 485 $stmt->setNull('groupid'); 486 else 487 $stmt->setInt ('groupid',$this->groupid); 488 489 $stmt->setInt('objectid',$this->objectid); 490 $stmt->setBoolean('write' ,$this->write ); 491 $stmt->setBoolean('prop' ,$this->prop ); 492 $stmt->setBoolean('create_folder',$this->create_folder ); 493 $stmt->setBoolean('create_file' ,$this->create_file ); 494 $stmt->setBoolean('create_link' ,$this->create_link ); 495 $stmt->setBoolean('create_page' ,$this->create_page ); 496 $stmt->setBoolean('delete' ,$this->delete ); 497 $stmt->setBoolean('release' ,$this->release ); 498 $stmt->setBoolean('publish' ,$this->publish ); 499 $stmt->setBoolean('grant' ,$this->grant ); 500 $stmt->setBoolean('transmit' ,$this->transmit ); 501 502 if ( intval($this->languageid) == 0 ) 503 $stmt->setNull('languageid'); 504 else 505 $stmt->setInt ('languageid',$this->languageid); 506 507 $stmt->query(); 508 509 510 } 511 512 /** 513 * Liefert das Projekt-Objekt. 514 * 515 * @return Project 516 * @throws \ObjectNotFoundException 517 */ 518 public function getProject() { 519 return Project::create( $this->projectid ); 520 } 521 522 523 public function getName() 524 { 525 return ''; 526 } 527 528 }