Acl.class.php (14935B)
1 <?php 2 3 namespace cms\model; 4 5 use cms\base\DB as Db;/** 6 * <editor-fold defaultstate="collapsed" desc="license"> 7 * 8 * OpenRat Content Management System 9 * Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 2 13 * of the License, or (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 23 * 24 * </editor-fold> 25 */ 26 27 28 29 30 31 32 33 /** 34 * Darstellen einer Berechtigung (ACL "Access Control List") 35 * Die Berechtigung zu einem Objekt wird mit einer Liste dieser Objekte dargestellt 36 * 37 * Falls es mehrere ACLs zu einem Objekt gibt, werden die Berechtigung-Flags addiert. 38 * 39 * @author Jan Dankert 40 */ 41 class Acl extends ModelBase 42 { 43 // Definition der Berechtigungs-Flags 44 const ACL_READ = 1; 45 const ACL_WRITE = 2; 46 const ACL_PROP = 4; 47 const ACL_DELETE = 8; 48 const ACL_RELEASE = 16; 49 const ACL_PUBLISH = 32; 50 const ACL_CREATE_FOLDER = 64; 51 const ACL_CREATE_FILE = 128; 52 const ACL_CREATE_LINK = 256; 53 const ACL_CREATE_PAGE = 512; 54 const ACL_GRANT = 1024; 55 const ACL_TRANSMIT = 2048; 56 57 /** 58 * eindeutige ID dieser ACL 59 * @type Integer 60 */ 61 public $aclid; 62 63 /** 64 * ID des Objektes, f?r das diese Berechtigung gilt 65 * @type Integer 66 */ 67 public $objectid = 0; 68 69 /** 70 * ID des Benutzers 71 * ( = 0 falls die Berechtigung f?r eine Gruppe gilt) 72 * @type Integer 73 */ 74 public $userid = 0; 75 76 /** 77 * ID der Gruppe 78 * ( = 0 falls die Berechtigung f?r einen Benutzer gilt) 79 * @type Integer 80 */ 81 public $groupid = 0; 82 83 /** 84 * ID der Sprache 85 * @type Integer 86 */ 87 public $languageid = 0; 88 89 /** 90 * Name der Sprache 91 * @type String 92 */ 93 public $languagename = ''; 94 95 /** 96 * Es handelt sich um eine Standard-Berechtigung 97 * (Falls false, dann Zugriffs-Berechtigung) 98 * @type Boolean 99 */ 100 public $isDefault = false; 101 102 /** 103 * Name des Benutzers, f?r den diese Berechtigung gilt 104 * @type String 105 */ 106 public $username = ''; 107 108 /** 109 * Name der Gruppe, f?r die diese Berechtigung gilt 110 * @type String 111 */ 112 public $groupname = ''; 113 114 /** 115 * Inhalt lesen (ist immer wahr) 116 * @type Boolean 117 */ 118 public $read = true; 119 120 /** 121 * Inhalt bearbeiten 122 * @type Boolean 123 */ 124 public $write = false; 125 126 /** 127 * Eigenschaften bearbeiten 128 * @type Boolean 129 */ 130 public $prop = false; 131 132 /** 133 * Objekt l?schen 134 * @type Boolean 135 */ 136 public $delete = false; 137 138 /** 139 * Objektinhalt freigeben 140 * @type Boolean 141 */ 142 public $release = false; 143 144 /** 145 * Objekt ver?ffentlichen 146 * @type Boolean 147 */ 148 public $publish = false; 149 150 /** 151 * Unterordner anlegen 152 * @type Boolean 153 */ 154 public $create_folder = false; 155 156 /** 157 * Datei anlegen (bzw. hochladen) 158 * @type Boolean 159 */ 160 public $create_file = false; 161 162 /** 163 * Verknuepfung anlegen 164 * @type Boolean 165 */ 166 public $create_link = false; 167 168 /** 169 * Seite anlegen 170 * @type Boolean 171 */ 172 public $create_page = false; 173 174 /** 175 * Berechtigungen vergeben 176 * @type Boolean 177 */ 178 public $grant = false; 179 180 /** 181 * Berechtigungen an Unterobjekte vererben 182 * @type Boolean 183 */ 184 public $transmit = false; 185 186 187 public $projectid; 188 189 190 /** 191 * Konstruktor. 192 * 193 * @param Integer Acl-ID 194 */ 195 public function __construct( $aclid = 0 ) 196 { 197 if ( $aclid != 0 ) 198 $this->aclid = $aclid; 199 } 200 201 202 /** 203 * Laden einer ACL inklusive Benutzer-, Gruppen- und Sprachbezeichnungen. 204 * Zum einfachen Laden sollte #loadRaw() benutzt werden. 205 */ 206 public function load() 207 { 208 $sql = Db::sql( 'SELECT {{acl}}.*,{{user}}.name as username,{{group}}.name as groupname,{{language}}.name as languagename'. 209 ' FROM {{acl}} '. 210 ' LEFT JOIN {{user}} ON {{user}}.id = {{acl}}.userid '. 211 ' LEFT JOIN {{group}} ON {{group}}.id = {{acl}}.groupid '. 212 ' LEFT JOIN {{language}} ON {{language}}.id = {{acl}}.languageid '. 213 ' WHERE {{acl}}.id={aclid}' ); 214 215 $sql->setInt('aclid',$this->aclid); 216 217 $row = $sql->getRow(); 218 219 $this->setDatabaseRow( $row ); 220 221 if ( intval($this->languageid)==0 ) 222 $this->languagename = \cms\base\Language::lang('ALL_LANGUAGES'); 223 else $this->languagename = $row['languagename']; 224 $this->username = $row['username' ]; 225 $this->groupname = $row['groupname' ]; 226 } 227 228 229 /** 230 * Laden einer ACL (ohne verknuepfte Namen). 231 * Diese Methode ist schneller als #load(). 232 */ 233 public function loadRaw() 234 { 235 $sql = Db::sql( 'SELECT * '. 236 ' FROM {{acl}} '. 237 ' WHERE {{acl}}.id={aclid}' ); 238 239 $sql->setInt('aclid',$this->aclid); 240 241 $row = $sql->getRow(); 242 243 $this->setDatabaseRow( $row ); 244 } 245 246 247 /** 248 * Setzt die Eigenschaften des Objektes mit einer Datenbank-Ergebniszeile. 249 * 250 * @param array row Ergebniszeile aus ACL-Datenbanktabelle 251 */ 252 public function setDatabaseRow( $row ) 253 { 254 $this->aclid = $row['id']; 255 256 $this->write = ( $row['is_write' ] == '1' ); 257 $this->prop = ( $row['is_prop' ] == '1' ); 258 $this->delete = ( $row['is_delete' ] == '1' ); 259 $this->release = ( $row['is_release' ] == '1' ); 260 $this->publish = ( $row['is_publish' ] == '1' ); 261 $this->create_folder = ( $row['is_create_folder'] == '1' ); 262 $this->create_file = ( $row['is_create_file' ] == '1' ); 263 $this->create_page = ( $row['is_create_page' ] == '1' ); 264 $this->create_link = ( $row['is_create_link' ] == '1' ); 265 $this->grant = ( $row['is_grant' ] == '1' ); 266 $this->transmit = ( $row['is_transmit' ] == '1' ); 267 268 $this->objectid = intval($row['objectid' ]); 269 $this->languageid = intval($row['languageid']); 270 $this->userid = intval($row['userid' ]); 271 $this->groupid = intval($row['groupid' ]); 272 } 273 274 275 /** 276 * Erzeugt eine Liste aller Berechtigungsbits dieser ACL. 277 * 278 * @return array (Schluessel=Berechtigungstyp, Wert=boolean) 279 */ 280 public function getProperties() 281 { 282 return Array( 'read' => true, 283 'write' => $this->write, 284 'prop' => $this->prop, 285 'create_folder'=> $this->create_folder, 286 'create_file' => $this->create_file, 287 'create_link' => $this->create_link, 288 'create_page' => $this->create_page, 289 'delete' => $this->delete, 290 'release' => $this->release, 291 'publish' => $this->publish, 292 'grant' => $this->grant, 293 'transmit' => $this->transmit, 294 'is_default' => $this->isDefault, 295 'userid' => $this->userid, 296 'username' => $this->username, 297 'groupid' => $this->groupid, 298 'groupname' => $this->groupname, 299 'languageid' => $this->languageid, 300 'languagename' => $this->languagename, 301 'objectid' => $this->objectid ); 302 303 } 304 305 306 /** 307 * Erzeugt eine Liste aller möglichen Berechtigungstypen. 308 * 309 * @return 0..n-Array 310 */ 311 public static function getAvailableRights() 312 { 313 return array( 'read', 314 'write', 315 'prop', 316 'create_folder', 317 'create_file', 318 'create_link', 319 'create_page', 320 'delete', 321 'release', 322 'publish', 323 'grant', 324 'transmit' ); 325 326 } 327 328 329 /** 330 * Erzeugt eine Bitmaske mit den Berechtigungen dieser ACL. 331 * 332 * @return Integer Bitmaske 333 */ 334 public function getMask() 335 { 336 // intval(boolean) erzeugt numerisch 0 oder 1 :) 337 $this->mask = self::ACL_READ; // immer lesen 338 $this->mask += self::ACL_WRITE *intval($this->write ); 339 $this->mask += self::ACL_PROP *intval($this->prop ); 340 $this->mask += self::ACL_DELETE *intval($this->delete ); 341 $this->mask += self::ACL_RELEASE *intval($this->release ); 342 $this->mask += self::ACL_PUBLISH *intval($this->publish ); 343 $this->mask += self::ACL_CREATE_FOLDER *intval($this->create_folder); 344 $this->mask += self::ACL_CREATE_FILE *intval($this->create_file ); 345 $this->mask += self::ACL_CREATE_LINK *intval($this->create_link ); 346 $this->mask += self::ACL_CREATE_PAGE *intval($this->create_page ); 347 $this->mask += self::ACL_GRANT *intval($this->grant ); 348 $this->mask += self::ACL_TRANSMIT *intval($this->transmit ); 349 350 \logger\Logger::trace('mask of acl '.$this->aclid.': '.$this->mask ); 351 return $this->mask; 352 } 353 354 355 /** 356 * Erzeugt eine Liste aller gesetzten Berechtigungstypen. 357 * Beispiel: Array (0:'read',1:'write',2:'transmit') 358 * 359 * @return 0..n-Array 360 */ 361 public function getTrueProperties() 362 { 363 $erg = array('read'); 364 if ( $this->write ) $erg[] = 'write'; 365 if ( $this->prop ) $erg[] = 'prop'; 366 if ( $this->create_folder ) $erg[] = 'create_folder'; 367 if ( $this->create_file ) $erg[] = 'create_file'; 368 if ( $this->create_link ) $erg[] = 'create_link'; 369 if ( $this->create_page ) $erg[] = 'create_page'; 370 if ( $this->delete ) $erg[] = 'delete'; 371 if ( $this->release ) $erg[] = 'release'; 372 if ( $this->publish ) $erg[] = 'publish'; 373 if ( $this->grant ) $erg[] = 'grant'; 374 if ( $this->transmit ) $erg[] = 'transmit'; 375 376 return $erg; 377 } 378 379 380 381 /** 382 * ACL unwiderruflich loeschen. 383 */ 384 public function delete() 385 { 386 $sql = Db::sql( 'DELETE FROM {{acl}} '. 387 ' WHERE id = {aclid} '. 388 ' AND objectid= {objectid}' ); 389 390 $sql->setInt('aclid' ,$this->aclid ); 391 $sql->setInt('objectid',$this->objectid); 392 393 $sql->query(); 394 395 $this->aclid = 0; 396 } 397 398 399 public function save() { 400 // TODO updating the ACL is not implemented. 401 } 402 403 /** 404 * ACL der Datenbank hinzufügen. 405 */ 406 public function add() 407 { 408 if ( $this->delete ) 409 $this->prop = true; 410 411 // Pruefen, ob die ACL schon existiert 412 $user_comp = intval($this->userid )>0?'={userid}':'IS NULL'; 413 $group_comp = intval($this->groupid )>0?'={groupid}':'IS NULL'; 414 $language_comp = intval($this->languageid)>0?'={languageid}':'IS NULL'; 415 416 $stmt = Db::sql( <<<SQL 417 SELECT id FROM {{acl}} 418 WHERE userid $user_comp AND 419 groupid $group_comp AND 420 languageid $language_comp AND 421 objectid = {objectid} AND 422 is_write = {write} AND 423 is_prop = {prop} AND 424 is_create_folder = {create_folder} AND 425 is_create_file = {create_file} AND 426 is_create_link = {create_link} AND 427 is_create_page = {create_page} AND 428 is_delete = {delete} AND 429 is_release = {release} AND 430 is_publish = {publish} AND 431 is_grant = {grant} AND 432 is_transmit = {transmit} 433 SQL 434 ); 435 436 if ( intval($this->userid) > 0 ) 437 $stmt->setInt ('userid',$this->userid); 438 439 if ( intval($this->groupid) > 0 ) 440 $stmt->setInt ('groupid',$this->groupid); 441 442 if ( intval($this->languageid) > 0 ) 443 $stmt->setInt ('languageid',$this->languageid); 444 445 $stmt->setInt('objectid',$this->objectid); 446 $stmt->setBoolean('write' ,$this->write ); 447 $stmt->setBoolean('prop' ,$this->prop ); 448 $stmt->setBoolean('create_folder',$this->create_folder ); 449 $stmt->setBoolean('create_file' ,$this->create_file ); 450 $stmt->setBoolean('create_link' ,$this->create_link ); 451 $stmt->setBoolean('create_page' ,$this->create_page ); 452 $stmt->setBoolean('delete' ,$this->delete ); 453 $stmt->setBoolean('release' ,$this->release ); 454 $stmt->setBoolean('publish' ,$this->publish ); 455 $stmt->setBoolean('grant' ,$this->grant ); 456 $stmt->setBoolean('transmit' ,$this->transmit ); 457 458 459 $aclid = intval($stmt->getOne()); 460 if ( $aclid > 0 ) 461 { 462 // Eine ACL existiert bereits, wir übernehmen diese ID 463 $this->aclid = $aclid; 464 return; 465 } 466 467 468 469 470 $stmt = Db::sql('SELECT MAX(id) FROM {{acl}}'); 471 $this->aclid = intval($stmt->getOne())+1; 472 473 $stmt = Db::sql( <<<SQL 474 INSERT INTO {{acl}} 475 (id,userid,groupid,objectid,is_write,is_prop,is_create_folder,is_create_file,is_create_link,is_create_page,is_delete,is_release,is_publish,is_grant,is_transmit,languageid) 476 VALUES( {aclid},{userid},{groupid},{objectid},{write},{prop},{create_folder},{create_file},{create_link},{create_page},{delete},{release},{publish},{grant},{transmit},{languageid} ) 477 SQL 478 ); 479 480 $stmt->setInt('aclid' ,$this->aclid ); 481 482 if ( intval($this->userid) == 0 ) 483 $stmt->setNull('userid'); 484 else 485 $stmt->setInt ('userid',$this->userid); 486 487 if ( intval($this->groupid) == 0 ) 488 $stmt->setNull('groupid'); 489 else 490 $stmt->setInt ('groupid',$this->groupid); 491 492 $stmt->setInt('objectid',$this->objectid); 493 $stmt->setBoolean('write' ,$this->write ); 494 $stmt->setBoolean('prop' ,$this->prop ); 495 $stmt->setBoolean('create_folder',$this->create_folder ); 496 $stmt->setBoolean('create_file' ,$this->create_file ); 497 $stmt->setBoolean('create_link' ,$this->create_link ); 498 $stmt->setBoolean('create_page' ,$this->create_page ); 499 $stmt->setBoolean('delete' ,$this->delete ); 500 $stmt->setBoolean('release' ,$this->release ); 501 $stmt->setBoolean('publish' ,$this->publish ); 502 $stmt->setBoolean('grant' ,$this->grant ); 503 $stmt->setBoolean('transmit' ,$this->transmit ); 504 505 if ( intval($this->languageid) == 0 ) 506 $stmt->setNull('languageid'); 507 else 508 $stmt->setInt ('languageid',$this->languageid); 509 510 $stmt->query(); 511 512 513 } 514 515 /** 516 * Liefert das Projekt-Objekt. 517 * 518 * @return Project 519 * @throws \util\exception\ObjectNotFoundException 520 */ 521 public function getProject() { 522 return Project::create( $this->projectid ); 523 } 524 525 526 public function getName() 527 { 528 return ''; 529 } 530 531 532 public function getId() 533 { 534 return $this->aclid; 535 } 536 537 538 }