Source for file RolePermUser.php
Documentation is available at RolePermUser.php
* Lib for user administration, roles and permissions * This lib uses pear so the constructor requieres * Copyright (c) 2004 bitweaver.org * Copyright (c) 2003 tikwiki.org * Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al. * All Rights Reserved. See below for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See http://www.gnu.org/copyleft/lesser.html for details require_once( USERS_PKG_PATH. '/RoleUser.php' ); * Class that holds all information for a given user * @author spider <spider@steelsun.com> * @subpackage RolePermUser * RolePermUser Initialise class * @param numeric $pUserId User ID of the user we wish to load * @param numeric $pContentId Content ID of the user we wish to load if( empty( $this->mPerms ) ) { * assumeUser Assume the identity of anothre user - Only admins may do this * @param numeric $pUserId User ID of the user you want to hijack * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure // make double sure the current logged in user has permission, check for p_users_admin, not admin, as that is all you need for assuming another user. // this enables creating of a non technical site adminstrators role, eg customer support representatives. if( $gBitUser->hasPermission( 'p_users_admin' ) ) { $assumeUser->loadPermissions(); if( $assumeUser->isAdmin() ) { $this->mErrors['assume_user'] = tra( "User administrators cannot be assumed." ); $this->mDb->query( "UPDATE `". BIT_DB_PREFIX. "users_cnxn` SET `user_id`=?, `assume_user_id`=? WHERE `cookie`=?", array( $pUserId, $gBitUser->mUserId, $_COOKIE[$this->getSiteCookieName()] ) ); * @param boolean $pFull Load all permissions * @param string $pUserName User login name * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure function load( $pFull= FALSE, $pUserName= NULL ) { * sanitizeUserInfo Used to remove sensitive information from $this->mInfo when it is unneccessary (i.e. $gQueryUser) if( !empty( $this->mInfo )) { $unsanitary = array( 'provpass', 'hash', 'challenge', 'user_password' ); unset ( $this->mInfo[$key] ); * @param array $pParamHash * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure function store( &$pParamHash ) { // keep track of newUser before calling base class $this->mDb->StartTrans(); if( $gBitSystem->isFeatureActive( 'users_eponymous_roles' ) ) { // Create a role just for this user, for permissions assignment. 'name' => $pParamHash['user_store']['login'], 'desc' => "Personal role for ". ( !empty( $pParamHash['user_store']['real_name'] ) ? $pParamHash['user_store']['real_name'] : $pParamHash['user_store']['login'] ) // store any uploaded images, this can stuff mErrors, so we want to do this as the very last thing. $pParamHash['upload']['thumbnail'] = FALSE; // i don't think this does anything - perhaps replace it by setting thumbnail_sizes $this->mDb->CompleteTrans(); * roleExists work out if a given role exists * @param string $pRoleName * @param numeric $pUserId * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure function roleExists( $pRoleName, $pUserId = ROOT_USER_ID ) { static $sRoles = array(); if( !isset ( $sRoles[$pUserId][$pRoleName] ) ) { $bindVars = array( $pRoleName ); $whereSql = 'AND `user_id`=?'; SELECT ur.`role_name`, ur.`role_id`, ur.`user_id` FROM `". BIT_DB_PREFIX. "users_roles` ur WHERE `role_name`=? $whereSql"; if( $result = $this->mDb->getAssoc( $query, $bindVars ) ) { if( empty( $sRoles[$pUserId] ) ) { $sRoles[$pUserId] = array(); $sRoles[$pUserId][$pRoleName] = $result[$pRoleName]; $sRoles[$pUserId][$pRoleName]['role_id'] = NULL; return( $sRoles[$pUserId][$pRoleName]['role_id'] ); * removes user and associated private data * @return always FALSE??? function expunge( $pExpungeContent= NULL) { global $gBitSystem, $gBitUser; $this->mDb->StartTrans(); if( $this->mUserId == $gBitUser->mUserId ) { $this->mDb->RollbackTrans(); $gBitSystem->fatalError( tra( 'You cannot delete yourself' ) ); foreach( $userTables as $table ) { $query = "DELETE FROM `". BIT_DB_PREFIX. $table. "` WHERE `user_id` = ?"; $result = $this->mDb->query( $query, array( $this->mUserId ) ); if( parent::expunge( $pExpungeContent ) ) { $this->mDb->CompleteTrans(); $this->mDb->RollbackTrans(); $this->mDb->RollbackTrans(); $gBitSystem->fatalError( tra( 'The anonymous user cannot be deleted' ) ); // =-=-=-=-=-=-=-=-=-=-=-= Role Functions =-=-=-=-=-=-=-=-=-=-=-=-=-=-= * loadRoles load roles into $this->mRoles * @param boolean $pForceRefresh function loadRoles( $pForceRefresh = FALSE ) { * isInRole work out if a given user is assigned to a role * @param mixed $pRoleMixed Role ID or Role Name (deprecated) * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure if( empty( $this->mRoles ) ) { // Old style role name passed in deprecated( "Please use the Role ID instead of the Role name." ); $ret = isset ( $this->mRoles[$pRoleMixed] ); * getAllRoless Get a list of all Roles * @param array $pListHash List Hash if( empty( $pListHash['sort_mode'] ) || $pListHash['sort_mode'] == 'name_asc' ) { $pListHash['sort_mode'] = 'role_name_asc'; $sortMode = $this->mDb->convertSortmode( $pListHash['sort_mode'] ); if( !empty( $pListHash['find_roles'] ) ) { $mid = " AND UPPER(`role_name`) like ?"; $bindvars[] = "%". strtoupper( $pListHash['find_roles'] ). "%"; } elseif( !empty( $pListHash['find'] ) ) { $mid = " AND UPPER(`role_name`) like ?"; $bindvars[] = "%". strtoupper( $pListHash['find'] ). "%"; if( !empty( $pListHash['hide_root_roles'] )) { } elseif( !empty( $pListHash['only_root_roles'] )) { if( !empty( $pListHash['user_id'] ) ){ $mid .= ' AND `user_id` = ? '; $bindvars[] = $pListHash['user_id']; if( !empty( $pListHash['is_public'] ) ) { $mid .= ' AND `is_public` = ?'; $bindvars[] = $pListHash['is_public']; if( !empty( $pListHash['visible'] ) && !$this->isAdmin() ){ $mid .= ' AND `user_id` = ? OR `is_public` = ? '; $bindvars[] = $gBitUser->mUserId; SELECT `user_id`, `role_id`, `role_name` , `role_desc`, `role_home`, `is_default`, `is_public` if( $rs = $this->mDb->query( $query, $bindvars ) ) { while( $row = $rs->fetchRow() ) { $roleId = $row['role_id']; $pListHash['cant'] = $this->mDb->getOne( "SELECT COUNT(*) FROM `". BIT_DB_PREFIX. "users_roles` $mid", $bindvars ); * @param numeric $pUserId * @return array of roles a user belongs to if( empty( $pUserId ) ) { SELECT ur.`role_id` AS `hash_key`, ur.* FROM `". BIT_DB_PREFIX. "users_roles` ur ORDER BY ur.`role_name` ASC"; return $this->mDb->getAssoc( $sql, array( $pUserId )); * expungeRole remove a role * @param numeric $pRoleId * @return TRUE on success, FALSE on failure // we cannot remove the anonymous role $query = "DELETE FROM `". BIT_DB_PREFIX. "users_roles_map` WHERE `role_id` = ?"; $result = $this->mDb->query( $query, array( $pRoleId )); $query = "DELETE FROM `". BIT_DB_PREFIX. "users_role_permissions` WHERE `role_id` = ?"; $result = $this->mDb->query( $query, array( $pRoleId )); $query = "DELETE FROM `". BIT_DB_PREFIX. "users_roles` WHERE `role_id` = ?"; $result = $this->mDb->query( $query, array( $pRoleId )); * getDefaultRole get the default role of a given user * @param array $pRoleId pass in a Role ID to make conditional function * @return Default Role ID if one is set if( @BitBase::verifyId( $pRoleId )) { $whereSql = "AND `role_id`=? "; $bindvars = array( $pRoleId ); return( $this->mDb->getAssoc( "SELECT `role_id`, `role_name` FROM `". BIT_DB_PREFIX. "users_roles` WHERE `is_default` = 'y' $whereSql ", $bindvars ) ); * getRoleUsers Get a list of users who share a given role id * @return list of users who are in the role id if( @BitBase::verifyId( $pRoleId )) { SELECT uu.`user_id` AS hash_key, uu.`login`, uu.`real_name`, uu.`user_id` INNER JOIN `". BIT_DB_PREFIX. "users_roles_map` ur ON (uu.`user_id`=ur.`user_id`) $ret = $this->mDb->getAssoc( $query, array( $pRoleId )); * getHomeRole get the URL where a user of that role should be sent * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure if( @BitBase::verifyId( $pRoleId )) { $query = "SELECT `role_home` FROM `". BIT_DB_PREFIX. "users_roles` WHERE `role_id`=?"; $ret = $this->mDb->getOne( $query,array( $pRoleId ) ); * @return TRUE on success, FALSE on failure if( @BitBase::verifyId( $pUserId ) && @BitBase::verifyId( $pRoleId )) { $query = "UPDATE `". BIT_DB_PREFIX. "users_users` SET `default_role_id` = ? WHERE `user_id` = ?"; return $this->mDb->query( $query, array( $pRoleId, $pUserId )); * batchAssignUsersToRole assign all users to a given role if( @BitBase::verifyId( $pRoleId )) { $result = $this->mDb->getCol( "SELECT uu.`user_id` FROM `". BIT_DB_PREFIX. "users_users` uu" ); foreach( $result as $userId ) { * batchSetUserDefaultRole * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure if( @BitBase::verifyId( $pRoleId )) { * @return role information if( @BitBase::verifyId( $pRoleId )) { $sql = "SELECT * FROM `". BIT_DB_PREFIX. "users_roles` WHERE `role_id` = ?"; $ret = $this->mDb->getRow( $sql, array( $pRoleId )); 'sort_mode' => 'up.perm_name_asc', $sql = "SELECT COUNT(*) FROM `". BIT_DB_PREFIX. "users_roles_map` WHERE `role_id` = ?"; $ret['num_members'] = $this->mDb->getOne( $sql, array( $pRoleId )); * addUserToRole Adds user pUserId to role(s) pRoleMixed. * @param numeric $pUserId User ID * @param mixed $pRoleMixed A single role ID or an array of role IDs * @return Either an ADO RecordSet (success) or FALSE (failure). if( @BitBase::verifyId( $pUserId ) && !empty( $pRoleMixed )) { } elseif( @BitBase::verifyId($pRoleMixed) ) { $addRoles = array( $pRoleMixed ); $currentUserRoles = $this->getRoles( $pUserId ); foreach( $addRoles AS $roleId ) { if( $currentUserRoles ) { foreach( $currentUserRoles as $curRoleId => $curRoleInfo ) { if( $curRoleId == $roleId ) { $query = "INSERT INTO `". BIT_DB_PREFIX. "users_roles_map` (`user_id`,`role_id`) VALUES(?,?)"; $result = $this->mDb->query( $query, array( $pUserId, $roleId )); if( @BitBase::verifyId( $pUserId ) && @BitBase::verifyId( $pRoleId )) { $query = "DELETE FROM `". BIT_DB_PREFIX. "users_roles_map` WHERE `user_id` = ? AND `role_id` = ?"; $result = $this->mDb->query( $query, array( $pUserId, $pRoleId )); if( $pRoleId == key( $default )) { $query = "UPDATE `". BIT_DB_PREFIX. "users_users` SET `default_role_id` = NULL WHERE `user_id` = ?"; $this->mDb->query( $query, array( $pUserId )); * @param array $pParamHash * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure if( !empty($pParamHash['role_id'] )) { if( @$this->verifyId( $pParamHash['role_id'] )) { $pParamHash['role_store']['role_id'] = $pParamHash['role_id']; $this->mErrors['roles'] = 'Unknown Role'; if( !empty( $pParamHash["name"] )) { $pParamHash['role_store']['role_name'] = substr( $pParamHash["name"], 0, 30 ); if( !empty( $pParamHash["desc"] )) { $pParamHash['role_store']['role_desc'] = substr( $pParamHash["desc"], 0, 255 );; $pParamHash['role_store']['role_home'] = !empty( $pParamHash["home"] ) ? $pParamHash["home"] : ''; $pParamHash['role_store']['is_default'] = !empty( $pParamHash["is_default"] ) ? $pParamHash["is_default"] : NULL; $pParamHash['role_store']['user_id'] = @$this->verifyId( $pParamHash["user_id"] ) ? $pParamHash["user_id"] : $this->mUserId; $pParamHash['role_store']['is_public'] = !empty( $pParamHash['is_public'] ) ? $pParamHash['is_public'] : NULL; $pParamHash['role_store']['after_registration_page'] = !empty( $pParamHash['after_registration_page'] ) ? $pParamHash['after_registration_page'] : ''; * @param array $pParamHash * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure $this->mDb->StartTrans(); if( empty( $pParamHash['role_id'] ) ) { $pParamHash['role_id'] = $this->mDb->GenID( 'users_roles_id_seq' ); $pParamHash['role_store']['role_id'] = $pParamHash['role_id']; $result = $this->mDb->associateInsert( BIT_DB_PREFIX. 'users_roles', $pParamHash['role_store'] ); $sql = "SELECT COUNT(*) FROM `". BIT_DB_PREFIX. "users_roles` WHERE `role_id` = ?"; $roleExists = $this->mDb->getOne($sql, array($pParamHash['role_id'])); $result = $this->mDb->associateUpdate( BIT_DB_PREFIX. 'users_roles', $pParamHash['role_store'], array( "role_id" => $pParamHash['role_id'] ) ); // A role_id was specified but that role does not exist yet $pParamHash['role_store']['role_id'] = $pParamHash['role_id']; $result = $this->mDb->associateInsert(BIT_DB_PREFIX. 'users_roles', $pParamHash['role_store']); if( isset ( $_REQUEST['batch_set_default'] ) and $_REQUEST['batch_set_default'] == 'on' ) { $gBitUser->batchSetUserDefaultRole( $pParamHash['role_id'] ); $this->mDb->CompleteTrans(); * @return array of group data if( static::verifyId( $pRoleId ) ) { $ret = $gBitDb->getOne( "SELECT `role_name` FROM `". BIT_DB_PREFIX. "users_roles` WHERE `role_id`=?", array( $pRoleId ) ); * @return array of role data if( @$this->verifyId( $pRoleId ) && !empty( $pColumns ) ) { $col = '`'. $pColumns. '`'; INNER JOIN `". BIT_DB_PREFIX. "users_roles_map` urm ON (uu.`user_id`=urm.`user_id`) WHERE urm.`role_id` = ?"; $ret = $this->mDb->$exec( $query, array( $pRoleId )); // =-=-=-=-=-=-=-=-=-=-=-= PERMISSION FUNCTIONS =-=-=-=-=-=-=-=-=-=-=-=-=-=-= * @return TRUE on success, FALSE if no perms were loaded if( $this->isValid() && (empty( $this->mPerms ) || $pForceReload) ) { // the double up.`perm_name` is intentional - the first is for hash key, the second is for hash value SELECT up.`perm_name` AS `hash_key`, up.`perm_name`, up.`perm_desc`, up.`perm_level`, up.`package` INNER JOIN `". BIT_DB_PREFIX. "users_role_permissions` urp ON ( urp.`perm_name`=up.`perm_name` ) INNER JOIN `". BIT_DB_PREFIX. "users_roles` ur ON ( ur.`role_id`=urp.`role_id` ) LEFT OUTER JOIN `". BIT_DB_PREFIX. "users_roles_map` urm ON ( urm.`role_id`=urp.`role_id` AND urm.`user_id` = ? ) // Add in override permissions if( !empty( $this->mPermsOverride ) ) { foreach( $this->mPermsOverride as $key => $val ) { * @return array of permissions that have not been assigned to any role yet $query = "SELECT up.`perm_name` AS `hash_key`, up.* LEFT OUTER JOIN `". BIT_DB_PREFIX. "users_role_permissions` urp ON( up.`perm_name` = urp.`perm_name` ) WHERE urp.`role_id` IS NULL AND up.`perm_name` <> ? ORDER BY `package`, up.`perm_name` ASC"; return( $this->mDb->getAssoc( $query, array( '' ))); * @param array $pCheckTicket * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure // we can't use hasPermission here since it turn into an endless loop return( !empty( $this->mPerms['p_admin'] )); * hasPermission check to see if a user has a given permission * @param array $pPerm Perm name * @return TRUE if the user has a permission, FALSE if they don't $ret = isset ( $this->mPerms[$pPerm] ); * verifyPermission check if a user has a given permission and if not * it will display the error template and die() * @param $pPermission value of a given permission global $gBitSmarty, $gBitSystem, $ {$pPermission}; if( empty( $pPermission ) || $this->hasPermission( $pPermission ) ) { $gBitSystem->fatalPermission( $pPermission, $pMsg ); * @param array $pRoleId Role id, if unset, all roles are returned * @param string $pPackage permissions to give role, if unset, all permissions are returned * @param string $find search for a particular permission * @param array $pSortMode sort mode of return hash * @return TRUE on success, FALSE on failure $ret = $bindVars = array(); $whereSql = $selectSql = $fromSql = ''; if( !empty( $pParamHash['sort_mode'] )) { $sortMode = $this->mDb->convertSortmode( $pParamHash['sort_mode'] ); $sortMode = 'up.`package`, up.`perm_name` ASC'; if( !empty( $pParamHash['package'] )) { $whereSql = ' WHERE `package`= ? '; $bindVars[] = $pParamHash['package']; if( @BitBase::verifyId( $pParamHash['role_id'] )) { $selectSql = ', urp.`perm_value` AS `hasPerm` '; $fromSql = ' INNER JOIN `'. BIT_DB_PREFIX. 'users_role_permissions` urp ON ( urp.`perm_name`=up.`perm_name` ) '; $whereSql .= " AND urp.`role_id`=?"; $whereSql .= " WHERE urp.`role_id`=?"; $bindVars[] = $pParamHash['role_id']; if( !empty( $pParamHash['find'] )) { $whereSql .= " AND `perm_name` like ?"; $whereSql .= " WHERE `perm_name` like ?"; $bindVars[] = '%'. $pParamHash['find']. '%'; // the double up.`perm_name` is intentional - the first is for hash key, the second is for hash value SELECT up.`perm_name` AS `hash_key`, up.`perm_name`, up.`perm_desc`, up.`perm_level`, up.`package` $selectSql $perms = $this->mDb->getAssoc( $query, $bindVars ); // weed out permissions of inactive packages foreach( $perms as $key => $perm ) { if( $gBitSystem->isPackageActive( $perm['package'] )) { * assignLevelPermissions Assign the permissions of a given level to a given role * @param array $pRoleId Role we want to assign permissions to * @param array $pLevel permission level we wish to assign from * @param array $pPackage limit set of permissions to a given package if( @BitBase::verifyId( $pRoleId ) && !empty( $pLevel )) { $bindvars = array( $pLevel ); if( !empty( $pPackage ) ) { $whereSql = ' AND `package`=?'; $query = "SELECT `perm_name` FROM `". BIT_DB_PREFIX. "users_permissions` WHERE `perm_level` = ? $whereSql"; if( $result = $this->mDb->query( $query, $bindvars ) ) { while( $row = $result->fetchRow() ) { * getPermissionPackages Get a list of packages that have their own set of permissions * @return array of packages return( $this->mDb->getCol( "SELECT DISTINCT(`package`) FROM `". BIT_DB_PREFIX. "users_permissions` ORDER BY `package`" ) ); * @return TRUE on success if( @BitBase::verifyId( $pRoleId ) && !empty( $pPerm )) { $query = "DELETE FROM `". BIT_DB_PREFIX. "users_role_permissions` WHERE `role_id` = ? AND `perm_name` = ?"; $result = $this->mDb->query( $query, array( $pRoleId, $pPerm )); $query = "INSERT INTO `". BIT_DB_PREFIX. "users_role_permissions`(`role_id`, `perm_name`) VALUES(?, ?)"; $result = $this->mDb->query( $query, array( $pRoleId, $pPerm )); * removePermissionFromRole * @param string $pPerm Perm name * @param numeric $pRoleId Role ID * @return TRUE on success if( @BitBase::verifyId( $pRoleId ) && !empty( $pPerm )) { $query = "DELETE FROM `". BIT_DB_PREFIX. "users_role_permissions` WHERE `perm_name` = ? AND `role_id` = ?"; $result = $this->mDb->query($query, array($pPerm, $pRoleId)); * storeRegistrationChoice * @param mixed $pRoleMixed A single role ID or an array of role IDs * @param array $pValue Value you wish to store - use NULL to delete a value * @return ADO record set on success, FALSE on failure if( !empty( $pRoleMixed )) { $bindVars[] = $pRoleMixed; $query = "UPDATE `". BIT_DB_PREFIX. "users_roles` SET `is_public`= ? where `role_id` IN ($mid)"; return $this->mDb->query( $query, $bindVars ); * Grant a single permission to a given value $this->mPermsOverride[$pPerm] = TRUE; if( $pValue == 'y' || $pValue == TRUE ) { $this->mPermsOverride[$pPerm] = TRUE; unset ( $this->mPermsOverride[$pPerm] ); unset ( $this->mPerms[$pPerm] );/* vim: :set fdm=marker : */
|
