 |
Xataface 2.0
Xataface Application Framework
|
Dataface/PermissionsTool.php
Go to the documentation of this file.
00001 <?php 00002 /*------------------------------------------------------------------------------- 00003 * Xataface Web Application Framework 00004 * Copyright (C) 2005-2008 Web Lite Solutions Corp (shannah@sfu.ca) 00005 * 00006 * This program is free software; you can redistribute it and/or 00007 * modify it under the terms of the GNU General Public License 00008 * as published by the Free Software Foundation; either version 2 00009 * of the License, or (at your option) any later version. 00010 * 00011 * This program is distributed in the hope that it will be useful, 00012 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00013 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00014 * GNU General Public License for more details. 00015 * 00016 * You should have received a copy of the GNU General Public License 00017 * along with this program; if not, write to the Free Software 00018 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 00019 *------------------------------------------------------------------------------- 00020 */ 00021 00025 class Dataface_PermissionsTool { 00026 00031 public static function &getInstance(){ 00032 00033 static $instance = null; 00034 if ( $instance === null ){ 00035 $instance = new Dataface_PermissionsTool_Instance(); 00036 } 00037 return $instance; 00038 } 00039 00040 public static function setDelegate($del){ 00041 return self::getInstance()->setDelegate($del); 00042 } 00043 00044 public static function &getContext(){ return self::getInstance()->getContext(); } 00045 public static function setContext($context){ 00046 return self::getInstance()->setContext($context); 00047 } 00048 00049 public static function clearContext(){ 00050 self::getInstance()->clearContext(); 00051 } 00052 00053 public static function &PUBLIC_CONTEXT(){ 00054 return self::getInstance()->PUBLIC_CONTEXT(); 00055 } 00056 00062 public static function addPermissions($conf){ 00063 return self::getInstance()->addPermissions($conf); 00064 } 00065 00066 00067 00073 public static function getPermissions(&$obj, $params=array()){ 00074 return self::getInstance()->getPermissions($obj, $params); 00075 } 00076 00077 public static function filterPermissions(&$obj, &$perms){ 00078 return self::getInstance()->filterPermissions($obj, $perms); 00079 } 00080 00087 public static function checkPermission($permissionName, $perms, $params=array()){ 00088 return self::getInstance()->checkPermission($permissionName, $perms, $params); 00089 } 00090 00098 public static function view(&$perms, $params=array()){ 00099 return self::getInstance()->view($perms, $params); 00100 00101 } 00102 00110 public static function edit(&$perms, $params=array()){ 00111 return self::getInstance()->edit($perms, $params); 00112 00113 } 00114 00122 public static function delete(&$perms, $params=array()){ 00123 return self::getInstance()->delete($perms, $params); 00124 } 00125 00126 public static function MASK(){ 00127 return self::getInstance()->MASK(); 00128 00129 } 00130 00131 public static function _zero(){ 00132 return self::getInstance()->_zero(); 00133 } 00134 00135 public static function _one(){ 00136 return self::getInstance()->_one(); 00137 } 00138 00142 public static function NO_ACCESS(){ 00143 return self::getInstance()->NO_ACCESS(); 00144 } 00145 00151 public static function READ_ONLY(){ 00152 return self::getInstance()->READ_ONLY(); 00153 } 00154 00160 public static function ALL(){ 00161 return self::getInstance()->ALL(); 00162 } 00163 00169 public static function &READ_EDIT(){ 00170 return self::getInstance()->READ_EDIT(); 00171 } 00172 00173 00191 public static function &getRolePermissions($roleName){ 00192 return self::getInstance()->getRolePermissions($roleName); 00193 00194 00195 } 00196 00197 public static function roleExists($roleName){ 00198 return self::getInstance()->roleExists($roleName); 00199 } 00200 00201 00205 public static function namesAsArray($permissions){ 00206 return self::getInstance()->namesAsArray($permissions); 00207 } 00208 00209 00214 public static function namesAsString($permissions){ 00215 return self::getInstance()->namesAsString($permissions); 00216 } 00217 00218 public static function cachePermissions(&$record, $params, $perms){ 00219 return self::getInstance()->cachePermissions($record, $params, $perms); 00220 00221 } 00222 00223 public static function getCachedPermissions(&$record, $params){ 00224 return self::getInstance()->getCachedPermissions($record, $params); 00225 } 00226 00227 00228 00229 00230 00231 } 00232 00233 00234 class Dataface_PermissionsTool_PublicSecurityContext { 00235 function getPermissions(&$record){ 00236 return Dataface_PermissionsTool::ALL(); 00237 } 00238 } 00239 00240 00241 00242 00243 class Dataface_PermissionsTool_Instance { 00244 00245 00246 var $_cache = array(); 00251 var $rolePermissions = array(); 00252 00256 var $permissions = array(); 00257 00258 var $context = null; 00259 00260 00261 var $delegate = null; 00262 00263 function __construct($conf = null){ 00264 00265 if ( $conf === null ){ 00266 import('Dataface/ConfigTool.php'); 00267 $configTool =& Dataface_ConfigTool::getInstance(); 00268 $conf = $configTool->loadConfig('permissions'); 00269 00270 } 00271 00272 $this->addPermissions($conf); 00273 //print_r($this->permissions); 00274 } 00275 00276 function setDelegate($del){ 00277 $this->delegate = $del; 00278 } 00279 00280 function &getContext(){ return $this->context; } 00281 function setContext($context){ 00282 if ( isset($this->context) ) unset($this->context); 00283 $this->context =& $context; 00284 } 00285 00286 function clearContext(){ 00287 $this->context = null; 00288 } 00289 00290 function &PUBLIC_CONTEXT(){ 00291 static $pcontext = 0; 00292 if ( !is_object($pcontext) ){ 00293 $pcontext = new Dataface_PermissionsTool_PublicSecurityContext(); 00294 } 00295 return $pcontext; 00296 } 00297 00303 function addPermissions($conf){ 00304 $this->_cache = array(); 00305 foreach ( array_keys($conf) as $key ){ 00306 // iterate through the config options 00307 if ( is_array($conf[$key]) ){ 00308 //$out =& $conf[$key]; 00309 /* 00310 foreach ($out as $okey=>$oval){ 00311 $out[$okey] = intval(trim($oval)); 00312 } 00313 */ 00314 $this->rolePermissions[$key] =& $conf[$key];//$out; 00315 //unset($out); 00316 00317 00318 00319 } else { 00320 $this->permissions[$key] = $conf[$key]; 00321 } 00322 } 00323 } 00324 00325 00326 00332 function getPermissions(&$obj, $params=array()){ 00333 $me =& $this; 00334 if ( isset($me->context) ){ 00335 return $me->context->getPermissions($obj, $params); 00336 } 00337 if ( 00338 is_a($obj, 'Dataface_Table') or 00339 is_a($obj, 'Dataface_Record') or 00340 is_a($obj, 'Dataface_RelatedRecord') or 00341 is_a($obj, 'Dataface_Relationship') ){ 00342 //echo "Getting permissions: "; print_r($params); 00343 $perms = $obj->getPermissions($params); 00344 $me->filterPermissions($obj, $perms); 00345 return $perms; 00346 } 00347 throw new Exception( 00348 df_translate( 00349 'scripts.Dataface.PermissionsTool.getPermissions.ERROR_PARAMETER_1', 00350 'In Dataface_PermissionsTool, expected first argument to be Dataface_Table, Dataface_Record, or Dataface_Relationship, but received '.get_class($obj)."\n<br>", 00351 array('class'=>get_class($obj)) 00352 ),E_USER_ERROR); 00353 } 00354 00355 function filterPermissions(&$obj, &$perms){ 00356 if ( isset($this->delegate) and method_exists($this->delegate, 'filterPermissions') ) $this->delegate->filterPermissions($obj, $perms); 00357 } 00358 00365 function checkPermission($permissionName, $perms, $params=array()){ 00366 $me =& $this; 00367 00368 00369 if ( is_array($perms) ){ 00370 00371 return (isset( $perms[$permissionName]) and $perms[$permissionName]); 00372 } 00373 00374 if ( PEAR::isError($perms) ){ 00375 throw new Exception($perms->toString(), E_USER_ERROR); 00376 } 00377 00378 if ( !is_object($perms) ){ 00379 return array(); 00380 00381 } 00382 00383 // If we are this far, then $perms must be an object.. so we must get the object's 00384 // permissions array and recall this method on it. 00385 return $me->checkPermission($permissionName, $me->getPermissions($perms, $params) ); 00386 } 00387 00395 function view(&$perms, $params=array()){ 00396 $me =& $this; 00397 return $me->checkPermission('view', $perms, $params); 00398 00399 } 00400 00408 function edit(&$perms, $params=array()){ 00409 $me =& $this; 00410 return $me->checkPermission('edit', $perms, $params); 00411 00412 } 00413 00421 function delete(&$perms, $params=array()){ 00422 $me =& $this; 00423 00424 return $me->checkPermission('delete',$perms,$params); 00425 } 00426 00427 function MASK(){ 00428 $me =& $this; 00429 if ( isset($me->_cache['mask'] ) ) return $me->_cache['mask']; 00430 else { 00431 00432 //$perms = array_flip($me->permissions); 00433 //$perms = array_map(array(&$me, '_zero'), $me->permissions); 00434 $perms = $me->permissions; 00435 foreach (array_keys($perms) as $key){ 00436 $perms[$key] = 0; 00437 } 00438 $me->_cache['mask'] = $perms; 00439 return $perms; 00440 } 00441 00442 } 00443 00444 function _zero(){ 00445 return 0; 00446 } 00447 00448 function _one(){ 00449 return 1; 00450 } 00451 00455 function NO_ACCESS(){ 00456 static $no_access = 0; 00457 if ( $no_access === 0 ){ 00458 $no_access = Dataface_PermissionsTool::MASK(); 00459 } 00460 return $no_access; 00461 } 00462 00468 function READ_ONLY(){ 00469 $me =& $this; 00470 if ( isset($me->_cache['read_only']) ) return $me->_cache['read_only']; 00471 00472 00473 $read_only = /*array_merge($me->MASK(),*/ $me->getRolePermissions('READ ONLY')/*)*/; 00474 $read_only = array_map('intval', $read_only); 00475 $me->_cache['read_only'] = $read_only; 00476 00477 return $read_only; 00478 } 00479 00485 function ALL(){ 00486 $me =& $this; 00487 if ( isset($me->_cache['all']) ) return $me->_cache['all']; 00488 $perms = array(); 00489 foreach ( array_keys($me->permissions) as $key){ 00490 $perms[$key] = 1; 00491 } 00492 $me->_cache['all'] = $perms; 00493 return $perms; 00494 } 00495 00501 function &READ_EDIT(){ 00502 $me =& $this; 00503 if ( isset($me->_cache['read_edit']) ) return $me->_cache['read_edit']; 00504 $read_and_edit = /*array_merge($me->MASK(),*/ $me->getRolePermissions('EDIT')/*)*/; 00505 $read_and_edit = array_map('intval', $read_and_edit); 00506 $me->_cache['read_edit'] = $read_and_edit; 00507 return $read_and_edit; 00508 } 00509 00510 00528 function &getRolePermissions($roleName){ 00529 $me =& $this; 00530 if ( !isset($me->rolePermissions[$roleName]) ){ 00531 // it looks like the role has not been defined 00532 throw new Exception( 00533 Dataface_LanguageTool::translate( 00534 'Role not found', 00535 'The role "'.$roleName.'" is not a registered role.', 00536 array('role'=>$roleName) 00537 ), E_USER_ERROR 00538 ); 00539 } 00540 00541 return $me->rolePermissions[$roleName]; 00542 00543 00544 } 00545 00546 function roleExists($roleName){ 00547 return isset($this->rolePermissions[$roleName]); 00548 } 00549 00550 00554 function namesAsArray($permissions){ 00555 if ( !is_array($permissions) ) throw new Exception("namesAsArray expects array."); 00556 $names = array(); 00557 foreach ( $permissions as $key=>$value){ 00558 if ( $value ){ 00559 $names[] = $key; 00560 } 00561 } 00562 00563 return $names; 00564 } 00565 00566 00571 function namesAsString($permissions){ 00572 return implode(',', Dataface_PermissionsTool::namesAsArray($permissions)); 00573 } 00574 00575 function cachePermissions(&$record, $params, $perms){ 00576 if (!isset($record) ){ 00577 if ( isset($params['table']) ){ 00578 $record_id = $params['table']; 00579 } else { 00580 $record_id='__null__'; 00581 } 00582 } 00583 else $record_id = $record->getId(); 00584 00585 if ( count($params) > 0 ){ 00586 $qstr = array(); 00587 foreach ( $params as $key=>$value ){ 00588 if ( is_object($value) or is_array($value) ) return null; 00589 $qstr[] = urlencode($key).'='.urlencode($value); 00590 } 00591 $qstr = implode('&', $qstr); 00592 } else { 00593 $qstr = '0'; 00594 } 00595 00596 $this->_cache['__permissions'][$record_id][$qstr] = $perms; 00597 00598 } 00599 00600 function getCachedPermissions(&$record, $params){ 00601 if (!isset($record) ){ 00602 if ( isset($params['table']) ){ 00603 $record_id = $params['table']; 00604 } else { 00605 $record_id='__null__'; 00606 } 00607 } 00608 else $record_id = $record->getId(); 00609 00610 if ( count($params) > 0 ){ 00611 $qstr = array(); 00612 foreach ( $params as $key=>$value ){ 00613 if ( is_object($value) or is_array($value) ) return null; 00614 $qstr[] = urlencode($key).'='.urlencode($value); 00615 } 00616 $qstr = implode('&', $qstr); 00617 } else { 00618 $qstr = '0'; 00619 } 00620 00621 if (isset($this->_cache['__permissions'][$record_id][$qstr]) ){ 00622 return $this->_cache['__permissions'][$record_id][$qstr]; 00623 } else { 00624 return null; 00625 } 00626 } 00627 00628 00629 00630 00631 00632 } 00633 00634 00635 00636
