Main Page | Namespace List | Class Hierarchy | Class List | Directories | File List | Class Members | File Members | Examples | Search for 
apps » permissions » lib » DataAccess » mysql

DataAccess/mysql/Permissions.php

Go to the documentation of this file.
00001 <?php
00003 // {{{ license
00004 
00005 // +----------------------------------------------------------------------+
00006 // | FastFrame Application Framework                                      |
00007 // +----------------------------------------------------------------------+
00008 // | Copyright (c) 2002-2006 The Codejanitor Group                        |
00009 // +----------------------------------------------------------------------+
00010 // | This source file is subject to the GNU Lesser Public License (LGPL), |
00011 // | that is bundled with this package in the file LICENSE, and is        |
00012 // | available at through the world-wide-web at                           |
00013 // | http://www.fsf.org/copyleft/lesser.html                              |
00014 // | If you did not receive a copy of the LGPL and are unable to          |
00015 // | obtain it through the world-wide-web, you can get it by writing the  |
00016 // | Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, |
00017 // | MA 02111-1307, USA.                                                  |
00018 // +----------------------------------------------------------------------+
00019 // | Authors: Jason Rust <jrust@codejanitor.com>                          |
00020 // +----------------------------------------------------------------------+
00021 
00022 // }}}
00023 // {{{ requires
00024 
00025 require_once FASTFRAME_ROOT . 'lib/FastFrame/DataAccess.php';
00026 
00027 // }}}
00028 // {{{ class FF_DataAccess_Permissions_mysql 
00029 
00040 // }}}
00041 class FF_DataAccess_Permissions_mysql extends FF_DataAccess {
00042     // {{{ properties
00043 
00048     var $groupDataTable;
00049 
00054     var $userGroupsTable;
00055 
00060     var $objectsTable;
00061 
00066     var $userId;
00067 
00068     // }}}
00069     // {{{ constructor
00070 
00077     function FF_DataAccess_Permissions_mysql()
00078     {
00079         FF_DataAccess::FF_DataAccess();
00080         $this->table = $this->o_registry->getConfigParam('data/groups_table', 'perms_groups', 'permissions');
00081         $this->groupDataTable = $this->o_registry->getConfigParam('data/group_data_table', 'perms_group_data', 'permissions');
00082         $this->userGroupsTable = $this->o_registry->getConfigParam('data/user_groups_table', 'perms_user_groups', 'permissions');
00083         $this->objectsTable = $this->o_registry->getConfigParam('data/objects_table', 'perms_objects', 'permissions');
00084         $this->userId = FF_Auth::getCredential('userId');
00085     }
00086 
00087     // }}}
00088     // {{{ update()
00089 
00098     function update($in_data)
00099     {
00100         $a_perms = $in_data['perms'];
00101         unset($in_data['perms']);
00102         unset($in_data['created_date']);
00103         unset($in_data['creator_id']);
00104         $o_result =& parent::update($in_data);
00105         // delete all old perms first
00106         $s_stmt = $this->o_data->prepare("DELETE FROM $this->groupDataTable WHERE group_id = ?"); 
00107         if (DB::isError($result = $this->o_data->execute($s_stmt, $in_data['id']))) {
00108             $o_result->addMessage($result->getMessage());
00109             $o_result->setSuccess(false);
00110             return $o_result;
00111         }
00112 
00113         $this->_addPermissionData($in_data['id'], $a_perms, $o_result);
00114         return $o_result;
00115     }
00116 
00117     // }}}
00118     // {{{ add()
00119 
00128     function add($in_data)
00129     {
00130         $a_perms = $in_data['perms'];
00131         unset($in_data['perms']);
00132         $in_data['created_date'] = $this->timestampToISODate(time());
00133         $in_data['creator_id'] = $this->userId;
00134         $o_result =& parent::add($in_data);
00135         $this->_addPermissionData($in_data['id'], $a_perms, $o_result);
00136         return $o_result;
00137     }
00138 
00139     // }}}
00140     // {{{ remove()
00141 
00151     function remove($in_id)
00152     {
00153         $o_result =& parent::remove($in_id); 
00154         if (!$o_result->isSuccess()) {
00155             // If we can't delete the group, then don't try to remove the other data
00156             return $o_result;
00157         }
00158 
00159         $s_stmt = $this->o_data->prepare("DELETE FROM $this->groupDataTable WHERE group_id = ?");
00160         if (DB::isError($result = $this->o_data->execute($s_stmt, $in_id))) {
00161             $o_result->addMessage($result->getMessage());
00162             $o_result->setSuccess(false);
00163         }
00164 
00165         $s_stmt = $this->o_data->prepare("DELETE FROM $this->userGroupsTable WHERE group_id = ?");
00166         if (DB::isError($result = $this->o_data->execute($s_stmt, $in_id))) {
00167             $o_result->addMessage($result->getMessage());
00168             $o_result->setSuccess(false);
00169         }
00170 
00171         return $o_result;
00172     }
00173 
00174     // }}}
00175     // {{{ getDataByPrimaryKey()
00176 
00186     function getDataByPrimaryKey($in_id)
00187     {
00188         $a_data = parent::getDataByPrimaryKey($in_id);
00189         if (count($a_data) == 0) {
00190             return array();
00191         }
00192 
00193         $s_query = "SELECT permission, application FROM $this->groupDataTable 
00194                     WHERE group_id = ? ORDER BY application";
00195 
00196         if (DB::isError($result = $this->o_data->getAll($s_query, array($in_id)))) {
00197             return array();
00198         }
00199 
00200         $a_data['perms'] = $result;
00201         return $a_data;
00202     }
00203 
00204     // }}}
00205     // {{{ getPermCount()
00206 
00218     function getPermCount($in_perm, $in_app, $in_userId)
00219     {
00220         if (is_array($in_perm)) {
00221             $s_where = '';
00222             foreach ($in_perm as $s_perm) {
00223                 $s_where .= sprintf('t2.permission = %s OR ', $this->o_data->quoteSmart($s_perm));
00224             }
00225 
00226             $s_where .= '0=1';
00227         }
00228         else {
00229             $s_where = sprintf('t2.permission = %s', $this->o_data->quoteSmart($in_perm));
00230         }
00231 
00232         $s_query = "SELECT COUNT(*) FROM $this->userGroupsTable AS t1 
00233                     INNER JOIN $this->groupDataTable AS t2 ON t1.group_id = t2.group_id
00234                     WHERE t1.user_id = ? AND t2.application = ? AND ($s_where)"; 
00235 
00236         if (DB::isError($result = $this->o_data->getOne($s_query, array($in_userId, $in_app)))) {
00237             return 0;
00238         }
00239 
00240         return $result;
00241     }
00242 
00243     // }}}
00244     // {{{ updateUserGroups()
00245 
00256     function updateUserGroups($in_data, $in_noRemoveOld = false)
00257     {
00258         $o_result = new FF_Result();
00259         $this->removeUserGroups($in_data['user_id'], $o_result, ($in_noRemoveOld ? $in_data['groups'] : array()));
00260         if (!$o_result->isSuccess()) {
00261             return $o_result;
00262         }
00263 
00264         foreach ($in_data['groups'] as $s_groupId) {
00265             $result = $this->o_data->autoExecute($this->userGroupsTable, 
00266                     array('user_id' => $in_data['user_id'], 'group_id' => $s_groupId));
00267 
00268             if (DB::isError($result)) {
00269                 $o_result->addMessage($result->getMessage());
00270                 $o_result->setSuccess(false);
00271             }
00272         }
00273 
00274         return $o_result;
00275     }
00276 
00277     // }}}
00278     // {{{ removeUserGroups()
00279 
00291     function removeUserGroups($in_userId, &$in_resultObj, $in_groups)
00292     {
00293         $s_grpFilter = '1=1';
00294         if (count($in_groups)) {
00295             $s_grpFilter = '(group_id = ' . implode(' OR group_id = ', $in_groups) . ')';
00296         }
00297 
00298         $s_stmt = $this->o_data->prepare("DELETE FROM $this->userGroupsTable WHERE user_id = ? AND $s_grpFilter"); 
00299         if (DB::isError($result = $this->o_data->execute($s_stmt, $in_userId))) {
00300             $in_resultObj->addMessage($result->getMessage());
00301             $in_resultObj->setSuccess(false);
00302         }
00303 
00304         return $in_resultObj;
00305     }
00306 
00307     // }}}
00308     // {{{ doesObjectHaveOwnerType()
00309 
00322     function doesObjectHaveOwnerType($in_objectId, $in_module, $in_perm, $in_type)
00323     {
00324         if (is_null($in_objectId)) {
00325             return true; 
00326         }
00327 
00328         $s_query = "SELECT COUNT(*) FROM $this->objectsTable 
00329                     WHERE object_id = ? AND app = ? AND module = ? AND perm = ? AND owner_type = ?";
00330 
00331         return $this->o_data->getOne($s_query, 
00332                 array($in_objectId, $this->o_registry->getCurrentApp(), $in_module, $in_perm, $in_type));
00333     }
00334 
00335     // }}}
00336     // {{{ getObjectUserIds()
00337 
00352     function getObjectUserIds($in_objectId, $in_module, $in_perm, $in_getGroups)
00353     {
00354         if (is_null($in_objectId)) {
00355             return array();
00356         }
00357 
00358         $s_query = "SELECT owner_id FROM $this->objectsTable
00359                     WHERE object_id = ? AND app = ? AND module = ? AND perm = ? AND owner_type = ?";
00360 
00361         $s_type = $in_getGroups ? PERMS_TYPE_GROUP : PERMS_TYPE_USER;
00362         return $this->o_data->getCol($s_query, 0,
00363                 array($in_objectId, $this->o_registry->getCurrentApp(), $in_module, $in_perm, $s_type));
00364     }
00365 
00366     // }}}
00367     // {{{ saveObjectPerm()
00368     
00379     function saveObjectPerm($in_data, &$in_result)
00380     {
00381         $result = $this->o_data->autoExecute($this->objectsTable, $in_data);
00382         if (DB::isError($result)) {
00383             $in_result->addMessage($result->getMessage());
00384             $in_result->setSuccess(false);
00385         }
00386     }
00387 
00388     // }}}
00389     // {{{ removeObjectPerms()
00390 
00402     function removeObjectPerms($in_objectId, $in_app, $in_module, &$in_result)
00403     {
00404         $s_stmt = $this->o_data->prepare("DELETE FROM $this->objectsTable 
00405                                           WHERE object_id = ? AND app = ? AND module = ?");
00406         if (DB::isError($result = $this->o_data->execute($s_stmt, array($in_objectId, $in_app, $in_module)))) {
00407             $in_result->addMessage($result->getMessage());
00408             $in_result->setSuccess(false);
00409         }
00410     }
00411 
00412     // }}}
00413     // {{{ getUsersForObject()
00414 
00430     function getUsersForObject($in_objectId, $in_perm, $in_module, $in_getEmails = false)
00431     {
00432         $o_dao =& FF_DataAccess::factory('Profile', 'profile');
00433         if ($in_objectId != 'any' && 
00434             $this->doesObjectHaveOwnerType($in_objectId, $in_module, $in_perm, PERMS_TYPE_PUBLIC)) {
00435             $a_users = $o_dao->getAllProfiles();
00436         }
00437         else {
00438             if ($in_objectId == 'any') {
00439                 $s_objWhere = '1=1';
00440             }
00441             else {
00442                 $s_objWhere = 'po.object_id = ' . $this->o_data->quoteSmart($in_objectId);
00443             }
00444 
00445             $s_profileTable = $this->o_registry->getConfigParam('data/profile_table', 'profile', 'profile');
00446             $s_field = $in_getEmails ? 'p.email' : 'CONCAT(p.firstname, " ", p.lastname)';
00447             $s_query = "SELECT DISTINCT(p.id), $s_field
00448                         FROM $this->objectsTable as po
00449                         LEFT JOIN $this->userGroupsTable AS pug ON po.owner_id = pug.group_id AND po.owner_type = ? 
00450                         LEFT JOIN $s_profileTable AS p ON (po.owner_id = p.id AND po.owner_type = ?) OR
00451                             (pug.user_id = p.id AND po.owner_type = ?)
00452                         WHERE p.is_inactive = 0 AND $s_objWhere AND po.owner_type \!= ? AND po.perm = ? AND po.app = ? AND po.module = ?
00453                         ORDER BY p.firstname";
00454 
00455             $a_users = $this->o_data->getAssoc($s_query, false, 
00456                     array(PERMS_TYPE_GROUP, PERMS_TYPE_USER, PERMS_TYPE_GROUP, PERMS_TYPE_CREATOR,
00457                         $in_perm, $this->o_registry->getCurrentApp(), $in_module));
00458         }
00459 
00460         if ($in_getEmails) {
00461             $a_users += $o_dao->getEmailByUsername($this->o_registry->getConfigParam('perms/superusers', array(), 'permissions'));
00462         }
00463         else {
00464             $a_users += $o_dao->getFullNameByUsername($this->o_registry->getConfigParam('perms/superusers', array(), 'permissions'));
00465         }
00466 
00467         return $a_users;
00468     }
00469     
00470     // }}}
00471     // {{{ getObjectsForUser()
00472 
00487     function getObjectsForUser($in_fields, $in_orderBy, $in_table, $in_userId, $in_perm, $in_module)
00488     {
00489         static $b_super;
00490         if (!isset($b_super)) {
00491             $o_perms =& FF_Perms::factory();
00492             $b_super = $o_perms->isSuperUser();
00493         }
00494 
00495         if ($b_super) {
00496             $s_query = "SELECT " . implode(',', $in_fields) . " FROM $in_table ORDER BY $in_orderBy";
00497             $a_params = array();
00498         }
00499         else {
00500             $s_query = "SELECT " . implode(',', $in_fields) . " FROM $in_table 
00501                         INNER JOIN $this->objectsTable AS po ON id = po.object_id AND app = ? AND module = ?
00502                         LEFT JOIN $this->userGroupsTable AS pug ON po.owner_type = ? AND po.owner_id = pug.group_id
00503                         WHERE po.perm = ? AND
00504                           ( po.owner_type = ? OR 
00505                             (po.owner_type = ? AND po.owner_id = ?) OR 
00506                             (po.owner_type = ? AND pug.user_id = ?)
00507                           )
00508                         GROUP BY id ORDER BY $in_orderBy";
00509             $a_params = array($this->o_registry->getCurrentApp(), $in_module, 
00510                     PERMS_TYPE_GROUP, $in_perm, PERMS_TYPE_PUBLIC, 
00511                     PERMS_TYPE_USER, $in_userId, PERMS_TYPE_GROUP, $in_userId);
00512         }
00513 
00514         if (count($in_fields) == 1) {
00515             return $this->o_data->getCol($s_query, 0, $a_params);
00516         }
00517         elseif (count($in_fields) == 2) {
00518             return $this->o_data->getAssoc($s_query, false, $a_params);
00519         }
00520         else {
00521             return $this->o_data->getAll($s_query, $a_params);
00522         }
00523     }
00524 
00525     // }}}
00526     // {{{ hasObjectPerm()
00527 
00540     function hasObjectPerm($in_objectId, $in_perm, $in_module, $in_app, $in_userId)
00541     {
00542         $s_query = "SELECT po.owner_type FROM $this->objectsTable AS po
00543                     LEFT JOIN $this->userGroupsTable AS pug ON po.owner_type = ? AND po.owner_id = pug.group_id
00544                     WHERE po.object_id = ? AND po.perm = ? AND po.app = ? AND po.module = ? AND
00545                       (po.owner_type = ? OR 
00546                         (po.owner_type = ? AND po.owner_id = ?) OR 
00547                         (po.owner_type = ? AND pug.user_id = ?) OR
00548                         (po.owner_type = ?)
00549                       )
00550                     -- ensures that creator perms are only given if no others exist
00551                     ORDER BY owner_type ASC
00552                     LIMIT 1";
00553 
00554         return $this->o_data->getOne($s_query, array(PERMS_TYPE_GROUP,
00555                     $in_objectId, $in_perm, $in_app, $in_module,
00556                     PERMS_TYPE_PUBLIC, PERMS_TYPE_USER, $in_userId,
00557                     PERMS_TYPE_GROUP, $in_userId, PERMS_TYPE_CREATOR));
00558     }
00559 
00560     // }}}
00561     // {{{ getAllGroups()
00562 
00569     function getAllGroups()
00570     {
00571         $s_query = "SELECT id, name FROM $this->table ORDER BY name";
00572         return $this->o_data->getAssoc($s_query);
00573     }
00574 
00575     // }}}
00576     // {{{ getUserGroups()
00577 
00586     function getUserGroups($in_userId)
00587     {
00588         $s_query = "SELECT group_id FROM $this->userGroupsTable WHERE user_id = ?"; 
00589         return $this->o_data->getCol($s_query, 0, $in_userId);
00590     }
00591 
00592     // }}}
00593     // {{{ _addPermissionData()
00594 
00605     function _addPermissionData($in_id, $in_data, &$in_resultObj)
00606     {
00607         // now save the permissions data
00608         $a_data = array();
00609         foreach ($in_data as $a_permData) {
00610             $a_data[] = array($in_id, $a_permData['permission'], $a_permData['application']);
00611         }
00612 
00613         $s_stmt = $this->o_data->autoPrepare($this->groupDataTable, array('group_id', 'permission', 'application'));
00614         if (DB::isError($result = $this->o_data->executeMultiple($s_stmt, $a_data))) {
00615             $in_resultObj->addMessage($result->getMessage());
00616             $in_resultObj->setSuccess(false);
00617         }
00618     }
00619 
00620     // }}}
00621 }
00622 ?>
Generated on Fri Jun 23 11:38:17 2006 for FastFrame by  doxygen 1.4.4