[171] | 1 | <?php |
---|
[362] | 2 | /** |
---|
| 3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
| 4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
[396] | 5 | * Copyright 2001-2012 Strangecode, LLC |
---|
[457] | 6 | * |
---|
[362] | 7 | * This file is part of The Strangecode Codebase. |
---|
| 8 | * |
---|
| 9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
| 10 | * modify it under the terms of the GNU General Public License as published by the |
---|
| 11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
| 12 | * any later version. |
---|
[457] | 13 | * |
---|
[362] | 14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
| 15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
| 16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
| 17 | * details. |
---|
[457] | 18 | * |
---|
[362] | 19 | * You should have received a copy of the GNU General Public License along with |
---|
| 20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
| 21 | */ |
---|
| 22 | |
---|
[171] | 23 | /* |
---|
| 24 | * ACL.inc.php |
---|
[457] | 25 | * |
---|
[171] | 26 | * Uses the ARO/ACO/AXO model of Access Control Lists. |
---|
[173] | 27 | * Uses Modified Preorder Tree Traversal to maintain a tree-structure. |
---|
| 28 | * See: http://www.sitepoint.com/print/hierarchical-data-database |
---|
[174] | 29 | * Includes a command-line tool for managing rights (codebase/bin/acl.cli.php). |
---|
[362] | 30 | * |
---|
[457] | 31 | * |
---|
[171] | 32 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 33 | * @version 1.0 |
---|
| 34 | * @since 14 Jun 2006 22:35:11 |
---|
| 35 | */ |
---|
| 36 | |
---|
[172] | 37 | require_once dirname(__FILE__) . '/Cache.inc.php'; |
---|
| 38 | |
---|
[502] | 39 | class ACL |
---|
| 40 | { |
---|
[171] | 41 | |
---|
[468] | 42 | // A place to keep an object instance for the singleton pattern. |
---|
[484] | 43 | protected static $instance = null; |
---|
[468] | 44 | |
---|
[171] | 45 | // Configuration parameters for this object. |
---|
[484] | 46 | protected $_params = array( |
---|
[334] | 47 | // If false nothing will be cached or retrieved. Useful for testing realtime data requests. |
---|
[172] | 48 | 'enable_cache' => true, |
---|
[171] | 49 | |
---|
| 50 | // Automatically create table and verify columns. Better set to false after site launch. |
---|
| 51 | 'create_table' => false, |
---|
[502] | 52 | |
---|
| 53 | // Maximum allowed length of names. |
---|
| 54 | // This value can be increased only if {aro,aco,axo}_tbl.name VARCHAR length is increased. |
---|
| 55 | 'name_max_length' => 32. |
---|
[171] | 56 | ); |
---|
| 57 | |
---|
[777] | 58 | // Cache object to store result of check() queries. |
---|
| 59 | private $cache; |
---|
| 60 | |
---|
[171] | 61 | /** |
---|
[174] | 62 | * Constructor. |
---|
[171] | 63 | */ |
---|
[468] | 64 | public function __construct() |
---|
[171] | 65 | { |
---|
[479] | 66 | $app =& App::getInstance(); |
---|
[171] | 67 | |
---|
[172] | 68 | // Configure the cache object. |
---|
| 69 | $this->cache = new Cache('acl'); |
---|
| 70 | |
---|
[171] | 71 | // Get create tables config from global context. |
---|
| 72 | if (!is_null($app->getParam('db_create_tables'))) { |
---|
| 73 | $this->setParam(array('create_table' => $app->getParam('db_create_tables'))); |
---|
| 74 | } |
---|
| 75 | } |
---|
| 76 | |
---|
| 77 | /** |
---|
| 78 | * This method enforces the singleton pattern for this class. |
---|
| 79 | * |
---|
| 80 | * @return object Reference to the global ACL object. |
---|
| 81 | * @access public |
---|
| 82 | * @static |
---|
| 83 | */ |
---|
[468] | 84 | public static function &getInstance() |
---|
[171] | 85 | { |
---|
[468] | 86 | if (self::$instance === null) { |
---|
| 87 | self::$instance = new self(); |
---|
[171] | 88 | } |
---|
| 89 | |
---|
[468] | 90 | return self::$instance; |
---|
[171] | 91 | } |
---|
| 92 | |
---|
| 93 | /** |
---|
| 94 | * Set (or overwrite existing) parameters by passing an array of new parameters. |
---|
| 95 | * |
---|
| 96 | * @access public |
---|
| 97 | * |
---|
| 98 | * @param array $params Array of parameters (key => val pairs). |
---|
| 99 | */ |
---|
[468] | 100 | public function setParam($params) |
---|
[171] | 101 | { |
---|
[479] | 102 | $app =& App::getInstance(); |
---|
[457] | 103 | |
---|
[171] | 104 | if (isset($params) && is_array($params)) { |
---|
[534] | 105 | // Some params require special processing. Catch those in a loop and process individually. |
---|
| 106 | foreach ($params as $key => $val) { |
---|
| 107 | switch ($key) { |
---|
| 108 | case 'enable_cache': |
---|
| 109 | $this->cache->setParam(array('enabled' => $val)); |
---|
| 110 | break; |
---|
| 111 | } |
---|
| 112 | |
---|
| 113 | } |
---|
| 114 | unset($key, $value); |
---|
| 115 | |
---|
[171] | 116 | // Merge new parameters with old overriding only those passed. |
---|
| 117 | $this->_params = array_merge($this->_params, $params); |
---|
| 118 | } else { |
---|
| 119 | $app->logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); |
---|
| 120 | } |
---|
| 121 | } |
---|
| 122 | |
---|
| 123 | /** |
---|
| 124 | * Return the value of a parameter, if it exists. |
---|
| 125 | * |
---|
| 126 | * @access public |
---|
| 127 | * @param string $param Which parameter to return. |
---|
| 128 | * @return mixed Configured parameter value. |
---|
| 129 | */ |
---|
[468] | 130 | public function getParam($param) |
---|
[171] | 131 | { |
---|
[479] | 132 | $app =& App::getInstance(); |
---|
[457] | 133 | |
---|
[478] | 134 | if (array_key_exists($param, $this->_params)) { |
---|
[171] | 135 | return $this->_params[$param]; |
---|
| 136 | } else { |
---|
[420] | 137 | $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_NOTICE, __FILE__, __LINE__); |
---|
[171] | 138 | return null; |
---|
| 139 | } |
---|
| 140 | } |
---|
| 141 | |
---|
| 142 | /** |
---|
[174] | 143 | * Setup the database tables for this class. |
---|
[171] | 144 | * |
---|
| 145 | * @access public |
---|
| 146 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 147 | * @since 04 Jun 2006 16:41:42 |
---|
| 148 | */ |
---|
[468] | 149 | public function initDB($recreate_db=false) |
---|
[171] | 150 | { |
---|
[479] | 151 | $app =& App::getInstance(); |
---|
| 152 | $db =& DB::getInstance(); |
---|
[171] | 153 | |
---|
| 154 | static $_db_tested = false; |
---|
| 155 | |
---|
| 156 | if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { |
---|
| 157 | |
---|
| 158 | if ($recreate_db) { |
---|
| 159 | $db->query("DROP TABLE IF EXISTS acl_tbl"); |
---|
| 160 | $db->query("DROP TABLE IF EXISTS aro_tbl"); |
---|
| 161 | $db->query("DROP TABLE IF EXISTS aco_tbl"); |
---|
| 162 | $db->query("DROP TABLE IF EXISTS axo_tbl"); |
---|
[201] | 163 | $app->logMsg(sprintf('Dropping and recreating tables acl_tbl, aro_tbl, aco_tbl, axo_tbl.', null), LOG_INFO, __FILE__, __LINE__); |
---|
[171] | 164 | } |
---|
[457] | 165 | |
---|
[171] | 166 | // acl_tbl |
---|
[601] | 167 | $db->query(sprintf(" |
---|
[173] | 168 | CREATE TABLE IF NOT EXISTS acl_tbl ( |
---|
[502] | 169 | aro_id SMALLINT UNSIGNED NOT NULL DEFAULT '0', |
---|
| 170 | aco_id SMALLINT UNSIGNED NOT NULL DEFAULT '0', |
---|
| 171 | axo_id SMALLINT UNSIGNED NOT NULL DEFAULT '0', |
---|
[171] | 172 | access ENUM('allow', 'deny') DEFAULT NULL, |
---|
[601] | 173 | added_datetime DATETIME NOT NULL DEFAULT '%s 00:00:00', |
---|
[171] | 174 | UNIQUE KEY (aro_id, aco_id, axo_id), |
---|
| 175 | KEY (access) |
---|
| 176 | ) ENGINE=MyISAM |
---|
[601] | 177 | ", $db->getParam('zero_date'))); |
---|
[171] | 178 | if (!$db->columnExists('acl_tbl', array( |
---|
| 179 | 'aro_id', |
---|
| 180 | 'aco_id', |
---|
| 181 | 'axo_id', |
---|
| 182 | 'access', |
---|
| 183 | 'added_datetime', |
---|
| 184 | ), false, false)) { |
---|
| 185 | $app->logMsg(sprintf('Database table acl_tbl has invalid columns. Please update this table manually.', null), LOG_ALERT, __FILE__, __LINE__); |
---|
| 186 | trigger_error(sprintf('Database table acl_tbl has invalid columns. Please update this table manually.', null), E_USER_ERROR); |
---|
[173] | 187 | } else { |
---|
| 188 | // Insert root node data if nonexistant, dely all by default. |
---|
| 189 | $qid = $db->query("SELECT 1 FROM acl_tbl"); |
---|
| 190 | if (mysql_num_rows($qid) == 0) { |
---|
[457] | 191 | $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())"); |
---|
| 192 | } |
---|
[171] | 193 | } |
---|
| 194 | |
---|
[173] | 195 | // aro_tbl, aco_tbl, axo_tbl |
---|
[171] | 196 | foreach (array('aro', 'aco', 'axo') as $a_o) { |
---|
[601] | 197 | $db->query(sprintf(" |
---|
| 198 | CREATE TABLE IF NOT EXISTS %1\$s_tbl ( |
---|
| 199 | %1\$s_id SMALLINT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, |
---|
| 200 | name VARCHAR(%2\$s) NOT NULL DEFAULT '', |
---|
[502] | 201 | lft MEDIUMINT UNSIGNED NOT NULL DEFAULT '0', |
---|
| 202 | rgt MEDIUMINT UNSIGNED NOT NULL DEFAULT '0', |
---|
[601] | 203 | added_datetime DATETIME NOT NULL DEFAULT '%3\$s 00:00:00', |
---|
[173] | 204 | UNIQUE KEY name (name(15)), |
---|
[171] | 205 | KEY transversal (lft, rgt) |
---|
| 206 | ) ENGINE=MyISAM; |
---|
[601] | 207 | ", $a_o, $this->getParam('name_max_length'), $db->getParam('zero_date'))); |
---|
[171] | 208 | |
---|
| 209 | if (!$db->columnExists("{$a_o}_tbl", array( |
---|
| 210 | "{$a_o}_id", |
---|
| 211 | 'name', |
---|
| 212 | 'lft', |
---|
| 213 | 'rgt', |
---|
| 214 | 'added_datetime', |
---|
| 215 | ), false, false)) { |
---|
| 216 | $app->logMsg(sprintf('Database table %s has invalid columns. Please update this table manually.', "{$a_o}_tbl"), LOG_ALERT, __FILE__, __LINE__); |
---|
| 217 | trigger_error(sprintf('Database table %s has invalid columns. Please update this table manually.', "{$a_o}_tbl"), E_USER_ERROR); |
---|
[173] | 218 | } else { |
---|
[334] | 219 | // Insert root node data if nonexistent. |
---|
[173] | 220 | $qid = $db->query("SELECT 1 FROM {$a_o}_tbl WHERE name = 'root'"); |
---|
| 221 | if (mysql_num_rows($qid) == 0) { |
---|
[457] | 222 | $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())"); |
---|
| 223 | } |
---|
[171] | 224 | } |
---|
[173] | 225 | |
---|
[171] | 226 | } |
---|
| 227 | } |
---|
| 228 | $_db_tested = true; |
---|
[172] | 229 | return true; |
---|
[171] | 230 | } |
---|
| 231 | |
---|
| 232 | /* |
---|
[174] | 233 | * Add a node to one of the aro/aco/axo tables. |
---|
[171] | 234 | * |
---|
| 235 | * @access public |
---|
[174] | 236 | * @param string $name A unique identifier for the new node. |
---|
| 237 | * @param string $parent The name of the parent under-which to attach the new node. |
---|
| 238 | * @param string $type The tree to add to, one of: aro, aco, axo. |
---|
| 239 | * @return bool | int False on error, or the last_insert_id primary key of the new node. |
---|
[171] | 240 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 241 | * @version 1.0 |
---|
| 242 | * @since 14 Jun 2006 22:39:29 |
---|
| 243 | */ |
---|
[757] | 244 | public function add($name, $parent, $type) |
---|
[171] | 245 | { |
---|
| 246 | $app =& App::getInstance(); |
---|
| 247 | $db =& DB::getInstance(); |
---|
[457] | 248 | |
---|
[171] | 249 | $this->initDB(); |
---|
[457] | 250 | |
---|
[171] | 251 | switch ($type) { |
---|
| 252 | case 'aro' : |
---|
| 253 | $tbl = 'aro_tbl'; |
---|
| 254 | break; |
---|
| 255 | case 'aco' : |
---|
| 256 | $tbl = 'aco_tbl'; |
---|
| 257 | break; |
---|
| 258 | case 'axo' : |
---|
| 259 | $tbl = 'axo_tbl'; |
---|
| 260 | break; |
---|
| 261 | default : |
---|
| 262 | $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__); |
---|
| 263 | return false; |
---|
| 264 | break; |
---|
| 265 | } |
---|
[457] | 266 | |
---|
[171] | 267 | // If $parent is null, use root object. |
---|
| 268 | if (is_null($parent)) { |
---|
| 269 | $parent = 'root'; |
---|
| 270 | } |
---|
[457] | 271 | |
---|
[171] | 272 | // Ensure node and parent name aren't empty. |
---|
| 273 | if ('' == trim($name) || '' == trim($parent)) { |
---|
| 274 | $app->logMsg(sprintf('Cannot add node, parent (%s) or name (%s) missing.', $name, $parent), LOG_WARNING, __FILE__, __LINE__); |
---|
| 275 | return false; |
---|
| 276 | } |
---|
[457] | 277 | |
---|
[502] | 278 | // Ensure node node name fits in the column size. |
---|
| 279 | // This value can be increased if {aro,aco.axo}_tbl.name VARCHAR length is increased. |
---|
| 280 | if (strlen(trim($name)) > $this->getParam('name_max_length')) { |
---|
| 281 | $app->logMsg(sprintf('Cannot add node, %s character limit exceeded for name "%s"', $this->getParam('name_max_length'), $name, $parent), LOG_WARNING, __FILE__, __LINE__); |
---|
| 282 | return false; |
---|
| 283 | } |
---|
| 284 | |
---|
[171] | 285 | // Ensure node is unique. |
---|
| 286 | $qid = $db->query("SELECT 1 FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); |
---|
| 287 | if (mysql_num_rows($qid) > 0) { |
---|
[420] | 288 | $app->logMsg(sprintf('Cannot add %s node, already exists: %s', $type, $name), LOG_INFO, __FILE__, __LINE__); |
---|
[171] | 289 | return false; |
---|
| 290 | } |
---|
[457] | 291 | |
---|
[171] | 292 | // Select the rgt of $parent. |
---|
| 293 | $qid = $db->query("SELECT rgt FROM $tbl WHERE name = '" . $db->escapeString($parent) . "'"); |
---|
[174] | 294 | if (!list($parent_rgt) = mysql_fetch_row($qid)) { |
---|
[334] | 295 | $app->logMsg(sprintf('Cannot add %s node to nonexistent parent: %s', $type, $parent), LOG_WARNING, __FILE__, __LINE__); |
---|
[171] | 296 | return false; |
---|
| 297 | } |
---|
[174] | 298 | |
---|
[171] | 299 | // Update transversal numbers for all nodes to the rgt of $parent. |
---|
[174] | 300 | $db->query("UPDATE $tbl SET lft = lft + 2 WHERE lft >= $parent_rgt"); |
---|
| 301 | $db->query("UPDATE $tbl SET rgt = rgt + 2 WHERE rgt >= $parent_rgt"); |
---|
[457] | 302 | |
---|
[171] | 303 | // Insert new node just below parent. Lft is parent's old rgt. |
---|
| 304 | $db->query(" |
---|
[457] | 305 | INSERT INTO $tbl (name, lft, rgt, added_datetime) |
---|
[174] | 306 | VALUES ('" . $db->escapeString($name) . "', $parent_rgt, $parent_rgt + 1, NOW()) |
---|
[171] | 307 | "); |
---|
| 308 | |
---|
[506] | 309 | $app->logMsg(sprintf('Added %s node %s to parent %s', $type, $name, $parent), LOG_INFO, __FILE__, __LINE__); |
---|
[171] | 310 | return mysql_insert_id($db->getDBH()); |
---|
| 311 | } |
---|
| 312 | |
---|
| 313 | // Alias functions for the different object types. |
---|
[468] | 314 | public function addRequestObject($name, $parent=null) |
---|
[171] | 315 | { |
---|
| 316 | return $this->add($name, $parent, 'aro'); |
---|
| 317 | } |
---|
[468] | 318 | public function addControlObject($name, $parent=null) |
---|
[171] | 319 | { |
---|
| 320 | return $this->add($name, $parent, 'aco'); |
---|
| 321 | } |
---|
[468] | 322 | public function addXtraObject($name, $parent=null) |
---|
[171] | 323 | { |
---|
| 324 | return $this->add($name, $parent, 'axo'); |
---|
| 325 | } |
---|
| 326 | |
---|
| 327 | /* |
---|
[174] | 328 | * Remove a node from one of the aro/aco/axo tables. |
---|
[171] | 329 | * |
---|
| 330 | * @access public |
---|
[174] | 331 | * @param string $name The identifier for the node to remove. |
---|
| 332 | * @param string $type The tree to modify, one of: aro, aco, axo. |
---|
| 333 | * @return bool | int False on error, or true on success. |
---|
[171] | 334 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 335 | * @version 1.0 |
---|
| 336 | * @since 14 Jun 2006 22:39:29 |
---|
| 337 | */ |
---|
[468] | 338 | public function remove($name, $type) |
---|
[171] | 339 | { |
---|
| 340 | $app =& App::getInstance(); |
---|
| 341 | $db =& DB::getInstance(); |
---|
[457] | 342 | |
---|
[171] | 343 | $this->initDB(); |
---|
| 344 | |
---|
| 345 | switch ($type) { |
---|
| 346 | case 'aro' : |
---|
| 347 | $tbl = 'aro_tbl'; |
---|
[174] | 348 | $primary_key = 'aro_id'; |
---|
[171] | 349 | break; |
---|
| 350 | case 'aco' : |
---|
| 351 | $tbl = 'aco_tbl'; |
---|
[174] | 352 | $primary_key = 'aco_id'; |
---|
[171] | 353 | break; |
---|
| 354 | case 'axo' : |
---|
| 355 | $tbl = 'axo_tbl'; |
---|
[174] | 356 | $primary_key = 'axo_id'; |
---|
[171] | 357 | break; |
---|
| 358 | default : |
---|
| 359 | $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__); |
---|
| 360 | return false; |
---|
| 361 | break; |
---|
| 362 | } |
---|
[457] | 363 | |
---|
[171] | 364 | // Ensure node name isn't empty. |
---|
| 365 | if ('' == trim($name)) { |
---|
| 366 | $app->logMsg(sprintf('Cannot add node, name missing.', null), LOG_WARNING, __FILE__, __LINE__); |
---|
| 367 | return false; |
---|
| 368 | } |
---|
[457] | 369 | |
---|
[174] | 370 | // Select the lft and rgt of $name to use for selecting children and reordering transversals. |
---|
[171] | 371 | $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); |
---|
| 372 | if (!list($lft, $rgt) = mysql_fetch_row($qid)) { |
---|
[420] | 373 | $app->logMsg(sprintf('Cannot delete nonexistent %s name: %s', $type, $name), LOG_WARNING, __FILE__, __LINE__); |
---|
[171] | 374 | return false; |
---|
| 375 | } |
---|
[457] | 376 | |
---|
[174] | 377 | // Remove node and all children of node, as well as acl_tbl links. |
---|
| 378 | $db->query(" |
---|
[457] | 379 | DELETE $tbl, acl_tbl |
---|
[174] | 380 | FROM $tbl |
---|
| 381 | LEFT JOIN acl_tbl ON ($tbl.$primary_key = acl_tbl.$primary_key) |
---|
| 382 | WHERE $tbl.lft BETWEEN $lft AND $rgt |
---|
| 383 | "); |
---|
[171] | 384 | $num_deleted_nodes = mysql_affected_rows($db->getDBH()); |
---|
| 385 | |
---|
[609] | 386 | // Update transversal numbers for all nodes to the rgt of $parent, taking into account the absence of its children. |
---|
[171] | 387 | $db->query("UPDATE $tbl SET lft = lft - ($rgt - $lft + 1) WHERE lft > $lft"); |
---|
| 388 | $db->query("UPDATE $tbl SET rgt = rgt - ($rgt - $lft + 1) WHERE rgt > $rgt"); |
---|
| 389 | |
---|
[201] | 390 | $app->logMsg(sprintf('Removed %s node %s along with %s children.', $type, $name, $num_deleted_nodes - 1), LOG_INFO, __FILE__, __LINE__); |
---|
[171] | 391 | return true; |
---|
| 392 | } |
---|
[457] | 393 | |
---|
[171] | 394 | // Alias functions for the different object types. |
---|
[468] | 395 | public function removeRequestObject($name) |
---|
[171] | 396 | { |
---|
[174] | 397 | return $this->remove($name, 'aro'); |
---|
[171] | 398 | } |
---|
[468] | 399 | public function removeControlObject($name) |
---|
[171] | 400 | { |
---|
[174] | 401 | return $this->remove($name, 'aco'); |
---|
[171] | 402 | } |
---|
[468] | 403 | public function removeXtraObject($name) |
---|
[171] | 404 | { |
---|
[174] | 405 | return $this->remove($name, 'axo'); |
---|
[171] | 406 | } |
---|
[174] | 407 | |
---|
| 408 | /* |
---|
| 409 | * Move a node to a new parent in one of the aro/aco/axo tables. |
---|
| 410 | * |
---|
| 411 | * @access public |
---|
| 412 | * @param string $name The identifier for the node to remove. |
---|
| 413 | * @param string $new_parent The name of the parent under-which to attach the new node. |
---|
| 414 | * @param string $type The tree to modify, one of: aro, aco, axo. |
---|
| 415 | * @return bool | int False on error, or the last_insert_id primary key of the new node. |
---|
| 416 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 417 | * @version 1.0 |
---|
| 418 | * @since 14 Jun 2006 22:39:29 |
---|
| 419 | */ |
---|
[468] | 420 | public function move($name, $new_parent, $type) |
---|
[174] | 421 | { |
---|
| 422 | $app =& App::getInstance(); |
---|
| 423 | $db =& DB::getInstance(); |
---|
[457] | 424 | |
---|
[174] | 425 | $this->initDB(); |
---|
| 426 | |
---|
| 427 | switch ($type) { |
---|
| 428 | case 'aro' : |
---|
| 429 | $tbl = 'aro_tbl'; |
---|
| 430 | $primary_key = 'aro_id'; |
---|
| 431 | break; |
---|
| 432 | case 'aco' : |
---|
| 433 | $tbl = 'aco_tbl'; |
---|
| 434 | $primary_key = 'aco_id'; |
---|
| 435 | break; |
---|
| 436 | case 'axo' : |
---|
| 437 | $tbl = 'axo_tbl'; |
---|
| 438 | $primary_key = 'axo_id'; |
---|
| 439 | break; |
---|
| 440 | default : |
---|
| 441 | $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__); |
---|
| 442 | return false; |
---|
| 443 | break; |
---|
| 444 | } |
---|
[457] | 445 | |
---|
[189] | 446 | // If $new_parent is null, use root object. |
---|
| 447 | if (is_null($new_parent)) { |
---|
| 448 | $new_parent = 'root'; |
---|
[174] | 449 | } |
---|
[457] | 450 | |
---|
[174] | 451 | // Ensure node and parent name aren't empty. |
---|
[189] | 452 | if ('' == trim($name) || '' == trim($new_parent)) { |
---|
| 453 | $app->logMsg(sprintf('Cannot add node, parent (%s) or name (%s) missing.', $name, $new_parent), LOG_WARNING, __FILE__, __LINE__); |
---|
[174] | 454 | return false; |
---|
| 455 | } |
---|
[457] | 456 | |
---|
[174] | 457 | // Select the lft and rgt of $name to use for selecting children and reordering transversals. |
---|
| 458 | $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); |
---|
| 459 | if (!list($lft, $rgt) = mysql_fetch_row($qid)) { |
---|
[420] | 460 | $app->logMsg(sprintf('Cannot move nonexistent %s name: %s', $type, $name), LOG_WARNING, __FILE__, __LINE__); |
---|
[174] | 461 | return false; |
---|
| 462 | } |
---|
[457] | 463 | |
---|
[174] | 464 | // Total number of transversal values (that is, the count of self plus all children times two). |
---|
| 465 | $total_transversal_value = ($rgt - $lft + 1); |
---|
| 466 | |
---|
| 467 | // Select the rgt of the new parent. |
---|
| 468 | $qid = $db->query("SELECT rgt FROM $tbl WHERE name = '" . $db->escapeString($new_parent) . "'"); |
---|
| 469 | if (!list($new_parent_rgt) = mysql_fetch_row($qid)) { |
---|
[334] | 470 | $app->logMsg(sprintf('Cannot move %s node to nonexistent parent: %s', $type, $new_parent), LOG_WARNING, __FILE__, __LINE__); |
---|
[174] | 471 | return false; |
---|
| 472 | } |
---|
[457] | 473 | |
---|
[174] | 474 | // Ensure the new parent is not a child of the node being moved. |
---|
| 475 | if ($new_parent_rgt <= $rgt && $new_parent_rgt >= $lft) { |
---|
| 476 | $app->logMsg(sprintf('Cannot move %s node %s to parent %s because it is a child of itself.', $type, $name, $new_parent), LOG_WARNING, __FILE__, __LINE__); |
---|
| 477 | return false; |
---|
| 478 | } |
---|
[457] | 479 | |
---|
[174] | 480 | // Collect unique ids of all nodes being moved. The transversal numbers will become duplicated so these will be needed to identify these. |
---|
| 481 | $qid = $db->query(" |
---|
| 482 | SELECT $primary_key |
---|
| 483 | FROM $tbl |
---|
| 484 | WHERE lft BETWEEN $lft AND $rgt |
---|
| 485 | AND rgt BETWEEN $lft AND $rgt |
---|
| 486 | "); |
---|
| 487 | $ids = array(); |
---|
| 488 | while (list($id) = mysql_fetch_row($qid)) { |
---|
| 489 | $ids[] = $id; |
---|
| 490 | } |
---|
| 491 | |
---|
| 492 | // Update transversal numbers for all nodes to the rgt of the node being moved, taking in to account the absence of it's children. |
---|
| 493 | // This will temporarily "remove" the node from the tree, and its transversal values will be duplicated. |
---|
| 494 | $db->query("UPDATE $tbl SET lft = lft - $total_transversal_value WHERE lft > $rgt"); |
---|
| 495 | $db->query("UPDATE $tbl SET rgt = rgt - $total_transversal_value WHERE rgt > $rgt"); |
---|
[189] | 496 | |
---|
[174] | 497 | // Apply transformation to new parent rgt also. |
---|
| 498 | $new_parent_rgt = $new_parent_rgt > $rgt ? $new_parent_rgt - $total_transversal_value : $new_parent_rgt; |
---|
[457] | 499 | |
---|
[174] | 500 | // Update transversal values of moved node and children. |
---|
| 501 | $db->query(" |
---|
[457] | 502 | UPDATE $tbl SET |
---|
[174] | 503 | lft = lft - ($lft - $new_parent_rgt), |
---|
| 504 | rgt = rgt - ($lft - $new_parent_rgt) |
---|
| 505 | WHERE $primary_key IN ('" . join("','", $ids) . "') |
---|
| 506 | "); |
---|
| 507 | |
---|
| 508 | // Update transversal values of all nodes to the rgt of moved node. |
---|
| 509 | $db->query("UPDATE $tbl SET lft = lft + $total_transversal_value WHERE lft >= $new_parent_rgt AND $primary_key NOT IN ('" . join("','", $ids) . "')"); |
---|
| 510 | $db->query("UPDATE $tbl SET rgt = rgt + $total_transversal_value WHERE rgt >= $new_parent_rgt AND $primary_key NOT IN ('" . join("','", $ids) . "')"); |
---|
| 511 | |
---|
[506] | 512 | $app->logMsg(sprintf('Moved %s node %s to new parent %s', $type, $name, $new_parent), LOG_INFO, __FILE__, __LINE__); |
---|
[174] | 513 | return true; |
---|
| 514 | } |
---|
[457] | 515 | |
---|
[174] | 516 | // Alias functions for the different object types. |
---|
[468] | 517 | public function moveRequestObject($name, $new_parent=null) |
---|
[174] | 518 | { |
---|
| 519 | return $this->move($name, $new_parent, 'aro'); |
---|
| 520 | } |
---|
[468] | 521 | public function moveControlObject($name, $new_parent=null) |
---|
[174] | 522 | { |
---|
| 523 | return $this->move($name, $new_parent, 'aco'); |
---|
| 524 | } |
---|
[468] | 525 | public function moveXtraObject($name, $new_parent=null) |
---|
[174] | 526 | { |
---|
| 527 | return $this->move($name, $new_parent, 'axo'); |
---|
| 528 | } |
---|
[457] | 529 | |
---|
[171] | 530 | /* |
---|
[174] | 531 | * Add an entry to the acl_tbl to allow (or deny) a truple with the specified |
---|
| 532 | * ARO -> ACO -> AXO entry. |
---|
[171] | 533 | * |
---|
| 534 | * @access public |
---|
[175] | 535 | * @param string|null $aro Identifier of an existing ARO object (or null to use root). |
---|
| 536 | * @param string|null $aco Identifier of an existing ACO object (or null to use root). |
---|
| 537 | * @param string|null $axo Identifier of an existing AXO object (or null to use root). |
---|
[174] | 538 | * @return bool False on error, true on success. |
---|
[171] | 539 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 540 | * @version 1.0 |
---|
| 541 | * @since 15 Jun 2006 01:58:48 |
---|
| 542 | */ |
---|
[468] | 543 | public function grant($aro=null, $aco=null, $axo=null, $access='allow') |
---|
[171] | 544 | { |
---|
| 545 | $app =& App::getInstance(); |
---|
| 546 | $db =& DB::getInstance(); |
---|
| 547 | |
---|
| 548 | $this->initDB(); |
---|
| 549 | |
---|
| 550 | // If any access objects are null, assume using root values. |
---|
[173] | 551 | // However if they're empty we don't want to escalate the grant command to root! |
---|
[171] | 552 | $aro = is_null($aro) ? 'root' : $aro; |
---|
| 553 | $aco = is_null($aco) ? 'root' : $aco; |
---|
| 554 | $axo = is_null($axo) ? 'root' : $axo; |
---|
[457] | 555 | |
---|
[218] | 556 | // Flush old cached values. |
---|
| 557 | $cache_hash = $aro . '|' . $aco . '|' . $axo; |
---|
| 558 | $this->cache->delete($cache_hash); |
---|
| 559 | |
---|
[171] | 560 | // Ensure values exist. |
---|
| 561 | $qid = $db->query("SELECT aro_tbl.aro_id FROM aro_tbl WHERE aro_tbl.name = '" . $db->escapeString($aro) . "'"); |
---|
| 562 | if (!list($aro_id) = mysql_fetch_row($qid)) { |
---|
[280] | 563 | $app->logMsg(sprintf('Grant failed, aro_tbl.name = "%s" does not exist.', $aro), LOG_WARNING, __FILE__, __LINE__); |
---|
[171] | 564 | return false; |
---|
| 565 | } |
---|
| 566 | $qid = $db->query("SELECT aco_tbl.aco_id FROM aco_tbl WHERE aco_tbl.name = '" . $db->escapeString($aco) . "'"); |
---|
| 567 | if (!list($aco_id) = mysql_fetch_row($qid)) { |
---|
[280] | 568 | $app->logMsg(sprintf('Grant failed, aco_tbl.name = "%s" does not exist.', $aco), LOG_WARNING, __FILE__, __LINE__); |
---|
[171] | 569 | return false; |
---|
| 570 | } |
---|
| 571 | $qid = $db->query("SELECT axo_tbl.axo_id FROM axo_tbl WHERE axo_tbl.name = '" . $db->escapeString($axo) . "'"); |
---|
| 572 | if (!list($axo_id) = mysql_fetch_row($qid)) { |
---|
[280] | 573 | $app->logMsg(sprintf('Grant failed, axo_tbl.name = "%s" does not exist.', $axo), LOG_WARNING, __FILE__, __LINE__); |
---|
[171] | 574 | return false; |
---|
| 575 | } |
---|
| 576 | |
---|
| 577 | // Access must be 'allow' or 'deny'. |
---|
| 578 | $allow = 'allow' == $access ? 'allow' : 'deny'; |
---|
[457] | 579 | |
---|
[171] | 580 | $db->query("REPLACE INTO acl_tbl VALUES ('$aro_id', '$aco_id', '$axo_id', '$allow', NOW())"); |
---|
[506] | 581 | $app->logMsg(sprintf('Set %s: %s -> %s -> %s', $allow, $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__); |
---|
[457] | 582 | |
---|
[171] | 583 | return true; |
---|
| 584 | } |
---|
| 585 | |
---|
| 586 | /* |
---|
[174] | 587 | * Add an entry to the acl_tbl to deny a truple with the specified |
---|
| 588 | * ARO -> ACO -> AXO entry. This calls the ACL::grant function to create the entry |
---|
| 589 | * but uses 'deny' as the fourth argument. |
---|
[171] | 590 | * |
---|
| 591 | * @access public |
---|
[175] | 592 | * @param string|null $aro Identifier of an existing ARO object (or null to use root). |
---|
| 593 | * @param string|null $aco Identifier of an existing ACO object (or null to use root). |
---|
| 594 | * @param string|null $axo Identifier of an existing AXO object (or null to use root). |
---|
[174] | 595 | * @return bool False on error, true on success. |
---|
[171] | 596 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 597 | * @version 1.0 |
---|
| 598 | * @since 15 Jun 2006 04:35:54 |
---|
| 599 | */ |
---|
[468] | 600 | public function revoke($aro=null, $aco=null, $axo=null) |
---|
[171] | 601 | { |
---|
| 602 | return $this->grant($aro, $aco, $axo, 'deny'); |
---|
| 603 | } |
---|
[457] | 604 | |
---|
[171] | 605 | /* |
---|
[175] | 606 | * Delete an entry from the acl_tbl completely to allow other permissions to cascade down. |
---|
| 607 | * Null values act as a "wildcard" and will cause ALL matches in that column to be deleted. |
---|
| 608 | * |
---|
| 609 | * @access public |
---|
| 610 | * @param string|null $aro Identifier of an existing ARO object (or null for *). |
---|
| 611 | * @param string|null $aco Identifier of an existing ACO object (or null for *). |
---|
| 612 | * @param string|null $axo Identifier of an existing AXO object (or null for *). |
---|
| 613 | * @return bool False on error, true on success. |
---|
| 614 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 615 | * @version 1.0 |
---|
| 616 | * @since 20 Jun 2006 20:16:12 |
---|
| 617 | */ |
---|
[468] | 618 | public function delete($aro=null, $aco=null, $axo=null) |
---|
[175] | 619 | { |
---|
| 620 | $app =& App::getInstance(); |
---|
| 621 | $db =& DB::getInstance(); |
---|
| 622 | |
---|
| 623 | $this->initDB(); |
---|
| 624 | |
---|
| 625 | // If any access objects are null, assume using root values. |
---|
| 626 | // However if they're empty we don't want to escalate the grant command to root! |
---|
| 627 | $where = array(); |
---|
| 628 | $where[] = is_null($aro) ? "aro_tbl.name IS NOT NULL" : "aro_tbl.name = '" . $db->escapeString($aro) . "' "; |
---|
| 629 | $where[] = is_null($aco) ? "aco_tbl.name IS NOT NULL" : "aco_tbl.name = '" . $db->escapeString($aco) . "' "; |
---|
| 630 | $where[] = is_null($axo) ? "axo_tbl.name IS NOT NULL" : "axo_tbl.name = '" . $db->escapeString($axo) . "' "; |
---|
| 631 | |
---|
[218] | 632 | // If any access objects are null, assume using root values. |
---|
| 633 | // However if they're empty we don't want to escalate the grant command to root! |
---|
| 634 | $aro = is_null($aro) ? 'root' : $aro; |
---|
| 635 | $aco = is_null($aco) ? 'root' : $aco; |
---|
| 636 | $axo = is_null($axo) ? 'root' : $axo; |
---|
[457] | 637 | |
---|
[218] | 638 | // Flush old cached values. |
---|
| 639 | $cache_hash = $aro . '|' . $aco . '|' . $axo; |
---|
| 640 | $this->cache->delete($cache_hash); |
---|
| 641 | |
---|
[175] | 642 | $final_where = join(' AND ', $where); |
---|
[247] | 643 | if (mb_substr_count($final_where, 'IS NOT NULL') == 3) { |
---|
[175] | 644 | // Null on all three tables will delete ALL entries including the root -> root -> root = deny. |
---|
[420] | 645 | $app->logMsg('Cannot allow deletion of ALL acl entries.', LOG_WARNING, __FILE__, __LINE__); |
---|
[175] | 646 | return false; |
---|
| 647 | } |
---|
[457] | 648 | |
---|
[175] | 649 | $qid = $db->query(" |
---|
| 650 | DELETE acl_tbl |
---|
| 651 | FROM acl_tbl |
---|
| 652 | LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id) |
---|
| 653 | LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id) |
---|
| 654 | LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id) |
---|
| 655 | WHERE $final_where |
---|
| 656 | "); |
---|
| 657 | |
---|
| 658 | $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__); |
---|
[457] | 659 | |
---|
[175] | 660 | return true; |
---|
| 661 | } |
---|
[457] | 662 | |
---|
[175] | 663 | /* |
---|
[174] | 664 | * Calculates the most specific cascading privilege found for a requested |
---|
[457] | 665 | * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default, |
---|
[209] | 666 | * all entries are denied, unless some point in the hierarchy is set to "allow." |
---|
[171] | 667 | * |
---|
| 668 | * @access public |
---|
[174] | 669 | * @param string $aro Identifier of an existing ARO object. |
---|
| 670 | * @param string $aco Identifier of an existing ACO object (or null to use root). |
---|
| 671 | * @param string $axo Identifier of an existing AXO object (or null to use root). |
---|
| 672 | * @return bool False if denied, true on allowed. |
---|
[171] | 673 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 674 | * @version 1.0 |
---|
| 675 | * @since 15 Jun 2006 03:58:23 |
---|
| 676 | */ |
---|
[468] | 677 | public function check($aro, $aco=null, $axo=null) |
---|
[171] | 678 | { |
---|
| 679 | $app =& App::getInstance(); |
---|
| 680 | $db =& DB::getInstance(); |
---|
[457] | 681 | |
---|
[171] | 682 | $this->initDB(); |
---|
| 683 | |
---|
[173] | 684 | // If any access objects are null or empty, assume using root values. |
---|
| 685 | $aro = is_null($aro) || '' == trim($aro) ? 'root' : $aro; |
---|
| 686 | $aco = is_null($aco) || '' == trim($aco) ? 'root' : $aco; |
---|
| 687 | $axo = is_null($axo) || '' == trim($axo) ? 'root' : $axo; |
---|
[457] | 688 | |
---|
[172] | 689 | $cache_hash = $aro . '|' . $aco . '|' . $axo; |
---|
[534] | 690 | if (true === $this->getParam('enable_cache') && $this->cache->exists($cache_hash)) { |
---|
[172] | 691 | // Access value is cached. |
---|
| 692 | $access = $this->cache->get($cache_hash); |
---|
| 693 | } else { |
---|
[396] | 694 | // Retrieve access value from db. |
---|
[172] | 695 | $qid = $db->query(" |
---|
| 696 | SELECT acl_tbl.access |
---|
| 697 | FROM acl_tbl |
---|
| 698 | LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id) |
---|
| 699 | LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id) |
---|
| 700 | LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id) |
---|
[177] | 701 | WHERE (aro_tbl.lft <= (SELECT lft FROM aro_tbl WHERE name = '" . $db->escapeString($aro) . "') AND aro_tbl.rgt >= (SELECT rgt FROM aro_tbl WHERE name = '" . $db->escapeString($aro) . "')) |
---|
| 702 | AND (aco_tbl.lft <= (SELECT lft FROM aco_tbl WHERE name = '" . $db->escapeString($aco) . "') AND aco_tbl.rgt >= (SELECT rgt FROM aco_tbl WHERE name = '" . $db->escapeString($aco) . "')) |
---|
| 703 | AND (axo_tbl.lft <= (SELECT lft FROM axo_tbl WHERE name = '" . $db->escapeString($axo) . "') AND axo_tbl.rgt >= (SELECT rgt FROM axo_tbl WHERE name = '" . $db->escapeString($axo) . "')) |
---|
[208] | 704 | ORDER BY aro_tbl.lft DESC, aco_tbl.lft DESC, axo_tbl.lft DESC |
---|
[172] | 705 | LIMIT 1 |
---|
| 706 | "); |
---|
| 707 | if (!list($access) = mysql_fetch_row($qid)) { |
---|
[177] | 708 | $this->cache->set($cache_hash, 'deny'); |
---|
[655] | 709 | $app->logMsg(sprintf('Access denied: %s -> %s -> %s (no records found).', $aro, $aco, $axo), LOG_NOTICE, __FILE__, __LINE__); |
---|
[172] | 710 | return false; |
---|
| 711 | } |
---|
| 712 | $this->cache->set($cache_hash, $access); |
---|
[171] | 713 | } |
---|
[457] | 714 | |
---|
[171] | 715 | if ('allow' == $access) { |
---|
[506] | 716 | $app->logMsg(sprintf('Access granted: %s -> %s -> %s', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__); |
---|
[171] | 717 | return true; |
---|
| 718 | } else { |
---|
[534] | 719 | $app->logMsg(sprintf('Access denied: %s -> %s -> %s', $aro, $aco, $axo), LOG_NOTICE, __FILE__, __LINE__); |
---|
[171] | 720 | return false; |
---|
| 721 | } |
---|
| 722 | } |
---|
| 723 | |
---|
[457] | 724 | /* |
---|
| 725 | * Bounce user if they are denied access. Because this function calls dieURL() it must be called before any other HTTP header output. |
---|
| 726 | * |
---|
| 727 | * @access public |
---|
| 728 | * @param string $aro Identifier of an existing ARO object. |
---|
| 729 | * @param string $aco Identifier of an existing ACO object (or null to use root). |
---|
| 730 | * @param string $axo Identifier of an existing AXO object (or null to use root). |
---|
| 731 | * @param string $message The text description of a message to raise. |
---|
| 732 | * @param int $type The type of message: MSG_NOTICE, |
---|
| 733 | * MSG_SUCCESS, MSG_WARNING, or MSG_ERR. |
---|
| 734 | * @param string $file __FILE__. |
---|
| 735 | * @param string $line __LINE__. |
---|
| 736 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 737 | * @version 1.0 |
---|
| 738 | * @since 20 Jan 2014 12:09:03 |
---|
| 739 | */ |
---|
[468] | 740 | public function requireAllow($aro, $aco=null, $axo=null, $message='', $type=MSG_NOTICE, $file=null, $line=null) |
---|
[457] | 741 | { |
---|
[479] | 742 | $app =& App::getInstance(); |
---|
[457] | 743 | |
---|
| 744 | if (!$this->check($aro, $aco, $axo)) { |
---|
[502] | 745 | $message = '' == trim($message) ? sprintf(_("Sorry, you have insufficient privileges for <em>%s %s</em>."), $aco, $axo) : $message; |
---|
[457] | 746 | $app->raiseMsg($message, $type, $file, $line); |
---|
| 747 | $app->dieBoomerangURL(); |
---|
| 748 | } |
---|
| 749 | } |
---|
| 750 | |
---|
[534] | 751 | /* |
---|
| 752 | * Returns an array of the specified object type starting specified root. |
---|
| 753 | * |
---|
| 754 | * @access public |
---|
| 755 | * @param string $type Table to list, one of: aro, aco, or axo. |
---|
| 756 | * @param string $root Root node from which to begin from. |
---|
| 757 | * @return mixed Returns a multidimensional array of objects, or false on error. |
---|
| 758 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 759 | * @version 1.0 |
---|
| 760 | * @since 17 Jun 2006 23:41:22 |
---|
| 761 | */ |
---|
| 762 | function getList($type, $root=null) |
---|
| 763 | { |
---|
| 764 | $app =& App::getInstance(); |
---|
| 765 | $db =& DB::getInstance(); |
---|
| 766 | |
---|
| 767 | switch ($type) { |
---|
| 768 | case 'aro' : |
---|
| 769 | $tbl = 'aro_tbl'; |
---|
| 770 | break; |
---|
| 771 | case 'aco' : |
---|
| 772 | $tbl = 'aco_tbl'; |
---|
| 773 | break; |
---|
| 774 | case 'axo' : |
---|
| 775 | $tbl = 'axo_tbl'; |
---|
| 776 | break; |
---|
| 777 | default : |
---|
| 778 | $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__); |
---|
| 779 | return false; |
---|
| 780 | } |
---|
| 781 | |
---|
| 782 | // By default start with the 'root' node. |
---|
| 783 | $root = !isset($root) ? 'root' : $root; |
---|
| 784 | |
---|
| 785 | // Retrieve the left and right value of the $root node. |
---|
| 786 | $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'"); |
---|
| 787 | list($lft, $rgt) = mysql_fetch_row($qid); |
---|
| 788 | |
---|
| 789 | $results = array(); |
---|
| 790 | $depth = array(); |
---|
| 791 | |
---|
| 792 | // Retrieve all descendants of the root node |
---|
| 793 | $qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC"); |
---|
| 794 | while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) { |
---|
| 795 | // If the last element of $depth is less than the current rgt it means we finished with a set of children nodes. |
---|
| 796 | while (sizeof($depth) > 0 && end($depth) < $rgt) { |
---|
| 797 | array_pop($depth); |
---|
| 798 | } |
---|
| 799 | |
---|
| 800 | $results[] = array( |
---|
| 801 | 'name' => $name, |
---|
| 802 | 'added_datetime' => $added_datetime, |
---|
| 803 | 'depth' => sizeof($depth), |
---|
| 804 | ); |
---|
| 805 | |
---|
| 806 | // Add this node to the stack. |
---|
| 807 | $depth[] = $rgt; |
---|
| 808 | } |
---|
| 809 | |
---|
| 810 | return $results; |
---|
| 811 | } |
---|
| 812 | |
---|
[171] | 813 | } // End class. |
---|