Changeset 175 for trunk/lib/ACL.inc.php

Timestamp:

Jun 21, 2006 4:48:45 AM (18 years ago)

Author:

scdev

Message:

${1}

File:

• trunk/lib/ACL.inc.php (modified) (3 diffs)

trunk/lib/ACL.inc.php

@@ -487 +487 @@
     *
     * @access   public
-    * @param    string $aro Identifier of an existing ARO object.
-    * @param    string $aco Identifier of an existing ACO object (or null to use root).
-    * @param    string $axo Identifier of an existing AXO object (or null to use root).
+    * @param    string|null $aro Identifier of an existing ARO object (or null to use root).
+    * @param    string|null $aco Identifier of an existing ACO object (or null to use root).
+    * @param    string|null $axo Identifier of an existing AXO object (or null to use root).
     * @return   bool False on error, true on success.
     * @author   Quinn Comendant <quinn@strangecode.com>
@@ -539 +539 @@
     *
     * @access   public
-    * @param    string $aro Identifier of an existing ARO object.
-    * @param    string $aco Identifier of an existing ACO object (or null to use root).
-    * @param    string $axo Identifier of an existing AXO object (or null to use root).
+    * @param    string|null $aro Identifier of an existing ARO object (or null to use root).
+    * @param    string|null $aco Identifier of an existing ACO object (or null to use root).
+    * @param    string|null $axo Identifier of an existing AXO object (or null to use root).
     * @return   bool False on error, true on success.
     * @author   Quinn Comendant <quinn@strangecode.com>
@@ -550 +550 @@
     {
         return $this->grant($aro, $aco, $axo, 'deny');
+    }
+    
+    /*
+    * Delete an entry from the acl_tbl completely to allow other permissions to cascade down.
+    * Null values act as a "wildcard" and will cause ALL matches in that column to be deleted.
+    *
+    * @access   public
+    * @param    string|null $aro Identifier of an existing ARO object (or null for *).
+    * @param    string|null $aco Identifier of an existing ACO object (or null for *).
+    * @param    string|null $axo Identifier of an existing AXO object (or null for *).
+    * @return   bool False on error, true on success.
+    * @author   Quinn Comendant <quinn@strangecode.com>
+    * @version  1.0
+    * @since    20 Jun 2006 20:16:12
+    */
+    function delete($aro=null, $aco=null, $axo=null)
+    {
+        $app =& App::getInstance();
+        $db =& DB::getInstance();
+
+        $this->initDB();
+
+        // If any access objects are null, assume using root values.
+        // However if they're empty we don't want to escalate the grant command to root!
+        $where = array();
+        $where[] = is_null($aro) ? "aro_tbl.name IS NOT NULL" : "aro_tbl.name = '" . $db->escapeString($aro) . "' ";
+        $where[] = is_null($aco) ? "aco_tbl.name IS NOT NULL" : "aco_tbl.name = '" . $db->escapeString($aco) . "' ";
+        $where[] = is_null($axo) ? "axo_tbl.name IS NOT NULL" : "axo_tbl.name = '" . $db->escapeString($axo) . "' ";
+
+        $final_where = join(' AND ', $where);
+        if (substr_count($final_where, 'IS NOT NULL') == 3) {
+            // Null on all three tables will delete ALL entries including the root -> root -> root = deny.
+            $app->logMsg(sprintf('Cannot allow deletion of all acl entries.', null), LOG_NOTICE, __FILE__, __LINE__);
+            return false;
+        }
+        
+        $qid = $db->query("
+            DELETE acl_tbl
+            FROM acl_tbl
+            LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
+            LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
+            LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
+            WHERE $final_where
+        ");
+
+        $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__);
+        
+        return true;
     }