Changeset 457 for trunk/lib/ACL.inc.php
- Timestamp:
- Jan 20, 2014 9:42:13 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/ACL.inc.php
r420 r457 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. … … 23 23 /* 24 24 * ACL.inc.php 25 * 25 * 26 26 * Uses the ARO/ACO/AXO model of Access Control Lists. 27 27 * Uses Modified Preorder Tree Traversal to maintain a tree-structure. 28 28 * See: http://www.sitepoint.com/print/hierarchical-data-database 29 29 * Includes a command-line tool for managing rights (codebase/bin/acl.cli.php). 30 * 30 * 31 31 * 32 32 * @author Quinn Comendant <quinn@strangecode.com> … … 41 41 // Configuration parameters for this object. 42 42 var $_params = array( 43 43 44 44 // If false nothing will be cached or retrieved. Useful for testing realtime data requests. 45 45 'enable_cache' => true, … … 94 94 { 95 95 $app =& App::getInstance(); 96 96 97 97 if (isset($params) && is_array($params)) { 98 98 // Merge new parameters with old overriding only those passed. … … 113 113 { 114 114 $app =& App::getInstance(); 115 115 116 116 if (isset($this->_params[$param])) { 117 117 return $this->_params[$param]; … … 145 145 $app->logMsg(sprintf('Dropping and recreating tables acl_tbl, aro_tbl, aco_tbl, axo_tbl.', null), LOG_INFO, __FILE__, __LINE__); 146 146 } 147 147 148 148 // acl_tbl 149 149 $db->query(" … … 171 171 $qid = $db->query("SELECT 1 FROM acl_tbl"); 172 172 if (mysql_num_rows($qid) == 0) { 173 $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())"); 174 } 173 $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())"); 174 } 175 175 } 176 176 … … 202 202 $qid = $db->query("SELECT 1 FROM {$a_o}_tbl WHERE name = 'root'"); 203 203 if (mysql_num_rows($qid) == 0) { 204 $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())"); 205 } 204 $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())"); 205 } 206 206 } 207 207 … … 228 228 $app =& App::getInstance(); 229 229 $db =& DB::getInstance(); 230 230 231 231 $this->initDB(); 232 232 233 233 switch ($type) { 234 234 case 'aro' : … … 246 246 break; 247 247 } 248 248 249 249 // If $parent is null, use root object. 250 250 if (is_null($parent)) { 251 251 $parent = 'root'; 252 252 } 253 253 254 254 // Ensure node and parent name aren't empty. 255 255 if ('' == trim($name) || '' == trim($parent)) { … … 257 257 return false; 258 258 } 259 259 260 260 // Ensure node is unique. 261 261 $qid = $db->query("SELECT 1 FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); … … 264 264 return false; 265 265 } 266 266 267 267 // Select the rgt of $parent. 268 268 $qid = $db->query("SELECT rgt FROM $tbl WHERE name = '" . $db->escapeString($parent) . "'"); … … 275 275 $db->query("UPDATE $tbl SET lft = lft + 2 WHERE lft >= $parent_rgt"); 276 276 $db->query("UPDATE $tbl SET rgt = rgt + 2 WHERE rgt >= $parent_rgt"); 277 277 278 278 // Insert new node just below parent. Lft is parent's old rgt. 279 279 $db->query(" 280 INSERT INTO $tbl (name, lft, rgt, added_datetime) 280 INSERT INTO $tbl (name, lft, rgt, added_datetime) 281 281 VALUES ('" . $db->escapeString($name) . "', $parent_rgt, $parent_rgt + 1, NOW()) 282 282 "); … … 315 315 $app =& App::getInstance(); 316 316 $db =& DB::getInstance(); 317 317 318 318 $this->initDB(); 319 319 … … 336 336 break; 337 337 } 338 338 339 339 // Ensure node name isn't empty. 340 340 if ('' == trim($name)) { … … 342 342 return false; 343 343 } 344 344 345 345 // Select the lft and rgt of $name to use for selecting children and reordering transversals. 346 346 $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); … … 349 349 return false; 350 350 } 351 351 352 352 // Remove node and all children of node, as well as acl_tbl links. 353 353 $db->query(" 354 DELETE $tbl, acl_tbl 354 DELETE $tbl, acl_tbl 355 355 FROM $tbl 356 356 LEFT JOIN acl_tbl ON ($tbl.$primary_key = acl_tbl.$primary_key) … … 366 366 return true; 367 367 } 368 368 369 369 // Alias functions for the different object types. 370 370 function removeRequestObject($name) … … 397 397 $app =& App::getInstance(); 398 398 $db =& DB::getInstance(); 399 399 400 400 $this->initDB(); 401 401 … … 418 418 break; 419 419 } 420 420 421 421 // If $new_parent is null, use root object. 422 422 if (is_null($new_parent)) { 423 423 $new_parent = 'root'; 424 424 } 425 425 426 426 // Ensure node and parent name aren't empty. 427 427 if ('' == trim($name) || '' == trim($new_parent)) { … … 429 429 return false; 430 430 } 431 431 432 432 // Select the lft and rgt of $name to use for selecting children and reordering transversals. 433 433 $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); … … 436 436 return false; 437 437 } 438 438 439 439 // Total number of transversal values (that is, the count of self plus all children times two). 440 440 $total_transversal_value = ($rgt - $lft + 1); … … 446 446 return false; 447 447 } 448 448 449 449 // Ensure the new parent is not a child of the node being moved. 450 450 if ($new_parent_rgt <= $rgt && $new_parent_rgt >= $lft) { … … 452 452 return false; 453 453 } 454 454 455 455 // Collect unique ids of all nodes being moved. The transversal numbers will become duplicated so these will be needed to identify these. 456 456 $qid = $db->query(" … … 472 472 // Apply transformation to new parent rgt also. 473 473 $new_parent_rgt = $new_parent_rgt > $rgt ? $new_parent_rgt - $total_transversal_value : $new_parent_rgt; 474 474 475 475 // Update transversal values of moved node and children. 476 476 $db->query(" 477 UPDATE $tbl SET 477 UPDATE $tbl SET 478 478 lft = lft - ($lft - $new_parent_rgt), 479 479 rgt = rgt - ($lft - $new_parent_rgt) … … 488 488 return true; 489 489 } 490 490 491 491 // Alias functions for the different object types. 492 492 function moveRequestObject($name, $new_parent=null) … … 502 502 return $this->move($name, $new_parent, 'axo'); 503 503 } 504 504 505 505 /* 506 506 * Add an entry to the acl_tbl to allow (or deny) a truple with the specified … … 528 528 $aco = is_null($aco) ? 'root' : $aco; 529 529 $axo = is_null($axo) ? 'root' : $axo; 530 530 531 531 // Flush old cached values. 532 532 $cache_hash = $aro . '|' . $aco . '|' . $axo; … … 552 552 // Access must be 'allow' or 'deny'. 553 553 $allow = 'allow' == $access ? 'allow' : 'deny'; 554 554 555 555 $db->query("REPLACE INTO acl_tbl VALUES ('$aro_id', '$aco_id', '$axo_id', '$allow', NOW())"); 556 556 $app->logMsg(sprintf('Set %s: %s -> %s -> %s.', $allow, $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__); 557 557 558 558 return true; 559 559 } … … 577 577 return $this->grant($aro, $aco, $axo, 'deny'); 578 578 } 579 579 580 580 /* 581 581 * Delete an entry from the acl_tbl completely to allow other permissions to cascade down. … … 610 610 $aco = is_null($aco) ? 'root' : $aco; 611 611 $axo = is_null($axo) ? 'root' : $axo; 612 612 613 613 // Flush old cached values. 614 614 $cache_hash = $aro . '|' . $aco . '|' . $axo; … … 621 621 return false; 622 622 } 623 623 624 624 $qid = $db->query(" 625 625 DELETE acl_tbl … … 632 632 633 633 $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__); 634 634 635 635 return true; 636 636 } 637 637 638 638 /* 639 639 * Calculates the most specific cascading privilege found for a requested 640 * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default, 640 * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default, 641 641 * all entries are denied, unless some point in the hierarchy is set to "allow." 642 642 * … … 654 654 $app =& App::getInstance(); 655 655 $db =& DB::getInstance(); 656 656 657 657 $this->initDB(); 658 658 … … 661 661 $aco = is_null($aco) || '' == trim($aco) ? 'root' : $aco; 662 662 $axo = is_null($axo) || '' == trim($axo) ? 'root' : $axo; 663 663 664 664 $cache_hash = $aro . '|' . $aco . '|' . $axo; 665 665 if ($this->cache->exists($cache_hash) && true === $this->getParam('enable_cache')) { … … 687 687 $this->cache->set($cache_hash, $access); 688 688 } 689 689 690 690 if ('allow' == $access) { 691 691 $app->logMsg(sprintf('Access granted: %s -> %s -> %s.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__); … … 697 697 } 698 698 699 /* 700 * Bounce user if they are denied access. Because this function calls dieURL() it must be called before any other HTTP header output. 701 * 702 * @access public 703 * @param string $aro Identifier of an existing ARO object. 704 * @param string $aco Identifier of an existing ACO object (or null to use root). 705 * @param string $axo Identifier of an existing AXO object (or null to use root). 706 * @param string $message The text description of a message to raise. 707 * @param int $type The type of message: MSG_NOTICE, 708 * MSG_SUCCESS, MSG_WARNING, or MSG_ERR. 709 * @param string $file __FILE__. 710 * @param string $line __LINE__. 711 * @author Quinn Comendant <quinn@strangecode.com> 712 * @version 1.0 713 * @since 20 Jan 2014 12:09:03 714 */ 715 function requireAllow($aro, $aco=null, $axo=null, $message='', $type=MSG_NOTICE, $file=null, $line=null) 716 { 717 $app =& App::getInstance(); 718 719 if (!$this->check($aro, $aco, $axo)) { 720 $message = '' == trim($message) ? sprintf(_("You have insufficient privileges to view <em>%s %s</em>"), $aco, $axo) : $message; 721 $app->raiseMsg($message, $type, $file, $line); 722 $app->dieBoomerangURL(); 723 } 724 } 725 699 726 } // End class. 700 727
Note: See TracChangeset
for help on using the changeset viewer.