Changeset 457 for trunk/lib/ACL.inc.php

Timestamp:

Jan 20, 2014 9:42:13 PM (10 years ago)

Author:

anonymous

Message:

Removed use of requireAccessClearance(). Adjusted sequence of sslOn() and requireLogin(). Added ACL::requireAllow() method. Added arguments to SortOrder::set(). Changed behavior of Validator::validateStrDate(). Added use of Validator::validateStrDate() to module maker templates.

File:

• trunk/lib/ACL.inc.php (modified) (38 diffs)

trunk/lib/ACL.inc.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -23 +23 @@
 /*
 * ACL.inc.php
-* 
+*
 * Uses the ARO/ACO/AXO model of Access Control Lists.
 * Uses Modified Preorder Tree Traversal to maintain a tree-structure.
 * See: http://www.sitepoint.com/print/hierarchical-data-database
 * Includes a command-line tool for managing rights (codebase/bin/acl.cli.php).
-* 
+*
 *
 * @author   Quinn Comendant <quinn@strangecode.com>
@@ -41 +41 @@
     // Configuration parameters for this object.
     var $_params = array(
-        
+
         // If false nothing will be cached or retrieved. Useful for testing realtime data requests.
         'enable_cache' => true,
@@ -94 +94 @@
     {
         $app =& App::getInstance();
-    
+
         if (isset($params) && is_array($params)) {
             // Merge new parameters with old overriding only those passed.
@@ -113 +113 @@
     {
         $app =& App::getInstance();
-    
+
         if (isset($this->_params[$param])) {
             return $this->_params[$param];
@@ -145 +145 @@
                 $app->logMsg(sprintf('Dropping and recreating tables acl_tbl, aro_tbl, aco_tbl, axo_tbl.', null), LOG_INFO, __FILE__, __LINE__);
             }
-            
+
             // acl_tbl
             $db->query("
@@ -171 +171 @@
                 $qid = $db->query("SELECT 1 FROM acl_tbl");
                 if (mysql_num_rows($qid) == 0) {
-                    $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())");                    
-                }                
+                    $qid = $db->query("REPLACE INTO acl_tbl VALUES ('1', '1', '1', 'deny', NOW())");
+                }
             }
 
@@ -202 +202 @@
                     $qid = $db->query("SELECT 1 FROM {$a_o}_tbl WHERE name = 'root'");
                     if (mysql_num_rows($qid) == 0) {
-                        $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())");                    
-                    }                    
+                        $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())");
+                    }
                 }
 
@@ -228 +228 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
-        
+
         switch ($type) {
         case 'aro' :
@@ -246 +246 @@
             break;
         }
-        
+
         // If $parent is null, use root object.
         if (is_null($parent)) {
             $parent = 'root';
         }
-        
+
         // Ensure node and parent name aren't empty.
         if ('' == trim($name) || '' == trim($parent)) {
@@ -257 +257 @@
             return false;
         }
-        
+
         // Ensure node is unique.
         $qid = $db->query("SELECT 1 FROM $tbl WHERE name = '" . $db->escapeString($name) . "'");
@@ -264 +264 @@
             return false;
         }
-        
+
         // Select the rgt of $parent.
         $qid = $db->query("SELECT rgt FROM $tbl WHERE name = '" . $db->escapeString($parent) . "'");
@@ -275 +275 @@
         $db->query("UPDATE $tbl SET lft = lft + 2 WHERE lft >= $parent_rgt");
         $db->query("UPDATE $tbl SET rgt = rgt + 2 WHERE rgt >= $parent_rgt");
-        
+
         // Insert new node just below parent. Lft is parent's old rgt.
         $db->query("
-            INSERT INTO $tbl (name, lft, rgt, added_datetime) 
+            INSERT INTO $tbl (name, lft, rgt, added_datetime)
             VALUES ('" . $db->escapeString($name) . "', $parent_rgt, $parent_rgt + 1, NOW())
         ");
@@ -315 +315 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
 
@@ -336 +336 @@
             break;
         }
-        
+
         // Ensure node name isn't empty.
         if ('' == trim($name)) {
@@ -342 +342 @@
             return false;
         }
-        
+
         // Select the lft and rgt of $name to use for selecting children and reordering transversals.
         $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'");
@@ -349 +349 @@
             return false;
         }
-        
+
         // Remove node and all children of node, as well as acl_tbl links.
         $db->query("
-            DELETE $tbl, acl_tbl 
+            DELETE $tbl, acl_tbl
             FROM $tbl
             LEFT JOIN acl_tbl ON ($tbl.$primary_key = acl_tbl.$primary_key)
@@ -366 +366 @@
         return true;
     }
-    
+
     // Alias functions for the different object types.
     function removeRequestObject($name)
@@ -397 +397 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
 
@@ -418 +418 @@
             break;
         }
-        
+
         // If $new_parent is null, use root object.
         if (is_null($new_parent)) {
             $new_parent = 'root';
         }
-        
+
         // Ensure node and parent name aren't empty.
         if ('' == trim($name) || '' == trim($new_parent)) {
@@ -429 +429 @@
             return false;
         }
-        
+
         // Select the lft and rgt of $name to use for selecting children and reordering transversals.
         $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'");
@@ -436 +436 @@
             return false;
         }
-        
+
         // Total number of transversal values (that is, the count of self plus all children times two).
         $total_transversal_value = ($rgt - $lft + 1);
@@ -446 +446 @@
             return false;
         }
-        
+
         // Ensure the new parent is not a child of the node being moved.
         if ($new_parent_rgt <= $rgt && $new_parent_rgt >= $lft) {
@@ -452 +452 @@
             return false;
         }
-        
+
         // Collect unique ids of all nodes being moved. The transversal numbers will become duplicated so these will be needed to identify these.
         $qid = $db->query("
@@ -472 +472 @@
         // Apply transformation to new parent rgt also.
         $new_parent_rgt = $new_parent_rgt > $rgt ? $new_parent_rgt - $total_transversal_value : $new_parent_rgt;
-        
+
         // Update transversal values of moved node and children.
         $db->query("
-            UPDATE $tbl SET 
+            UPDATE $tbl SET
                 lft = lft - ($lft - $new_parent_rgt),
                 rgt = rgt - ($lft - $new_parent_rgt)
@@ -488 +488 @@
         return true;
     }
-    
+
     // Alias functions for the different object types.
     function moveRequestObject($name, $new_parent=null)
@@ -502 +502 @@
         return $this->move($name, $new_parent, 'axo');
     }
-    
+
     /*
     * Add an entry to the acl_tbl to allow (or deny) a truple with the specified
@@ -528 +528 @@
         $aco = is_null($aco) ? 'root' : $aco;
         $axo = is_null($axo) ? 'root' : $axo;
-        
+
         // Flush old cached values.
         $cache_hash = $aro . '|' . $aco . '|' . $axo;
@@ -552 +552 @@
         // Access must be 'allow' or 'deny'.
         $allow = 'allow' == $access ? 'allow' : 'deny';
-        
+
         $db->query("REPLACE INTO acl_tbl VALUES ('$aro_id', '$aco_id', '$axo_id', '$allow', NOW())");
         $app->logMsg(sprintf('Set %s: %s -> %s -> %s.', $allow, $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__);
-        
+
         return true;
     }
@@ -577 +577 @@
         return $this->grant($aro, $aco, $axo, 'deny');
     }
-    
+
     /*
     * Delete an entry from the acl_tbl completely to allow other permissions to cascade down.
@@ -610 +610 @@
         $aco = is_null($aco) ? 'root' : $aco;
         $axo = is_null($axo) ? 'root' : $axo;
-        
+
         // Flush old cached values.
         $cache_hash = $aro . '|' . $aco . '|' . $axo;
@@ -621 +621 @@
             return false;
         }
-        
+
         $qid = $db->query("
             DELETE acl_tbl
@@ -632 +632 @@
 
         $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__);
-        
+
         return true;
     }
-    
+
     /*
     * Calculates the most specific cascading privilege found for a requested
-    * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default, 
+    * ARO -> ACO -> AXO entry. Returns FALSE if the entry is denied. By default,
     * all entries are denied, unless some point in the hierarchy is set to "allow."
     *
@@ -654 +654 @@
         $app =& App::getInstance();
         $db =& DB::getInstance();
-        
+
         $this->initDB();
 
@@ -661 +661 @@
         $aco = is_null($aco) || '' == trim($aco) ? 'root' : $aco;
         $axo = is_null($axo) || '' == trim($axo) ? 'root' : $axo;
-        
+
         $cache_hash = $aro . '|' . $aco . '|' . $axo;
         if ($this->cache->exists($cache_hash) && true === $this->getParam('enable_cache')) {
@@ -687 +687 @@
             $this->cache->set($cache_hash, $access);
         }
-        
+
         if ('allow' == $access) {
             $app->logMsg(sprintf('Access granted: %s -> %s -> %s.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__);
@@ -697 +697 @@
     }
 
+    /*
+    * Bounce user if they are denied access. Because this function calls dieURL() it must be called before any other HTTP header output.
+    *
+    * @access   public
+    * @param    string $aro Identifier of an existing ARO object.
+    * @param    string $aco Identifier of an existing ACO object (or null to use root).
+    * @param    string $axo Identifier of an existing AXO object (or null to use root).
+    * @param    string $message The text description of a message to raise.
+    * @param    int    $type    The type of message: MSG_NOTICE,
+    *                           MSG_SUCCESS, MSG_WARNING, or MSG_ERR.
+    * @param    string $file    __FILE__.
+    * @param    string $line    __LINE__.
+    * @author   Quinn Comendant <quinn@strangecode.com>
+    * @version  1.0
+    * @since    20 Jan 2014 12:09:03
+    */
+    function requireAllow($aro, $aco=null, $axo=null, $message='', $type=MSG_NOTICE, $file=null, $line=null)
+    {
+        $app =& App::getInstance();
+
+        if (!$this->check($aro, $aco, $axo)) {
+            $message = '' == trim($message) ? sprintf(_("You have insufficient privileges to view <em>%s %s</em>"), $aco, $axo) : $message;
+            $app->raiseMsg($message, $type, $file, $line);
+            $app->dieBoomerangURL();
+        }
+    }
+
 } // End class.