class.acl.inc.php

ralfbecker_sf 2016-03-31 18:52:09 UTC #1

Author: ralfbecker
New Revision: 55583

URL: http://svn.stylite.de/viewvc/egroupware?rev=55583&view=rev
Log:
move acl class to api

Added:
trunk/egroupware/api/src/Acl.php
- copied, changed from r55571, trunk/phpgwapi/inc/class.acl.inc.php
Modified:
trunk/egroupware/api/src/Accounts/Sql.php
trunk/phpgwapi/inc/class.acl.inc.php

Modified: trunk/egroupware/api/src/Accounts/Sql.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Accounts/Sql.php?rev=55583&r1=55582&r2=55583&view=diff

— trunk/egroupware/api/src/Accounts/Sql.php (original)
+++ trunk/egroupware/api/src/Accounts/Sql.php Thu Mar 31 20:52:09 2016
@@ -27,9 +27,6 @@

use EGroupware\Api;

-// explicitly reference classes still in phpgwapi of old structure
-use acl;

/**

SQL Backend for accounts

@@ -349,11 +346,11 @@

	$members = array();
	foreach($this->db->select($this->table, 'account_id,account_lid',

  	$this->db->expression(acl::TABLE, array(

  	$this->db->expression(Api\Acl::TABLE, array(
  		'acl_appname'  => 'phpgw_group',
  		'acl_location' => $account_id,
  	)), __LINE__, __FILE__, false, '', false, 0,

  	'JOIN '.acl::TABLE.' ON account_id=acl_account'

  	'JOIN '.Api\Acl::TABLE.' ON account_id=acl_account'
  ) as $row)
  {
  	$members[$row['account_id']] = $row['account_lid'];

Copied: trunk/egroupware/api/src/Acl.php (from r55571, trunk/phpgwapi/inc/class.acl.inc.php)
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Acl.php?p2=trunk/egroupware/api/src/Acl.php&p1=trunk/phpgwapi/inc/class.acl.inc.php&r1=55571&r2=55583&rev=55583&view=diff

— trunk/phpgwapi/inc/class.acl.inc.php (original)
+++ trunk/egroupware/api/src/Acl.php Thu Mar 31 20:52:09 2016
@@ -1,15 +1,17 @@

<?php /** - * eGroupWare API - Applications + * EGroupware API - ACL * * @link http://www.egroupware.org * @author Dan Kuykendall * Copyright (C) 2000, 2001 Dan Kuykendall * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License * @package api - * @subpackage accounts + * @subpackage acl * @version $Id$ */ + +namespace EGroupware\Api; /** * Access Control List System @@ -21,7 +23,7 @@ * * $acl = new acl(5); // 5 is the user id */ -class acl +class Acl { /** * @var int $account_id the account-id this class is instanciated for @@ -38,7 +40,7 @@ /** * internal copy of the db-object * - * @var egw_db + * @var Db */ var $db; /** @@ -84,50 +86,6 @@ } } - function DONTlist_methods($_type='xmlrpc') - { - /* - This handles introspection or discovery by the logged in client, - in which case the input might be an array. The server always calls - this function to fill the server dispatch map using a string. - */ - - if (is_array($_type)) - { - $_type = $_type['type'] ? $_type['type'] : $_type[0]; - } - - switch($_type) - { - case 'xmlrpc': - $xml_functions = array( - 'read_repository' => array( - 'function' => 'read_repository', - 'signature' => array(array(xmlrpcStruct)), - 'docstring' => lang('FIXME!') - ), - 'get_rights' => array( - 'function' => 'get_rights', - 'signature' => array(array(xmlrpcStruct,xmlrpcStruct)), - 'docstring' => lang('FIXME!') - - ), - 'list_methods' => array( - 'function' => 'list_methods', - 'signature' => array(array(xmlrpcStruct,xmlrpcString)), - 'docstring' => lang('Read this list of methods.') - ) - ); - return $xml_functions; - - case 'soap': - return $this->soap_functions; - - default: - return array(); - } - } - /**************************************************************************\ * These are the standard $this->account_id specific functions * \**************************************************************************/ @@ -158,9 +116,9 @@ } $this->data = Array(); - foreach($this->db->select(acl::TABLE,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__) as $row) - { - $this->data[$row['acl_appname'].'-'.$row['acl_location'].'-'.$row['acl_account']] = egw_db::strip_array_keys($row,'acl_'); + foreach($this->db->select(self::TABLE,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__) as $row) + { + $this->data[$row['acl_appname'].'-'.$row['acl_location'].'-'.$row['acl_account']] = Db::strip_array_keys($row,'acl_'); } return $this->data; } @@ -234,7 +192,7 @@ */ function save_repository() { - $this->db->delete(acl::TABLE,array( + $this->db->delete(self::TABLE,array( 'acl_account' => $this->account_id, ),__LINE__,__FILE__); @@ -242,7 +200,7 @@ { if ($value['account'] == $this->account_id) { - $this->db->insert(acl::TABLE,array( + $this->db->insert(self::TABLE,array( 'acl_appname' => $value['appname'], 'acl_location' => $value['location'], 'acl_account' => $this->account_id, @@ -385,8 +343,8 @@ */ function add_repository($app, $location, $account_id, $rights) { - //echo "

acl::add_repository('$app','$location',$account_id,$rights);

\n"; - $this->db->insert(acl::TABLE,array( + //echo "

self::add_repository('$app','$location',$account_id,$rights);

\n"; + $this->db->insert(self::TABLE,array( 'acl_rights' => $rights, ),array( 'acl_appname' => $app, @@ -435,7 +393,7 @@ } if ($app == '%' || $app == '%%') unset($where['acl_appname']); - $this->db->delete(acl::TABLE,$where,__LINE__,__FILE__); + $this->db->delete(self::TABLE,$where,__LINE__,__FILE__); return $this->db->affected_rows(); } @@ -452,7 +410,7 @@ { if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - return $this->db->select(acl::TABLE,'acl_rights',array( + return $this->db->select(self::TABLE,'acl_rights',array( 'acl_location' => $location, 'acl_account' => $account_id, 'acl_appname' => $appname, @@ -471,7 +429,7 @@ if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; $rights = array(); - foreach($this->db->select(acl::TABLE,'acl_account,acl_rights',array( + foreach($this->db->select(self::TABLE,'acl_account,acl_rights',array( 'acl_location' => $location, 'acl_appname' => $appname, ),__LINE__,__FILE__) as $row) @@ -500,7 +458,7 @@ $accounts[] = $account_id; } $rights = array(); - foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array( + foreach($this->db->select(self::TABLE,'acl_location,acl_rights',array( 'acl_account' => $accounts, 'acl_appname' => $appname, ),__LINE__,__FILE__) as $row) @@ -533,7 +491,7 @@ } $rights = 0; $apps = false; - foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array( + foreach($this->db->select(self::TABLE,array('acl_appname','acl_rights'),array( 'acl_location' => $location, 'acl_account' => $account_id, ),__LINE__,__FILE__) as $row) @@ -572,7 +530,7 @@ $accountid = $cache_accountid[$accountid] = get_account_id($accountid,$this->account_id); } $locations = false; - foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array( + foreach($this->db->select(self::TABLE,'acl_location,acl_rights',array( 'acl_appname' => $app, 'acl_account' => $accountid, ),__LINE__,__FILE__) as $row) @@ -598,7 +556,7 @@ if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; $accounts = false; - foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights'),array( + foreach($this->db->select(self::TABLE,array('acl_account','acl_rights'),array( 'acl_appname' => $app, 'acl_location' => $location, ),__LINE__,__FILE__) as $row) @@ -622,7 +580,7 @@ if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; $locations = false; - foreach($this->db->select(acl::TABLE,'DISTINCT '.'acl_location',array( + foreach($this->db->select(self::TABLE,'DISTINCT '.'acl_location',array( 'acl_appname' => $app, ),__LINE__,__FILE__) as $row) { @@ -659,7 +617,7 @@ $memberships[] = (int)$account_id; $apps = array(); - foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array( + foreach($this->db->select(self::TABLE,array('acl_appname','acl_rights'),array( 'acl_location' => 'run', 'acl_account' => $memberships, ),__LINE__,__FILE__) as $row) @@ -701,7 +659,7 @@ $memberships[] = $user; $grants = $accounts = Array(); - foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights','acl_location'),array( + foreach($this->db->select(self::TABLE,array('acl_account','acl_rights','acl_location'),array( 'acl_appname' => $app, 'acl_location' => $memberships, ),__LINE__,__FILE__) as $row) @@ -738,7 +696,7 @@ // user has implizit all rights on own data $grants[$user] = ~0; } - //echo "acl::get_grants('$app',$enum_group_acls) ".function_backtrace(); _debug_array($grants); + //echo "self::get_grants('$app',$enum_group_acls) ".function_backtrace(); _debug_array($grants); return $grants; } @@ -752,15 +710,15 @@ if ((int) $account_id) { // Delete all grants from this account - $this->db->delete(acl::TABLE,array( + $this->db->delete(self::TABLE,array( 'acl_account' => $account_id ),__LINE__,__FILE__); // Delete all grants to this account - $this->db->delete(acl::TABLE,array( + $this->db->delete(self::TABLE,array( 'acl_location' => $account_id ),__LINE__, __FILE__); // delete all memberships in account_id (if it is a group) - $this->db->delete(acl::TABLE,array( + $this->db->delete(self::TABLE,array( 'acl_appname' => 'phpgw_group', 'acl_location' => $account_id, ),__LINE__,__FILE__); @@ -779,7 +737,7 @@ if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; $locations = array(); - foreach($this->db->select(acl::TABLE,'acl_location,acl_account,acl_rights',array( + foreach($this->db->select(self::TABLE,'acl_location,acl_account,acl_rights',array( 'acl_appname' => $app, 'acl_location LIKE '.$this->db->quote($location), ),__LINE__,__FILE__) as $row) @@ -791,4 +749,4 @@ } return $locations; } -} //end of acl class +} Modified: trunk/phpgwapi/inc/class.acl.inc.php URL: http://svn.stylite.de/viewvc/egroupware/trunk/phpgwapi/inc/class.acl.inc.php?rev=55583&r1=55582&r2=55583&view=diff ============================================================================== --- trunk/phpgwapi/inc/class.acl.inc.php (original) +++ trunk/phpgwapi/inc/class.acl.inc.php Thu Mar 31 20:52:09 2016 @@ -1,15 +1,17 @@ <?php /** - * eGroupWare API - Applications + * EGroupware API - Applications * * @link http://www.egroupware.org * @author Dan Kuykendall * Copyright (C) 2000, 2001 Dan Kuykendall * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License * @package api - * @subpackage accounts + * @subpackage acl * @version $Id$ */ + +use EGroupware\Api; /** * Access Control List System @@ -21,774 +23,4 @@ * * $acl = new acl(5); // 5 is the user id */ -class acl -{ - /** - * @var int $account_id the account-id this class is instanciated for - */ - var $account_id = 0; - /** - * @var $account_type - */ - var $account_type; - /** - * @var array $data internal repository with acl rows for the given app and account-id (incl. memberships) - */ - var $data = Array(); - /** - * internal copy of the db-object - * - * @var egw_db - */ - var $db; - /** - * @var string $table_name name of the acl_table - */ - const TABLE = 'egw_acl'; - - /** - * Constants for acl rights, like old EGW_ACL_* defines - */ - const READ = 1; // EGW_ACL_READ - const ADD = 2; // EGW_ACL_ADD - const EDIT = 4; // EGW_ACL_EDIT - const DELETE = 8; // EGW_ACL_DELETE - const PRIVAT = 16; // EGW_ACL_PRIVATE can NOT use PRIVATE as it is a PHP keyword, using German PRIVAT instead! - const GROUPMGRS = 32; // EGW_ACL_GROUP_MANAGERS - const CUSTOM1 = 64; // EGW_ACL_CUSTOM_1 - const CUSTOM2 = 128; // EGW_ACL_CUSTOM_2 - const CUSTOM3 = 256; // EGW_ACL_CUSTOM_3 - - /** - * ACL constructor for setting account id - * - * Sets the ID for $acl->account_id. Can be used to change a current instances id as well. - * Some functions are specific to this account, and others are generic. - * - * @example acl->acl(5); // 5 is the user id - * @param int $account_id = null user id or default null to use current user from $GLOBALS['egw_info']['user']['account_id'] - */ - function __construct($account_id = null) - { - if (is_object($GLOBALS['egw_setup']->db)) - { - $this->db = $GLOBALS['egw_setup']->db; - } - else - { - $this->db = $GLOBALS['egw']->db; - } - if ((int)$this->account_id != (int)$account_id) - { - $this->account_id = get_account_id((int)$account_id,@$GLOBALS['egw_info']['user']['account_id']); - } - } - - function DONTlist_methods($_type='xmlrpc') - { - /* - This handles introspection or discovery by the logged in client, - in which case the input might be an array. The server always calls - this function to fill the server dispatch map using a string. - */ - - if (is_array($_type)) - { - $_type = $_type['type'] ? $_type['type'] : $_type[0]; - } - - switch($_type) - { - case 'xmlrpc': - $xml_functions = array( - 'read_repository' => array( - 'function' => 'read_repository', - 'signature' => array(array(xmlrpcStruct)), - 'docstring' => lang('FIXME!') - ), - 'get_rights' => array( - 'function' => 'get_rights', - 'signature' => array(array(xmlrpcStruct,xmlrpcStruct)), - 'docstring' => lang('FIXME!') - - ), - 'list_methods' => array( - 'function' => 'list_methods', - 'signature' => array(array(xmlrpcStruct,xmlrpcString)), - 'docstring' => lang('Read this list of methods.') - ) - ); - return $xml_functions; - - case 'soap': - return $this->soap_functions; - - default: - return array(); - } - } - - /**************************************************************************\ - * These are the standard $this->account_id specific functions * - \**************************************************************************/ - - /** - * Read acl records for $acl->account_id from reposity - * - * @param boolean|array $no_groups = false if true, do not use memberships, if array do not use given groups - * @return array along with storing it in $acl->data.
- */ - function read_repository($no_groups=false) - { - // For some reason, calling this via XML-RPC doesn't call the constructor. - // Here is yet another work around(tm) (jengo) - if (!$this->account_id) - { - $this->__construct(); - } - if ($no_groups === true || !(int)$this->account_id) - { - $acl_acc_list = $this->account_id; - } - else - { - $acl_acc_list = (array)$GLOBALS['egw']->accounts->memberships($this->account_id, true); - if (is_array($no_groups)) $acl_acc_list = array_diff($acl_acc_list,$no_groups); - array_unshift($acl_acc_list,$this->account_id); - } - - $this->data = Array(); - foreach($this->db->select(acl::TABLE,'*',array('acl_account' => $acl_acc_list ),__LINE__,__FILE__) as $row) - { - $this->data[$row['acl_appname'].'-'.$row['acl_location'].'-'.$row['acl_account']] = egw_db::strip_array_keys($row,'acl_'); - } - return $this->data; - } - - /** - * Read acl records from $acl->data - * - * @return array all ACL records from $this->data. - */ - function read() - { - if (!count($this->data)) - { - $this->read_repository(); - } - return $this->data; - } - - /** - * Adds ACL record to the repository of the class - * - * Adds ACL record to $this->data. - * - * @param string $appname default False derives value from $GLOBALS['egw_info']['flags']['currentapp'] - * @param string $location location - * @param int $rights rights - * @return array all ACL records from $this->data. - */ - function add($appname,$location,$rights) - { - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - $row = array( - 'appname' => $appname, - 'location' => $location, - 'account' => (int) $this->account_id, - 'rights' => (int) $rights - ); - $this->data[$row['appname'].'-'.$row['location'].'-'.$row['account']] = $row; - - return $this->data; - } - - /** - * Delete ACL record in the repository of the class - * - * @param string $appname appname or '' for $GLOBALS['egw_info']['flags']['currentapp'] - * @param string/boolean $location location or false for all locations - * @return array all ACL records from $this->data. - */ - function delete($appname,$location) - { - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - foreach($this->data as $idx => $value) - { - if ($value['appname'] == $appname && - ($location === false || $value['location'] == $location) && - $value['account'] == $this->account_id) - { - unset($this->data[$idx]); - } - } - return $this->data; - } - - /** - * save the internal repository or the class - * - * @return array all ACL records from $this->data. - */ - function save_repository() - { - $this->db->delete(acl::TABLE,array( - 'acl_account' => $this->account_id, - ),__LINE__,__FILE__); - - foreach($this->data as $value) - { - if ($value['account'] == $this->account_id) - { - $this->db->insert(acl::TABLE,array( - 'acl_appname' => $value['appname'], - 'acl_location' => $value['location'], - 'acl_account' => $this->account_id, - 'acl_rights' => $value['rights'], - ),false,__LINE__,__FILE__); - } - } - if ($this->account_id == $GLOBALS['egw_info']['user']['account_id'] && - method_exists($GLOBALS['egw'],'invalidate_session_cache')) // egw object in setup is limited - { - $GLOBALS['egw']->invalidate_session_cache(); - } - return $this->data; - } - - /**************************************************************************\ - * These are the non-standard $this->account_id specific functions * - \**************************************************************************/ - - /** - * get rights from the class repository (included rights of $this->account_id and all it's memberships) - * - * @param string $location app location to get rights from - * @param string $appname optional defaults to $GLOBALS['egw_info']['flags']['currentapp']; - * @return int all rights or'ed together - */ - function get_rights($location,$appname = '') - { - // For XML-RPC, change this once its working correctly for passing parameters (jengo) - if (is_array($location)) - { - $appname = $location['appname']; - $location = $location['location']; - } - - if (!count($this->data)) - { - $this->read_repository(); - } - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - if (!count($this->data) && $GLOBALS['egw_info']['server']['acl_default'] != 'deny') - { - return True; - } - $rights = 0; - foreach($this->data as $value) - { - if ($value['appname'] == $appname) - { - if ($value['location'] == $location || $value['location'] == 'everywhere') - { - if ($value['rights'] == 0) - { - return False; - } - $rights |= $value['rights']; - } - } - } - return $rights; - } - - /** - * check required rights agains the internal repository (included rights of $this->account_id and all it's memberships) - * - * @param $location app location - * @param $required required right to check against - * @param $appname optional defaults to currentapp - * @return boolean - */ - function check($location, $required, $appname = False) - { - $rights = $this->get_rights($location,$appname); - - return !!($rights & $required); - } - - /** - * get specific rights for this->account_id for an app location - * - * @param string $location app location - * @param string $appname = '' optional defaults to currentapp - * @param array $memberships = array() additional account_id, eg. memberships to match beside $this->account_id, default none - * @return int $rights - */ - function get_specific_rights($location, $appname = '', $memberships=array()) - { - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - if (!count($this->data) && $GLOBALS['egw_info']['server']['acl_default'] != 'deny') - { - return True; - } - $rights = 0; - - foreach($this->data as $value) - { - if ($value['appname'] == $appname && - ($value['location'] == $location || $value['location'] == 'everywhere') && - ($value['account'] == $this->account_id || $memberships && in_array($value['account'], $memberships))) - { - if ($value['rights'] == 0) - { - return False; - } - $rights |= $value['rights']; - } - } - return $rights; - } - - /** - * check specific rights - * - * @param string $location app location - * @param int $required required rights - * @param string $appname optional defaults to currentapp - * @return boolean - */ - function check_specific($location, $required, $appname = '') - { - $rights = $this->get_specific_rights($location,$appname); - - return !!($rights & $required); - } - - /**************************************************************************\ - * These are the generic functions. Not specific to $this->account_id * - \**************************************************************************/ - - /** - * add repository information / rights for app/location/account_id to the database - * - * @param string $app appname - * @param string $location location - * @param int $account_id account id - * @param int $rights rights - * @return boolean allways true - */ - function add_repository($app, $location, $account_id, $rights) - { - //echo "

acl::add_repository('$app','$location',$account_id,$rights);

\n"; - $this->db->insert(acl::TABLE,array( - 'acl_rights' => $rights, - ),array( - 'acl_appname' => $app, - 'acl_location' => $location, - 'acl_account' => $account_id, - ),__LINE__,__FILE__); - - if ($account_id == $GLOBALS['egw_info']['user']['account_id'] && - method_exists($GLOBALS['egw'],'invalidate_session_cache')) // egw object in setup is limited - { - $GLOBALS['egw']->invalidate_session_cache(); - } - return True; - } - - /** - * delete repository information / rights for app/location[/account_id] from the DB - * - * @param string $app appname - * @param string $location location - * @param int/boolean $accountid = '' account id, default 0=$this->account_id, or false to delete all entries for $app/$location - * @return int number of rows deleted - */ - function delete_repository($app, $location, $accountid='') - { - static $cache_accountid = array(); - - $where = array( - 'acl_appname' => $app, - 'acl_location' => $location, - ); - if ($accountid !== false) - { - if(isset($cache_accountid[$accountid]) && $cache_accountid[$accountid]) - { - $where['acl_account'] = $cache_accountid[$accountid]; - } - else - { - $where['acl_account'] = $cache_accountid[$accountid] = get_account_id($accountid,$this->account_id); - } - } - if (method_exists($GLOBALS['egw'],'invalidate_session_cache')) // egw object in setup is limited - { - $GLOBALS['egw']->invalidate_session_cache(); - } - if ($app == '%' || $app == '%%') unset($where['acl_appname']); - - $this->db->delete(acl::TABLE,$where,__LINE__,__FILE__); - - return $this->db->affected_rows(); - } - - /** - * Get rights for a given account, location and application - * - * @param int $account_id - * @param string $location - * @param string $appname = '' defaults to current app - * @return int/boolean rights or false if none exist - */ - function get_specific_rights_for_account($account_id,$location,$appname='') - { - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - return $this->db->select(acl::TABLE,'acl_rights',array( - 'acl_location' => $location, - 'acl_account' => $account_id, - 'acl_appname' => $appname, - ),__LINE__,__FILE__)->fetchColumn(); - } - - /** - * Get all rights for a given location and application - * - * @param string $location - * @param string $appname = '' defaults to current app - * @return array with account => rights pairs - */ - function get_all_rights($location,$appname='') - { - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - $rights = array(); - foreach($this->db->select(acl::TABLE,'acl_account,acl_rights',array( - 'acl_location' => $location, - 'acl_appname' => $appname, - ),__LINE__,__FILE__) as $row) - { - $rights[$row['acl_account']] = $row['acl_rights']; - } - return $rights; - } - - /** - * Get the rights for all locations - * - * @param int $account_id - * @param string $appname = '' defaults to current app - * @param boolean $use_memberships = true - * @return array with location => rights pairs - */ - function get_all_location_rights($account_id,$appname='',$use_memberships=true) - { - if (!$appname) $appname = $GLOBALS['egw_info']['flags']['currentapp']; - - $accounts = array($account_id); - if ($use_memberships && (int)$account_id > 0) - { - $accounts = $GLOBALS['egw']->accounts->memberships($account_id, true); - $accounts[] = $account_id; - } - $rights = array(); - foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array( - 'acl_account' => $accounts, - 'acl_appname' => $appname, - ),__LINE__,__FILE__) as $row) - { - $rights[$row['acl_location']] |= $row['acl_rights']; - } - return $rights; - } - - /** - * get application list for an account id - * - * @param string $location location - * @param int $required required rights - * @param int $accountid account id defaults to $GLOBALS['egw_info']['user']['account_id']; - * @return array/boolean false if there are no matching row in the db, else array with app-names - */ - function get_app_list_for_id($location, $required, $accountid = '') - { - static $cache_accountid = array(); - - if(isset($cache_accountid[$accountid])) - { - $account_id = $cache_accountid[$accountid]; - } - else - { - $account_id = get_account_id($accountid,$this->account_id); - $cache_accountid[$accountid] = $account_id; - } - $rights = 0; - $apps = false; - foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array( - 'acl_location' => $location, - 'acl_account' => $account_id, - ),__LINE__,__FILE__) as $row) - { - if ($row['acl_rights'] == 0) - { - return False; - } - $rights |= $row['acl_rights']; - if (!!($rights & $required)) - { - $apps[] = $row['acl_appname']; - } - } - return $apps; - } - - /** - * get location list for id - * - * @param string $app app - * @param int $required required rights - * @param int $accountid optional defaults to $GLOBALS['egw_info']['user']['account_id']; - * @return array/boolean false if there are no matching rows in the db or array with location-strings - */ - function get_location_list_for_id($app, $required, $accountid = '') - { - static $cache_accountid = array(); - - if(isset($cache_accountid[$accountid])) - { - $accountid = $cache_accountid[$accountid]; - } - else - { - $accountid = $cache_accountid[$accountid] = get_account_id($accountid,$this->account_id); - } - $locations = false; - foreach($this->db->select(acl::TABLE,'acl_location,acl_rights',array( - 'acl_appname' => $app, - 'acl_account' => $accountid, - ),__LINE__,__FILE__) as $row) - { - if ($row['acl_rights'] & $required) - { - $locations[] = $row['acl_location']; - } - } - return $locations; - } - - /** - * get ids for location - * - * @param string $location location - * @param int $required required rights - * @param string $app app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']; - * @return boolean/array false if there are no matching rows in the db or array of account-ids - */ - function get_ids_for_location($location, $required, $app = '') - { - if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; - - $accounts = false; - foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights'),array( - 'acl_appname' => $app, - 'acl_location' => $location, - ),__LINE__,__FILE__) as $row) - { - if (!!($row['acl_rights'] & $required)) - { - $accounts[] = (int) $row['acl_account']; - } - } - return $accounts; - } - - /** - * get the locations for an app (excluding the run location !!!) - * - * @param string $app app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']; - * @return boolean/array false if there are no matching location in the db or array of locations - */ - function get_locations_for_app($app='') - { - if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; - - $locations = false; - foreach($this->db->select(acl::TABLE,'DISTINCT '.'acl_location',array( - 'acl_appname' => $app, - ),__LINE__,__FILE__) as $row) - { - if (($location = $row['acl_location']) != 'run') - { - $locations[] = $location; - } - } - return $locations; - } - - /** - * get a list of applications a user has rights to - * - * @param int $accountid = '' optional defaults to $GLOBALS['egw_info']['user']['account_id']; - * @param boolean $use_memberships = true true: use memberships too, false: only use given account - * @param boolean $add_implicit_apps = true true: add apps every user has implicit rights - * @return array containing list of apps - */ - function get_user_applications($accountid = '', $use_memberships=true, $add_implicit_apps=true) - { - static $cache_accountid = array(); - - if(isset($cache_accountid[$accountid])) - { - $account_id = $cache_accountid[$accountid]; - } - else - { - $account_id = get_account_id($accountid,$this->account_id); - $cache_accountid[$accountid] = $account_id; - } - if ($use_memberships && (int)$account_id > 0) $memberships = $GLOBALS['egw']->accounts->memberships($account_id, true); - $memberships[] = (int)$account_id; - - $apps = array(); - foreach($this->db->select(acl::TABLE,array('acl_appname','acl_rights'),array( - 'acl_location' => 'run', - 'acl_account' => $memberships, - ),__LINE__,__FILE__) as $row) - { - $app = $row['acl_appname']; - if(!isset($apps[$app])) - { - $apps[$app] = 0; - } - $apps[$app] |= (int) $row['acl_rights']; - } - if ($add_implicit_apps) - { - $apps['home'] = 1; // give everyone implicit rights for the home app - } - return $apps; - } - - /** - * Read the grants other users gave $this->account_id for $app, group ACL is taken into account - * - * @param string $app optional defaults to $GLOBALS['egw_info']['flags']['currentapp'] - * @param boolean/array $enum_group_acls = true should group acls be returned for all members of that group, default yes - * if an array of group-id's is given, that id's will NOT be enumerated! - * @param int $user = null user whos grants to return, default current user - * @return array with account-ids (of owners) and granted rights as values - */ - function get_grants($app='',$enum_group_acls=true,$user=null) - { - if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; - if (!$user) $user = $this->account_id; - - static $cache = array(); // some caching withing the request - - $grants =& $cache[$app][$user]; - if (!isset($grants)) - { - if ((int)$user > 0) $memberships = $GLOBALS['egw']->accounts->memberships($user, true); - $memberships[] = $user; - - $grants = $accounts = Array(); - foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights','acl_location'),array( - 'acl_appname' => $app, - 'acl_location' => $memberships, - ),__LINE__,__FILE__) as $row) - { - $grantor = $row['acl_account']; - $rights = $row['acl_rights']; - - if(!isset($grants[$grantor])) - { - $grants[$grantor] = 0; - } - $grants[$grantor] |= $rights; - - // if the right is granted from a group and we enummerated group ACL's - if ($GLOBALS['egw']->accounts->get_type($grantor) == 'g' && $enum_group_acls && - (!is_array($enum_group_acls) || !in_array($grantor,$enum_group_acls))) - { - // return the grant for each member of the group (false = also for no longer active users) - foreach((array)$GLOBALS['egw']->accounts->members($grantor, true, false) as $grantor) - { - if (!$grantor) continue; // can happen if group has no members - - // Don't allow to override private with group ACL's! - $rights &= ~EGW_ACL_PRIVATE; - - if(!isset($grants[$grantor])) - { - $grants[$grantor] = 0; - } - $grants[$grantor] |= $rights; - } - } - } - // user has implizit all rights on own data - $grants[$user] = ~0; - } - //echo "acl::get_grants('$app',$enum_group_acls) ".function_backtrace(); _debug_array($grants); - return $grants; - } - - /** - * Deletes all ACL entries for an account (user or group) - * - * @param int $account_id acount-id - */ - function delete_account($account_id) - { - if ((int) $account_id) - { - // Delete all grants from this account - $this->db->delete(acl::TABLE,array( - 'acl_account' => $account_id - ),__LINE__,__FILE__); - // Delete all grants to this account - $this->db->delete(acl::TABLE,array( - 'acl_location' => $account_id - ),__LINE__, __FILE__); - // delete all memberships in account_id (if it is a group) - $this->db->delete(acl::TABLE,array( - 'acl_appname' => 'phpgw_group', - 'acl_location' => $account_id, - ),__LINE__,__FILE__); - } - } - - /** - * get the locations for an app (excluding the run location !!!) - * - * @param string $location location, can contain wildcards % or ? - * @param string $app app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']; - * @return array with location => array(account => rights) pairs - */ - function get_location_grants($location,$app='') - { - if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; - - $locations = array(); - foreach($this->db->select(acl::TABLE,'acl_location,acl_account,acl_rights',array( - 'acl_appname' => $app, - 'acl_location LIKE '.$this->db->quote($location), - ),__LINE__,__FILE__) as $row) - { - if (($location = $row['acl_location']) != 'run') - { - $locations[$location][$row['acl_account']] = $row['acl_rights']; - } - } - return $locations; - } -} //end of acl class +class acl extends Api\Acl {} ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ eGroupWare-cvs mailing list eGroupWare-cvs@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/egroupware-cvs