phpDocumentor pond
[ class tree: pond ] [ index: pond ] [ all elements ]

Source for file _group.class.php

Documentation is available at _group.class.php

  1. <?php
  2. /**
  3.  * This file implements the Group class, which manages user groups.
  4.  *
  5.  * This file is part of Quam Plures - {@link http://quamplures.net/}
  6.  * See also {@link https://launchpad.net/quam-plures}.
  7.  *
  8.  * @copyright (c) 2009 - 2011 by the Quam Plures developers - {@link http://quamplures.net/}
  9.  * @copyright (c)2003-2009 by Francois PLANQUE - {@link http://fplanque.net/}
  10.  *
  11.  *  {@internal License choice
  12.  *  - If you have received this file as part of a package, please find the license.txt file in
  13.  *    the same folder or the closest folder above for complete license terms.
  14.  *  - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  15.  *    then you must choose one of the following licenses before using the file:
  16.  *    - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  17.  *    - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  18.  *  }}}
  19.  *
  20.  *  {@internal Open Source relicensing agreement:
  21.  *  }}}
  22.  *
  23.  *  {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  24.  * @author fplanque: Francois PLANQUE
  25.  *
  26.  * @package pond
  27.  */
  28. if!defined('QP_MAIN_INIT') ) die'Please, do not access this page directly.' );
  29.  
  30. load_class('_core/model/dataobjects/_dataobject.class.php');
  31.  
  32. /**
  33.  * User Group
  34.  *
  35.  * Group of users with specific permissions.
  36.  *
  37.  * @package pond
  38.  */
  39. class Group extends DataObject
  40. {
  41.     /**
  42.      * Name of group
  43.      *
  44.      * Please use get/set functions to read or write this param
  45.      *
  46.      * @var string 
  47.      * @access protected
  48.      */
  49.     var $name;
  50.  
  51.     /**
  52.      * Blog posts statuses permissions
  53.      */
  54.     var $blog_post_statuses = array();
  55.  
  56.     var $perm_admin;
  57.   var $perm_blogs;
  58.   var $perm_security;
  59.   var $perm_bypass_antispam = false;
  60.   var $perm_xhtmlvalidation = 'always';
  61.   var $perm_xhtmlvalidation_xmlrpc = 'always';
  62.     var $perm_xhtml_css_tweaks = false;
  63.     var $perm_xhtml_iframes = false;
  64.     var $perm_xhtml_javascript = false;
  65.     var $perm_xhtml_objects = false;
  66.   var $perm_templates;
  67.   var $perm_stats;
  68.   var $perm_files;
  69.   var $perm_options;
  70.   var $perm_users;
  71.  
  72.  
  73.     /**
  74.      * Constructor
  75.      *
  76.      * @param object DB row
  77.      */
  78.     function Group$db_row NULL )
  79.     {
  80.         // Call parent constructor:
  81.         parent::DataObject'T_groups''grp_''grp_ID' );
  82.  
  83.         $this->delete_restrictions = array(
  84.                 array'table'=>'T_users''fk'=>'user_grp_ID''msg'=>T_('%d users in this group') ),
  85.             );
  86.  
  87.         $this->delete_cascades = array(
  88.             );
  89.  
  90.         if$db_row == NULL )
  91.         {
  92.             $this->set'name'T_('New group') );
  93.             $this->set'perm_admin''visible' );
  94.             $this->set'perm_blogs''user' );
  95.             $this->set'perm_spamblacklist''none' );
  96.             $this->set'perm_templates');
  97.             $this->set'perm_stats''none' );
  98.             $this->set'perm_files''none' );
  99.             $this->set'perm_options''none' );
  100.             $this->set'perm_users''none' );
  101.         }
  102.         else
  103.         {
  104.             $this->ID                           = $db_row->grp_ID;
  105.             $this->name                         = $db_row->grp_name;
  106.             $this->perm_admin                   = $db_row->grp_perm_admin;
  107.             $this->perm_blogs                   = $db_row->grp_perm_blogs;
  108.             $this->perm_bypass_antispam         = $db_row->grp_perm_bypass_antispam;
  109.             $this->perm_xhtmlvalidation         = $db_row->grp_perm_xhtmlvalidation;
  110.             $this->perm_xhtmlvalidation_xmlrpc  = $db_row->grp_perm_xhtmlvalidation_xmlrpc;
  111.             $this->perm_xhtml_css_tweaks        = $db_row->grp_perm_xhtml_css_tweaks;
  112.             $this->perm_xhtml_iframes           = $db_row->grp_perm_xhtml_iframes;
  113.             $this->perm_xhtml_javascript        = $db_row->grp_perm_xhtml_javascript;
  114.             $this->perm_xhtml_objects           = $db_row->grp_perm_xhtml_objects;
  115.             $this->perm_spamblacklist           = $db_row->grp_perm_spamblacklist;
  116.             $this->perm_templates               = $db_row->grp_perm_templates;
  117.             $this->perm_stats                   = $db_row->grp_perm_stats;
  118.             $this->perm_files                   = $db_row->grp_perm_files;
  119.             $this->perm_options                 = $db_row->grp_perm_options;
  120.             $this->perm_users                   = $db_row->grp_perm_users;
  121.         }
  122.     }
  123.  
  124.  
  125.     /**
  126.      * Set param value
  127.      *
  128.      * @param string Parameter name
  129.      * @param mixed Parameter value
  130.      * @return boolean true, if a value has been set; false if it has not changed
  131.      */
  132.     function set$parname$parvalue )
  133.     {
  134.         switch$parname )
  135.         {
  136.             case 'perm_templates':
  137.                 return parent::set_param$parname'number'$parvalue );
  138.  
  139.             default:
  140.                 return parent::set_param$parname'string'$parvalue );
  141.         }
  142.     }
  143.  
  144.  
  145.     /**
  146.      * Check a permission for this group.
  147.      *
  148.      * @param string Permission name:
  149.      *                 - templates
  150.      *                 - stats
  151.      *                 - spamblacklist
  152.      *                 - options
  153.      *                 - users
  154.      *                 - blogs
  155.      *                 - admin (levels "visible", "hidden")
  156.      * @param string Requested permission level
  157.      * @param mixed Permission target (blog ID, array of cat IDs...)
  158.      * @return boolean True on success (permission is granted), false if permission is not granted
  159.      */
  160.     function check_perm$permname$permlevel 'any'$perm_target NULL )
  161.     {
  162.         global $Debuglog;
  163.  
  164.         $perm false// Default is false!
  165.  
  166.         ifisset($this->{'perm_'.$permname}) )
  167.         {
  168.             $permvalue $this->{'perm_'.$permname};
  169.         }
  170.         else
  171.         // Object's perm-property not set!
  172.             $Debuglog->add'Group permission perm_'.$permname.' not defined!''perms' );
  173.  
  174.             $permvalue false// This will result in $perm == false always. We go on for the $Debuglog..
  175.         }
  176.  
  177.         // Check group permission:
  178.         switch$permname )
  179.         {
  180.             case 'admin':
  181.                 switch$permvalue )
  182.                 // Depending on current group permission:
  183.  
  184.                     case 'visible':
  185.                         // All permissions granted
  186.                         $perm true// Permission granted
  187.                         break;
  188.  
  189.                     case 'hidden':
  190.                         // User can only ask for hidden perm
  191.                         if(( $permlevel == 'hidden' || $permlevel == 'any' ))
  192.                         // Permission granted
  193.                             $perm true;
  194.                             break;
  195.                         }
  196.                 }
  197.                 break;
  198.  
  199.             case 'templates':
  200.                 if$permvalue )
  201.                 // Permission granted
  202.                     $perm true;
  203.                 }
  204.                 break;
  205.  
  206.             case 'blogs':
  207.                 switch$permvalue )
  208.                 // Depending on current group permission:
  209.  
  210.                     case 'editall':
  211.                         // All permissions granted
  212.                         $perm true;
  213.                         break;
  214.  
  215.                     case 'viewall':
  216.                         // User can only ask for view perm
  217.                         if(( $permlevel == 'view' || $permlevel == 'any' ))
  218.                         // Permission granted
  219.                             $perm true;
  220.                             break;
  221.                         }
  222.                 }
  223.                 break;
  224.  
  225.             case 'spamblacklist':
  226.             case 'stats':
  227.             case 'options':
  228.             case 'users':
  229.                 switch$permvalue )
  230.                 // Depending on current group permission:
  231.  
  232.                     case 'edit':
  233.                         // All permissions granted
  234.                         $perm true;
  235.                         break;
  236.  
  237.                     case 'add':
  238.                         // User can ask for add perm...
  239.                         if$permlevel == 'add' )
  240.                         {
  241.                             $perm true;
  242.                             break;
  243.                         }
  244.                         // ... or for any lower priority perm... (no break)
  245.  
  246.                     case 'view':
  247.                         // User can ask for view perm...
  248.                         if$permlevel == 'view' )
  249.                         {
  250.                             $perm true;
  251.                             break;
  252.                         }
  253.                         // ... or for any lower priority perm... (no break)
  254.  
  255.                     case 'user':
  256.                         // This is for stats. User perm can grant permissions in the User class
  257.                         // Here it will just allow to list
  258.                     case 'list':
  259.                         // User can only ask for list perm
  260.                         if$permlevel == 'list' )
  261.                         {
  262.                             $perm true;
  263.                             break;
  264.                         }
  265.                 }
  266.                 break;
  267.  
  268.             case 'files':
  269.                 switch$permvalue )
  270.                 // Depending on current group permission:
  271.                     case 'all':
  272.                         global $demo_mode;
  273.                         if$demo_mode )
  274.                         // All permissions granted
  275.                             $perm true;
  276.                             break;
  277.                         }
  278.  
  279.                     case 'edit':
  280.                         // User can ask for normal edit perm...
  281.                         if$permlevel == 'edit' )
  282.                         {
  283.                             $perm true;
  284.                             break;
  285.                         }
  286.                         // ... or for any lower priority perm... (no break)
  287.  
  288.                     case 'add':
  289.                         // User can ask for add perm...
  290.                         if$permlevel == 'add' )
  291.                         {
  292.                             $perm true;
  293.                             break;
  294.                         }
  295.                         // ... or for any lower priority perm... (no break)
  296.  
  297.                     case 'view':
  298.                         // User can ask for view perm...
  299.                         if$permlevel == 'view' )
  300.                         {
  301.                             $perm true;
  302.                             break;
  303.                         }
  304.                         // ... or for any lower priority perm... (no break)
  305.  
  306.                     case 'list':
  307.                         // User can only ask for list perm
  308.                         if$permlevel == 'list' )
  309.                         {
  310.                             $perm true;
  311.                             break;
  312.                         }
  313.                 }
  314.                 break;
  315.         }
  316.  
  317.         $Debuglog->add"Group perm $permname:$permlevel:$perm_target => ".($perm?'granted':'DENIED')'perms' );
  318.  
  319.         return $perm;
  320.     }
  321.  
  322.  
  323.     /**
  324.      * Check permission for this group on a specified blog
  325.      *
  326.      * This is not for direct use, please call {@link User::check_perm()} instead
  327.      * user is checked for privileges first, group lookup only performed on a false result
  328.      *
  329.      * @see User::check_perm()
  330.      * @param string Permission name, can be one of the following:
  331.      *                   - blog_ismember
  332.      *                   - blog_post_statuses
  333.      *                   - blog_del_post
  334.      *                   - blog_comments
  335.      *                   - blog_cats
  336.      *                   - blog_properties
  337.      * @param string Permission level
  338.      * @param integer Permission target blog ID
  339.      * @param Item post that we want to edit
  340.      * @return boolean 0 if permission denied
  341.      */
  342.     function check_perm_bloggroups$permname$permlevel$perm_target_blog$Item NULL$User NULL )
  343.     {
  344.         global $DB;
  345.  
  346.         $BlogCache get_Cache('BlogCache');
  347.     /**
  348.          * @var Blog
  349.          */
  350.         $Blog $BlogCache->get_by_ID$perm_target_blog );
  351.         if$Blog->advanced_perms )
  352.         {    // We do not abide to advanced perms
  353.             return false;
  354.         }
  355.  
  356.         if!isset$this->blog_post_statuses[$perm_target_blog) )
  357.         // Allowed blog post statuses have not been loaded yet:
  358.             if$this->ID == )
  359.             // User not in DB, nothing to load!:
  360.                 return false;    // Permission denied
  361.             }
  362.  
  363.             // Load now:
  364.             $query "SELECT *
  365.                                 FROM T_coll_group_perms
  366.                                 WHERE bloggroup_blog_ID = $perm_target_blog
  367.                                   AND bloggroup_group_ID = $this->ID";
  368.  
  369.             $row $DB->get_row$queryARRAY_A );
  370.  
  371.             ifempty($row) )
  372.             // No rights set for this Blog/Group: remember this (in order not to have the same query next time)
  373.                 $this->blog_post_statuses[$perm_target_blogarray(
  374.                         'blog_ismember' => '0',
  375.                         'blog_post_statuses' => array(),
  376.                         'blog_edit' => 'no',
  377.                         'blog_del_post' => '0',
  378.                         'blog_comments' => '0',
  379.                         'blog_cats' => '0',
  380.                         'blog_properties' => '0',
  381.                         'blog_admin' => '0',
  382.                     );
  383.             }
  384.             else
  385.             // OK, rights found:
  386.                 $this->blog_post_statuses[$perm_target_blogarray();
  387.  
  388.                 $this->blog_post_statuses[$perm_target_blog]['blog_ismember'$row['bloggroup_ismember'];
  389.  
  390.                 $bloggroup_perm_post $row['bloggroup_perm_poststatuses'];
  391.                 ifempty($bloggroup_perm_post ) )
  392.                     $this->blog_post_statuses[$perm_target_blog]['blog_post_statuses'array();
  393.                 else
  394.                     $this->blog_post_statuses[$perm_target_blog]['blog_post_statuses'explode','$bloggroup_perm_post );
  395.  
  396.                 $this->blog_post_statuses[$perm_target_blog]['blog_edit'$row['bloggroup_perm_edit'];
  397.                 $this->blog_post_statuses[$perm_target_blog]['blog_del_post'$row['bloggroup_perm_delpost'];
  398.                 $this->blog_post_statuses[$perm_target_blog]['blog_comments'$row['bloggroup_perm_comments'];
  399.                 $this->blog_post_statuses[$perm_target_blog]['blog_cats'$row['bloggroup_perm_cats'];
  400.                 $this->blog_post_statuses[$perm_target_blog]['blog_properties'$row['bloggroup_perm_properties'];
  401.                 $this->blog_post_statuses[$perm_target_blog]['blog_admin'$row['bloggroup_perm_admin'];
  402.             }
  403.         }
  404.  
  405.         // Check if permission is granted:
  406.         switch$permname )
  407.         {
  408.             case 'stats':
  409.                 // Wiewing stats is the same perm as being authorized to edit properties: (TODO...)
  410.                 if$permlevel == 'view' )
  411.                 {
  412.                     return $this->blog_post_statuses[$perm_target_blog]['blog_properties'];
  413.                 }
  414.                 // No other perm can be granted here (TODO...)
  415.                 return false;
  416.  
  417.             case 'blog_post_statuses':
  418.                 return count($this->blog_post_statuses[$perm_target_blog]['blog_post_statuses']);
  419.  
  420.             case 'blog_post!published':
  421.             case 'blog_post!protected':
  422.             case 'blog_post!private':
  423.             case 'blog_post!draft':
  424.             case 'blog_post!deprecated':
  425.             case 'blog_post!redirected':
  426.                 // We want a specific permission:
  427.                 $subperm substr$permname10 );
  428.                 $perm in_array$subperm$this->blog_post_statuses[$perm_target_blog]['blog_post_statuses');
  429.  
  430.                 // TODO: the following probably should be handled by the Item class!
  431.                 if$perm && $permlevel == 'edit' && !empty($Item) )
  432.                 {    // Can we edit this specific Item?
  433.                     switch$this->blog_post_statuses[$perm_target_blog]['blog_edit')
  434.                     {
  435.                         case 'own':
  436.                             // Own posts only:
  437.                             return ($Item->creator_user_ID == $User->ID);
  438.  
  439.                         case 'lt':
  440.                             // Own + Lower level posts only:
  441.                             if$Item->creator_user_ID == $User->ID )
  442.                             {
  443.                                 return true;
  444.                             }
  445.                             $item_creator_User $Item->get_creator_User();
  446.                             return $item_creator_User->level $User->level );
  447.  
  448.                         case 'le':
  449.                             // Own + Lower or equal level posts only:
  450.                             if$Item->creator_user_ID == $User->ID )
  451.                             {
  452.                                 return true;
  453.                             }
  454.                             $item_creator_User $Item->get_creator_User();
  455.                             return $item_creator_User->level <= $User->level );
  456.  
  457.                         case 'all':
  458.                             return true;
  459.  
  460.                         case 'no':
  461.                         default:
  462.                             return false;
  463.                     }
  464.                 }
  465.  
  466.                 return $perm;
  467.  
  468.             default:
  469.                 return $this->blog_post_statuses[$perm_target_blog][$permname];
  470.         }
  471.     }
  472.  
  473.  
  474.     /**
  475.      * Get name of the Group
  476.      *
  477.      * @return string 
  478.      */
  479.     function get_name()
  480.     {
  481.         return $this->name;
  482.     }
  483.  
  484. }
  485.  
  486. ?>