| 16 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/*
|
|
|
4 |
Copyright (c) 2021, Daily Data, Inc. Redistribution and use in
|
|
|
5 |
source and binary forms, with or without modification, are permitted
|
|
|
6 |
provided that the following conditions are met:
|
|
|
7 |
|
|
|
8 |
* Redistributions of source code must retain the above copyright
|
|
|
9 |
notice, this list of conditions and the following disclaimer.
|
|
|
10 |
* Redistributions in binary form must reproduce the above copyright
|
|
|
11 |
notice, this list of conditions and the following disclaimer in the
|
|
|
12 |
documentation and/or other materials provided with the distribution.
|
|
|
13 |
|
|
|
14 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
15 |
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
16 |
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
17 |
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
18 |
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
19 |
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
20 |
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
21 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
22 |
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
23 |
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
24 |
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
25 |
|
|
|
26 |
*/
|
|
|
27 |
|
|
|
28 |
|
|
|
29 |
// Let's make sure we have the Users class loaded.
|
|
|
30 |
require_once( 'Users.class.php' );
|
|
|
31 |
|
|
|
32 |
|
|
|
33 |
/**
|
|
|
34 |
* User Permissions Login class
|
|
|
35 |
*
|
|
|
36 |
* IMPORTANT: Requires a data source. See UsersDataSourceMySQLi.class.php
|
|
|
37 |
* for code which provides this for MySQLi
|
|
|
38 |
*
|
|
|
39 |
* UsersPermissions extends the Users class to include boolean
|
|
|
40 |
* permissions.
|
|
|
41 |
*
|
|
|
42 |
* @author R. W. Rodolico <rodo@unixservertech.com>
|
|
|
43 |
*
|
| 21 |
rodolico |
44 |
* @version 1.0.0 (beta)
|
| 16 |
rodolico |
45 |
* @copyright 2021 Daily Data, Inc.
|
|
|
46 |
*
|
|
|
47 |
*/
|
|
|
48 |
|
|
|
49 |
class UsersPermissions extends Users {
|
|
|
50 |
|
| 20 |
rodolico |
51 |
/**
|
|
|
52 |
* Extends Users::_construct
|
|
|
53 |
*
|
|
|
54 |
* Adds additional fields needed for permissions. However, this
|
|
|
55 |
* information is not actually used in the code, but is included here
|
|
|
56 |
* for documentation and/or possible extensions
|
|
|
57 |
*
|
|
|
58 |
* @param string[] $customFields Array of definition modifications to underlying structure
|
|
|
59 |
*/
|
| 16 |
rodolico |
60 |
public function __construct( $customFields = array() ) {
|
| 20 |
rodolico |
61 |
$permissions = array();
|
|
|
62 |
$this->configuration = array_merge_recursive( $this->configuration, $permissions );
|
| 16 |
rodolico |
63 |
parent::__construct( $customFields );
|
|
|
64 |
} // constructor
|
| 17 |
rodolico |
65 |
|
|
|
66 |
|
| 20 |
rodolico |
67 |
/**
|
|
|
68 |
* Extends Users::validate
|
|
|
69 |
*
|
|
|
70 |
* Loads permissions if user was validated
|
|
|
71 |
*
|
|
|
72 |
* @param string $username
|
|
|
73 |
* @param string $password
|
|
|
74 |
* @param usersPermissionsDataSource $connection
|
|
|
75 |
*
|
|
|
76 |
* @returns boolean true if username/password are correct
|
|
|
77 |
*/
|
| 17 |
rodolico |
78 |
protected function validate( $username, $password, $connection ) {
|
|
|
79 |
if ( parent::validate( $username, $password, $connection ) ) {
|
|
|
80 |
$this->data['permissions'] = $connection->getPermissions( $this->data['id'] );
|
| 20 |
rodolico |
81 |
return true;
|
| 17 |
rodolico |
82 |
}
|
| 20 |
rodolico |
83 |
return false;
|
| 17 |
rodolico |
84 |
}
|
|
|
85 |
|
| 20 |
rodolico |
86 |
/**
|
|
|
87 |
* Extends Users::editScreen
|
|
|
88 |
*
|
|
|
89 |
* Adds permissions in div of class category
|
|
|
90 |
*
|
|
|
91 |
* @param usersPermissionsDataSource $connection
|
|
|
92 |
*
|
|
|
93 |
* @returns string HTML display screen
|
|
|
94 |
*/
|
| 17 |
rodolico |
95 |
public function editScreen( $connection ) {
|
|
|
96 |
$divDef = "<div class='category'>\n";
|
|
|
97 |
$return = array();
|
|
|
98 |
$return[] = parent::editScreen( $connection );
|
|
|
99 |
if ( $this->isAdmin() ) {
|
|
|
100 |
$values = $connection->getFullPermissions( $this->workingOn['id'] );
|
|
|
101 |
$category = array();
|
|
|
102 |
foreach ( $values as $thisEntry ) {
|
|
|
103 |
$field = $thisEntry['permission'];
|
|
|
104 |
$temp = sprintf( $this->configuration['html input fields']['boolean'],
|
|
|
105 |
$thisEntry['description'],
|
|
|
106 |
$this->configuration['input prefix'] . $field,
|
|
|
107 |
'Place a check here to give the user permission',
|
|
|
108 |
'',
|
|
|
109 |
$field
|
|
|
110 |
);
|
|
|
111 |
|
|
|
112 |
$category[$thisEntry['category']][] = preg_replace( "/~~$field~~/", $thisEntry['value'] ? 'checked' : '', $temp );
|
|
|
113 |
}
|
|
|
114 |
|
|
|
115 |
foreach ( $category as $name => $entries ) {
|
|
|
116 |
$return[] = $divDef . "<h3>$name</h3>" . implode( "\n", $entries ) . "</div>";
|
|
|
117 |
}
|
|
|
118 |
}
|
|
|
119 |
return implode( "\n", $return );
|
|
|
120 |
}
|
|
|
121 |
|
| 20 |
rodolico |
122 |
/**
|
|
|
123 |
* Adds/Updates existing record
|
|
|
124 |
*
|
|
|
125 |
* Extending Users::addEdit by updating the permissions
|
|
|
126 |
*
|
|
|
127 |
* @param usersPermissionsDataSource $connection
|
|
|
128 |
*
|
|
|
129 |
* @returns string Message saying whether the update/insert worked
|
|
|
130 |
*/
|
| 17 |
rodolico |
131 |
protected function addEdit( $connection ) {
|
|
|
132 |
$return = parent::addEdit( $connection );
|
|
|
133 |
$data = array();
|
|
|
134 |
// now we process all of the permissions
|
|
|
135 |
if ( $return != 'Error' ) {
|
| 21 |
rodolico |
136 |
if ( $this->workingOn['id'] == -1 ) {
|
|
|
137 |
$newUserID = $connection->getUserID( $_REQUEST['admin_login'] );
|
|
|
138 |
}
|
| 17 |
rodolico |
139 |
foreach ( $this->workingOn['permissions'] as $name => $value ) {
|
|
|
140 |
$htmlFieldName = $this->configuration['input prefix'] . $name;
|
| 19 |
rodolico |
141 |
// if a new user, the permission is whatever is in the form
|
|
|
142 |
if ( $this->workingOn['id'] == -1 && isset( $_REQUEST[$htmlFieldName] ) ) {
|
|
|
143 |
$data[$name] = 1;
|
|
|
144 |
// otherwise, if it is not a new user, only do an update if it has changed
|
|
|
145 |
} elseif ( $this->workingOn['id'] > 0 && isset( $_REQUEST[$htmlFieldName] ) != $this->workingOn['permissions'][$name] ) {
|
| 17 |
rodolico |
146 |
$data[$name] = isset( $_REQUEST[$htmlFieldName] ) ? 1 : 0;
|
|
|
147 |
}
|
|
|
148 |
} // foreach
|
| 21 |
rodolico |
149 |
$connection->updatePermissions( ($this->workingOn['id'] == -1 ? $newUserID : $this->workingOn['id'] ),$data );
|
| 17 |
rodolico |
150 |
} // if not an error
|
|
|
151 |
return $return;
|
|
|
152 |
} // addEdit
|
| 18 |
rodolico |
153 |
|
| 20 |
rodolico |
154 |
/**
|
|
|
155 |
* Initializes $this->workingOn
|
|
|
156 |
*
|
|
|
157 |
* This is a modification to Users::initWorkingOn to add permissions
|
|
|
158 |
*/
|
| 19 |
rodolico |
159 |
protected function initWorkingOn( $connection, $id ) {
|
|
|
160 |
parent::initWorkingOn( $connection, $id );
|
|
|
161 |
if ( ! isset( $this->workingOn['permissions'] ) ) {
|
|
|
162 |
$this->workingOn['permissions'] = $connection->getPermissions( $id );
|
|
|
163 |
}
|
|
|
164 |
}
|
| 20 |
rodolico |
165 |
|
|
|
166 |
/**
|
|
|
167 |
* returns boolean as to whether the user has the passed in permission
|
|
|
168 |
*
|
|
|
169 |
* If user is an admin, they automatically have all permissions, otherwise
|
|
|
170 |
* we check for the permission. NOTE: the existence of a permission
|
|
|
171 |
* is not validated. If a permission does not exist, will return false
|
|
|
172 |
* for anyone but an admin
|
|
|
173 |
*
|
|
|
174 |
* @param string $permission short form of permission
|
|
|
175 |
* @returns boolean
|
|
|
176 |
*/
|
|
|
177 |
public function isAuthorized ( $permission ) {
|
|
|
178 |
return $this->isAdmin() || $this->data['permissions'][$permission];
|
|
|
179 |
}
|
| 16 |
rodolico |
180 |
|
| 20 |
rodolico |
181 |
/**
|
|
|
182 |
* Adds a permission to the permissions table
|
|
|
183 |
*
|
|
|
184 |
* This simply adds a permission to the permissions table, adding the
|
|
|
185 |
* category if it doesn't exist already. Since this is already written
|
|
|
186 |
* in usersPermissionsDataSource, we simply call it.
|
|
|
187 |
*
|
|
|
188 |
* @parameter string $category Category to place the permission into
|
|
|
189 |
* @parameter string $name The short name of the permission
|
|
|
190 |
* @parameter string $description The long (display) name for the permission
|
|
|
191 |
* @parameter boolean $defaultValue The default value for the permission
|
|
|
192 |
*/
|
|
|
193 |
public function addPermission ( $connection, $category, $name, $description, $defaultValue = 0 ) {
|
|
|
194 |
$connection->addPermission ( $category, $name, $description, $defaultValue = 0 );
|
|
|
195 |
}
|
| 33 |
rodolico |
196 |
|
|
|
197 |
/**
|
|
|
198 |
* returns the array of permissions
|
|
|
199 |
*
|
|
|
200 |
* The keys are the keyname, the value is true or false
|
|
|
201 |
*
|
|
|
202 |
* @return boolean[]
|
|
|
203 |
*/
|
|
|
204 |
|
|
|
205 |
public function getPermissionList() {
|
|
|
206 |
return $this->data['permissions'] ?? array();
|
|
|
207 |
}
|
| 19 |
rodolico |
208 |
|
| 16 |
rodolico |
209 |
}
|
|
|
210 |
|
|
|
211 |
?>
|