| 16 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
require_once( 'UsersDataSourceMySQLi.class.php' );
|
|
|
4 |
|
|
|
5 |
/*
|
|
|
6 |
Copyright (c) 2021, Daily Data, Inc. Redistribution and use in
|
|
|
7 |
source and binary forms, with or without modification, are permitted
|
|
|
8 |
provided that the following conditions are met:
|
|
|
9 |
|
|
|
10 |
* Redistributions of source code must retain the above copyright
|
|
|
11 |
notice, this list of conditions and the following disclaimer.
|
|
|
12 |
* Redistributions in binary form must reproduce the above copyright
|
|
|
13 |
notice, this list of conditions and the following disclaimer in the
|
|
|
14 |
documentation and/or other materials provided with the distribution.
|
|
|
15 |
|
|
|
16 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
17 |
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
18 |
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
19 |
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
20 |
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
21 |
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
22 |
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
23 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
24 |
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
25 |
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
26 |
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
27 |
|
|
|
28 |
*/
|
|
|
29 |
|
|
|
30 |
/*
|
|
|
31 |
* UsersDataSourceMySQLi.class.php
|
|
|
32 |
*
|
|
|
33 |
* Authors: R. W. Rodolico
|
|
|
34 |
*
|
|
|
35 |
*/
|
|
|
36 |
|
|
|
37 |
/**
|
|
|
38 |
* usersPermissionsDataSource class
|
|
|
39 |
*
|
|
|
40 |
* usersPermissionsDataSource provides the data access capabilities for
|
|
|
41 |
* the usersPermissions class
|
|
|
42 |
* class.
|
|
|
43 |
*
|
|
|
44 |
* To build a data access class for UsersPermissions, the following 5
|
|
|
45 |
* methods must exist.
|
|
|
46 |
* getPassword(username)
|
|
|
47 |
* getRecord(username)
|
|
|
48 |
* getAllUsers()
|
|
|
49 |
* getARecord
|
|
|
50 |
* update
|
|
|
51 |
*
|
|
|
52 |
* Additionally, where appropriate, the following function is useful
|
|
|
53 |
* buildTable()
|
|
|
54 |
*
|
|
|
55 |
* This particular instance provides an interface to MySQL using
|
|
|
56 |
* the mysqli libraries.
|
|
|
57 |
*
|
|
|
58 |
* Create an instance of this, then pass the variable to several Users
|
|
|
59 |
* calls.
|
|
|
60 |
*
|
|
|
61 |
* @author R. W. Rodolico <rodo@unixservertech.com>
|
|
|
62 |
*
|
|
|
63 |
* @version 0.9.0 (beta)
|
|
|
64 |
* @copyright 2021 Daily Data, Inc.
|
|
|
65 |
*
|
|
|
66 |
*/
|
|
|
67 |
|
|
|
68 |
class usersPermissionsDataSource extends usersDataSource {
|
|
|
69 |
|
|
|
70 |
/**
|
|
|
71 |
* constructor for an instance of the class
|
|
|
72 |
*
|
|
|
73 |
* If $dbConnection is not null, will be used for database access
|
|
|
74 |
* If $dbLoginInfo is not null, will override $dbConnection, make
|
|
|
75 |
* a new connection and use that.
|
|
|
76 |
*
|
|
|
77 |
* If $dbDef is set, will be merged with $configuration
|
|
|
78 |
*
|
|
|
79 |
* @param mysqli $dbConnection Existing mysqli database connection
|
|
|
80 |
* @param string[] $dbDef Array to be merged with $configuration
|
|
|
81 |
* @param string[] $dbLoginInfo Array containing username, hostname, etc.. to make mysqli connection_aborted
|
|
|
82 |
*
|
|
|
83 |
* @return null
|
|
|
84 |
*
|
|
|
85 |
*/
|
|
|
86 |
public function __construct( $dbConnection = null, $dbDef = array(), $dbLoginInfo = array() ) {
|
|
|
87 |
|
|
|
88 |
$this->configuration['tables']['permissions categories'] = array(
|
|
|
89 |
'table' => '_permissions_categories', // table name for user records
|
|
|
90 |
'id' => '_permission_category_id', // ID column name
|
|
|
91 |
'display' => array( // fields which are displayed to select
|
|
|
92 |
'description'
|
|
|
93 |
),
|
|
|
94 |
'fields' => array(
|
|
|
95 |
'name' => array(
|
|
|
96 |
'dbColumn' => 'name',
|
|
|
97 |
'type' => 'varchar',
|
|
|
98 |
'size' => 16,
|
|
|
99 |
'required' => true
|
|
|
100 |
)
|
|
|
101 |
)
|
|
|
102 |
); // adding permissions table
|
|
|
103 |
|
|
|
104 |
$this->configuration['tables']['permissions'] = array(
|
|
|
105 |
'table' => '_permissions', // table name for user records
|
|
|
106 |
'id' => '_permission_id', // ID column name
|
|
|
107 |
'display' => array( // fields which are displayed to select
|
|
|
108 |
'description'
|
|
|
109 |
),
|
|
|
110 |
'fields' => array(
|
|
|
111 |
'name' => array(
|
|
|
112 |
'dbColumn' => 'name',
|
|
|
113 |
'type' => 'varchar',
|
|
|
114 |
'size' => 16,
|
|
|
115 |
'required' => true
|
|
|
116 |
),
|
|
|
117 |
'description' => array(
|
|
|
118 |
'dbColumn' => 'description',
|
|
|
119 |
'type' => 'varchar',
|
|
|
120 |
'size' => 64,
|
|
|
121 |
'required' => true
|
|
|
122 |
),
|
|
|
123 |
'permission category' => array(
|
|
|
124 |
'dbColumn' => '_permission_category_id',
|
|
|
125 |
'type' => 'int unsigned',
|
|
|
126 |
'required' => true,
|
|
|
127 |
),
|
|
|
128 |
'default' => array(
|
|
|
129 |
'dbColumn' => 'default_value',
|
|
|
130 |
'type' => 'boolean',
|
|
|
131 |
'required' => true
|
|
|
132 |
),
|
|
|
133 |
)
|
|
|
134 |
); // adding permissions table
|
|
|
135 |
|
|
|
136 |
$this->configuration['tables']['users permissions'] = array(
|
|
|
137 |
'table' => '_users_permissions', // table name for user records
|
|
|
138 |
'id' => '_user_permission_id', // ID column name
|
|
|
139 |
'fields' => array(
|
|
|
140 |
'user_id' => array(
|
|
|
141 |
'dbColumn' => '_user_id',
|
|
|
142 |
'type' => 'int unsigned',
|
|
|
143 |
'required' => true,
|
|
|
144 |
'references' => 'users',
|
|
|
145 |
),
|
|
|
146 |
'permission_id' => array(
|
|
|
147 |
'dbColumn' => '_permission_id',
|
|
|
148 |
'type' => 'int unsigned',
|
|
|
149 |
'required' => true,
|
|
|
150 |
'references' => 'permissions',
|
|
|
151 |
),
|
|
|
152 |
'value' => array(
|
|
|
153 |
'dbColumn' => 'value',
|
|
|
154 |
'type' => 'boolean',
|
|
|
155 |
'required' => true,
|
|
|
156 |
),
|
|
|
157 |
)
|
|
|
158 |
); // adding permissions table
|
|
|
159 |
$this->configuration['views']['users permissions'] = array( 'name' => '_view_users_permissions' );
|
|
|
160 |
|
|
|
161 |
parent::__construct( $dbConnection, $dbDef, $dbLoginInfo );
|
|
|
162 |
|
|
|
163 |
} // constructor
|
|
|
164 |
|
|
|
165 |
/**
|
|
|
166 |
* Function will build tables when called
|
|
|
167 |
*
|
|
|
168 |
* Calls parent::buildTable first, then creates a view. The query
|
|
|
169 |
* for the view is created using sprintf so we can allow the developers
|
|
|
170 |
* to modify the table names, etc...
|
|
|
171 |
*
|
|
|
172 |
*/
|
|
|
173 |
public function buildTable() {
|
|
|
174 |
parent::buildTable();
|
|
|
175 |
// add a unique constraint on users permissions for user id and permission id
|
|
|
176 |
$query = sprintf( 'alter table %s add unique key (%s,%s)',
|
|
|
177 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
178 |
$this->configuration['tables']['users permissions']['fields']['user_id']['dbColumn'],
|
|
|
179 |
$this->configuration['tables']['users permissions']['fields']['permission_id']['dbColumn']
|
|
|
180 |
);
|
|
|
181 |
$this->doSQL( $query );
|
|
|
182 |
// create a convenience view
|
|
|
183 |
$query = sprintf( "create or replace view %s as
|
|
|
184 |
select
|
|
|
185 |
%s.%s users_id, /* users id */
|
|
|
186 |
%s.%s user, /* users login */
|
|
|
187 |
%s.%s permission_id, /* permissions id */
|
|
|
188 |
%s.%s permission, /* permissions name */
|
|
|
189 |
%s.%s description, /* permissions description */
|
|
|
190 |
%s.%s category, /* permissions_categories name */
|
|
|
191 |
ifnull(%s.%s,0) value /* actual value */
|
|
|
192 |
from
|
|
|
193 |
%s /* users */
|
|
|
194 |
join %s /* permissions (permissions_id */
|
|
|
195 |
left join %s using (%s,%s) /* users_permissions (users_id) */
|
|
|
196 |
join %s using (%s) /* permissions_categories( permissions_categories_id) */",
|
|
|
197 |
$this->configuration['views']['users permissions']['name'],
|
|
|
198 |
$this->configuration['tables']['users']['table'],
|
|
|
199 |
$this->configuration['tables']['users']['id'],
|
|
|
200 |
$this->configuration['tables']['users']['table'],
|
|
|
201 |
$this->configuration['tables']['users']['fields']['login']['dbColumn'],
|
|
|
202 |
$this->configuration['tables']['permissions']['table'],
|
|
|
203 |
$this->configuration['tables']['permissions']['id'],
|
|
|
204 |
$this->configuration['tables']['permissions']['table'],
|
|
|
205 |
$this->configuration['tables']['permissions']['fields']['name']['dbColumn'],
|
|
|
206 |
$this->configuration['tables']['permissions']['table'],
|
|
|
207 |
$this->configuration['tables']['permissions']['fields']['description']['dbColumn'],
|
|
|
208 |
$this->configuration['tables']['permissions categories']['table'],
|
|
|
209 |
$this->configuration['tables']['permissions categories']['fields']['name']['dbColumn'],
|
|
|
210 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
211 |
$this->configuration['tables']['users permissions']['fields']['value']['dbColumn'],
|
|
|
212 |
$this->configuration['tables']['users']['table'],
|
|
|
213 |
$this->configuration['tables']['permissions']['table'],
|
|
|
214 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
215 |
$this->configuration['tables']['users']['id'],
|
|
|
216 |
$this->configuration['tables']['permissions']['id'],
|
|
|
217 |
$this->configuration['tables']['permissions categories']['table'],
|
|
|
218 |
$this->configuration['tables']['permissions categories']['id']
|
|
|
219 |
);
|
|
|
220 |
$this->doSQL( $query );
|
|
|
221 |
}
|
|
|
222 |
|
|
|
223 |
/**
|
|
|
224 |
* Adds a permission to the permissions table
|
|
|
225 |
*
|
|
|
226 |
* This simply adds a permission to the permissions table, adding the
|
|
|
227 |
* category if it doesn't exist already.
|
|
|
228 |
*
|
|
|
229 |
* @parameter string $category Category to place the permission into
|
|
|
230 |
* @parameter string $name The short name of the permission
|
|
|
231 |
* @parameter string $description The long (display) name for the permission
|
|
|
232 |
* @parameter boolean $defaultValue The default value for the permission
|
|
|
233 |
*/
|
|
|
234 |
public function addPermission ( $category, $name, $description, $defaultValue = 0 ) {
|
|
|
235 |
$categoryID = $this->getAField(
|
|
|
236 |
$this->configuration['tables']['permissions categories']['table'],
|
|
|
237 |
$this->configuration['tables']['permissions categories']['id'],
|
|
|
238 |
$this->configuration['tables']['permissions categories']['fields']['name']['dbColumn'],
|
|
|
239 |
$category
|
|
|
240 |
);
|
|
|
241 |
if ( ! $categoryID ) { // we did not find the category, so add it
|
|
|
242 |
$this->doSQL( sprintf( "insert into %s ( %s ) values ( %s )",
|
|
|
243 |
$this->configuration['tables']['permissions categories']['table'],
|
|
|
244 |
$this->configuration['tables']['permissions categories']['fields']['name']['dbColumn'],
|
|
|
245 |
$this->escapeString($category)
|
|
|
246 |
)
|
|
|
247 |
);
|
|
|
248 |
$categoryID = $this->getAField(
|
|
|
249 |
$this->configuration['tables']['permissions categories']['table'],
|
|
|
250 |
$this->configuration['tables']['permissions categories']['id'],
|
|
|
251 |
$this->configuration['tables']['permissions categories']['fields']['name']['dbColumn'],
|
|
|
252 |
$category
|
|
|
253 |
);
|
|
|
254 |
} // if category not found
|
|
|
255 |
$query = sprintf( "insert into %s ( %s,%s,%s,%s ) values ( %s,%s,%s,%s )",
|
|
|
256 |
$this->configuration['tables']['permissions']['table'],
|
|
|
257 |
$this->configuration['tables']['permissions']['fields']['name']['dbColumn'],
|
|
|
258 |
$this->configuration['tables']['permissions']['fields']['description']['dbColumn'],
|
|
|
259 |
$this->configuration['tables']['permissions']['fields']['permission category']['dbColumn'],
|
|
|
260 |
$this->configuration['tables']['permissions']['fields']['default']['dbColumn'],
|
|
|
261 |
$this->escapeString($name),
|
|
|
262 |
$this->escapeString($description),
|
|
|
263 |
$this->escapeString($categoryID),
|
|
|
264 |
$defaultValue
|
|
|
265 |
);
|
|
|
266 |
$this->doSQL( $query );
|
|
|
267 |
$permissionsID = $this->getAField(
|
|
|
268 |
$this->configuration['tables']['permissions']['table'],
|
|
|
269 |
$this->configuration['tables']['permissions']['id'],
|
|
|
270 |
$this->configuration['tables']['permissions']['fields']['name']['dbColumn'],
|
|
|
271 |
$this->escapeString($name)
|
|
|
272 |
);
|
|
|
273 |
//insert into _users_permissions (_user_id,_permission_id,value) select _user_id,$permissionsID,$defaultValue from _users
|
|
|
274 |
} // addPermission
|
|
|
275 |
|
|
|
276 |
/**
|
|
|
277 |
* Sets any unset user permissions
|
|
|
278 |
*
|
|
|
279 |
* This will set any missing permissions which have a true value in the
|
|
|
280 |
* users permissions join table. This will NOT modify any existing records
|
|
|
281 |
* but will add new records if they do not exist in the table.
|
|
|
282 |
*
|
|
|
283 |
* @parameters string $user_id If set, will limit to only one user (not implemented)
|
|
|
284 |
*/
|
|
|
285 |
public function setUsersPermissions ( $user_id = null ) {
|
|
|
286 |
$query = sprintf(
|
|
|
287 |
"insert into %s (%s,%s,%s)
|
|
|
288 |
select
|
|
|
289 |
%s.%s,
|
|
|
290 |
%s.%s,
|
|
|
291 |
%s.%s
|
|
|
292 |
from
|
|
|
293 |
%s
|
|
|
294 |
join %s
|
|
|
295 |
where
|
|
|
296 |
%s.%s
|
|
|
297 |
and not exists
|
|
|
298 |
(
|
|
|
299 |
select 1
|
|
|
300 |
from %s
|
|
|
301 |
where
|
|
|
302 |
%s.%s = %s.%s
|
|
|
303 |
and %s.%s = %s.%s
|
|
|
304 |
)",
|
|
|
305 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
306 |
$this->configuration['tables']['users permissions']['fields']['user_id']['dbColumn'],
|
|
|
307 |
$this->configuration['tables']['users permissions']['fields']['permission_id']['dbColumn'],
|
|
|
308 |
$this->configuration['tables']['users permissions']['fields']['value']['dbColumn'],
|
|
|
309 |
$this->configuration['tables']['users']['table'],
|
|
|
310 |
$this->configuration['tables']['users']['id'],
|
|
|
311 |
$this->configuration['tables']['permissions']['table'],
|
|
|
312 |
$this->configuration['tables']['permissions']['id'],
|
|
|
313 |
$this->configuration['tables']['permissions']['table'],
|
|
|
314 |
$this->configuration['tables']['permissions']['fields']['default']['dbColumn'],
|
|
|
315 |
$this->configuration['tables']['users']['table'],
|
|
|
316 |
$this->configuration['tables']['permissions']['table'],
|
|
|
317 |
$this->configuration['tables']['permissions']['table'],
|
|
|
318 |
$this->configuration['tables']['permissions']['fields']['default']['dbColumn'],
|
|
|
319 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
320 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
321 |
$this->configuration['tables']['users permissions']['fields']['user_id']['dbColumn'],
|
|
|
322 |
$this->configuration['tables']['users']['table'],
|
|
|
323 |
$this->configuration['tables']['users']['id'],
|
|
|
324 |
$this->configuration['tables']['users permissions']['table'],
|
|
|
325 |
$this->configuration['tables']['users permissions']['fields']['permission_id']['dbColumn'],
|
|
|
326 |
$this->configuration['tables']['permissions']['table'],
|
|
|
327 |
$this->configuration['tables']['permissions']['id']
|
|
|
328 |
);
|
|
|
329 |
$this->doSQL($query, true );
|
|
|
330 |
} // setUsersPermissions
|
| 17 |
rodolico |
331 |
|
|
|
332 |
public function getARecord( $whereFields, $fieldList = null ) {
|
|
|
333 |
$id = isset( $whereFields['id'] ) ? $whereFields['id'] : null;
|
|
|
334 |
$result = parent::getARecord( $whereFields, $fieldList );
|
|
|
335 |
if ( $result && isset( $id ) ) {
|
|
|
336 |
$result['permissions'] = $this->getPermissions( $id );
|
|
|
337 |
}
|
|
|
338 |
return $result;
|
|
|
339 |
}
|
|
|
340 |
|
|
|
341 |
public function getPermissions ( $id ) {
|
|
|
342 |
$query = (
|
|
|
343 |
$id == -1 ?
|
|
|
344 |
"select name permission,default_value value from _permissions" :
|
|
|
345 |
"select permission,value from _view_users_permissions where users_id = $id"
|
|
|
346 |
);
|
|
|
347 |
$results = $this->doSQL( $query );
|
|
|
348 |
$values = $results->fetch_all(MYSQLI_ASSOC);
|
|
|
349 |
return array_column( $values, 'value', 'permission' );
|
|
|
350 |
}
|
|
|
351 |
|
|
|
352 |
public function getFullPermissions( $id ) {
|
|
|
353 |
$query = (
|
|
|
354 |
$id == -1 ?
|
|
|
355 |
"select _permission_id permission_id, _permissions.name permission, description, _permissions_categories.name category, default_value value from _permissions join _permissions_categories using (_permission_category_id)" :
|
|
|
356 |
"select permission_id,permission,description,category,value from _view_users_permissions where users_id = $id order by category,description"
|
|
|
357 |
);
|
|
|
358 |
$results = $this->doSQL( $query );
|
|
|
359 |
return $results->fetch_all(MYSQLI_ASSOC);
|
|
|
360 |
}
|
|
|
361 |
|
|
|
362 |
public function updatePermissions ( $userID,$newData ) {
|
|
|
363 |
$query = '';
|
|
|
364 |
foreach ( $newData as $key => $value ) {
|
| 18 |
rodolico |
365 |
$query = "insert into _users_permissions ( _user_id,_permission_id,value) select $userID, _permission_id, $value from _permissions where name = '$key' on duplicate key update value = $value";
|
|
|
366 |
$this->doSQL( $query, 'In updatePermissions' );
|
| 17 |
rodolico |
367 |
}
|
|
|
368 |
} // update
|
| 16 |
rodolico |
369 |
|
|
|
370 |
}
|
|
|
371 |
|
|
|
372 |
?>
|