File classes/class.rights.php | CMS CONTENIDO 4.10.1

  1: <?php
  2: 
  3: /**
  4:  * This file contains the the rights class.
  5:  *
  6:  * @package    Core
  7:  * @subpackage Backend
  8:  * @author     Marcus Gnaß
  9:  * @copyright  four for business AG <www.4fb.de>
 10:  * @license    http://www.contenido.org/license/LIZENZ.txt
 11:  * @link       http://www.4fb.de
 12:  * @link       http://www.contenido.org
 13:  */
 14: 
 15: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 16: 
 17: /**
 18:  * This classs contains methods to handle rights.
 19:  *
 20:  * @package    Core
 21:  * @subpackage Backend
 22:  */
 23: class cRights
 24: {
 25:     /**
 26:      * Duplicate rights for any element.
 27:      *
 28:      * @param string $area
 29:      *         Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
 30:      * @param int    $iditem
 31:      *         ID of element to copy
 32:      * @param int    $newiditem
 33:      *         ID of the new element
 34:      * @param bool   $idlang
 35:      *         ID of language, if passed only rights for this language
 36:      *         will be created, otherwise for all existing languages
 37:      *
 38:      * @return bool
 39:      *         True on success otherwise false
 40:      *
 41:      * @throws cDbException
 42:      * @throws cException
 43:      * @throws cInvalidArgumentException
 44:      */
 45:     public static function copyRightsForElement($area, $iditem, $newiditem, $idlang = false)
 46:     {
 47:         global $perm, $auth, $area_tree;
 48: 
 49:         if (!is_object($perm)) {
 50:             return false;
 51:         }
 52:         if (!is_object($auth)) {
 53:             return false;
 54:         }
 55: 
 56:         $oDestRightCol    = new cApiRightCollection();
 57:         $oSourceRighsColl = new cApiRightCollection();
 58:         $whereUsers       = [];
 59:         $whereAreaActions = [];
 60: 
 61:         // get all user_id values for con_rights
 62:         // add groups if available
 63:         $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']);
 64:         // add user_id of current user
 65:         $userIDContainer[] = $auth->auth['uid'];
 66:         foreach ($userIDContainer as $key) {
 67:             $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
 68:         }
 69:         // only duplicate on user and where user is member of
 70:         $whereUsers = '(' . implode(' OR ', $whereUsers) . ')';
 71:         // get all idarea values for $area
 72:         $areaContainer = $area_tree[$perm->showareas($area)];
 73: 
 74:         // get all actions for corresponding area
 75:         $oActionColl = new cApiActionCollection();
 76:         $oActionColl->select('idarea IN (' . implode(',', $areaContainer) . ')');
 77:         while (($oItem = $oActionColl->next()) !== false) {
 78:             $whereAreaActions[] =
 79:                 '(idarea = ' . (int)$oItem->get('idarea') . ' AND idaction = ' . (int)$oItem->get('idaction') . ')';
 80:         }
 81:         // only correct area action pairs possible
 82:         $whereAreaActions = '(' . implode(' OR ', $whereAreaActions) . ')';
 83: 
 84:         // final where clause to get all affected elements in con_right
 85:         $sWhere = "{$whereAreaActions} AND {$whereUsers} AND idcat = {$iditem}";
 86:         if ($idlang) {
 87:             $sWhere .= ' AND idlang=' . (int)$idlang;
 88:         }
 89: 
 90:         $oSourceRighsColl->select($sWhere);
 91:         while (($oItem = $oSourceRighsColl->next()) !== false) {
 92:             $rs = $oItem->toObject();
 93:             $oDestRightCol->create(
 94:                 $rs->user_id,
 95:                 $rs->idarea,
 96:                 $rs->idaction,
 97:                 $newiditem,
 98:                 $rs->idclient,
 99:                 $rs->idlang,
100:                 $rs->type
101:             );
102:         }
103: 
104:         // permissions reloaded...
105:         $perm->load_permissions(true);
106: 
107:         return true;
108:     }
109: 
110:     /**
111:      * Create rights for any element
112:      *
113:      * @param string $area
114:      *         Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
115:      * @param int    $iditem
116:      *         ID of new element
117:      * @param bool   $idlang
118:      *         ID of language, if passed only rights for this language
119:      *         will be created, otherwise for all existing languages
120:      *
121:      * @return bool
122:      *         True on success otherwise false
123:      *
124:      * @throws cDbException
125:      * @throws cException
126:      * @throws cInvalidArgumentException
127:      */
128:     public static function createRightsForElement($area, $iditem, $idlang = false)
129:     {
130:         global $perm, $auth, $area_tree, $client;
131: 
132:         if (!is_object($perm)) {
133:             return false;
134:         }
135:         if (!is_object($auth)) {
136:             return false;
137:         }
138: 
139:         $oDestRightCol    = new cApiRightCollection();
140:         $oSourceRighsColl = new cApiRightCollection();
141:         $whereUsers       = [];
142:         $rightsCache      = [];
143: 
144:         // get all user_id values for con_rights
145:         // add groups if available
146:         $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']);
147:         // add user_id of current user
148:         $userIDContainer[] = $auth->auth['uid'];
149:         foreach ($userIDContainer as $key) {
150:             $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
151:         }
152:         // only duplicate on user and where user is member of
153:         $whereUsers = '(' . implode(' OR ', $whereUsers) . ')';
154:         // get all idarea values for $area short way
155:         $areaContainer = $area_tree[$perm->showareas($area)];
156: 
157:         // statement to get all existing actions/areas for corresponding area.
158:         // all existing rights for same area will be taken over to new item.
159:         $sWhere = 'idclient=' . (int)$client . ' AND idarea IN (' . implode(',', $areaContainer) . ')'
160:             . ' AND idcat != 0 AND idaction != 0 AND ' . $whereUsers;
161:         if ($idlang) {
162:             $sWhere .= ' AND idlang=' . (int)$idlang;
163:         }
164: 
165:         $oSourceRighsColl->select($sWhere);
166:         while (($oItem = $oSourceRighsColl->next()) !== false) {
167:             $rs = $oItem->toObject();
168: 
169:             // concatenate a key to use it to prevent double entries
170:             $key = $rs->user_id . '-' . $rs->idarea . '-' . $rs->idaction . '-' . $iditem . '-' . $rs->idclient . '-'
171:                 . $rs->idlang . '-' . $rs->type;
172:             if (isset($rightsCache[$key])) {
173:                 continue;
174:             }
175: 
176:             // create new right entry
177:             $oDestRightCol->create(
178:                 $rs->user_id,
179:                 $rs->idarea,
180:                 $rs->idaction,
181:                 $iditem,
182:                 $rs->idclient,
183:                 $rs->idlang,
184:                 $rs->type
185:             );
186: 
187:             $rightsCache[$key] = true;
188:         }
189: 
190:         // permissions reloaded...
191:         $perm->load_permissions(true);
192: 
193:         return true;
194:     }
195: 
196:     /**
197:      * Delete rights for any element
198:      *
199:      * @param string $area
200:      *         main area name
201:      * @param int    $iditem
202:      *         ID of new element
203:      * @param bool   $idlang
204:      *         ID of lang parameter
205:      *
206:      * @throws cDbException
207:      * @throws cException
208:      * @throws cInvalidArgumentException
209:      */
210:     public static function deleteRightsForElement($area, $iditem, $idlang = false)
211:     {
212:         global $perm, $area_tree, $client;
213: 
214:         // get all idarea values for $area
215:         $areaContainer = $area_tree[$perm->showareas($area)];
216: 
217:         $sWhere = "idcat=" . (int)$iditem . " AND idclient=" . (int)$client . " AND idarea IN (" . implode(
218:                 ',',
219:                 $areaContainer
220:             ) . ")";
221:         if ($idlang) {
222:             $sWhere .= " AND idlang=" . (int)$idlang;
223:         }
224: 
225:         $oRightColl = new cApiRightCollection();
226:         $oRightColl->deleteByWhereClause($sWhere);
227: 
228:         // permissions reloaded...
229:         $perm->load_permissions(true);
230:     }
231: 
232:     /**
233:      * Builds user/group permissions (sysadmin, admin, client and language) by processing request variables
234:      * ($msysadmin, $madmin, $mclient, $mlang) and returns the build permissions array.
235:      *
236:      * @todo Do we really need to add other perms, if the user/group gets the 'sysadmin' permission?
237:      *
238:      * @param bool $bAddUserToClient
239:      *         Flag to add current user to current client, if no client is specified.
240:      *
241:      * @return array
242:      *
243:      * @throws cDbException
244:      */
245:     public static function buildUserOrGroupPermsFromRequest($bAddUserToClient = false)
246:     {
247:         global $auth, $client;
248:         global $msysadmin, $madmin, $mclient, $mlang;
249: 
250:         // check and prevalidation
251: 
252:         $bSysadmin = isset($msysadmin) && $msysadmin;
253: 
254:         $aAdmin = (isset($madmin) && is_array($madmin)) ? $madmin : [];
255:         foreach ($aAdmin as $p => $value) {
256:             if (!is_numeric($value)) {
257:                 unset($aAdmin[$p]);
258:             }
259:         }
260: 
261:         $aClient = (isset($mclient) && is_array($mclient)) ? $mclient : [];
262:         foreach ($aClient as $p => $value) {
263:             if (!is_numeric($value)) {
264:                 unset($aClient[$p]);
265:             }
266:         }
267: 
268:         $aLang = (isset($mlang) && is_array($mlang)) ? $mlang : [];
269:         foreach ($aLang as $p => $value) {
270:             if (!is_numeric($value)) {
271:                 unset($aLang[$p]);
272:             }
273:         }
274: 
275:         // build permissions array
276:         $aPerms = [];
277: 
278:         if ($bSysadmin) {
279:             $aPerms[] = 'sysadmin';
280:         }
281: 
282:         foreach ($aAdmin as $value) {
283:             $aPerms[] = sprintf('admin[%s]', $value);
284:         }
285: 
286:         foreach ($aClient as $value) {
287:             $aPerms[] = sprintf('client[%s]', $value);
288:         }
289: 
290:         // Add user to the current client, if the current user isn't sysadmin and no client has been specified.
291:         // This avoids new accounts which are not accessible by the current user (client admin) anymore.
292:         if (count($aClient) == 0 && $bAddUserToClient) {
293:             $aUserPerm = explode(',', $auth->auth['perm']);
294:             if (!in_array('sysadmin', $aUserPerm)) {
295:                 $aPerms[] = sprintf('client[%s]', $client);
296:             }
297:         }
298: 
299:         // adding language perms makes sense if we have also at least one selected client
300:         if (count($aLang) > 0 && count($aClient) > 0) {
301:             foreach ($aLang as $idlang) {
302:                 $oClientLanguageCollection = new cApiClientLanguageCollection();
303:                 $hasLanguageInClients      = $oClientLanguageCollection->hasLanguageInClients($idlang, $aClient);
304:                 if ($hasLanguageInClients) {
305:                     $aPerms[] = sprintf('lang[%s]', $idlang);
306:                 }
307:             }
308:         }
309: 
310:         return $aPerms;
311:     }
312: 
313:     /**
314:      * @return bool
315:      *
316:      * @throws cDbException
317:      * @throws cException
318:      * @throws cInvalidArgumentException
319:      */
320:     public static function saveRights()
321:     {
322:         global $perm, $db, $userid;
323:         global $rights_list, $rights_list_old, $rights_client, $rights_lang;
324:         global $aArticleRights, $aCategoryRights, $aTemplateRights;
325: 
326:         // If no checkbox is checked
327:         if (!is_array($rights_list)) {
328:             $rights_list = [];
329:         }
330: 
331:         // Search all checks which are not in the new rights_list for deleting
332:         $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
333: 
334:         // Search all checks which are not in the rights_list_old for saving
335:         $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
336:         $oAreaColl = new cApiAreaCollection();
337: 
338:         if (is_array($arraydel)) {
339:             foreach ($arraydel as $value) {
340:                 $data = explode('|', $value);
341: 
342:                 // Do not delete rights that does not display at this moment
343:                 if (!empty($_REQUEST['filter_rights'])) {
344:                     if (($_REQUEST['filter_rights'] != 'article' && in_array($data[1], $aArticleRights))
345:                         || ($_REQUEST['filter_rights'] != 'category' && in_array($data[1], $aCategoryRights))
346:                         || ($_REQUEST['filter_rights'] != 'template' && in_array($data[1], $aTemplateRights))
347:                     ) {
348:                         continue;
349:                     }
350: 
351:                     if ($_REQUEST['filter_rights'] != 'other'
352:                         && !in_array($data[1], array_merge($aArticleRights, $aCategoryRights, $aTemplateRights))
353:                     ) {
354:                         continue;
355:                     }
356:                 }
357: 
358:                 $data[0] = $oAreaColl->getAreaID($data[0]);
359:                 $data[1] = $perm->getIDForAction($data[1]);
360: 
361:                 $where      =
362:                     "user_id = '" . $db->escape($userid) . "' AND idclient = " . (int)$rights_client . " AND idlang = "
363:                     . (int)$rights_lang . " AND idarea = " . (int)$data[0] . " AND idcat = " . (int)$data[2]
364:                     . " AND idaction = " . (int)$data[1] . " AND type = 0";
365:                 $oRightColl = new cApiRightCollection();
366:                 $oRightColl->deleteByWhereClause($where);
367:             }
368:         }
369: 
370:         unset($data);
371: 
372:         // Search for all mentioned checkboxes
373:         if (is_array($arraysave)) {
374:             foreach ($arraysave as $value) {
375:                 // Explodes the key it consits areaid+actionid+itemid
376:                 $data = explode('|', $value);
377: 
378:                 // Since areas are stored in a numeric form in the rights table,
379:                 // we have to convert them from strings into numbers
380:                 $data[0] = $oAreaColl->getAreaID($data[0]);
381:                 $data[1] = $perm->getIDForAction($data[1]);
382: 
383:                 if (!isset($data[1])) {
384:                     $data[1] = 0;
385:                 }
386: 
387:                 // Insert new right
388:                 $oRightColl = new cApiRightCollection();
389:                 $oRightColl->create($userid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 0);
390:             }
391:         }
392: 
393:         $rights_list_old = $rights_list;
394: 
395:         return true;
396:     }
397: 
398:     /**
399:      * @return bool
400:      *
401:      * @throws cDbException
402:      * @throws cException
403:      * @throws cInvalidArgumentException
404:      */
405:     public static function saveGroupRights()
406:     {
407:         global $perm, $db, $groupid;
408:         global $rights_list, $rights_list_old, $rights_client, $rights_lang;
409:         global $aArticleRights, $aCategoryRights, $aTemplateRights;
410: 
411:         // If no checkbox is checked
412:         if (!is_array($rights_list)) {
413:             $rights_list = [];
414:         }
415: 
416:         // Search all checks which are not in the new rights_list for deleting
417:         $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
418: 
419:         // Search all checks which are not in the rights_list_old for saving
420:         $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
421: 
422:         $oAreaColl = new cApiAreaCollection();
423: 
424:         if (is_array($arraydel)) {
425:             foreach ($arraydel as $value) {
426:                 $data = explode('|', $value);
427: 
428:                 // Do not delete grouprights that does not display at this moment
429:                 if (!empty($_REQUEST['filter_rights'])) {
430:                     if (($_REQUEST['filter_rights'] != 'article' && in_array($data[1], $aArticleRights))
431:                         || ($_REQUEST['filter_rights'] != 'category' && in_array($data[1], $aCategoryRights))
432:                         || ($_REQUEST['filter_rights'] != 'template' && in_array($data[1], $aTemplateRights))
433:                     ) {
434:                         continue;
435:                     }
436: 
437:                     if ($_REQUEST['filter_rights'] != 'other'
438:                         && !in_array($data[1], array_merge($aArticleRights, $aCategoryRights, $aTemplateRights))
439:                     ) {
440:                         continue;
441:                     }
442:                 }
443: 
444:                 $data[0] = $oAreaColl->getAreaID($data[0]);
445:                 $data[1] = $perm->getIDForAction($data[1]);
446: 
447:                 $where      =
448:                     "user_id = '" . $db->escape($groupid) . "' AND idclient = " . (int)$rights_client . " AND idlang = "
449:                     . (int)$rights_lang . " AND idarea = " . (int)$data[0] . " AND idcat = " . (int)$data[2]
450:                     . " AND idaction = " . (int)$data[1] . " AND type = 1";
451:                 $oRightColl = new cApiRightCollection();
452:                 $oRightColl->deleteByWhereClause($where);
453:             }
454:         }
455: 
456:         unset($data);
457: 
458:         // Search for all mentioned checkboxes
459:         if (is_array($arraysave)) {
460:             foreach ($arraysave as $value) {
461:                 // Explodes the key it consits areaid+actionid+itemid
462:                 $data = explode('|', $value);
463: 
464:                 // Since areas are stored in a numeric form in the rights table,
465:                 // we have to convert them from strings into numbers
466:                 $data[0] = $oAreaColl->getAreaID($data[0]);
467:                 $data[1] = $perm->getIDForAction($data[1]);
468: 
469:                 if (!isset($data[1])) {
470:                     $data[1] = 0;
471:                 }
472: 
473:                 // Insert new right
474:                 $oRightColl = new cApiRightCollection();
475:                 $oRightColl->create($groupid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 1);
476:             }
477:         }
478: 
479:         $rights_list_old = $rights_list;
480: 
481:         return true;
482:     }
483: 
484:     /**
485:      * Build list of rights for all relevant and online areas except "login" and their relevant actions.
486:      *
487:      * @return array
488:      */
489:     public static function getRightsList()
490:     {
491:         $areas   = new cApiAreaCollection();
492:         $navSubs = new cApiNavSubCollection();
493:         $actions = new cApiActionCollection();
494: 
495:         try {
496:             $rights = [];
497: 
498:             $areas->select('relevant = 1 AND online = 1 AND name != "login"');
499:             while ($area = $areas->next()) {
500:                 $right = [
501:                     'perm'     => $area->get('name'),
502:                     'location' => '',
503:                 ];
504: 
505:                 // get location
506:                 $navSubs->select('idarea = ' . (int)$area->get('idarea'));
507:                 if ($navSubItem = $navSubs->next()) {
508:                     $right['location'] = $navSubItem->get('location');
509:                 }
510: 
511:                 // get relevant actions
512:                 $actions->select('relevant = 1 AND idarea = ' . (int)$area->get('idarea'));
513:                 while ($action = $actions->next()) {
514:                     $right['action'][] = $action->get('name');
515:                 }
516: 
517:                 // insert into list
518:                 if ($area->get('parent_id') == '0') {
519:                     $key = $area->get('name');
520:                 } else {
521:                     $key = $area->get('parent_id');
522:                 }
523:                 $rights[$key][$area->get('name')] = $right;
524:             }
525:         } catch (cDbException $e) {
526:             $rights = [];
527:         } catch (cException $e) {
528:             $rights = [];
529:         }
530: 
531:         return $rights;
532:     }
533: }
534:
Packages

Classes

Functions
