1: <?php
  2: /**
  3:  * This file contains the CONTENIDO rights functions.
  4:  *
  5:  * @package          Core
  6:  * @subpackage       Backend
  7:  * @version          SVN Revision $Rev:$
  8:  *
  9:  * @author           Martin Horwath
 10:  * @author           Murat Purc <murat@purc.de>
 11:  * @copyright        four for business AG <www.4fb.de>
 12:  * @license          http://www.contenido.org/license/LIZENZ.txt
 13:  * @link             http://www.4fb.de
 14:  * @link             http://www.contenido.org
 15:  */
 16: 
 17: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 18: 
 19: /**
 20:  * Function checks if a language is associated with a given list of clients
 21:  *
 22:  * @param array $aClients - array of clients to check
 23:  * @param integer $iLang - language id which should be checked
 24:  * @param array $aCfg - CONTENIDO configruation array (no more needed)
 25:  * @param object $oDb - CONTENIDO database object (no more needed)
 26:  *
 27:  * @return boolean - status (if language id corresponds to list of clients true
 28:  *         otherwise false)
 29:  */
 30: function checkLangInClients($aClients, $iLang, $aCfg, $oDb) {
 31:     $oClientLanguageCollection = new cApiClientLanguageCollection();
 32:     return $oClientLanguageCollection->hasLanguageInClients($iLang, $aClients);
 33: }
 34: 
 35: /**
 36:  * Duplicate rights for any element.
 37:  *
 38:  * @param string $area Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
 39:  * @param int $iditem ID of element to copy
 40:  * @param int $newiditem ID of the new element
 41:  * @param int $idlang ID of language, if passed only rights for this language
 42:  *            will be created, otherwhise for all existing languages
 43:  * @return bool True on success otherwhise false
 44:  */
 45: function copyRightsForElement($area, $iditem, $newiditem, $idlang = false) {
 46:     global $perm, $auth, $area_tree;
 47: 
 48:     if (!is_object($perm)) {
 49:         return false;
 50:     }
 51:     if (!is_object($auth)) {
 52:         return false;
 53:     }
 54: 
 55:     $oDestRightCol = new cApiRightCollection();
 56:     $oSourceRighsColl = new cApiRightCollection();
 57:     $whereUsers = array();
 58:     $whereAreaActions = array();
 59: 
 60:     // get all user_id values for con_rights
 61:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); // add
 62:                                                                     // groups if
 63:                                                                     // available
 64:     $userIDContainer[] = $auth->auth['uid']; // add user_id of current user
 65:     foreach ($userIDContainer as $key) {
 66:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
 67:     }
 68:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; // only duplicate on
 69:                                                             // user and where
 70:                                                             // user is member of
 71: 
 72:     // get all idarea values for $area
 73:     $areaContainer = $area_tree[$perm->showareas($area)];
 74: 
 75:     // get all actions for corresponding area
 76:     $oActionColl = new cApiActionCollection();
 77:     $oActionColl->select('idarea IN (' . implode(',', $areaContainer) . ')');
 78:     while (($oItem = $oActionColl->next()) !== false) {
 79:         $whereAreaActions[] = '(idarea = ' . (int) $oItem->get('idarea') . ' AND idaction = ' . (int) $oItem->get('idaction') . ')';
 80:     }
 81:     $whereAreaActions = '(' . implode(' OR ', $whereAreaActions) . ')'; // only
 82:                                                                         // correct
 83:                                                                         // area
 84:                                                                         // action
 85:                                                                         // pairs
 86:                                                                         // possible
 87: 
 88:     // final where clause to get all affected elements in con_right
 89:     $sWhere = "{$whereAreaActions} AND {$whereUsers} AND idcat = {$iditem}";
 90:     if ($idlang) {
 91:         $sWhere .= ' AND idlang=' . (int) $idlang;
 92:     }
 93: 
 94:     $oSourceRighsColl->select($sWhere);
 95:     while (($oItem = $oSourceRighsColl->next()) !== false) {
 96:         $rs = $oItem->toObject();
 97:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $newiditem, $rs->idclient, $rs->idlang, $rs->type);
 98:     }
 99: 
100:     // permissions reloaded...
101:     $perm->load_permissions(true);
102: 
103:     return true;
104: }
105: 
106: /**
107:  * Create rights for any element
108:  *
109:  * @param string $area Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
110:  * @param int $iditem ID of new element
111:  * @param int $idlang ID of language, if passed only rights for this language
112:  *            will be created, otherwhise for all existing languages
113:  * @return bool True on success otherwhise false
114:  */
115: function createRightsForElement($area, $iditem, $idlang = false) {
116:     global $perm, $auth, $area_tree, $client;
117: 
118:     if (!is_object($perm)) {
119:         return false;
120:     }
121:     if (!is_object($auth)) {
122:         return false;
123:     }
124: 
125:     $oDestRightCol = new cApiRightCollection();
126:     $oSourceRighsColl = new cApiRightCollection();
127:     $whereUsers = array();
128:     $rightsCache = array();
129: 
130:     // get all user_id values for con_rights
131:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); // add
132:                                                                     // groups if
133:                                                                     // available
134:     $userIDContainer[] = $auth->auth['uid']; // add user_id of current user
135:     foreach ($userIDContainer as $key) {
136:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
137:     }
138:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; // only duplicate on
139:                                                             // user and where
140:                                                             // user is member of
141: 
142:     // get all idarea values for $area short way
143:     $areaContainer = $area_tree[$perm->showareas($area)];
144: 
145:     // statement to get all existing actions/areas for corresponding area.
146:     // all existing rights for same area will be taken over to new item.
147:     $sWhere = 'idclient=' . (int) $client . ' AND idarea IN (' . implode(',', $areaContainer) . ')' . ' AND idcat != 0 AND idaction != 0 AND ' . $whereUsers;
148:     if ($idlang) {
149:         $sWhere .= ' AND idlang=' . (int) $idlang;
150:     }
151: 
152:     $oSourceRighsColl->select($sWhere);
153:     while (($oItem = $oSourceRighsColl->next()) !== false) {
154:         $rs = $oItem->toObject();
155: 
156:         // concatenate a key to use it to prevent double entries
157:         $key = $rs->user_id . '-' . $rs->idarea . '-' . $rs->idaction . '-' . $iditem . '-' . $rs->idclient . '-' . $rs->idlang . '-' . $rs->type;
158:         if (isset($rightsCache[$key])) {
159:             continue;
160:         }
161: 
162:         // create new right entry
163:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $iditem, $rs->idclient, $rs->idlang, $rs->type);
164: 
165:         $rightsCache[$key] = true;
166:     }
167: 
168:     // permissions reloaded...
169:     $perm->load_permissions(true);
170: 
171:     return true;
172: }
173: 
174: /**
175:  * Delete rights for any element
176:  *
177:  * @param string $area main area name
178:  * @param int $iditem ID of new element
179:  * @param int $idlang ID of lang parameter
180:  */
181: function deleteRightsForElement($area, $iditem, $idlang = false) {
182:     global $perm, $area_tree, $client;
183: 
184:     // get all idarea values for $area
185:     $areaContainer = $area_tree[$perm->showareas($area)];
186: 
187:     $sWhere = "idcat=" . (int) $iditem . " AND idclient=" . (int) $client . " AND idarea IN (" . implode(',', $areaContainer) . ")";
188:     if ($idlang) {
189:         $sWhere .= " AND idlang=" . (int) $idlang;
190:     }
191: 
192:     $oRightColl = new cApiRightCollection();
193:     $oRightColl->deleteByWhereClause($sWhere);
194: 
195:     // permissions reloaded...
196:     $perm->load_permissions(true);
197: }
198: 
199: /**
200:  * Builds user/group permissions (sysadmin, admin, client and language) by
201:  * processing request variables ($msysadmin, $madmin, $mclient, $mlang) and
202:  * returns the build permissions array.
203:  *
204:  * @todo Do we really need to add other perms, if the user/group gets the
205:  *       'sysadmin' permission?
206:  * @param bool $bAddUserToClient Flag to add current user to current client,
207:  *        if no client is specified.
208:  * @return array
209:  */
210: function buildUserOrGroupPermsFromRequest($bAddUserToClient = false) {
211:     global $cfg, $msysadmin, $madmin, $mclient, $mlang, $auth, $client;
212: 
213:     $aPerms = array();
214: 
215:     // check and prevalidation
216: 
217:     $bSysadmin = (isset($msysadmin) && $msysadmin);
218: 
219:     $aAdmin = (isset($madmin) && is_array($madmin))? $madmin : array();
220:     foreach ($aAdmin as $p => $value) {
221:         if (!is_numeric($value)) {
222:             unset($aAdmin[$p]);
223:         }
224:     }
225: 
226:     $aClient = (isset($mclient) && is_array($mclient))? $mclient : array();
227:     foreach ($aClient as $p => $value) {
228:         if (!is_numeric($value)) {
229:             unset($aClient[$p]);
230:         }
231:     }
232: 
233:     $aLang = (isset($mlang) && is_array($mlang))? $mlang : array();
234:     foreach ($aLang as $p => $value) {
235:         if (!is_numeric($value)) {
236:             unset($aLang[$p]);
237:         }
238:     }
239: 
240:     // build permissions array
241: 
242:     if ($bSysadmin) {
243:         $aPerms[] = 'sysadmin';
244:     }
245: 
246:     foreach ($aAdmin as $value) {
247:         $aPerms[] = sprintf('admin[%s]', $value);
248:     }
249: 
250:     foreach ($aClient as $value) {
251:         $aPerms[] = sprintf('client[%s]', $value);
252:     }
253: 
254:     if (count($aClient) == 0 && $bAddUserToClient) {
255:         // Add user to the current client, if the current user isn't sysadmin
256:         // and
257:         // no client has been specified. This avoids new accounts which are not
258:         // accessible by the current user (client admin) anymore.
259:         $aUserPerm = explode(',', $auth->auth['perm']);
260:         if (!in_array('sysadmin', $aUserPerm)) {
261:             $aPerms[] = sprintf('client[%s]', $client);
262:         }
263:     }
264: 
265:     if (count($aLang) > 0 && count($aClient) > 0) {
266:         // adding language perms makes sense if we have also at least one
267:         // selected client
268:         $db = cRegistry::getDb();
269:         foreach ($aLang as $value) {
270:             if (checkLangInClients($aClient, $value, $cfg, $db)) {
271:                 $aPerms[] = sprintf('lang[%s]', $value);
272:             }
273:         }
274:     }
275: 
276:     return $aPerms;
277: }
278: 
279: function saveRights() {
280:     global $perm, $notification, $db, $userid;
281:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
282: 
283:     // If no checkbox is checked
284:     if (!is_array($rights_list)) {
285:         $rights_list = array();
286:     }
287: 
288:     // Search all checks which are not in the new rights_list for deleting
289:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
290: 
291:     // Search all checks which are not in the rights_list_old for saving
292:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
293: 
294:     if (is_array($arraydel)) {
295:         foreach ($arraydel as $value) {
296:             $data = explode('|', $value);
297:             $data[0] = $perm->getIDForArea($data[0]);
298:             $data[1] = $perm->getIDForAction($data[1]);
299: 
300:             $where = "user_id = '" . $db->escape($userid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 0";
301:             $oRightColl = new cApiRightCollection();
302:             $oRightColl->deleteByWhereClause($where);
303:         }
304:     }
305: 
306:     unset($data);
307: 
308:     // Search for all mentioned checkboxes
309:     if (is_array($arraysave)) {
310:         foreach ($arraysave as $value) {
311:             // Explodes the key it consits areaid+actionid+itemid
312:             $data = explode('|', $value);
313: 
314:             // Since areas are stored in a numeric form in the rights table, we
315:             // have
316:             // to convert them from strings into numbers
317:             $data[0] = $perm->getIDForArea($data[0]);
318:             $data[1] = $perm->getIDForAction($data[1]);
319: 
320:             if (!isset($data[1])) {
321:                 $data[1] = 0;
322:             }
323: 
324:             // Insert new right
325:             $oRightColl = new cApiRightCollection();
326:             $oRightColl->create($userid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 0);
327:         }
328:     }
329: 
330:     $rights_list_old = $rights_list;
331:     $notification->displayNotification('info', i18n('Changes saved'));
332: }
333: 
334: function saveGroupRights() {
335:     global $perm, $notification, $db, $groupid;
336:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
337: 
338:     // If no checkbox is checked
339:     if (!is_array($rights_list)) {
340:         $rights_list = array();
341:     }
342: 
343:     // Search all checks which are not in the new rights_list for deleting
344:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
345: 
346:     // Search all checks which are not in the rights_list_old for saving
347:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
348: 
349:     if (is_array($arraydel)) {
350:         foreach ($arraydel as $value) {
351:             $data = explode('|', $value);
352:             $data[0] = $perm->getIDForArea($data[0]);
353:             $data[1] = $perm->getIDForAction($data[1]);
354: 
355:             $where = "user_id = '" . $db->escape($groupid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 1";
356:             $oRightColl = new cApiRightCollection();
357:             $oRightColl->deleteByWhereClause($where);
358:         }
359:     }
360: 
361:     unset($data);
362: 
363:     // Search for all mentioned checkboxes
364:     if (is_array($arraysave)) {
365:         foreach ($arraysave as $value) {
366:             // Explodes the key it consits areaid+actionid+itemid
367:             $data = explode('|', $value);
368: 
369:             // Since areas are stored in a numeric form in the rights table, we
370:             // have
371:             // to convert them from strings into numbers
372:             $data[0] = $perm->getIDForArea($data[0]);
373:             $data[1] = $perm->getIDForAction($data[1]);
374: 
375:             if (!isset($data[1])) {
376:                 $data[1] = 0;
377:             }
378: 
379:             // Insert new right
380:             $oRightColl = new cApiRightCollection();
381:             $oRightColl->create($groupid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 1);
382:         }
383:     }
384: 
385:     $rights_list_old = $rights_list;
386:     $notification->displayNotification('info', i18n('Changes saved'));
387: }
388: