1: <?php
  2: /**
  3:  * This file contains the CONTENIDO rights functions.
  4:  *
  5:  * @package          Core
  6:  * @subpackage       Backend
  7:  * @version          SVN Revision $Rev:$
  8:  *
  9:  * @author           Martin Horwath
 10:  * @author           Murat Purc <murat@purc.de>
 11:  * @copyright        four for business AG <www.4fb.de>
 12:  * @license          http://www.contenido.org/license/LIZENZ.txt
 13:  * @link             http://www.4fb.de
 14:  * @link             http://www.contenido.org
 15:  */
 16: 
 17: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 18: 
 19: /**
 20:  * Function checks if a language is associated with a given list of clients
 21:  *
 22:  * @param array $aClients - array of clients to check
 23:  * @param integer $iLang - language id which should be checked
 24:  * @param array $aCfg - CONTENIDO configruation array (no more needed)
 25:  * @param object $oDb - CONTENIDO database object (no more needed)
 26:  *
 27:  * @return boolean - status (if language id corresponds to list of clients true
 28:  *         otherwise false)
 29:  */
 30: function checkLangInClients($aClients, $iLang, $aCfg, $oDb) {
 31:     $oClientLanguageCollection = new cApiClientLanguageCollection();
 32:     return $oClientLanguageCollection->hasLanguageInClients($iLang, $aClients);
 33: }
 34: 
 35: /**
 36:  * Duplicate rights for any element.
 37:  *
 38:  * @param string $area Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
 39:  * @param int $iditem ID of element to copy
 40:  * @param int $newiditem ID of the new element
 41:  * @param int $idlang ID of language, if passed only rights for this language
 42:  *            will be created, otherwhise for all existing languages
 43:  * @return bool True on success otherwhise false
 44:  */
 45: function copyRightsForElement($area, $iditem, $newiditem, $idlang = false) {
 46:     global $perm, $auth, $area_tree;
 47: 
 48:     if (!is_object($perm)) {
 49:         return false;
 50:     }
 51:     if (!is_object($auth)) {
 52:         return false;
 53:     }
 54: 
 55:     $oDestRightCol = new cApiRightCollection();
 56:     $oSourceRighsColl = new cApiRightCollection();
 57:     $whereUsers = array();
 58:     $whereAreaActions = array();
 59: 
 60:     // get all user_id values for con_rights
 61:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); // add
 62:     // groups if
 63:     // available
 64:     $userIDContainer[] = $auth->auth['uid']; // add user_id of current user
 65:     foreach ($userIDContainer as $key) {
 66:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
 67:     }
 68:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; // only duplicate on
 69:     // user and where
 70:     // user is member of
 71:     // get all idarea values for $area
 72:     $areaContainer = $area_tree[$perm->showareas($area)];
 73: 
 74:     // get all actions for corresponding area
 75:     $oActionColl = new cApiActionCollection();
 76:     $oActionColl->select('idarea IN (' . implode(',', $areaContainer) . ')');
 77:     while (($oItem = $oActionColl->next()) !== false) {
 78:         $whereAreaActions[] = '(idarea = ' . (int) $oItem->get('idarea') . ' AND idaction = ' . (int) $oItem->get('idaction') . ')';
 79:     }
 80:     $whereAreaActions = '(' . implode(' OR ', $whereAreaActions) . ')'; // only
 81:     // correct
 82:     // area
 83:     // action
 84:     // pairs
 85:     // possible
 86:     // final where clause to get all affected elements in con_right
 87:     $sWhere = "{$whereAreaActions} AND {$whereUsers} AND idcat = {$iditem}";
 88:     if ($idlang) {
 89:         $sWhere .= ' AND idlang=' . (int) $idlang;
 90:     }
 91: 
 92:     $oSourceRighsColl->select($sWhere);
 93:     while (($oItem = $oSourceRighsColl->next()) !== false) {
 94:         $rs = $oItem->toObject();
 95:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $newiditem, $rs->idclient, $rs->idlang, $rs->type);
 96:     }
 97: 
 98:     // permissions reloaded...
 99:     $perm->load_permissions(true);
100: 
101:     return true;
102: }
103: 
104: /**
105:  * Create rights for any element
106:  *
107:  * @param string $area Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
108:  * @param int $iditem ID of new element
109:  * @param int $idlang ID of language, if passed only rights for this language
110:  *            will be created, otherwhise for all existing languages
111:  * @return bool True on success otherwhise false
112:  */
113: function createRightsForElement($area, $iditem, $idlang = false) {
114:     global $perm, $auth, $area_tree, $client;
115: 
116:     if (!is_object($perm)) {
117:         return false;
118:     }
119:     if (!is_object($auth)) {
120:         return false;
121:     }
122: 
123:     $oDestRightCol = new cApiRightCollection();
124:     $oSourceRighsColl = new cApiRightCollection();
125:     $whereUsers = array();
126:     $rightsCache = array();
127: 
128:     // get all user_id values for con_rights
129:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); // add
130:     // groups if
131:     // available
132:     $userIDContainer[] = $auth->auth['uid']; // add user_id of current user
133:     foreach ($userIDContainer as $key) {
134:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
135:     }
136:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; // only duplicate on
137:     // user and where
138:     // user is member of
139:     // get all idarea values for $area short way
140:     $areaContainer = $area_tree[$perm->showareas($area)];
141: 
142:     // statement to get all existing actions/areas for corresponding area.
143:     // all existing rights for same area will be taken over to new item.
144:     $sWhere = 'idclient=' . (int) $client . ' AND idarea IN (' . implode(',', $areaContainer) . ')' . ' AND idcat != 0 AND idaction != 0 AND ' . $whereUsers;
145:     if ($idlang) {
146:         $sWhere .= ' AND idlang=' . (int) $idlang;
147:     }
148: 
149:     $oSourceRighsColl->select($sWhere);
150:     while (($oItem = $oSourceRighsColl->next()) !== false) {
151:         $rs = $oItem->toObject();
152: 
153:         // concatenate a key to use it to prevent double entries
154:         $key = $rs->user_id . '-' . $rs->idarea . '-' . $rs->idaction . '-' . $iditem . '-' . $rs->idclient . '-' . $rs->idlang . '-' . $rs->type;
155:         if (isset($rightsCache[$key])) {
156:             continue;
157:         }
158: 
159:         // create new right entry
160:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $iditem, $rs->idclient, $rs->idlang, $rs->type);
161: 
162:         $rightsCache[$key] = true;
163:     }
164: 
165:     // permissions reloaded...
166:     $perm->load_permissions(true);
167: 
168:     return true;
169: }
170: 
171: /**
172:  * Delete rights for any element
173:  *
174:  * @param string $area main area name
175:  * @param int $iditem ID of new element
176:  * @param int $idlang ID of lang parameter
177:  */
178: function deleteRightsForElement($area, $iditem, $idlang = false) {
179:     global $perm, $area_tree, $client;
180: 
181:     // get all idarea values for $area
182:     $areaContainer = $area_tree[$perm->showareas($area)];
183: 
184:     $sWhere = "idcat=" . (int) $iditem . " AND idclient=" . (int) $client . " AND idarea IN (" . implode(',', $areaContainer) . ")";
185:     if ($idlang) {
186:         $sWhere .= " AND idlang=" . (int) $idlang;
187:     }
188: 
189:     $oRightColl = new cApiRightCollection();
190:     $oRightColl->deleteByWhereClause($sWhere);
191: 
192:     // permissions reloaded...
193:     $perm->load_permissions(true);
194: }
195: 
196: /**
197:  * Builds user/group permissions (sysadmin, admin, client and language) by
198:  * processing request variables ($msysadmin, $madmin, $mclient, $mlang) and
199:  * returns the build permissions array.
200:  *
201:  * @todo Do we really need to add other perms, if the user/group gets the
202:  *       'sysadmin' permission?
203:  * @param bool $bAddUserToClient Flag to add current user to current client,
204:  *        if no client is specified.
205:  * @return array
206:  */
207: function buildUserOrGroupPermsFromRequest($bAddUserToClient = false) {
208:     global $cfg, $msysadmin, $madmin, $mclient, $mlang, $auth, $client;
209: 
210:     $aPerms = array();
211: 
212:     // check and prevalidation
213: 
214:     $bSysadmin = (isset($msysadmin) && $msysadmin);
215: 
216:     $aAdmin = (isset($madmin) && is_array($madmin)) ? $madmin : array();
217:     foreach ($aAdmin as $p => $value) {
218:         if (!is_numeric($value)) {
219:             unset($aAdmin[$p]);
220:         }
221:     }
222: 
223:     $aClient = (isset($mclient) && is_array($mclient)) ? $mclient : array();
224:     foreach ($aClient as $p => $value) {
225:         if (!is_numeric($value)) {
226:             unset($aClient[$p]);
227:         }
228:     }
229: 
230:     $aLang = (isset($mlang) && is_array($mlang)) ? $mlang : array();
231:     foreach ($aLang as $p => $value) {
232:         if (!is_numeric($value)) {
233:             unset($aLang[$p]);
234:         }
235:     }
236: 
237:     // build permissions array
238: 
239:     if ($bSysadmin) {
240:         $aPerms[] = 'sysadmin';
241:     }
242: 
243:     foreach ($aAdmin as $value) {
244:         $aPerms[] = sprintf('admin[%s]', $value);
245:     }
246: 
247:     foreach ($aClient as $value) {
248:         $aPerms[] = sprintf('client[%s]', $value);
249:     }
250: 
251:     if (count($aClient) == 0 && $bAddUserToClient) {
252:         // Add user to the current client, if the current user isn't sysadmin
253:         // and
254:         // no client has been specified. This avoids new accounts which are not
255:         // accessible by the current user (client admin) anymore.
256:         $aUserPerm = explode(',', $auth->auth['perm']);
257:         if (!in_array('sysadmin', $aUserPerm)) {
258:             $aPerms[] = sprintf('client[%s]', $client);
259:         }
260:     }
261: 
262:     if (count($aLang) > 0 && count($aClient) > 0) {
263:         // adding language perms makes sense if we have also at least one
264:         // selected client
265:         $db = cRegistry::getDb();
266:         foreach ($aLang as $value) {
267:             if (checkLangInClients($aClient, $value, $cfg, $db)) {
268:                 $aPerms[] = sprintf('lang[%s]', $value);
269:             }
270:         }
271:     }
272: 
273:     return $aPerms;
274: }
275: 
276: function saveRights() {
277:     global $perm, $notification, $db, $userid;
278:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
279: 
280:     // If no checkbox is checked
281:     if (!is_array($rights_list)) {
282:         $rights_list = array();
283:     }
284: 
285:     // Search all checks which are not in the new rights_list for deleting
286:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
287: 
288:     // Search all checks which are not in the rights_list_old for saving
289:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
290: 
291:     if (is_array($arraydel)) {
292:         foreach ($arraydel as $value) {
293:             $data = explode('|', $value);
294:             $data[0] = $perm->getIDForArea($data[0]);
295:             $data[1] = $perm->getIDForAction($data[1]);
296: 
297:             $where = "user_id = '" . $db->escape($userid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 0";
298:             $oRightColl = new cApiRightCollection();
299:             $oRightColl->deleteByWhereClause($where);
300:         }
301:     }
302: 
303:     unset($data);
304: 
305:     // Search for all mentioned checkboxes
306:     if (is_array($arraysave)) {
307:         foreach ($arraysave as $value) {
308:             // Explodes the key it consits areaid+actionid+itemid
309:             $data = explode('|', $value);
310: 
311:             // Since areas are stored in a numeric form in the rights table, we
312:             // have
313:             // to convert them from strings into numbers
314:             $data[0] = $perm->getIDForArea($data[0]);
315:             $data[1] = $perm->getIDForAction($data[1]);
316: 
317:             if (!isset($data[1])) {
318:                 $data[1] = 0;
319:             }
320: 
321:             // Insert new right
322:             $oRightColl = new cApiRightCollection();
323:             $oRightColl->create($userid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 0);
324:         }
325:     }
326: 
327:     $rights_list_old = $rights_list;
328:     $notification->displayNotification('info', i18n('Changes saved'));
329: }
330: 
331: function saveGroupRights() {
332:     global $perm, $notification, $db, $groupid;
333:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
334: 
335:     // If no checkbox is checked
336:     if (!is_array($rights_list)) {
337:         $rights_list = array();
338:     }
339: 
340:     // Search all checks which are not in the new rights_list for deleting
341:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
342: 
343:     // Search all checks which are not in the rights_list_old for saving
344:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
345: 
346:     if (is_array($arraydel)) {
347:         foreach ($arraydel as $value) {
348:             $data = explode('|', $value);
349:             $data[0] = $perm->getIDForArea($data[0]);
350:             $data[1] = $perm->getIDForAction($data[1]);
351: 
352:             $where = "user_id = '" . $db->escape($groupid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 1";
353:             $oRightColl = new cApiRightCollection();
354:             $oRightColl->deleteByWhereClause($where);
355:         }
356:     }
357: 
358:     unset($data);
359: 
360:     // Search for all mentioned checkboxes
361:     if (is_array($arraysave)) {
362:         foreach ($arraysave as $value) {
363:             // Explodes the key it consits areaid+actionid+itemid
364:             $data = explode('|', $value);
365: 
366:             // Since areas are stored in a numeric form in the rights table, we
367:             // have
368:             // to convert them from strings into numbers
369:             $data[0] = $perm->getIDForArea($data[0]);
370:             $data[1] = $perm->getIDForAction($data[1]);
371: 
372:             if (!isset($data[1])) {
373:                 $data[1] = 0;
374:             }
375: 
376:             // Insert new right
377:             $oRightColl = new cApiRightCollection();
378:             $oRightColl->create($groupid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 1);
379:         }
380:     }
381: 
382:     $rights_list_old = $rights_list;
383:     $notification->displayNotification('info', i18n('Changes saved'));
384: }
385: