1: <?php
  2: 
  3: /**
  4:  * This file contains the CONTENIDO rights functions.
  5:  *
  6:  * @package          Core
  7:  * @subpackage       Backend
  8:  * @version          SVN Revision $Rev:$
  9:  *
 10:  * @author           Martin Horwath
 11:  * @author           Murat Purc <murat@purc.de>
 12:  * @copyright        four for business AG <www.4fb.de>
 13:  * @license          http://www.contenido.org/license/LIZENZ.txt
 14:  * @link             http://www.4fb.de
 15:  * @link             http://www.contenido.org
 16:  */
 17: 
 18: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 19: 
 20: /**
 21:  * Function checks if a language is associated with a given list of clients
 22:  *
 23:  * @param array $aClients
 24:  *         array of clients to check
 25:  * @param int $iLang
 26:  *         language id which should be checked
 27:  * @param array $aCfg
 28:  *         CONTENIDO configruation array (no more needed)
 29:  * @param cDb $oDb
 30:  *         CONTENIDO database object (no more needed)
 31:  * @return boolean
 32:  *         status
 33:  *         If language id corresponds to list of clients true otherwise false.
 34:  */
 35: function checkLangInClients($aClients, $iLang, $aCfg, $oDb) {
 36:     $oClientLanguageCollection = new cApiClientLanguageCollection();
 37:     return $oClientLanguageCollection->hasLanguageInClients($iLang, $aClients);
 38: }
 39: 
 40: /**
 41:  * Duplicate rights for any element.
 42:  *
 43:  * @param string $area
 44:  *         Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
 45:  * @param int $iditem
 46:  *         ID of element to copy
 47:  * @param int $newiditem
 48:  *         ID of the new element
 49:  * @param int $idlang
 50:  *         ID of language, if passed only rights for this language
 51:  *         will be created, otherwise for all existing languages
 52:  * @return bool
 53:  *         True on success otherwise false
 54:  */
 55: function copyRightsForElement($area, $iditem, $newiditem, $idlang = false) {
 56:     global $perm, $auth, $area_tree;
 57: 
 58:     if (!is_object($perm)) {
 59:         return false;
 60:     }
 61:     if (!is_object($auth)) {
 62:         return false;
 63:     }
 64: 
 65:     $oDestRightCol = new cApiRightCollection();
 66:     $oSourceRighsColl = new cApiRightCollection();
 67:     $whereUsers = array();
 68:     $whereAreaActions = array();
 69: 
 70:     // get all user_id values for con_rights
 71:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); // add
 72:     // groups if
 73:     // available
 74:     $userIDContainer[] = $auth->auth['uid']; // add user_id of current user
 75:     foreach ($userIDContainer as $key) {
 76:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
 77:     }
 78:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; // only duplicate on
 79:     // user and where
 80:     // user is member of
 81:     // get all idarea values for $area
 82:     $areaContainer = $area_tree[$perm->showareas($area)];
 83: 
 84:     // get all actions for corresponding area
 85:     $oActionColl = new cApiActionCollection();
 86:     $oActionColl->select('idarea IN (' . implode(',', $areaContainer) . ')');
 87:     while (($oItem = $oActionColl->next()) !== false) {
 88:         $whereAreaActions[] = '(idarea = ' . (int) $oItem->get('idarea') . ' AND idaction = ' . (int) $oItem->get('idaction') . ')';
 89:     }
 90:     $whereAreaActions = '(' . implode(' OR ', $whereAreaActions) . ')'; // only
 91:     // correct
 92:     // area
 93:     // action
 94:     // pairs
 95:     // possible
 96:     // final where clause to get all affected elements in con_right
 97:     $sWhere = "{$whereAreaActions} AND {$whereUsers} AND idcat = {$iditem}";
 98:     if ($idlang) {
 99:         $sWhere .= ' AND idlang=' . (int) $idlang;
100:     }
101: 
102:     $oSourceRighsColl->select($sWhere);
103:     while (($oItem = $oSourceRighsColl->next()) !== false) {
104:         $rs = $oItem->toObject();
105:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $newiditem, $rs->idclient, $rs->idlang, $rs->type);
106:     }
107: 
108:     // permissions reloaded...
109:     $perm->load_permissions(true);
110: 
111:     return true;
112: }
113: 
114: /**
115:  * Create rights for any element
116:  *
117:  * @param string $area
118:  *         Main area name (e. g. 'lay', 'mod', 'str', 'tpl', etc.)
119:  * @param int $iditem
120:  *         ID of new element
121:  * @param int $idlang
122:  *         ID of language, if passed only rights for this language
123:  *         will be created, otherwise for all existing languages
124:  * @return bool
125:  *         True on success otherwise false
126:  */
127: function createRightsForElement($area, $iditem, $idlang = false) {
128:     global $perm, $auth, $area_tree, $client;
129: 
130:     if (!is_object($perm)) {
131:         return false;
132:     }
133:     if (!is_object($auth)) {
134:         return false;
135:     }
136: 
137:     $oDestRightCol = new cApiRightCollection();
138:     $oSourceRighsColl = new cApiRightCollection();
139:     $whereUsers = array();
140:     $rightsCache = array();
141: 
142:     // get all user_id values for con_rights
143:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); // add
144:     // groups if
145:     // available
146:     $userIDContainer[] = $auth->auth['uid']; // add user_id of current user
147:     foreach ($userIDContainer as $key) {
148:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
149:     }
150:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; // only duplicate on
151:     // user and where
152:     // user is member of
153:     // get all idarea values for $area short way
154:     $areaContainer = $area_tree[$perm->showareas($area)];
155: 
156:     // statement to get all existing actions/areas for corresponding area.
157:     // all existing rights for same area will be taken over to new item.
158:     $sWhere = 'idclient=' . (int) $client . ' AND idarea IN (' . implode(',', $areaContainer) . ')' . ' AND idcat != 0 AND idaction != 0 AND ' . $whereUsers;
159:     if ($idlang) {
160:         $sWhere .= ' AND idlang=' . (int) $idlang;
161:     }
162: 
163:     $oSourceRighsColl->select($sWhere);
164:     while (($oItem = $oSourceRighsColl->next()) !== false) {
165:         $rs = $oItem->toObject();
166: 
167:         // concatenate a key to use it to prevent double entries
168:         $key = $rs->user_id . '-' . $rs->idarea . '-' . $rs->idaction . '-' . $iditem . '-' . $rs->idclient . '-' . $rs->idlang . '-' . $rs->type;
169:         if (isset($rightsCache[$key])) {
170:             continue;
171:         }
172: 
173:         // create new right entry
174:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $iditem, $rs->idclient, $rs->idlang, $rs->type);
175: 
176:         $rightsCache[$key] = true;
177:     }
178: 
179:     // permissions reloaded...
180:     $perm->load_permissions(true);
181: 
182:     return true;
183: }
184: 
185: /**
186:  * Delete rights for any element
187:  *
188:  * @param string $area
189:  *         main area name
190:  * @param int $iditem
191:  *         ID of new element
192:  * @param int $idlang
193:  *         ID of lang parameter
194:  */
195: function deleteRightsForElement($area, $iditem, $idlang = false) {
196:     global $perm, $area_tree, $client;
197: 
198:     // get all idarea values for $area
199:     $areaContainer = $area_tree[$perm->showareas($area)];
200: 
201:     $sWhere = "idcat=" . (int) $iditem . " AND idclient=" . (int) $client . " AND idarea IN (" . implode(',', $areaContainer) . ")";
202:     if ($idlang) {
203:         $sWhere .= " AND idlang=" . (int) $idlang;
204:     }
205: 
206:     $oRightColl = new cApiRightCollection();
207:     $oRightColl->deleteByWhereClause($sWhere);
208: 
209:     // permissions reloaded...
210:     $perm->load_permissions(true);
211: }
212: 
213: /**
214:  * Builds user/group permissions (sysadmin, admin, client and language) by
215:  * processing request variables ($msysadmin, $madmin, $mclient, $mlang) and
216:  * returns the build permissions array.
217:  *
218:  * @todo Do we really need to add other perms, if the user/group gets the
219:  *       'sysadmin' permission?
220:  * @param bool $bAddUserToClient
221:  *         Flag to add current user to current client, if no client is specified.
222:  * @return array
223:  */
224: function buildUserOrGroupPermsFromRequest($bAddUserToClient = false) {
225:     global $cfg, $msysadmin, $madmin, $mclient, $mlang, $auth, $client;
226: 
227:     $aPerms = array();
228: 
229:     // check and prevalidation
230: 
231:     $bSysadmin = (isset($msysadmin) && $msysadmin);
232: 
233:     $aAdmin = (isset($madmin) && is_array($madmin)) ? $madmin : array();
234:     foreach ($aAdmin as $p => $value) {
235:         if (!is_numeric($value)) {
236:             unset($aAdmin[$p]);
237:         }
238:     }
239: 
240:     $aClient = (isset($mclient) && is_array($mclient)) ? $mclient : array();
241:     foreach ($aClient as $p => $value) {
242:         if (!is_numeric($value)) {
243:             unset($aClient[$p]);
244:         }
245:     }
246: 
247:     $aLang = (isset($mlang) && is_array($mlang)) ? $mlang : array();
248:     foreach ($aLang as $p => $value) {
249:         if (!is_numeric($value)) {
250:             unset($aLang[$p]);
251:         }
252:     }
253: 
254:     // build permissions array
255: 
256:     if ($bSysadmin) {
257:         $aPerms[] = 'sysadmin';
258:     }
259: 
260:     foreach ($aAdmin as $value) {
261:         $aPerms[] = sprintf('admin[%s]', $value);
262:     }
263: 
264:     foreach ($aClient as $value) {
265:         $aPerms[] = sprintf('client[%s]', $value);
266:     }
267: 
268:     if (count($aClient) == 0 && $bAddUserToClient) {
269:         // Add user to the current client, if the current user isn't sysadmin
270:         // and
271:         // no client has been specified. This avoids new accounts which are not
272:         // accessible by the current user (client admin) anymore.
273:         $aUserPerm = explode(',', $auth->auth['perm']);
274:         if (!in_array('sysadmin', $aUserPerm)) {
275:             $aPerms[] = sprintf('client[%s]', $client);
276:         }
277:     }
278: 
279:     if (count($aLang) > 0 && count($aClient) > 0) {
280:         // adding language perms makes sense if we have also at least one
281:         // selected client
282:         $db = cRegistry::getDb();
283:         foreach ($aLang as $value) {
284:             if (checkLangInClients($aClient, $value, $cfg, $db)) {
285:                 $aPerms[] = sprintf('lang[%s]', $value);
286:             }
287:         }
288:     }
289: 
290:     return $aPerms;
291: }
292: 
293: /**
294:  *
295:  * @return boolean
296:  */
297: function saveRights() {
298:     global $perm, $notification, $db, $userid;
299:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
300: 
301:     // If no checkbox is checked
302:     if (!is_array($rights_list)) {
303:         $rights_list = array();
304:     }
305: 
306:     // Search all checks which are not in the new rights_list for deleting
307:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
308: 
309:     // Search all checks which are not in the rights_list_old for saving
310:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
311:     $oAreaColl = new cApiAreaCollection();
312: 
313:     if (is_array($arraydel)) {
314:         foreach ($arraydel as $value) {
315:             $data = explode('|', $value);
316:             $data[0] = $oAreaColl->getAreaID($data[0]);
317:             $data[1] = $perm->getIDForAction($data[1]);
318: 
319:             $where = "user_id = '" . $db->escape($userid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 0";
320:             $oRightColl = new cApiRightCollection();
321:             $oRightColl->deleteByWhereClause($where);
322:         }
323:     }
324: 
325:     unset($data);
326: 
327:     // Search for all mentioned checkboxes
328:     if (is_array($arraysave)) {
329:         foreach ($arraysave as $value) {
330:             // Explodes the key it consits areaid+actionid+itemid
331:             $data = explode('|', $value);
332: 
333:             // Since areas are stored in a numeric form in the rights table, we
334:             // have
335:             // to convert them from strings into numbers
336:             $data[0] = $oAreaColl->getAreaID($data[0]);
337:             $data[1] = $perm->getIDForAction($data[1]);
338: 
339:             if (!isset($data[1])) {
340:                 $data[1] = 0;
341:             }
342: 
343:             // Insert new right
344:             $oRightColl = new cApiRightCollection();
345:             $oRightColl->create($userid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 0);
346:         }
347:     }
348: 
349:     $rights_list_old = $rights_list;
350: 
351:     return true;
352: 
353: }
354: 
355: /**
356:  *
357:  * @return boolean
358:  */
359: function saveGroupRights() {
360:     global $perm, $notification, $db, $groupid;
361:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
362: 
363:     // If no checkbox is checked
364:     if (!is_array($rights_list)) {
365:         $rights_list = array();
366:     }
367: 
368:     // Search all checks which are not in the new rights_list for deleting
369:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
370: 
371:     // Search all checks which are not in the rights_list_old for saving
372:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
373: 
374:     $oAreaColl = new cApiAreaCollection();
375: 
376:     if (is_array($arraydel)) {
377:         foreach ($arraydel as $value) {
378:             $data = explode('|', $value);
379:             $data[0] = $oAreaColl->getAreaID($data[0]);
380:             $data[1] = $perm->getIDForAction($data[1]);
381: 
382:             $where = "user_id = '" . $db->escape($groupid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 1";
383:             $oRightColl = new cApiRightCollection();
384:             $oRightColl->deleteByWhereClause($where);
385:         }
386:     }
387: 
388:     unset($data);
389: 
390:     // Search for all mentioned checkboxes
391:     if (is_array($arraysave)) {
392:         foreach ($arraysave as $value) {
393:             // Explodes the key it consits areaid+actionid+itemid
394:             $data = explode('|', $value);
395: 
396:             // Since areas are stored in a numeric form in the rights table, we
397:             // have
398:             // to convert them from strings into numbers
399:             $data[0] = $oAreaColl->getAreaID($data[0]);
400:             $data[1] = $perm->getIDForAction($data[1]);
401: 
402:             if (!isset($data[1])) {
403:                 $data[1] = 0;
404:             }
405: 
406:             // Insert new right
407:             $oRightColl = new cApiRightCollection();
408:             $oRightColl->create($groupid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 1);
409:         }
410:     }
411: 
412:     $rights_list_old = $rights_list;
413:     return true;
414: }
415: