Pulled out SQL statements into separate lines to allow for easier debugability, fixed up the documentation, prettied up the code to Campware coding conventions.
This commit is contained in:
paul
parent
8b40272996
commit
2571cb9fef
1 changed files with 286 additions and 199 deletions
|
|
@ -50,19 +50,20 @@ class Alib extends Subjects{
|
||||||
var $login=NULL;
|
var $login=NULL;
|
||||||
var $userid=NULL;
|
var $userid=NULL;
|
||||||
var $sessid=NULL;
|
var $sessid=NULL;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
* @param dbc object, DB
|
* @param object $dbc DB
|
||||||
* @param config array
|
* @param array $config
|
||||||
* @return this
|
|
||||||
*/
|
*/
|
||||||
function Alib(&$dbc, $config)
|
function Alib(&$dbc, $config)
|
||||||
{
|
{
|
||||||
parent::Subjects($dbc, $config);
|
parent::Subjects($dbc, $config);
|
||||||
$this->permTable = $config['tblNamePrefix'].'perms';
|
$this->permTable = $config['tblNamePrefix'].'perms';
|
||||||
$this->sessTable = $config['tblNamePrefix'].'sess';
|
$this->sessTable = $config['tblNamePrefix'].'sess';
|
||||||
}
|
} // constructor
|
||||||
|
|
||||||
|
|
||||||
/* ======================================================= public methods */
|
/* ======================================================= public methods */
|
||||||
|
|
||||||
|
|
@ -71,8 +72,8 @@ class Alib extends Subjects{
|
||||||
/**
|
/**
|
||||||
* Authenticate and create session
|
* Authenticate and create session
|
||||||
*
|
*
|
||||||
* @param login string
|
* @param string $login
|
||||||
* @param pass string
|
* @param string $pass
|
||||||
* @return boolean/sessionId/err
|
* @return boolean/sessionId/err
|
||||||
*/
|
*/
|
||||||
function login($login, $pass)
|
function login($login, $pass)
|
||||||
|
|
@ -82,62 +83,72 @@ class Alib extends Subjects{
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
$sessid = $this->_createSessid();
|
$sessid = $this->_createSessid();
|
||||||
if(PEAR::isError($sessid)) return $sessid;
|
if (PEAR::isError($sessid)) {
|
||||||
|
return $sessid;
|
||||||
|
}
|
||||||
$userid = $this->getSubjId($login);
|
$userid = $this->getSubjId($login);
|
||||||
$r = $this->dbc->query("INSERT INTO {$this->sessTable}
|
$sql = "INSERT INTO {$this->sessTable} (sessid, userid, login, ts)
|
||||||
(sessid, userid, login, ts)
|
VALUES('$sessid', '$userid', '$login', now())";
|
||||||
VALUES
|
$r = $this->dbc->query($sql);
|
||||||
('$sessid', '$userid', '$login', now())");
|
if (PEAR::isError($r)) {
|
||||||
if(PEAR::isError($r)) return $r;
|
return $r;
|
||||||
|
}
|
||||||
$this->login = $login;
|
$this->login = $login;
|
||||||
$this->userid = $userid;
|
$this->userid = $userid;
|
||||||
$this->sessid = $sessid;
|
$this->sessid = $sessid;
|
||||||
$this->setTimeStamp($login, FALSE);
|
$this->setTimeStamp($login, FALSE);
|
||||||
return $sessid;
|
return $sessid;
|
||||||
}
|
} // fn login
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Logout and destroy session
|
* Logout and destroy session
|
||||||
*
|
*
|
||||||
* @param sessid string
|
* @param string $sessid
|
||||||
* @return true/err
|
* @return true/err
|
||||||
*/
|
*/
|
||||||
function logout($sessid)
|
function logout($sessid)
|
||||||
{
|
{
|
||||||
$ct = $this->checkAuthToken($sessid);
|
$ct = $this->checkAuthToken($sessid);
|
||||||
if($ct === FALSE)
|
if($ct === FALSE) {
|
||||||
return PEAR::raiseError('Alib::logout: not logged ($ct)',
|
return PEAR::raiseError('Alib::logout: not logged ($ct)',
|
||||||
ALIBERR_NOTLOGGED, PEAR_ERROR_RETURN);
|
ALIBERR_NOTLOGGED, PEAR_ERROR_RETURN);
|
||||||
elseif(PEAR::isError($ct))
|
} elseif (PEAR::isError($ct)) {
|
||||||
return $ct;
|
return $ct;
|
||||||
else{
|
} else {
|
||||||
$r = $this->dbc->query("DELETE FROM {$this->sessTable}
|
$sql = "DELETE FROM {$this->sessTable}
|
||||||
WHERE sessid='$sessid'");
|
WHERE sessid='$sessid'";
|
||||||
if(PEAR::isError($r)) return $r;
|
$r = $this->dbc->query($sql);
|
||||||
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
$this->login = NULL;
|
$this->login = NULL;
|
||||||
$this->userid = NULL;
|
$this->userid = NULL;
|
||||||
$this->sessid = NULL;
|
$this->sessid = NULL;
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
}
|
} // fn logout
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return true if the token is valid
|
* Return true if the token is valid
|
||||||
*
|
*
|
||||||
* @param sessid string
|
* @param string $sessid
|
||||||
* @return boolean/err
|
* @return boolean/err
|
||||||
*/
|
*/
|
||||||
function checkAuthToken($sessid)
|
function checkAuthToken($sessid)
|
||||||
{
|
{
|
||||||
$c = $this->dbc->getOne("SELECT count(*) as cnt FROM {$this->sessTable}
|
$sql = "SELECT count(*) as cnt FROM {$this->sessTable}
|
||||||
WHERE sessid='$sessid'");
|
WHERE sessid='$sessid'";
|
||||||
|
$c = $this->dbc->getOne($sql);
|
||||||
return ($c == 1 ? TRUE : (PEAR::isError($c) ? $c : FALSE ));
|
return ($c == 1 ? TRUE : (PEAR::isError($c) ? $c : FALSE ));
|
||||||
}
|
} //fn checkAuthToken
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set valid token in alib object
|
* Set valid token in alib object
|
||||||
*
|
*
|
||||||
* @param sessid string
|
* @param string $sessid
|
||||||
* @return boolean/err
|
* @return boolean/err
|
||||||
*/
|
*/
|
||||||
function setAuthToken($sessid)
|
function setAuthToken($sessid)
|
||||||
|
|
@ -148,60 +159,74 @@ class Alib extends Subjects{
|
||||||
return PEAR::raiseError("ALib::setAuthToken: invalid token ($sessid)");
|
return PEAR::raiseError("ALib::setAuthToken: invalid token ($sessid)");
|
||||||
$this->sessid = $sessid;
|
$this->sessid = $sessid;
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
} // fn setAuthToken
|
||||||
|
|
||||||
|
|
||||||
/* -------------------------------------------------------- authorization */
|
/* -------------------------------------------------------- authorization */
|
||||||
/**
|
/**
|
||||||
* Insert permission record
|
* Insert permission record
|
||||||
*
|
*
|
||||||
* @param sid int - local user/group id
|
* @param int $sid - local user/group id
|
||||||
* @param action string
|
* @param string $action
|
||||||
* @param oid int - local object id
|
* @param int $oid - local object id
|
||||||
* @param type char - 'A'|'D' (allow/deny)
|
* @param string $type - 'A'|'D' (allow/deny)
|
||||||
* @return int - local permission id
|
* @return int - local permission id
|
||||||
*/
|
*/
|
||||||
function addPerm($sid, $action, $oid, $type='A')
|
function addPerm($sid, $action, $oid, $type='A')
|
||||||
{
|
{
|
||||||
$permid = $this->dbc->nextId("{$this->permTable}_id_seq");
|
$permid = $this->dbc->nextId("{$this->permTable}_id_seq");
|
||||||
$r = $this->dbc->query($q = "
|
$sql = "INSERT INTO {$this->permTable} (permid, subj, action, obj, type)
|
||||||
INSERT INTO {$this->permTable} (permid, subj, action, obj, type)
|
VALUES ($permid, $sid, '$action', $oid, '$type')";
|
||||||
VALUES ($permid, $sid, '$action', $oid, '$type')
|
$r = $this->dbc->query($sql);
|
||||||
");
|
if (PEAR::isError($r)) {
|
||||||
if(PEAR::isError($r)) return($r);
|
return($r);
|
||||||
return $permid;
|
|
||||||
}
|
}
|
||||||
|
return $permid;
|
||||||
|
} // fn addPerm
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Remove permission record
|
* Remove permission record
|
||||||
*
|
*
|
||||||
* @param permid int OPT - local permission id
|
* @param int $permid OPT - local permission id
|
||||||
* @param subj int OPT - local user/group id
|
* @param int $subj OPT - local user/group id
|
||||||
* @param obj int OPT - local object id
|
* @param int $obj OPT - local object id
|
||||||
* @return boolean/error
|
* @return boolean/error
|
||||||
*/
|
*/
|
||||||
function removePerm($permid=NULL, $subj=NULL, $obj=NULL)
|
function removePerm($permid=NULL, $subj=NULL, $obj=NULL)
|
||||||
{
|
{
|
||||||
$ca = array();
|
$ca = array();
|
||||||
if($permid) $ca[] = "permid=$permid";
|
if ($permid) {
|
||||||
if($subj) $ca[] = "subj=$subj";
|
$ca[] = "permid=$permid";
|
||||||
if($obj) $ca[] = "obj=$obj";
|
|
||||||
$cond = join(" AND ", $ca);
|
|
||||||
if(!$cond) return TRUE;
|
|
||||||
return $this->dbc->query("DELETE FROM {$this->permTable} WHERE $cond");
|
|
||||||
}
|
}
|
||||||
|
if ($subj) {
|
||||||
|
$ca[] = "subj=$subj";
|
||||||
|
}
|
||||||
|
if ($obj) {
|
||||||
|
$ca[] = "obj=$obj";
|
||||||
|
}
|
||||||
|
$cond = join(" AND ", $ca);
|
||||||
|
if (!$cond) {
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
$sql = "DELETE FROM {$this->permTable} WHERE $cond";
|
||||||
|
return $this->dbc->query($sql);
|
||||||
|
} // fn removePerm
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return object related with permission record
|
* Return object related with permission record
|
||||||
*
|
*
|
||||||
* @param permid int - local permission id
|
* @param int $permid - local permission id
|
||||||
* @return int - local object id
|
* @return int - local object id
|
||||||
*/
|
*/
|
||||||
function _getPermOid($permid)
|
function _getPermOid($permid)
|
||||||
{
|
{
|
||||||
$res = $this->dbc->getOne(
|
$sql = "SELECT obj FROM {$this->permTable} WHERE permid=$permid";
|
||||||
"SELECT obj FROM {$this->permTable} WHERE permid=$permid");
|
$res = $this->dbc->getOne($sql);
|
||||||
return $res;
|
return $res;
|
||||||
}
|
} // fn _getPermOid
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if specified subject have permission to specified action
|
* Check if specified subject have permission to specified action
|
||||||
|
|
@ -217,17 +242,25 @@ class Alib extends Subjects{
|
||||||
* object-tree-related.
|
* object-tree-related.
|
||||||
* Support for object classes can be disabled by USE_ALIB_CLASSES const.
|
* Support for object classes can be disabled by USE_ALIB_CLASSES const.
|
||||||
*
|
*
|
||||||
* @param sid int, subject id (user or group id)
|
* @param int $sid, subject id (user or group id)
|
||||||
* @param action string, from set defined in config
|
* @param string $action, from set defined in config
|
||||||
* @param oid int, object id, optional (default: root node)
|
* @param int $oid, object id, optional (default: root node)
|
||||||
* @return boolean/err
|
* @return boolean/err
|
||||||
*/
|
*/
|
||||||
function checkPerm($sid, $action, $oid=NULL)
|
function checkPerm($sid, $action, $oid=NULL)
|
||||||
{
|
{
|
||||||
if(!is_numeric($sid)) return FALSE;
|
if (!is_numeric($sid)) {
|
||||||
if(is_null($oid) or $oid=='') $oid = $this->getRootNode();
|
return FALSE;
|
||||||
if(PEAR::isError($oid)) return $oid;
|
}
|
||||||
if(!is_numeric($oid)) return FALSE;
|
if (is_null($oid) or $oid=='') {
|
||||||
|
$oid = $this->getRootNode();
|
||||||
|
}
|
||||||
|
if (PEAR::isError($oid)) {
|
||||||
|
return $oid;
|
||||||
|
}
|
||||||
|
if (!is_numeric($oid)) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
// query construction
|
// query construction
|
||||||
// shortcuts:
|
// shortcuts:
|
||||||
// p: permTable,
|
// p: permTable,
|
||||||
|
|
@ -260,14 +293,18 @@ class Alib extends Subjects{
|
||||||
// query by tree:
|
// query by tree:
|
||||||
$query1 = "SELECT $q_flds FROM $q_from $q_join WHERE $q_cond $q_ordb";
|
$query1 = "SELECT $q_flds FROM $q_from $q_join WHERE $q_cond $q_ordb";
|
||||||
$r1 = $this->dbc->getAll($query1);
|
$r1 = $this->dbc->getAll($query1);
|
||||||
if(PEAR::isError($r1)) return($r1);
|
if (PEAR::isError($r1)) {
|
||||||
|
return($r1);
|
||||||
|
}
|
||||||
// if there is row with type='A' on the top => permit
|
// if there is row with type='A' on the top => permit
|
||||||
$AllowedByTree =
|
$AllowedByTree =
|
||||||
(is_array($r1) && count($r1)>0 && $r1[0]['type']=='A');
|
(is_array($r1) && count($r1)>0 && $r1[0]['type']=='A');
|
||||||
$DeniedByTree =
|
$DeniedByTree =
|
||||||
(is_array($r1) && count($r1)>0 && $r1[0]['type']=='D');
|
(is_array($r1) && count($r1)>0 && $r1[0]['type']=='D');
|
||||||
|
|
||||||
if(!USE_ALIB_CLASSES) return $AllowedbyTree;
|
if (!USE_ALIB_CLASSES) {
|
||||||
|
return $AllowedbyTree;
|
||||||
|
}
|
||||||
|
|
||||||
// joins for solving object classes:
|
// joins for solving object classes:
|
||||||
$q_flds = $q_flds0.", c.cname ";
|
$q_flds = $q_flds0.", c.cname ";
|
||||||
|
|
@ -278,7 +315,9 @@ class Alib extends Subjects{
|
||||||
// query by class:
|
// query by class:
|
||||||
$query2 = "SELECT $q_flds FROM $q_from $q_join WHERE $q_cond $q_ordb";
|
$query2 = "SELECT $q_flds FROM $q_from $q_join WHERE $q_cond $q_ordb";
|
||||||
$r2 = $this->dbc->getAll($query2);
|
$r2 = $this->dbc->getAll($query2);
|
||||||
if(PEAR::isError($r2)) return($r2);
|
if (PEAR::isError($r2)) {
|
||||||
|
return($r2);
|
||||||
|
}
|
||||||
$AllowedByClass =
|
$AllowedByClass =
|
||||||
(is_array($r2) && count($r2)>0 && $r2[0]['type']=='A');
|
(is_array($r2) && count($r2)>0 && $r2[0]['type']=='A');
|
||||||
// not used now:
|
// not used now:
|
||||||
|
|
@ -287,115 +326,138 @@ class Alib extends Subjects{
|
||||||
$res = ($AllowedByTree || (!$DeniedByTree && $AllowedByClass));
|
$res = ($AllowedByTree || (!$DeniedByTree && $AllowedByClass));
|
||||||
# echo"<pre>\nsid=$sid, action=$action, oid=$oid\n"; var_dump($r1); echo"\n---\n$query1\n---\n\n"; var_dump($r2); echo"\n---\n$query2\n---\n\n"; exit;
|
# echo"<pre>\nsid=$sid, action=$action, oid=$oid\n"; var_dump($r1); echo"\n---\n$query1\n---\n\n"; var_dump($r2); echo"\n---\n$query2\n---\n\n"; exit;
|
||||||
return $res;
|
return $res;
|
||||||
}
|
} // fn checkPerm
|
||||||
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------- object tree */
|
/* ---------------------------------------------------------- object tree */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Remove all permissions on object and then remove object itself
|
* Remove all permissions on object and then remove object itself
|
||||||
*
|
*
|
||||||
* @param id int
|
* @param int $id
|
||||||
* @return void/error
|
* @return void/error
|
||||||
*/
|
*/
|
||||||
function removeObj($id)
|
function removeObj($id)
|
||||||
{
|
{
|
||||||
$r = $this->removePerm(NULL, NULL, $id);
|
$r = $this->removePerm(NULL, NULL, $id);
|
||||||
if(PEAR::isError($r)) return $r;
|
if (PEAR::isError($r)) {
|
||||||
return parent::removeObj($id);
|
return $r;
|
||||||
}
|
}
|
||||||
|
return parent::removeObj($id);
|
||||||
|
} // fn removeObj
|
||||||
|
|
||||||
/* --------------------------------------------------------- users/groups */
|
/* --------------------------------------------------------- users/groups */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Remove all permissions of subject and then remove subject itself
|
* Remove all permissions of subject and then remove subject itself
|
||||||
*
|
*
|
||||||
* @param login string
|
* @param string $login
|
||||||
* @return void/error
|
* @return void/error
|
||||||
*/
|
*/
|
||||||
function removeSubj($login)
|
function removeSubj($login)
|
||||||
{
|
{
|
||||||
$uid = $this->getSubjId($login); if(PEAR::isError($uid)) return $uid;
|
$uid = $this->getSubjId($login);
|
||||||
|
if (PEAR::isError($uid)) {
|
||||||
|
return $uid;
|
||||||
|
}
|
||||||
if (is_null($uid)){
|
if (is_null($uid)){
|
||||||
return $this->dbc->raiseError("Alib::removeSubj: Subj not found ($login)",
|
return $this->dbc->raiseError("Alib::removeSubj: Subj not found ($login)",
|
||||||
ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
|
ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
|
||||||
}
|
}
|
||||||
$r = $this->removePerm(NULL, $uid); if(PEAR::isError($r)) return $r;
|
$r = $this->removePerm(NULL, $uid);
|
||||||
return parent::removeSubj($login, $uid);
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
}
|
}
|
||||||
|
return parent::removeSubj($login, $uid);
|
||||||
|
} // fn removeSubj
|
||||||
|
|
||||||
/* ------------------------------------------------------------- sessions */
|
/* ------------------------------------------------------------- sessions */
|
||||||
/**
|
/**
|
||||||
* Get login from session id (token)
|
* Get login from session id (token)
|
||||||
*
|
*
|
||||||
* @param sessid string
|
* @param string $sessid
|
||||||
* @return string/error
|
* @return string/error
|
||||||
*/
|
*/
|
||||||
function getSessLogin($sessid)
|
function getSessLogin($sessid)
|
||||||
{
|
{
|
||||||
$r = $this->dbc->getOne("
|
$sql = "SELECT login FROM {$this->sessTable} WHERE sessid='$sessid'";
|
||||||
SELECT login FROM {$this->sessTable} WHERE sessid='$sessid'");
|
$r = $this->dbc->getOne($sql);
|
||||||
if(PEAR::isError($r)) return $r;
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
if (is_null($r)){
|
if (is_null($r)){
|
||||||
return PEAR::raiseError("Alib::getSessLogin:".
|
return PEAR::raiseError("Alib::getSessLogin:".
|
||||||
" invalid session id ($sessid)",
|
" invalid session id ($sessid)",
|
||||||
ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
|
ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
|
||||||
}
|
}
|
||||||
return $r;
|
return $r;
|
||||||
}
|
} // fn getSessLogin
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get user id from session id
|
* Get user id from session id.
|
||||||
*
|
*
|
||||||
* @param sessid string
|
* @param string $sessid
|
||||||
* @return int/error
|
* @return int/error
|
||||||
*/
|
*/
|
||||||
function getSessUserId($sessid)
|
function getSessUserId($sessid)
|
||||||
{
|
{
|
||||||
$r = $this->dbc->getOne("
|
$sql = "SELECT userid FROM {$this->sessTable} WHERE sessid='$sessid'";
|
||||||
SELECT userid FROM {$this->sessTable} WHERE sessid='$sessid'");
|
$r = $this->dbc->getOne($sql);
|
||||||
if(PEAR::isError($r)) return $r;
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
if (is_null($r)){
|
if (is_null($r)){
|
||||||
return PEAR::raiseError("Alib::getSessUserId:".
|
return PEAR::raiseError("Alib::getSessUserId:".
|
||||||
" invalid session id ($sessid)",
|
" invalid session id ($sessid)",
|
||||||
ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
|
ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
|
||||||
}
|
}
|
||||||
return $r;
|
return $r;
|
||||||
}
|
} // fn getSessUserId
|
||||||
|
|
||||||
|
|
||||||
/* --------------------------------------------------------- info methods */
|
/* --------------------------------------------------------- info methods */
|
||||||
/**
|
/**
|
||||||
* Get all permissions on object
|
* Get all permissions on object.
|
||||||
*
|
*
|
||||||
* @param id int
|
* @param int $id
|
||||||
* @return array/null/err
|
* @return array/null/err
|
||||||
*/
|
*/
|
||||||
function getObjPerms($id)
|
function getObjPerms($id)
|
||||||
{
|
{
|
||||||
return $this->dbc->getAll("
|
$sql = "SELECT s.login, p.* FROM {$this->permTable} p, {$this->subjTable} s
|
||||||
SELECT s.login, p.* FROM {$this->permTable} p, {$this->subjTable} s
|
WHERE s.id=p.subj AND p.obj=$id";
|
||||||
WHERE s.id=p.subj AND p.obj=$id");
|
return $this->dbc->getAll($sql);
|
||||||
}
|
} // fn getObjPerms
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all permissions of subject
|
* Get all permissions of subject.
|
||||||
*
|
*
|
||||||
* @param sid int
|
* @param int $sid
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function getSubjPerms($sid)
|
function getSubjPerms($sid)
|
||||||
{
|
{
|
||||||
$a1 = $this->dbc->getAll("
|
$sql = "
|
||||||
SELECT t.name, t.type as otype , p.*
|
SELECT t.name, t.type as otype , p.*
|
||||||
FROM {$this->permTable} p, {$this->treeTable} t
|
FROM {$this->permTable} p, {$this->treeTable} t
|
||||||
WHERE t.id=p.obj AND p.subj=$sid");
|
WHERE t.id=p.obj AND p.subj=$sid";
|
||||||
if(PEAR::isError($a1)) return $a1;
|
$a1 = $this->dbc->getAll($sql);
|
||||||
$a2 = $this->dbc->getAll("
|
if (PEAR::isError($a1)) {
|
||||||
|
return $a1;
|
||||||
|
}
|
||||||
|
$sql2 = "
|
||||||
SELECT c.cname as name, 'C'as otype, p.*
|
SELECT c.cname as name, 'C'as otype, p.*
|
||||||
FROM {$this->permTable} p, {$this->classTable} c
|
FROM {$this->permTable} p, {$this->classTable} c
|
||||||
WHERE c.id=p.obj AND p.subj=$sid");
|
WHERE c.id=p.obj AND p.subj=$sid";
|
||||||
if(PEAR::isError($a2)) return $a2;
|
$a2 = $this->dbc->getAll($sql2);
|
||||||
return array_merge($a1, $a2);
|
if (PEAR::isError($a2)) {
|
||||||
|
return $a2;
|
||||||
}
|
}
|
||||||
|
return array_merge($a1, $a2);
|
||||||
|
} // fn getSubjPerms
|
||||||
|
|
||||||
|
|
||||||
/* ------------------------ info methods related to application structure */
|
/* ------------------------ info methods related to application structure */
|
||||||
/* (this part should be added/rewritten to allow defining/modifying/using
|
/* (this part should be added/rewritten to allow defining/modifying/using
|
||||||
|
|
@ -411,44 +473,50 @@ class Alib extends Subjects{
|
||||||
function getAllActions()
|
function getAllActions()
|
||||||
{
|
{
|
||||||
return $this->config['allActions'];
|
return $this->config['allActions'];
|
||||||
}
|
} // fn getAllActions
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all allowed actions on specified object type
|
* Get all allowed actions on specified object type.
|
||||||
*
|
*
|
||||||
* @param type string
|
* @param string $type
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function getAllowedActions($type)
|
function getAllowedActions($type)
|
||||||
{
|
{
|
||||||
return $this->config['allowedActions'][$type];
|
return $this->config['allowedActions'][$type];
|
||||||
}
|
} // fn getAllowedActions
|
||||||
|
|
||||||
|
|
||||||
/* ====================================================== private methods */
|
/* ====================================================== private methods */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create new session id
|
* Create new session id. Return the new session ID.
|
||||||
*
|
*
|
||||||
* @return string sessid
|
* @return string
|
||||||
*/
|
*/
|
||||||
function _createSessid()
|
function _createSessid()
|
||||||
{
|
{
|
||||||
for ($c=1; $c>0;){
|
for ($c=1; $c>0;){
|
||||||
$sessid = md5(uniqid(rand()));
|
$sessid = md5(uniqid(rand()));
|
||||||
$c = $this->dbc->getOne("SELECT count(*) FROM {$this->sessTable}
|
$sql = "SELECT count(*) FROM {$this->sessTable}
|
||||||
WHERE sessid='$sessid'");
|
WHERE sessid='$sessid'";
|
||||||
if(PEAR::isError($c)) return $c;
|
$c = $this->dbc->getOne($sql);
|
||||||
|
if (PEAR::isError($c)) {
|
||||||
|
return $c;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $sessid;
|
return $sessid;
|
||||||
}
|
} // fn _createSessid
|
||||||
|
|
||||||
|
|
||||||
/* =============================================== test and debug methods */
|
/* =============================================== test and debug methods */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Dump all permissions for debug
|
* Dump all permissions for debug
|
||||||
*
|
*
|
||||||
* @param indstr string // indentation string
|
* @param string $indstr // indentation string
|
||||||
* @param ind string // aktual indentation
|
* @param string $ind // actual indentation
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
function dumpPerms($indstr=' ', $ind='')
|
function dumpPerms($indstr=' ', $ind='')
|
||||||
|
|
@ -459,17 +527,20 @@ class Alib extends Subjects{
|
||||||
WHERE s.id=p.subj
|
WHERE s.id=p.subj
|
||||||
ORDER BY p.permid
|
ORDER BY p.permid
|
||||||
");
|
");
|
||||||
if(PEAR::isError($arr)) return $arr;
|
if (PEAR::isError($arr)) {
|
||||||
|
return $arr;
|
||||||
|
}
|
||||||
$r = $ind.join(', ', array_map(create_function('$v',
|
$r = $ind.join(', ', array_map(create_function('$v',
|
||||||
'return "{$v[\'login\']}/{$v[\'action\']}/{$v[\'type\']}";'
|
'return "{$v[\'login\']}/{$v[\'action\']}/{$v[\'type\']}";'
|
||||||
),
|
),
|
||||||
$arr
|
$arr
|
||||||
))."\n";
|
))."\n";
|
||||||
return $r;
|
return $r;
|
||||||
}
|
} // fn dumpPerms
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* deleteData
|
* Delete everything form the permission table and session table.
|
||||||
*
|
*
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
|
|
@ -478,7 +549,9 @@ class Alib extends Subjects{
|
||||||
$this->dbc->query("DELETE FROM {$this->permTable}");
|
$this->dbc->query("DELETE FROM {$this->permTable}");
|
||||||
$this->dbc->query("DELETE FROM {$this->sessTable}");
|
$this->dbc->query("DELETE FROM {$this->sessTable}");
|
||||||
parent::deleteData();
|
parent::deleteData();
|
||||||
}
|
} // fn deleteData
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Insert test permissions
|
* Insert test permissions
|
||||||
*
|
*
|
||||||
|
|
@ -509,10 +582,13 @@ class Alib extends Subjects{
|
||||||
}
|
}
|
||||||
foreach ($perms as $p){
|
foreach ($perms as $p){
|
||||||
$o[] = $r = $this->addPerm($p[0], $p[1], $p[2], $p[3]);
|
$o[] = $r = $this->addPerm($p[0], $p[1], $p[2], $p[3]);
|
||||||
if(PEAR::isError($r)) return $r;
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
$this->tdata['perms'] = $o;
|
$this->tdata['perms'] = $o;
|
||||||
}
|
} // fn testData
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Make basic test
|
* Make basic test
|
||||||
|
|
@ -521,10 +597,14 @@ class Alib extends Subjects{
|
||||||
*/
|
*/
|
||||||
function test()
|
function test()
|
||||||
{
|
{
|
||||||
if(PEAR::isError($p = parent::test())) return $p;
|
if (PEAR::isError($p = parent::test())) {
|
||||||
|
return $p;
|
||||||
|
}
|
||||||
$this->deleteData();
|
$this->deleteData();
|
||||||
$r = $this->testData();
|
$r = $this->testData();
|
||||||
if(PEAR::isError($r)) return $r;
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
$this->test_correct = "root/_all/A, test1/_all/A, test1/read/D,".
|
$this->test_correct = "root/_all/A, test1/_all/A, test1/read/D,".
|
||||||
" test2/addChilds/D, test2/read/A, test2/edit/A,".
|
" test2/addChilds/D, test2/read/A, test2/edit/A,".
|
||||||
" test1/addChilds/D, test1/addChilds/D, gr2/addChilds/A,".
|
" test1/addChilds/D, test1/addChilds/D, gr2/addChilds/A,".
|
||||||
|
|
@ -534,7 +614,9 @@ class Alib extends Subjects{
|
||||||
}
|
}
|
||||||
$this->test_correct .= "\nno, yes\n";
|
$this->test_correct .= "\nno, yes\n";
|
||||||
$r = $this->dumpPerms();
|
$r = $this->dumpPerms();
|
||||||
if(PEAR::isError($r)) return $r;
|
if (PEAR::isError($r)) {
|
||||||
|
return $r;
|
||||||
|
}
|
||||||
$this->test_dump = $r.
|
$this->test_dump = $r.
|
||||||
($this->checkPerm(
|
($this->checkPerm(
|
||||||
$this->tdata['subjects']['test1'], 'read',
|
$this->tdata['subjects']['test1'], 'read',
|
||||||
|
|
@ -557,12 +639,15 @@ class Alib extends Subjects{
|
||||||
$this->test_correct .= "\n";
|
$this->test_correct .= "\n";
|
||||||
$this->test_dump .= $this->dumpPerms();
|
$this->test_dump .= $this->dumpPerms();
|
||||||
$this->deleteData();
|
$this->deleteData();
|
||||||
if($this->test_dump==$this->test_correct)
|
if ($this->test_dump==$this->test_correct) {
|
||||||
{ $this->test_log.="alib: OK\n"; return TRUE;
|
$this->test_log.="alib: OK\n"; return TRUE;
|
||||||
}else return PEAR::raiseError('Alib::test', 1, PEAR_ERROR_DIE, '%s'.
|
} else {
|
||||||
|
return PEAR::raiseError('Alib::test', 1, PEAR_ERROR_DIE, '%s'.
|
||||||
"<pre>\ncorrect:\n{$this->test_correct}\n".
|
"<pre>\ncorrect:\n{$this->test_correct}\n".
|
||||||
"dump:\n{$this->test_dump}\n</pre>\n");
|
"dump:\n{$this->test_dump}\n</pre>\n");
|
||||||
}
|
}
|
||||||
|
} // fn test
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create tables + initialize
|
* Create tables + initialize
|
||||||
|
|
@ -599,7 +684,8 @@ class Alib extends Subjects{
|
||||||
ON {$this->sessTable} (userid)");
|
ON {$this->sessTable} (userid)");
|
||||||
$this->dbc->query("CREATE INDEX {$this->sessTable}_login_idx
|
$this->dbc->query("CREATE INDEX {$this->sessTable}_login_idx
|
||||||
ON {$this->sessTable} (login)");
|
ON {$this->sessTable} (login)");
|
||||||
}
|
} // fn install
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Drop tables etc.
|
* Drop tables etc.
|
||||||
|
|
@ -612,6 +698,7 @@ class Alib extends Subjects{
|
||||||
$this->dbc->dropSequence("{$this->permTable}_id_seq");
|
$this->dbc->dropSequence("{$this->permTable}_id_seq");
|
||||||
$this->dbc->query("DROP TABLE {$this->sessTable}");
|
$this->dbc->query("DROP TABLE {$this->sessTable}");
|
||||||
parent::uninstall();
|
parent::uninstall();
|
||||||
}
|
} // fn uninstall
|
||||||
}
|
|
||||||
|
} // class Alib
|
||||||
?>
|
?>
|
||||||
Loading…
Add table
Add a link
Reference in a new issue