-This document describes authentication and authorization component of the LiveSupport project.
-
-
Auth module - request for comments
-25.8.2004
-
Authentication & authorization
-
Authentication - as user's identity
-checking - login call create and return auth token, client sends this token
-with all subsequent calls, logout call make this token invalid
-
-
Authorization - as checking user's
-permission for called action on some object - that's main solved problem.
-
-
Basic model
-
Subject --- Action ---> Object
-
-
Where:
-
-
Subject
-is one user or user group (or role - in this aproach group and role are the same)
-
-
Action
-is item from predefined action set
-
-
Object
-is a object from tree or class of objects
-
-
-
-
Subject implementation
-
Subjects are divided into two types - users and groups. There is membership relation
-(type N:M) from subjects table to itself with "linearization" feature - for
-questions about it send me a mail please ;)
-This approach allows inserting user to group or group to group with quick
-searching of direct and indirect membership.
-
-
Object implementation
-
For simple use with existing projects, there would be a object tree
-always separated from project's database tables. It would be implemented by
-table of objects and information about parent/child (or other) relation
-between objects.
-
-
-There is also class table and N:M membership relation between objects and
-classes.
-
There are several ways to handle permissions - I've used this:
-allow/deny - all without allow
-permission is denied, but more specified setting may overcome less
-specified
-(e.g. group of users is allowed to do smth., but one specified group-member is
-denied)
-
-
Permissions are stored as triple [subject, action, object]
-and allow/deny flag.
-
-
-
Procedure of permission checking:
-
-
Select all permissions on corresponding object + all objects in tree path
- for actual user + all groups, where user have direct or indirect membership.
-
-
Sort it by:
-
diference in tree levels for object
-
membership level for subject
-
record with '_all' action have lower priority
-
'deny' records have higher priority then 'allow'
-
-
If no record found then repeat similar query with class table instead of object tree table. (+ similar sorting)
-
If record on the top of sorted sequence have 'allow' type then return allow else deny
-
-
-
Rem.: Some cache system for authorization decisions would be good ...
-
-
Auth system usage
-
-
There are 3 main types of usage:
-
-
authorization of called action
-
automatic modification of user interface in dependence on user
-permissions
-
automatic generation of admin interface for permissions settings
-
-
-
Important part of API:
-
-
-
function Alib(&$dbc, $config) returns object
- constructor
-
-
function login($login, $pass) returns token
-
-
function logout($sessid) returns boolean
-
-
function checkToken($sessid) returns boolean
- check validity of the token
-
-
function addObj($name, $type, $parid, $aftid, $param) returns int
- adds object to tree as child of object with id=$parid after object with id=$aftid
-
-
function removeObj($id) returns boolean
-
-
function addSubj($login, $pass) returns int
- add user (or group - with $pass=null)
-
-
function removeSubj($login) returns boolean
-
-
function addPerm($sid, $action, $oid, $type) returns int
- add permission record - type is A(allow) or D(deny)
-
-
function removePerm($permid, $subj, $obj) returns null
- remove permission record
-
-
function checkPerm($sid, $action, $oid) returns boolean
- check permission for action on object with id=$oid for subject with id=$sid
-
-
-
function copyObj($id, $newParid, $after) returns int
-
-
function renameObj($id, $newName) returns boolean
-
-
function getParent($oid) returns string
-
-
function getPath($id, $flds) returns array
-
-
function getDir($id, $flds, $order) returns array
-
-
-
function addClass($cname) returns int
-
-
function removeClass($cname) returns boolean
-
-
function addObj2Class($cid, $oid) returns boolean
-
-
function removeObjFromClass($oid, $cid) returns boolean
-
-
-
function addSubj2Gr($login, $gname) returns int
-
-
function removeSubjFromGr($login, $gname) returns boolean
-
-
function isGroup($gid) returns boolean
-
-
function listGroup($gid) returns array
-
-
-
All methods may return PEAR::error object if fails ...
-
-
Connection to existing applications
-
PHP applications could include Alib class and call API methods
-directly.
-Other programming platforms should call XMLRPC or HTTP layer above this API.
-
-
-
-
diff --git a/livesupport/modules/alib/doc/todo.txt b/livesupport/modules/alib/doc/todo.txt
deleted file mode 100644
index ef6a3a915..000000000
--- a/livesupport/modules/alib/doc/todo.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-
- $Id: todo.txt,v 1.1 2004/07/23 00:22:13 tomas Exp $
-
-* delete old sessions
-* if user have 'classes' permission:
- -> create new class ('X')
- -> add '_all' perm on class 'X' to himself
- -> insert RootNode to class 'X'
- => user have all perms ;)
-* complete xmlrpc layer
-
----
-partialy done:
-
-. actions would have priority order (or set lower priority to '_all' action only),
- temp hack: '_all' action is in string sort after all act names => with ASC order have '_all' lower prio ...
----
diff --git a/livesupport/modules/alib/etc/doxygen.config b/livesupport/modules/alib/etc/doxygen.config
new file mode 100644
index 000000000..590d9a545
--- /dev/null
+++ b/livesupport/modules/alib/etc/doxygen.config
@@ -0,0 +1,1144 @@
+#-------------------------------------------------------------------------------
+# doxygen.config
+# Copyright (c) 2004 Media Development Loan Fund
+#
+# This file is part of the LiveSupport project.
+#
+# LiveSupport is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# LiveSupport is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with LiveSupport; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+#
+# Author : $Author: tomas $
+# Version : $Revision: 1.1 $
+# Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/modules/alib/etc/doxygen.config,v $
+#-------------------------------------------------------------------------------
+
+# Doxyfile 1.3.6
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = LiveSupport
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = 1.0
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY = doc/doxygen
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch,
+# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en
+# (Japanese with English messages), Korean, Korean-en, Norwegian, Polish, Portuguese,
+# Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE = English
+
+# This tag can be used to specify the encoding used in the generated output.
+# The encoding is not always determined by the language that is chosen,
+# but also whether or not the output is meant for Windows or non-Windows users.
+# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES
+# forces the Windows encoding (this is the default for the Windows binary),
+# whereas setting the tag to NO uses a Unix-style encoding (the default for
+# all platforms other than Windows).
+
+USE_WINDOWS_ENCODING = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is used
+# as the annotated text. Otherwise, the brief description is used as-is. If left
+# blank, the following values are used ("$name" is automatically replaced with the
+# name of the entity): "The $name class" "The $name widget" "The $name file"
+# "is" "provides" "specifies" "contains" "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all inherited
+# members of a class in the documentation of that class as if those members were
+# ordinary class members. Constructors, destructors and assignment operators of
+# the base classes will not be shown.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. It is allowed to use relative paths in the argument list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like the Qt-style comments (thus requiring an
+# explicit @brief command for a brief description.
+
+JAVADOC_AUTOBRIEF = YES
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = YES
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 4
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
+# only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C = NO
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources
+# only. Doxygen will then generate output that is more tailored for Java.
+# For instance, namespaces will be presented as packages, qualified scopes
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING = YES
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+#EXTRACT_ALL = NO
+EXTRACT_ALL = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC = YES
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES = YES
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# users are advised to set this option to NO.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR = YES
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text.
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT = var var/xmlrpc
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp
+# *.h++ *.idl *.odl *.cs *.php *.php3 *.inc
+
+FILE_PATTERNS = *.php
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories
+# that are symbolic links (a Unix filesystem feature) are excluded from the input.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories.
+
+EXCLUDE_PATTERNS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command , where
+# is the value of the INPUT_FILTER tag, and is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output.
+
+INPUT_FILTER =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER = YES
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default)
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default)
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION = YES
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = YES
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader. This is useful
+# if you want to understand what is going on. On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION = YES
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_PREDEFINED tags.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH = include
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed.
+
+PREDEFINED =
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse the
+# parser if not removed.
+
+SKIP_FUNCTION_MACROS = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base or
+# super classes. Setting the tag to NO turns the diagrams off. Note that this
+# option is superseded by the HAVE_DOT option below. This is only a fallback. It is
+# recommended to install and use dot, since it yields more powerful graphs.
+
+CLASS_DIAGRAMS = YES
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will
+# generate a call dependency graph for every global function or class method.
+# Note that enabling this option will significantly increase the time of a run.
+# So in most cases it will be better to enable call graphs for selected
+# functions only using the \callgraph command.
+
+CALL_GRAPH = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found on the path.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS =
+
+# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than
+# this value, doxygen will try to truncate the graph, so that it fits within
+# the specified constraint. Beware that most browsers cannot cope with very
+# large images.
+
+MAX_DOT_GRAPH_WIDTH = 1024
+
+# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than
+# this value, doxygen will try to truncate the graph, so that it fits within
+# the specified constraint. Beware that most browsers cannot cope with very
+# large images.
+
+MAX_DOT_GRAPH_HEIGHT = 1024
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes that
+# lay further from the root node will be omitted. Note that setting this option to
+# 1 or 2 may greatly reduce the computation time needed for large code bases. Also
+# note that a graph may be further truncated if the graph's image dimensions are
+# not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH and MAX_DOT_GRAPH_HEIGHT).
+# If 0 is used for the depth value (the default), the graph is not depth-constrained.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE = NO
diff --git a/livesupport/modules/alib/var/alib.php b/livesupport/modules/alib/var/alib.php
index 891e364ba..deab20480 100644
--- a/livesupport/modules/alib/var/alib.php
+++ b/livesupport/modules/alib/var/alib.php
@@ -1,27 +1,59 @@
sessTable = $config['tblNamePrefix'].'sess';
}
- /* ========== public methods: ========== */
+ /* ======================================================= public methods */
- /* --- session/authentication --- */
+ /* ----------------------------------------------- session/authentication */
/**
- * login
- *
- * @param login string
- * @param pass string
- * @return boolean/sessionId/err
- **/
+ * Authenticate and create session
+ *
+ * @param login string
+ * @param pass string
+ * @return boolean/sessionId/err
+ */
function login($login, $pass)
{
if(FALSE === $this->authenticate($login, $pass)) return FALSE;
for($c=1; $c>0;){
$sessid = md5(uniqid(rand()));
- $c = $this->dbc->getOne("SELECT count(*) FROM {$this->sessTable} WHERE sessid='$sessid'");
+ $c = $this->dbc->getOne("SELECT count(*) FROM {$this->sessTable}
+ WHERE sessid='$sessid'");
if(PEAR::isError($c)) return $c;
}
$userid = $this->getSubjId($login);
- $r = $this->dbc->query("INSERT INTO {$this->sessTable} (sessid, userid, login)
- VALUES ('$sessid', '$userid', '$login')");
+ $r = $this->dbc->query("INSERT INTO {$this->sessTable}
+ (sessid, userid, login, ts)
+ VALUES
+ ('$sessid', '$userid', '$login', now())");
if(PEAR::isError($r)) return $r;
$this->login = $login;
$this->userid = $userid;
@@ -59,20 +94,22 @@ class Alib extends Subjects{
}
/**
- * logout
- *
- * @param sessid string
- * @return true/err
- **/
+ * Logout and destroy session
+ *
+ * @param sessid string
+ * @return true/err
+ */
function logout($sessid)
{
$ct = $this->checkToken($sessid);
if($ct === FALSE)
- return PEAR::raiseError('Alib::logout: not logged ($ct)', ALIBERR_NOTLOGGED, PEAR_ERROR_RETURN);
+ return PEAR::raiseError('Alib::logout: not logged ($ct)',
+ ALIBERR_NOTLOGGED, PEAR_ERROR_RETURN);
elseif(PEAR::isError($ct))
return $ct;
else{
- $r = $this->dbc->query("DELETE FROM {$this->sessTable} WHERE sessid='$sessid'");
+ $r = $this->dbc->query("DELETE FROM {$this->sessTable}
+ WHERE sessid='$sessid'");
if(PEAR::isError($r)) return $r;
$this->login = NULL;
$this->userid = NULL;
@@ -82,42 +119,44 @@ class Alib extends Subjects{
}
/**
- * checkToken
- *
- * @param sessid string
- * @return boolean/err
- **/
+ * Return true if the token is valid
+ *
+ * @param sessid string
+ * @return boolean/err
+ */
function checkToken($sessid)
{
- $c = $this->dbc->getOne("SELECT count(*) as cnt FROM {$this->sessTable} WHERE sessid='$sessid'");
+ $c = $this->dbc->getOne("SELECT count(*) as cnt FROM {$this->sessTable}
+ WHERE sessid='$sessid'");
return ($c == 1 ? TRUE : (PEAR::isError($c) ? $c : FALSE ));
}
/**
- * setToken
- *
- * @param sessid string
- * @return boolean/err
- **/
+ * Set valid token in alib object
+ *
+ * @param sessid string
+ * @return boolean/err
+ */
function setToken($sessid)
{
$r = checkToken($sessid);
if(PEAR::isError($r)) return $r;
- if(!$r) return PEAR::raiseError("ALib::setToken: invalid token ($sessid)");
+ if(!$r)
+ return PEAR::raiseError("ALib::setToken: invalid token ($sessid)");
$this->sessid = $sessid;
return TRUE;
}
- /* --- authorization --- */
+ /* -------------------------------------------------------- authorization */
/**
- * addPerm
- *
- * @param sid int
- * @param action string
- * @param oid int
- * @param type char
- * @return int/err
- **/
+ * Insert permission record
+ *
+ * @param sid int
+ * @param action string
+ * @param oid int
+ * @param type char
+ * @return int/err
+ */
function addPerm($sid, $action, $oid, $type='A')
{
$permid = $this->dbc->nextId("{$this->permTable}_id_seq");
@@ -130,13 +169,13 @@ class Alib extends Subjects{
}
/**
- * removePerm
- *
- * @param permid int OPT
- * @param subj int OPT
- * @param obj int OPT
- * @return null/error
- **/
+ * Remove permission record
+ *
+ * @param permid int OPT
+ * @param subj int OPT
+ * @param obj int OPT
+ * @return null/error
+ */
function removePerm($permid=NULL, $subj=NULL, $obj=NULL)
{
return $this->dbc->query("DELETE FROM {$this->permTable} WHERE 1=1".
@@ -147,13 +186,15 @@ class Alib extends Subjects{
}
/**
- * checkPerm
- *
- * @param sid int
- * @param action string
- * @param oid int OPT
- * @return boolean/err
- **/
+ * Check if specified subject have permission to specified action
+ * on specified object - huh ;)
+ * One of the most important method in this class hierarchy ...
+ *
+ * @param sid int
+ * @param action string
+ * @param oid int OPT
+ * @return boolean/err
+ */
function checkPerm($sid, $action, $oid=NULL)
{
if(!is_numeric($sid)) return FALSE;
@@ -164,25 +205,33 @@ class Alib extends Subjects{
$q_flds = "m.level as S_lvl, p.subj, s.login, action, p.type, p.obj";
$q_from = "{$this->subjTable} s, {$this->permTable} p";
$q_join = "LEFT JOIN {$this->smembTable} m ON p.subj=m.gid ";
- $q_cond = "p.action in('_all', '$action') AND (m.uid=$sid OR p.subj=$sid) AND s.id=p.subj";
- $q_ordb = "ORDER BY S_lvl, action, p.type DESC"; // action ASC order is hack for lower priority of '_all'
+ $q_cond = "p.action in('_all', '$action') AND
+ (m.uid=$sid OR p.subj=$sid) AND s.id=p.subj";
+ // action ASC order is hack for lower priority of '_all':
+ $q_ordb = "ORDER BY S_lvl, action, p.type DESC";
$qc0 = $q_cond;
// test if object is class:
- $iscls = $this->isClass($oid); if(PEAR::isError($iscls)) return $iscls;
+ $iscls = $this->isClass($oid);
+ if(PEAR::isError($iscls)) return $iscls;
if($iscls){
$q_from .= ", {$this->classTable} c";
$q_cond .= " AND c.id=p.obj AND c.id=$oid";
}else{
- // object is normal node => path search => retrieve L/R values for oid:
- $r1 = $this->dbc->getRow("SELECT lft, rgt, level FROM {$this->treeTable} WHERE id=$oid");
+ // obj is normal node => path search => retrieve L/R values for it:
+ $r1 = $this->dbc->getRow("SELECT lft, rgt, level
+ FROM {$this->treeTable} WHERE id=$oid");
if(is_null($r1))
- return PEAR::raiseError('Alib::checkPerm: object not exists', ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN);
+ return PEAR::raiseError('Alib::checkPerm: object not exists',
+ ALIBERR_NOTEXISTS, PEAR_ERROR_RETURN
+ );
if(PEAR::isError($r1)) return($r1);
// fetch all path to oid + join with perms
$q_flds .= ", t.name, ({$r1['level']}-t.level)as T_lvl";
$q_from = "{$this->treeTable} t, ".$q_from;
- $q_cond .= " AND t.id=p.obj AND t.lft<={$r1['lft']} AND t.rgt>={$r1['rgt']}";
- $q_ordb = "ORDER BY T_lvl, S_lvl, action, p.type DESC"; // action ASC order is hack for lower priority of '_all'
+ $q_cond .= " AND t.id=p.obj AND t.lft<={$r1['lft']} AND
+ t.rgt>={$r1['rgt']}";
+ // action ASC order is hack for lower priority of '_all':
+ $q_ordb = "ORDER BY T_lvl, S_lvl, action, p.type DESC";
}
$query="SELECT $q_flds FROM $q_from $q_join WHERE $q_cond $q_ordb";
$r2 = $this->dbc->getAll($query);
@@ -201,28 +250,29 @@ class Alib extends Subjects{
return (is_array($r2) && count($r2)>0 && $r2[0]['type']=='A');
}
- /* --- object tree --- */
+ /* ---------------------------------------------------------- object tree */
/**
- * removeObj
- *
- * @param id int
- * @return void/error
- **/
+ * Remove all permissions on object and then remove object itself
+ *
+ * @param id int
+ * @return void/error
+ */
function removeObj($id)
{
- $r = $this->removePerm(NULL, NULL, $id); if(PEAR::isError($r)) return $r;
+ $r = $this->removePerm(NULL, NULL, $id);
+ if(PEAR::isError($r)) return $r;
return parent::removeObj($id);
}
- /* --- users/groups --- */
+ /* --------------------------------------------------------- users/groups */
/**
- * removeSubj
- *
- * @param login string
- * @return void/error
- **/
+ * Remove all permissions of subject and then remove subject itself
+ *
+ * @param login string
+ * @return void/error
+ */
function removeSubj($login)
{
$uid = $this->getSubjId($login); if(PEAR::isError($uid)) return $uid;
@@ -230,13 +280,13 @@ class Alib extends Subjects{
return parent::removeSubj($login, $uid);
}
- /* --- sessions --- */
+ /* ------------------------------------------------------------- sessions */
/**
- * getSessLogin
- *
- * @param sessid string
- * @return string/error
- **/
+ * Get login from session id (token)
+ *
+ * @param sessid string
+ * @return string/error
+ */
function getSessLogin($sessid)
{
return $this->dbc->getOne("
@@ -244,24 +294,24 @@ class Alib extends Subjects{
}
/**
- * getSessUserId
- *
- * @param sessid string
- * @return int/error
- **/
+ * Get user id from session id
+ *
+ * @param sessid string
+ * @return int/error
+ */
function getSessUserId($sessid)
{
return $this->dbc->getOne("
SELECT userid FROM {$this->sessTable} WHERE sessid='$sessid'");
}
- /* --- info methods: --- */
+ /* --------------------------------------------------------- info methods */
/**
- * getObjPerms
- *
- * @param id int
- * @return array/null/err
- **/
+ * Get all permissions on object
+ *
+ * @param id int
+ * @return array/null/err
+ */
function getObjPerms($id)
{
return $this->dbc->getAll("
@@ -270,82 +320,87 @@ class Alib extends Subjects{
}
/**
- * getSubjPerms
- *
- * @param sid int
- * @return array
- **/
+ * Get all permissions of subject
+ *
+ * @param sid int
+ * @return array
+ */
function getSubjPerms($sid)
{
$a1 = $this->dbc->getAll("
- SELECT t.name, t.type as otype , p.* FROM {$this->permTable} p, {$this->treeTable} t
+ SELECT t.name, t.type as otype , p.*
+ FROM {$this->permTable} p, {$this->treeTable} t
WHERE t.id=p.obj AND p.subj=$sid");
if(PEAR::isError($a1)) return $a1;
$a2 = $this->dbc->getAll("
- SELECT c.cname as name, 'C'as otype, p.* FROM {$this->permTable} p, {$this->classTable} c
+ SELECT c.cname as name, 'C'as otype, p.*
+ FROM {$this->permTable} p, {$this->classTable} c
WHERE c.id=p.obj AND p.subj=$sid");
if(PEAR::isError($a2)) return $a2;
return array_merge($a1, $a2);
}
- /* --- info methods related to application structure: --- */
- /* (this part should be added/rewritten to allow defining/modifying/using application structure) */
- /* (only very simple structure definition - in config - supported now) */
+ /* ------------------------ info methods related to application structure */
+ /* (this part should be added/rewritten to allow defining/modifying/using
+ * application structure)
+ * (only very simple structure definition - in $config - supported now)
+ */
/**
- * getAllActions
- *
- * @return array
- **/
+ * Get all actions
+ *
+ * @return array
+ */
function getAllActions()
{
return $this->config['allActions'];
}
/**
- * getAllowedActions
- *
- * @param type string
- * @return array
- **/
+ * Get all allowed actions on specified object type
+ *
+ * @param type string
+ * @return array
+ */
function getAllowedActions($type)
{
return $this->config['allowedActions'][$type];
}
- /* ========== test and debug methods: ========== */
+ /* =============================================== test and debug methods */
/**
- * dumpPerms
- *
- * @param indstr string // indentation string
- * @param ind string // aktual indentation
- * @return string
- **/
+ * Dump all permissions for debug
+ *
+ * @param indstr string // indentation string
+ * @param ind string // aktual indentation
+ * @return string
+ */
function dumpPerms($indstr=' ', $ind='')
{
- $r = $ind.join(', ', array_map(create_function('$v', 'return "{$v[\'action\']}/{$v[\'type\']}";'),
+ $r = $ind.join(', ', array_map(
+ create_function('$v', 'return "{$v[\'action\']}/{$v[\'type\']}";'),
$this->dbc->getAll("SELECT action, type FROM {$this->permTable}")
))."\n";
return $r;
}
/**
- * deleteData
- *
- * @return void
- **/
+ * deleteData
+ *
+ * @return void
+ */
function deleteData()
{
$this->dbc->query("DELETE FROM {$this->permTable}");
parent::deleteData();
}
/**
- * testData
- *
- * @return array
- **/
+ * Insert test permissions
+ *
+ * @return array
+ */
function testData()
{
parent::testData();
@@ -374,35 +429,46 @@ class Alib extends Subjects{
}
/**
- * test
- *
- * @return boolean/error
- **/
+ * Make basic test
+ *
+ * @return boolean/error
+ */
function test()
{
if(PEAR::isError($p = parent::test())) return $p;
$this->deleteData();
$this->testData();
- $this->test_correct = "_all/A, _all/A, _all/D, read/A, edit/A, read/A, editPerms/A, editPerms/D, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A\nno, yes\n";
+ $this->test_correct = "_all/A, _all/A, _all/D, read/A, edit/A, read/A,".
+ " editPerms/A, editPerms/D, addChilds/A, addChilds/A, addChilds/A,".
+ " addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A".
+ "\nno, yes\n";
$this->test_dump = $this->dumpPerms().
- ($this->checkPerm($this->tdata['subjects'][1], 'edit', $this->tdata['tree'][7])? 'yes':'no').", ".
- ($this->checkPerm($this->tdata['subjects'][2], 'read', $this->tdata['tree'][5])? 'yes':'no')."\n"
+ ($this->checkPerm(
+ $this->tdata['subjects'][1], 'edit', $this->tdata['tree'][7]
+ )? 'yes':'no').", ".
+ ($this->checkPerm(
+ $this->tdata['subjects'][2], 'read', $this->tdata['tree'][5]
+ )? 'yes':'no')."\n"
;
$this->removePerm($this->tdata['perms'][1]);
$this->removePerm($this->tdata['perms'][3]);
- $this->test_correct .= "_all/A, _all/D, edit/A, read/A, editPerms/A, editPerms/D, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A, addChilds/A\n";
+ $this->test_correct .= "_all/A, _all/D, edit/A, read/A, editPerms/A,".
+ " editPerms/D, addChilds/A, addChilds/A, addChilds/A, addChilds/A,".
+ " addChilds/A, addChilds/A, addChilds/A, addChilds/A\n";
$this->test_dump .= $this->dumpPerms();
$this->deleteData();
- if($this->test_dump==$this->test_correct){ $this->test_log.="alib: OK\n"; return TRUE; }
- else return PEAR::raiseError('Alib::test', 1, PEAR_ERROR_DIE, '%s'.
- "