Page MenuHomeIn-Portal Phabricator
Files F1045848

in-portal
No OneTemporary
Actions

File Metadata

Created
Fri, Jun 27, 4:54 AM

in-portal
View Options

Index: trunk/kernel/units/groups/groups_item.php
===================================================================
--- trunk/kernel/units/groups/groups_item.php (nonexistent)
+++ trunk/kernel/units/groups/groups_item.php (revision 5186)
@@ -0,0 +1,23 @@
+<?php
+
+class GroupsItem extends kDBItem {
+
+ function Create($force_id = false, $system_create = false)
+ {
+ if (!$this->Validate()) return false;
+ $this->SetDBField('ResourceId', $this->Application->NextResourceId());
+
+ return parent::Create();
+ }
+
+ function Update($id = null, $system_update = false)
+ {
+ $this->VirtualFields['ResourceId'] = Array();
+ $ret = parent::Update($id, $system_update);
+ unset($this->VirtualFields['ResourceId']);
+
+ return $ret;
+ }
+}
+
+?>
\ No newline at end of file
Property changes on: trunk/kernel/units/groups/groups_item.php
___________________________________________________________________
Added: cvs2svn:cvs-rev
## -0,0 +1 ##
+1.1
\ No newline at end of property
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: trunk/kernel/units/groups/groups_config.php
===================================================================
--- trunk/kernel/units/groups/groups_config.php (revision 5185)
+++ trunk/kernel/units/groups/groups_config.php (revision 5186)
@@ -1,119 +1,119 @@
<?php
$config = Array(
'Prefix' => 'g',
- 'ItemClass' => Array('class' => 'kDBItem', 'file' => '', 'build_event' => 'OnItemBuild'),
+ 'ItemClass' => Array('class' => 'GroupsItem', 'file' => 'groups_item.php', 'build_event' => 'OnItemBuild'),
'ListClass' => Array('class' => 'kDBList', 'file' => '', 'build_event' => 'OnListBuild'),
'EventHandlerClass' => Array('class' => 'GroupsEventHandler', 'file' => 'groups_event_handler.php','build_event'=>'OnBuild'),
'TagProcessorClass' => Array('class' => 'kDBTagProcessor', 'file' => '','build_event'=>'OnBuild'),
'AutoLoad' => true,
'QueryString' => Array(
1 => 'id',
2 => 'page',
3 => 'event',
4 => 'mode',
),
'IDField' => 'GroupId',
'StatusField' => Array('Enabled'),
'TitleField' => 'Name',
'TitlePresets' => Array(
'default' => Array( 'new_status_labels' => Array('g' => '!la_title_Adding_Group!'),
'edit_status_labels' => Array('g' => '!la_title_Editing_Group!'),
'new_titlefield' => Array('g' => '!la_title_New_Group!'),
),
'groups_list' => Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#)"),
'groups_edit' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_General!"),
'groups_edit_users' => Array('prefixes' => Array('g', 'g-ug_List'), 'format' => "#g_status# '#g_titlefield#' - !la_title_Users! (#g-ug_recordcount#)" ),
'groups_edit_permissions' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_Permissions!" ),
'groups_edit_additional_permissions' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_AdditionalPermissions!" ),
'groups_select' => Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#) - !la_title_SelectGroup!"),
),
'PermSection' => Array('main' => 'in-portal:user_groups'),
'Sections' => Array(
'in-portal:user_groups' => Array(
'parent' => 'in-portal:users',
'icon' => 'usergroups',
'label' => 'la_tab_User_Groups',
'url' => Array('t' => 'groups/groups_list', 'pass' => 'm'),
'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email'),
'priority' => 2,
'type' => stTREE,
),
),
'TableName' => TABLE_PREFIX.'PortalGroup',
'ListSQLs' => Array('' => ' SELECT %1$s.* %2$s FROM %1$s
LEFT JOIN '.TABLE_PREFIX.'UserGroup ug ON ug.GroupId = %1$s.GroupId'),
'ItemSQLs' => Array('' => ' SELECT %1$s.* %2$s FROM %1$s
LEFT JOIN '.TABLE_PREFIX.'UserGroup ug ON ug.GroupId = %1$s.GroupId'),
'ListSortings' => Array(
'' => Array(
'Sorting' => Array('Name' => 'asc'),
)
),
'SubItems' => Array('g-perm', /*'g-ug'*/),
'CalculatedFields' => Array(
'total' => Array(
'UserCount' => 'COUNT(ug.PortalUserId)',
),
),
'Fields' => Array (
'GroupId' => Array(),
'Name' => Array('type' => 'string', 'not_null' => '1', 'required' => 1, 'default' => ''),
'Description' => Array('type' => 'string','default' => ''),
'CreatedOn' => Array('type' => 'double', 'formatter' => 'kDateFormatter', 'not_null' => '1','default' => '#NOW#'),
'System' => Array('type' => 'int','not_null' => '1','default' => '0'),
'Personal' => Array('type' => 'int','not_null' => '1','default' => '0'),
'Enabled' => Array('type' => 'int', 'formatter' => 'kOptionsFormatter', 'options' => Array(1 => 'la_Enabled', 0 => 'la_Disabled'), 'use_phrases' => 1, 'not_null' => '1','default' => 1),
'ResourceId' => Array('type' => 'int','not_null' => '1','default' => '0'),
),
'VirtualFields' => Array(
'UserCount' => Array('type' => 'int', 'default' => 0),
),
'Grids' => Array(
'Default' => Array(
'Icons' => Array(1 => 'icon16_group.gif', 0 => 'icon16_group_disabled.gif'),
'Fields' => Array(
'Name' => Array('title' => 'la_col_GroupName', 'data_block' => 'grid_checkbox_td'),
'UserCount' => Array('title' => 'la_col_UserCount'),
),
),
/*'GroupSelector' => Array(
'Icons' => Array(0 => 'icon16_user_disabled.gif', 1 => 'icon16_user.gif', 2 => 'icon16_user_pending.gif'),
'Fields' => Array(
'Login' => Array('title' => 'la_col_Username', 'data_block' => 'grid_radio_td'),
'LastName' => Array( 'title'=>'la_col_LastName'),
'FirstName' => Array( 'title'=>'la_col_FirstName'),
'Email' => Array( 'title'=>'la_col_Email'),
'PrimaryGroup' => Array( 'title'=>'la_col_PrimaryGroup'),
'CreatedOn_formatted' => Array('title' => 'la_col_CreatedOn', 'sort_field' => 'CreatedOn'),
),
),*/
),
);
?>
\ No newline at end of file
Property changes on: trunk/kernel/units/groups/groups_config.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.8
\ No newline at end of property
+1.9
\ No newline at end of property
Index: trunk/kernel/units/general/helpers/permissions_helper.php
===================================================================
--- trunk/kernel/units/general/helpers/permissions_helper.php (revision 5185)
+++ trunk/kernel/units/general/helpers/permissions_helper.php (revision 5186)
@@ -1,369 +1,369 @@
<?php
class kPermissionsHelper extends kHelper {
/**
* Current set of permissions for group being edited
*
* @var Array
*/
var $Permissions = Array();
function LoadPermissions($prefix)
{
$object =& $this->Application->recallObject($prefix.'-perm', null, Array('skip_autoload' => true));
$foreign_key = $this->Application->getUnitOption($prefix.'-perm', 'ForeignKey');
$foreign_value = $this->Application->GetVar($prefix.'_id');
$sql = 'SELECT *
FROM '.$object->TableName.'
WHERE '.$foreign_key.' = '.$foreign_value;
$permissions = $this->Conn->Query($sql, 'Permission');
$this->Permissions = Array();
foreach ($permissions as $perm_name => $perm_options) {
$perm_record['value'] = $perm_options['PermissionValue'];
$perm_record['id'] = $perm_options['PermissionId'];
$this->Permissions[$perm_name] = $perm_record;
}
}
function getPermissionValue($perm_name)
{
return getArrayValue($this->Permissions, $perm_name) ? $this->Permissions[$perm_name]['value'] : 0;
}
function getPermissionID($perm_name)
{
return getArrayValue($this->Permissions, $perm_name) ? $this->Permissions[$perm_name]['id'] : 0;
}
/**
* This is old permission like ADMIN or LOGIN
*
* @param string $section_name
* @param string $perm_name
* @return bool
*/
function isOldPermission($section_name, $perm_name)
{
return $section_name == 'in-portal:root' && $perm_name != 'view';
}
/**
* Returns permission names to check based on event name and item prefix (main item or subitem)
*
* @param kEvent $event
* @return Array
*/
function getPermissionByEvent(&$event, $perm_mapping)
{
$top_prefix = $event->getEventParam('top_prefix');
$pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
$perm_mapping = getArrayValue($perm_mapping, $event->Name);
if (!$perm_mapping[$pefix_type]) {
trigger_error('Permission mappings not defined for event <b>'.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'</b>', E_USER_ERROR);
}
if ($perm_mapping[$pefix_type] === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
return explode('|', $perm_mapping[$pefix_type]);
}
/**
* Common event permission checking method
*
* @param kEvent $event
*/
function CheckEventPermission(&$event, $perm_mapping)
{
$section = $event->getSection();
if (preg_match('/^CATEGORY:(.*)/', $section)) {
return $this->CheckEventCategoryPermission($event, $perm_mapping);
}
$top_prefix = $event->getEventParam('top_prefix');
$check_perms = $this->getPermissionByEvent($event, $perm_mapping);
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
$perm_status = false;
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
$perm_name = $section.'.'.$perm_name;
$perm_status = $this->CheckPermission($perm_name, 1);
if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
// main item, add permission allowed, but ID is > 0, then deny permission
// how to get id here
}
if ($perm_status) {
return $perm_status;
}
}
if (!$perm_status) {
if ($this->Application->isDebugMode()) {
// for debugging purposes
$event->SetRedirectParam('section', $section);
$event->SetRedirectParam('main_prefix', $top_prefix);
$event->SetRedirectParam('event_name', $event->Name);
$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
}
$event->status = erPERM_FAIL;
}
return $perm_status;
}
/**
* Checks non-system permission on event per category basis
*
* @param kEvent $event
*/
function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
// mapping between specific permissions and common permissions
$perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
$top_prefix = $event->getEventParam('top_prefix');
$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
if ($event->Prefix != $top_prefix) {
$top_event = new kEvent($top_prefix.':'.$event->Name);
$id = $event_handler->getPassedID($top_event);
}
else {
$id = $event_handler->getPassedID($event);
}
$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
// 1. get primary category of category item
$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
$ci_table = $this->Application->getUnitOption('ci', 'TableName');
if (!$id) {
// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
$category_id = $this->Application->RecallVar('m_cat_id');
}
else {
// item being edited -> check by it's primary category permissions
$sql = 'SELECT ci.CategoryId
FROM '.$table_name.' main_table
LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
$category_id = $this->Conn->GetOne($sql);
}
if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
if ($event_handler->isNewItemCreate($event)) {
return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
}
else {
return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
}
}
$perm_status = false;
$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
if (!isset($perm_mapping[$perm_name])) {
// not mapped permission (e.g. advanced:approve) -> skip
continue;
}
$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
$this->showDebug('Event <b>'.$event->Name.'</b> permission(-s): <b>'.$perm_name.'</b>', Array());
$perm_status = $this->CheckPermission($perm_name, 0, $category_id);
if ($perm_status) {
return $perm_status;
}
}
if (!$perm_status) {
$event->SetRedirectParam('index_file', 'index.php'); // because called from browse.php
if ($this->Application->isDebugMode()) {
// for debugging purposes
$event->SetRedirectParam('section', $event->getSection());
$event->SetRedirectParam('main_prefix', $top_prefix);
$event->SetRedirectParam('event_name', $event->Name);
$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
}
$event->status = erPERM_FAIL;
}
return $perm_status;
}
function showDebug($text, $params)
{
$is_ajax = $this->Application->GetVar('ajax') == 'yes' || isset($params['ajax']) || isset($params['tab_init']);
if (!$this->Application->isDebugMode() || $is_ajax) return true;
echo $text.'<br />';
}
function TagPermissionCheck($params, $tag_name)
{
$perm_event = getArrayValue($params, 'perm_event');
$permission_groups = getArrayValue($params, 'permissions');
if ($permission_groups) {
$this->showDebug('Tag <b>'.$tag_name.'</b> permission(-s): <b>'.$permission_groups.'</b>', $params);
$permission_groups = explode('|', $permission_groups);
$group_has_permission = false;
foreach ($permission_groups as $permission_group) {
$permissions = explode(',', $permission_group);
$has_permission = true;
foreach ($permissions as $permission) {
$has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
}
$group_has_permission = $group_has_permission || $has_permission;
if ($group_has_permission) {
return true;
}
}
return false;
}
elseif ($perm_event) {
$this->showDebug('Tag <b>'.$tag_name.'</b> permission_event: <b>'.$perm_event.'</b>', $params);
list($prefix, $event) = explode(':', $perm_event);
$event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
return $event_handler->CheckPermission( new kEvent($perm_event) );
}
return true;
}
/**
* Returns no permission template to redirect to
*
* @param Array $params
* @return Array
*/
function getPermissionTemplate($params)
{
$t = $this->Application->GetVar('t');
if ($next_t = getArrayValue($params, 'next_template')) {
$t = $next_t;
}
if (!$this->Application->LoggedIn()) {
$redirect_template = $params['login_template'];
$redirect_params = Array('next_template' => $t);
}
else {
if (isset($params['no_permissions_template'])) {
$redirect_template = $params['no_permissions_template'];
}
else {
$redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
}
$redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array();
}
return Array($redirect_template, $redirect_params);
}
/**
* Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
*
* @param string $name permission name
* @param int $cat_id category id, current used if not specified
* @param int $type permission type {1 - system, 0 - per category}
* @return int
*/
function CheckPermission($name, $type = 1, $cat_id = null)
{
if ($this->Application->GetVar('u_id') == -1) {
// "root" is allowed anywhere
return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
if ($type == 1) {
// "system" permission are always checked per "Home" category (ID = 0)
$cat_id = 0;
}
if (!isset($cat_id)) {
$cat_id = $this->Application->GetVar('m_cat_id');
}
$cache_key = $name.'|'.$type.'|'.$cat_id;
$perm_value = $this->Application->getCache('permissions', $cache_key);
if ($perm_value !== false) {
return $perm_value;
}
// perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
// that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
// return incorrect results
/*if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
// cached view permission of category: begin
$sql = 'SELECT perm_cache.PermId
FROM '.TABLE_PREFIX.'PermCache perm_cache
LEFT JOIN '.TABLE_PREFIX.'PermissionConfig perm_config ON perm_cache.PermId = perm_config.PermissionConfigId
WHERE (perm_config.PermissionName = '.$this->Conn->qstr($name).' AND perm_cache.CategoryId = '.$cat_id.')';
$view_filters = Array();
$groups = explode(',', $this->Application->RecallVar('UserGroups'));
foreach ($groups as $group) {
$view_filters[] = 'FIND_IN_SET('.$group.', perm_cache.ACL) || ((NOT FIND_IN_SET('.$group.', perm_cache.DACL)) AND perm_cache.ACL = \'\')';
}
$sql .= ' AND ('.implode(' OR ', $view_filters).')';
$perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
// cached view permission of category: end
}*/
if ($cat_id == 0) {
$cat_hierarchy = Array(0);
}
else {
$sql = 'SELECT ParentPath
FROM '.$this->Application->getUnitOption('c', 'TableName').'
WHERE CategoryId = '.$cat_id;
$cat_hierarchy = $this->Conn->GetOne($sql);
$cat_hierarchy = explode('|', $cat_hierarchy);
array_shift($cat_hierarchy);
array_pop($cat_hierarchy);
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
$perm_value = 0;
$groups = $this->Application->RecallVar('UserGroups');
foreach ($cat_hierarchy as $category_id) {
- $sql = 'SELECT PermissionValue
+ $sql = 'SELECT SUM(PermissionValue)
FROM '.TABLE_PREFIX.'Permissions
WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
$res = $this->Conn->GetOne($sql);
if ($res !== false) {
- $perm_value = $res;
+ $perm_value = $res ? 1 : 0;
break;
}
}
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}
}
?>
\ No newline at end of file
Property changes on: trunk/kernel/units/general/helpers/permissions_helper.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.12
\ No newline at end of property
+1.13
\ No newline at end of property
Index: trunk/core/units/groups/groups_item.php
===================================================================
--- trunk/core/units/groups/groups_item.php (nonexistent)
+++ trunk/core/units/groups/groups_item.php (revision 5186)
@@ -0,0 +1,23 @@
+<?php
+
+class GroupsItem extends kDBItem {
+
+ function Create($force_id = false, $system_create = false)
+ {
+ if (!$this->Validate()) return false;
+ $this->SetDBField('ResourceId', $this->Application->NextResourceId());
+
+ return parent::Create();
+ }
+
+ function Update($id = null, $system_update = false)
+ {
+ $this->VirtualFields['ResourceId'] = Array();
+ $ret = parent::Update($id, $system_update);
+ unset($this->VirtualFields['ResourceId']);
+
+ return $ret;
+ }
+}
+
+?>
\ No newline at end of file
Property changes on: trunk/core/units/groups/groups_item.php
___________________________________________________________________
Added: cvs2svn:cvs-rev
## -0,0 +1 ##
+1.1
\ No newline at end of property
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: trunk/core/units/groups/groups_config.php
===================================================================
--- trunk/core/units/groups/groups_config.php (revision 5185)
+++ trunk/core/units/groups/groups_config.php (revision 5186)
@@ -1,119 +1,119 @@
<?php
$config = Array(
'Prefix' => 'g',
- 'ItemClass' => Array('class' => 'kDBItem', 'file' => '', 'build_event' => 'OnItemBuild'),
+ 'ItemClass' => Array('class' => 'GroupsItem', 'file' => 'groups_item.php', 'build_event' => 'OnItemBuild'),
'ListClass' => Array('class' => 'kDBList', 'file' => '', 'build_event' => 'OnListBuild'),
'EventHandlerClass' => Array('class' => 'GroupsEventHandler', 'file' => 'groups_event_handler.php','build_event'=>'OnBuild'),
'TagProcessorClass' => Array('class' => 'kDBTagProcessor', 'file' => '','build_event'=>'OnBuild'),
'AutoLoad' => true,
'QueryString' => Array(
1 => 'id',
2 => 'page',
3 => 'event',
4 => 'mode',
),
'IDField' => 'GroupId',
'StatusField' => Array('Enabled'),
'TitleField' => 'Name',
'TitlePresets' => Array(
'default' => Array( 'new_status_labels' => Array('g' => '!la_title_Adding_Group!'),
'edit_status_labels' => Array('g' => '!la_title_Editing_Group!'),
'new_titlefield' => Array('g' => '!la_title_New_Group!'),
),
'groups_list' => Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#)"),
'groups_edit' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_General!"),
'groups_edit_users' => Array('prefixes' => Array('g', 'g-ug_List'), 'format' => "#g_status# '#g_titlefield#' - !la_title_Users! (#g-ug_recordcount#)" ),
'groups_edit_permissions' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_Permissions!" ),
'groups_edit_additional_permissions' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_AdditionalPermissions!" ),
'groups_select' => Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#) - !la_title_SelectGroup!"),
),
'PermSection' => Array('main' => 'in-portal:user_groups'),
'Sections' => Array(
'in-portal:user_groups' => Array(
'parent' => 'in-portal:users',
'icon' => 'usergroups',
'label' => 'la_tab_User_Groups',
'url' => Array('t' => 'groups/groups_list', 'pass' => 'm'),
'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email'),
'priority' => 2,
'type' => stTREE,
),
),
'TableName' => TABLE_PREFIX.'PortalGroup',
'ListSQLs' => Array('' => ' SELECT %1$s.* %2$s FROM %1$s
LEFT JOIN '.TABLE_PREFIX.'UserGroup ug ON ug.GroupId = %1$s.GroupId'),
'ItemSQLs' => Array('' => ' SELECT %1$s.* %2$s FROM %1$s
LEFT JOIN '.TABLE_PREFIX.'UserGroup ug ON ug.GroupId = %1$s.GroupId'),
'ListSortings' => Array(
'' => Array(
'Sorting' => Array('Name' => 'asc'),
)
),
'SubItems' => Array('g-perm', /*'g-ug'*/),
'CalculatedFields' => Array(
'total' => Array(
'UserCount' => 'COUNT(ug.PortalUserId)',
),
),
'Fields' => Array (
'GroupId' => Array(),
'Name' => Array('type' => 'string', 'not_null' => '1', 'required' => 1, 'default' => ''),
'Description' => Array('type' => 'string','default' => ''),
'CreatedOn' => Array('type' => 'double', 'formatter' => 'kDateFormatter', 'not_null' => '1','default' => '#NOW#'),
'System' => Array('type' => 'int','not_null' => '1','default' => '0'),
'Personal' => Array('type' => 'int','not_null' => '1','default' => '0'),
'Enabled' => Array('type' => 'int', 'formatter' => 'kOptionsFormatter', 'options' => Array(1 => 'la_Enabled', 0 => 'la_Disabled'), 'use_phrases' => 1, 'not_null' => '1','default' => 1),
'ResourceId' => Array('type' => 'int','not_null' => '1','default' => '0'),
),
'VirtualFields' => Array(
'UserCount' => Array('type' => 'int', 'default' => 0),
),
'Grids' => Array(
'Default' => Array(
'Icons' => Array(1 => 'icon16_group.gif', 0 => 'icon16_group_disabled.gif'),
'Fields' => Array(
'Name' => Array('title' => 'la_col_GroupName', 'data_block' => 'grid_checkbox_td'),
'UserCount' => Array('title' => 'la_col_UserCount'),
),
),
/*'GroupSelector' => Array(
'Icons' => Array(0 => 'icon16_user_disabled.gif', 1 => 'icon16_user.gif', 2 => 'icon16_user_pending.gif'),
'Fields' => Array(
'Login' => Array('title' => 'la_col_Username', 'data_block' => 'grid_radio_td'),
'LastName' => Array( 'title'=>'la_col_LastName'),
'FirstName' => Array( 'title'=>'la_col_FirstName'),
'Email' => Array( 'title'=>'la_col_Email'),
'PrimaryGroup' => Array( 'title'=>'la_col_PrimaryGroup'),
'CreatedOn_formatted' => Array('title' => 'la_col_CreatedOn', 'sort_field' => 'CreatedOn'),
),
),*/
),
);
?>
\ No newline at end of file
Property changes on: trunk/core/units/groups/groups_config.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.8
\ No newline at end of property
+1.9
\ No newline at end of property
Index: trunk/core/units/general/helpers/permissions_helper.php
===================================================================
--- trunk/core/units/general/helpers/permissions_helper.php (revision 5185)
+++ trunk/core/units/general/helpers/permissions_helper.php (revision 5186)
@@ -1,369 +1,369 @@
<?php
class kPermissionsHelper extends kHelper {
/**
* Current set of permissions for group being edited
*
* @var Array
*/
var $Permissions = Array();
function LoadPermissions($prefix)
{
$object =& $this->Application->recallObject($prefix.'-perm', null, Array('skip_autoload' => true));
$foreign_key = $this->Application->getUnitOption($prefix.'-perm', 'ForeignKey');
$foreign_value = $this->Application->GetVar($prefix.'_id');
$sql = 'SELECT *
FROM '.$object->TableName.'
WHERE '.$foreign_key.' = '.$foreign_value;
$permissions = $this->Conn->Query($sql, 'Permission');
$this->Permissions = Array();
foreach ($permissions as $perm_name => $perm_options) {
$perm_record['value'] = $perm_options['PermissionValue'];
$perm_record['id'] = $perm_options['PermissionId'];
$this->Permissions[$perm_name] = $perm_record;
}
}
function getPermissionValue($perm_name)
{
return getArrayValue($this->Permissions, $perm_name) ? $this->Permissions[$perm_name]['value'] : 0;
}
function getPermissionID($perm_name)
{
return getArrayValue($this->Permissions, $perm_name) ? $this->Permissions[$perm_name]['id'] : 0;
}
/**
* This is old permission like ADMIN or LOGIN
*
* @param string $section_name
* @param string $perm_name
* @return bool
*/
function isOldPermission($section_name, $perm_name)
{
return $section_name == 'in-portal:root' && $perm_name != 'view';
}
/**
* Returns permission names to check based on event name and item prefix (main item or subitem)
*
* @param kEvent $event
* @return Array
*/
function getPermissionByEvent(&$event, $perm_mapping)
{
$top_prefix = $event->getEventParam('top_prefix');
$pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
$perm_mapping = getArrayValue($perm_mapping, $event->Name);
if (!$perm_mapping[$pefix_type]) {
trigger_error('Permission mappings not defined for event <b>'.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'</b>', E_USER_ERROR);
}
if ($perm_mapping[$pefix_type] === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
return explode('|', $perm_mapping[$pefix_type]);
}
/**
* Common event permission checking method
*
* @param kEvent $event
*/
function CheckEventPermission(&$event, $perm_mapping)
{
$section = $event->getSection();
if (preg_match('/^CATEGORY:(.*)/', $section)) {
return $this->CheckEventCategoryPermission($event, $perm_mapping);
}
$top_prefix = $event->getEventParam('top_prefix');
$check_perms = $this->getPermissionByEvent($event, $perm_mapping);
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
$perm_status = false;
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
$perm_name = $section.'.'.$perm_name;
$perm_status = $this->CheckPermission($perm_name, 1);
if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
// main item, add permission allowed, but ID is > 0, then deny permission
// how to get id here
}
if ($perm_status) {
return $perm_status;
}
}
if (!$perm_status) {
if ($this->Application->isDebugMode()) {
// for debugging purposes
$event->SetRedirectParam('section', $section);
$event->SetRedirectParam('main_prefix', $top_prefix);
$event->SetRedirectParam('event_name', $event->Name);
$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
}
$event->status = erPERM_FAIL;
}
return $perm_status;
}
/**
* Checks non-system permission on event per category basis
*
* @param kEvent $event
*/
function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
// mapping between specific permissions and common permissions
$perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
$top_prefix = $event->getEventParam('top_prefix');
$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
if ($event->Prefix != $top_prefix) {
$top_event = new kEvent($top_prefix.':'.$event->Name);
$id = $event_handler->getPassedID($top_event);
}
else {
$id = $event_handler->getPassedID($event);
}
$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
// 1. get primary category of category item
$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
$ci_table = $this->Application->getUnitOption('ci', 'TableName');
if (!$id) {
// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
$category_id = $this->Application->RecallVar('m_cat_id');
}
else {
// item being edited -> check by it's primary category permissions
$sql = 'SELECT ci.CategoryId
FROM '.$table_name.' main_table
LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
$category_id = $this->Conn->GetOne($sql);
}
if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
if ($event_handler->isNewItemCreate($event)) {
return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
}
else {
return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
}
}
$perm_status = false;
$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
if (!isset($perm_mapping[$perm_name])) {
// not mapped permission (e.g. advanced:approve) -> skip
continue;
}
$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
$this->showDebug('Event <b>'.$event->Name.'</b> permission(-s): <b>'.$perm_name.'</b>', Array());
$perm_status = $this->CheckPermission($perm_name, 0, $category_id);
if ($perm_status) {
return $perm_status;
}
}
if (!$perm_status) {
$event->SetRedirectParam('index_file', 'index.php'); // because called from browse.php
if ($this->Application->isDebugMode()) {
// for debugging purposes
$event->SetRedirectParam('section', $event->getSection());
$event->SetRedirectParam('main_prefix', $top_prefix);
$event->SetRedirectParam('event_name', $event->Name);
$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
}
$event->status = erPERM_FAIL;
}
return $perm_status;
}
function showDebug($text, $params)
{
$is_ajax = $this->Application->GetVar('ajax') == 'yes' || isset($params['ajax']) || isset($params['tab_init']);
if (!$this->Application->isDebugMode() || $is_ajax) return true;
echo $text.'<br />';
}
function TagPermissionCheck($params, $tag_name)
{
$perm_event = getArrayValue($params, 'perm_event');
$permission_groups = getArrayValue($params, 'permissions');
if ($permission_groups) {
$this->showDebug('Tag <b>'.$tag_name.'</b> permission(-s): <b>'.$permission_groups.'</b>', $params);
$permission_groups = explode('|', $permission_groups);
$group_has_permission = false;
foreach ($permission_groups as $permission_group) {
$permissions = explode(',', $permission_group);
$has_permission = true;
foreach ($permissions as $permission) {
$has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
}
$group_has_permission = $group_has_permission || $has_permission;
if ($group_has_permission) {
return true;
}
}
return false;
}
elseif ($perm_event) {
$this->showDebug('Tag <b>'.$tag_name.'</b> permission_event: <b>'.$perm_event.'</b>', $params);
list($prefix, $event) = explode(':', $perm_event);
$event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
return $event_handler->CheckPermission( new kEvent($perm_event) );
}
return true;
}
/**
* Returns no permission template to redirect to
*
* @param Array $params
* @return Array
*/
function getPermissionTemplate($params)
{
$t = $this->Application->GetVar('t');
if ($next_t = getArrayValue($params, 'next_template')) {
$t = $next_t;
}
if (!$this->Application->LoggedIn()) {
$redirect_template = $params['login_template'];
$redirect_params = Array('next_template' => $t);
}
else {
if (isset($params['no_permissions_template'])) {
$redirect_template = $params['no_permissions_template'];
}
else {
$redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
}
$redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array();
}
return Array($redirect_template, $redirect_params);
}
/**
* Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
*
* @param string $name permission name
* @param int $cat_id category id, current used if not specified
* @param int $type permission type {1 - system, 0 - per category}
* @return int
*/
function CheckPermission($name, $type = 1, $cat_id = null)
{
if ($this->Application->GetVar('u_id') == -1) {
// "root" is allowed anywhere
return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
if ($type == 1) {
// "system" permission are always checked per "Home" category (ID = 0)
$cat_id = 0;
}
if (!isset($cat_id)) {
$cat_id = $this->Application->GetVar('m_cat_id');
}
$cache_key = $name.'|'.$type.'|'.$cat_id;
$perm_value = $this->Application->getCache('permissions', $cache_key);
if ($perm_value !== false) {
return $perm_value;
}
// perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
// that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
// return incorrect results
/*if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
// cached view permission of category: begin
$sql = 'SELECT perm_cache.PermId
FROM '.TABLE_PREFIX.'PermCache perm_cache
LEFT JOIN '.TABLE_PREFIX.'PermissionConfig perm_config ON perm_cache.PermId = perm_config.PermissionConfigId
WHERE (perm_config.PermissionName = '.$this->Conn->qstr($name).' AND perm_cache.CategoryId = '.$cat_id.')';
$view_filters = Array();
$groups = explode(',', $this->Application->RecallVar('UserGroups'));
foreach ($groups as $group) {
$view_filters[] = 'FIND_IN_SET('.$group.', perm_cache.ACL) || ((NOT FIND_IN_SET('.$group.', perm_cache.DACL)) AND perm_cache.ACL = \'\')';
}
$sql .= ' AND ('.implode(' OR ', $view_filters).')';
$perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
// cached view permission of category: end
}*/
if ($cat_id == 0) {
$cat_hierarchy = Array(0);
}
else {
$sql = 'SELECT ParentPath
FROM '.$this->Application->getUnitOption('c', 'TableName').'
WHERE CategoryId = '.$cat_id;
$cat_hierarchy = $this->Conn->GetOne($sql);
$cat_hierarchy = explode('|', $cat_hierarchy);
array_shift($cat_hierarchy);
array_pop($cat_hierarchy);
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
$perm_value = 0;
$groups = $this->Application->RecallVar('UserGroups');
foreach ($cat_hierarchy as $category_id) {
- $sql = 'SELECT PermissionValue
+ $sql = 'SELECT SUM(PermissionValue)
FROM '.TABLE_PREFIX.'Permissions
WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
$res = $this->Conn->GetOne($sql);
if ($res !== false) {
- $perm_value = $res;
+ $perm_value = $res ? 1 : 0;
break;
}
}
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}
}
?>
\ No newline at end of file
Property changes on: trunk/core/units/general/helpers/permissions_helper.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.12
\ No newline at end of property
+1.13
\ No newline at end of property
Index: branches/unlabeled/unlabeled-1.8.2/core/units/groups/groups_config.php
===================================================================
--- branches/unlabeled/unlabeled-1.8.2/core/units/groups/groups_config.php (revision 5185)
+++ branches/unlabeled/unlabeled-1.8.2/core/units/groups/groups_config.php (revision 5186)
@@ -1,119 +1,119 @@
<?php
$config = Array(
'Prefix' => 'g',
- 'ItemClass' => Array('class' => 'kDBItem', 'file' => '', 'build_event' => 'OnItemBuild'),
+ 'ItemClass' => Array('class' => 'GroupsItem', 'file' => 'groups_item.php', 'build_event' => 'OnItemBuild'),
'ListClass' => Array('class' => 'kDBList', 'file' => '', 'build_event' => 'OnListBuild'),
'EventHandlerClass' => Array('class' => 'GroupsEventHandler', 'file' => 'groups_event_handler.php','build_event'=>'OnBuild'),
'TagProcessorClass' => Array('class' => 'kDBTagProcessor', 'file' => '','build_event'=>'OnBuild'),
'AutoLoad' => true,
'QueryString' => Array(
1 => 'id',
2 => 'page',
3 => 'event',
4 => 'mode',
),
'IDField' => 'GroupId',
'StatusField' => Array('Enabled'),
'TitleField' => 'Name',
'TitlePresets' => Array(
'default' => Array( 'new_status_labels' => Array('g' => '!la_title_Adding_Group!'),
'edit_status_labels' => Array('g' => '!la_title_Editing_Group!'),
'new_titlefield' => Array('g' => '!la_title_New_Group!'),
),
'groups_list' => Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#)"),
'groups_edit' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_General!"),
'groups_edit_users' => Array('prefixes' => Array('g', 'g-ug_List'), 'format' => "#g_status# '#g_titlefield#' - !la_title_Users! (#g-ug_recordcount#)" ),
'groups_edit_permissions' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_Permissions!" ),
'groups_edit_additional_permissions' => Array('prefixes' => Array('g'), 'format' => "#g_status# '#g_titlefield#' - !la_title_AdditionalPermissions!" ),
'groups_select' => Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#) - !la_title_SelectGroup!"),
),
'PermSection' => Array('main' => 'in-portal:user_groups'),
'Sections' => Array(
'in-portal:user_groups' => Array(
'parent' => 'in-portal:users',
'icon' => 'usergroups',
'label' => 'la_tab_User_Groups',
'url' => Array('t' => 'groups/groups_list', 'pass' => 'm'),
'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email'),
'priority' => 2,
'type' => stTREE,
),
),
'TableName' => TABLE_PREFIX.'PortalGroup',
'ListSQLs' => Array('' => ' SELECT %1$s.* %2$s FROM %1$s
LEFT JOIN '.TABLE_PREFIX.'UserGroup ug ON ug.GroupId = %1$s.GroupId'),
'ItemSQLs' => Array('' => ' SELECT %1$s.* %2$s FROM %1$s
LEFT JOIN '.TABLE_PREFIX.'UserGroup ug ON ug.GroupId = %1$s.GroupId'),
'ListSortings' => Array(
'' => Array(
'Sorting' => Array('Name' => 'asc'),
)
),
'SubItems' => Array('g-perm', /*'g-ug'*/),
'CalculatedFields' => Array(
'total' => Array(
'UserCount' => 'COUNT(ug.PortalUserId)',
),
),
'Fields' => Array (
'GroupId' => Array(),
'Name' => Array('type' => 'string', 'not_null' => '1', 'required' => 1, 'default' => ''),
'Description' => Array('type' => 'string','default' => ''),
'CreatedOn' => Array('type' => 'double', 'formatter' => 'kDateFormatter', 'not_null' => '1','default' => '#NOW#'),
'System' => Array('type' => 'int','not_null' => '1','default' => '0'),
'Personal' => Array('type' => 'int','not_null' => '1','default' => '0'),
'Enabled' => Array('type' => 'int', 'formatter' => 'kOptionsFormatter', 'options' => Array(1 => 'la_Enabled', 0 => 'la_Disabled'), 'use_phrases' => 1, 'not_null' => '1','default' => 1),
'ResourceId' => Array('type' => 'int','not_null' => '1','default' => '0'),
),
'VirtualFields' => Array(
'UserCount' => Array('type' => 'int', 'default' => 0),
),
'Grids' => Array(
'Default' => Array(
'Icons' => Array(1 => 'icon16_group.gif', 0 => 'icon16_group_disabled.gif'),
'Fields' => Array(
'Name' => Array('title' => 'la_col_GroupName', 'data_block' => 'grid_checkbox_td'),
'UserCount' => Array('title' => 'la_col_UserCount'),
),
),
/*'GroupSelector' => Array(
'Icons' => Array(0 => 'icon16_user_disabled.gif', 1 => 'icon16_user.gif', 2 => 'icon16_user_pending.gif'),
'Fields' => Array(
'Login' => Array('title' => 'la_col_Username', 'data_block' => 'grid_radio_td'),
'LastName' => Array( 'title'=>'la_col_LastName'),
'FirstName' => Array( 'title'=>'la_col_FirstName'),
'Email' => Array( 'title'=>'la_col_Email'),
'PrimaryGroup' => Array( 'title'=>'la_col_PrimaryGroup'),
'CreatedOn_formatted' => Array('title' => 'la_col_CreatedOn', 'sort_field' => 'CreatedOn'),
),
),*/
),
);
?>
\ No newline at end of file
Property changes on: branches/unlabeled/unlabeled-1.8.2/core/units/groups/groups_config.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.8
\ No newline at end of property
+1.8.2.1
\ No newline at end of property

Event Timeline

In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server