Page MenuHomeIn-Portal Phabricator
Files F1166964

in-portal
No OneTemporary
Actions

File Metadata

Created
Tue, Sep 23, 4:42 AM

in-portal
View Options

Index: branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php
===================================================================
--- branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php (nonexistent)
+++ branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php (revision 5516)
@@ -0,0 +1,377 @@
+<?php
+
+ class kPermissionsHelper extends kHelper {
+
+ /**
+ * Current set of permissions for group being edited
+ *
+ * @var Array
+ */
+ var $Permissions = Array();
+
+ function LoadPermissions($group_id, $cat_id, $type = 1, $temp_mode = false)
+ {
+ $perm_table = $this->Application->getUnitOption('perm', 'TableName');
+ if ($temp_mode) {
+ $perm_table = $this->Application->GetTempName($perm_table);
+ }
+ $sql = 'SELECT *
+ FROM '.$perm_table.'
+ WHERE (GroupId = '.$group_id.') AND (CatId = '.$cat_id.') AND (Type = '.$type.')';
+ $permissions = $this->Conn->Query($sql, 'Permission');
+
+ $this->Permissions = Array();
+ foreach ($permissions as $perm_name => $perm_options) {
+ $perm_record['value'] = $perm_options['PermissionValue'];
+ $perm_record['id'] = $perm_options['PermissionId'];
+ $this->Permissions[$perm_name] = $perm_record;
+ }
+ }
+
+ function getPermissionValue($perm_name)
+ {
+ return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['value'] : 0;
+ }
+
+ function getPermissionID($perm_name)
+ {
+ return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['id'] : 0;
+ }
+
+ /**
+ * This is old permission like ADMIN or LOGIN
+ *
+ * @param string $section_name
+ * @param string $perm_name
+ * @return bool
+ */
+ function isOldPermission($section_name, $perm_name)
+ {
+ return $section_name == 'in-portal:root' && $perm_name != 'view';
+ }
+
+ /**
+ * Returns permission names to check based on event name and item prefix (main item or subitem)
+ *
+ * @param kEvent $event
+ * @return Array
+ */
+ function getPermissionByEvent(&$event, $perm_mapping)
+ {
+ $top_prefix = $event->getEventParam('top_prefix');
+
+ $pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
+ $perm_mapping = getArrayValue($perm_mapping, $event->Name);
+
+ if (!$perm_mapping[$pefix_type]) {
+ trigger_error('Permission mappings not defined for event <b>'.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'</b>', E_USER_ERROR);
+ }
+
+ if ($perm_mapping[$pefix_type] === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ return explode('|', $perm_mapping[$pefix_type]);
+ }
+
+ /**
+ * Common event permission checking method
+ *
+ * @param kEvent $event
+ */
+ function CheckEventPermission(&$event, $perm_mapping)
+ {
+ $section = $event->getSection();
+ if (preg_match('/^CATEGORY:(.*)/', $section)) {
+ return $this->CheckEventCategoryPermission($event, $perm_mapping);
+ }
+
+ $top_prefix = $event->getEventParam('top_prefix');
+ $check_perms = $this->getPermissionByEvent($event, $perm_mapping);
+
+ if ($check_perms === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ $perm_status = false;
+ foreach ($check_perms as $perm_name) {
+ // check if at least one of required permissions is set
+ $perm_name = $section.'.'.$perm_name;
+ $perm_status = $this->CheckPermission($perm_name, 1);
+ if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
+ // main item, add permission allowed, but ID is > 0, then deny permission
+ // how to get id here
+ }
+ if ($perm_status) {
+ return $perm_status;
+ }
+ }
+
+ if (!$perm_status) {
+ if ($this->Application->isDebugMode()) {
+ // for debugging purposes
+ $event->SetRedirectParam('section', $section);
+ $event->SetRedirectParam('main_prefix', $top_prefix);
+ $event->SetRedirectParam('event_name', $event->Name);
+ $event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
+ }
+ $event->status = erPERM_FAIL;
+ }
+ return $perm_status;
+ }
+
+ /**
+ * Checks non-system permission on event per category basis
+ *
+ * @param kEvent $event
+ */
+ function CheckEventCategoryPermission(&$event, $event_perm_mapping)
+ {
+ // mapping between specific permissions and common permissions
+ $perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
+
+ $top_prefix = $event->getEventParam('top_prefix');
+ $event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
+ if ($event->Prefix != $top_prefix) {
+ $top_event = new kEvent($top_prefix.':'.$event->Name);
+ $id = $event_handler->getPassedID($top_event);
+ }
+ else {
+ $id = $event_handler->getPassedID($event);
+ }
+
+ $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+
+ // 1. get primary category of category item
+ $id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
+ $table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
+ $ci_table = $this->Application->getUnitOption('ci', 'TableName');
+
+ if (!$id) {
+ // item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
+ $category_id = $this->Application->RecallVar('m_cat_id');
+ }
+ else {
+ // item being edited -> check by it's primary category permissions
+ $sql = 'SELECT ci.CategoryId
+ FROM '.$table_name.' main_table
+ LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
+ WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
+ $category_id = $this->Conn->GetOne($sql);
+ }
+
+ if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
+ if ($event_handler->isNewItemCreate($event)) {
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ }
+ else {
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ }
+ }
+
+ $perm_status = false;
+ $check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
+
+ if ($check_perms === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ foreach ($check_perms as $perm_name) {
+ // check if at least one of required permissions is set
+ if (!isset($perm_mapping[$perm_name])) {
+ // not mapped permission (e.g. advanced:approve) -> skip
+ continue;
+ }
+ $perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
+ $this->showDebug('Event <b>'.$event->Name.'</b> permission(-s): <b>'.$perm_name.'</b>', Array());
+ $perm_status = $this->CheckPermission($perm_name, 0, $category_id);
+
+ if ($perm_status) {
+ return $perm_status;
+ }
+ }
+
+ if (!$perm_status) {
+ $event->SetRedirectParam('index_file', 'index.php'); // because called from browse.php
+ if ($this->Application->isDebugMode()) {
+ // for debugging purposes
+ $event->SetRedirectParam('section', $event->getSection());
+ $event->SetRedirectParam('main_prefix', $top_prefix);
+ $event->SetRedirectParam('event_name', $event->Name);
+ $event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
+ }
+ $event->status = erPERM_FAIL;
+ }
+ return $perm_status;
+ }
+
+ function showDebug($text, $params)
+ {
+ $is_ajax = $this->Application->GetVar('ajax') == 'yes' || isset($params['ajax']) || isset($params['tab_init']);
+ if (!$this->Application->isDebugMode() || $is_ajax) return true;
+ echo $text.'<br />';
+ }
+
+ function TagPermissionCheck($params, $tag_name)
+ {
+ $perm_event = getArrayValue($params, 'perm_event');
+ $permission_groups = getArrayValue($params, 'permissions');
+
+ if ($permission_groups) {
+ $this->showDebug('Tag <b>'.$tag_name.'</b> permission(-s): <b>'.$permission_groups.'</b>', $params);
+ $permission_groups = explode('|', $permission_groups);
+ $group_has_permission = false;
+ foreach ($permission_groups as $permission_group) {
+ $permissions = explode(',', $permission_group);
+ $has_permission = true;
+ foreach ($permissions as $permission) {
+ $has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
+ }
+ $group_has_permission = $group_has_permission || $has_permission;
+
+ if ($group_has_permission) {
+ return true;
+ }
+ }
+ return false;
+ }
+ elseif ($perm_event) {
+ $this->showDebug('Tag <b>'.$tag_name.'</b> permission_event: <b>'.$perm_event.'</b>', $params);
+ list($prefix, $event) = explode(':', $perm_event);
+ $event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
+ return $event_handler->CheckPermission( new kEvent($perm_event) );
+ }
+
+ return true;
+ }
+
+ /**
+ * Returns no permission template to redirect to
+ *
+ * @param Array $params
+ * @return Array
+ */
+ function getPermissionTemplate($params)
+ {
+ $t = $this->Application->GetVar('t');
+ if ($next_t = getArrayValue($params, 'next_template')) {
+ $t = $next_t;
+ }
+
+ if (!$this->Application->LoggedIn()) {
+ $redirect_template = $params['login_template'];
+ $redirect_params = Array('next_template' => $t);
+ }
+ else {
+ if (isset($params['no_permissions_template'])) {
+ $redirect_template = $params['no_permissions_template'];
+ }
+ else {
+ $redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
+ }
+
+ $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array();
+ }
+
+ if (isset($params['index_file']) && $params['index_file']) {
+ $redirect_params['index_file'] = $params['index_file'];
+ }
+
+ return Array($redirect_template, $redirect_params);
+ }
+
+ /**
+ * Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
+ *
+ * @param string $name permission name
+ * @param int $cat_id category id, current used if not specified
+ * @param int $type permission type {1 - system, 0 - per category}
+ * @return int
+ */
+ function CheckPermission($name, $type = 1, $cat_id = null)
+ {
+ if ($this->Application->GetVar('u_id') == -1) {
+ // "root" is allowed anywhere
+ return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
+ }
+
+ if ($type == 1) {
+ // "system" permission are always checked per "Home" category (ID = 0)
+ $cat_id = 0;
+ }
+
+ if (!isset($cat_id)) {
+ $cat_id = $this->Application->GetVar('m_cat_id');
+ }
+
+ $cache_key = $name.'|'.$type.'|'.$cat_id;
+ $perm_value = $this->Application->getCache('permissions', $cache_key);
+ if ($perm_value !== false) {
+ return $perm_value;
+ }
+
+ // perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
+ // that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
+ // return incorrect results
+
+ if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
+ // cached view permission of category: begin
+ $sql = 'SELECT PermissionConfigId
+ FROM '.TABLE_PREFIX.'PermissionConfig
+ WHERE PermissionName = '.$this->Conn->qstr($name);
+ $perm_id = $this->Conn->GetOne($sql);
+
+ $sql = 'SELECT PermId
+ FROM '.TABLE_PREFIX.'PermCache
+ WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
+
+ $view_filters = Array();
+ $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ foreach ($groups as $group) {
+ $view_filters[] = 'FIND_IN_SET('.$group.', ACL)';
+ }
+ $sql .= ' AND ('.implode(' OR ', $view_filters).')';
+ $perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ // cached view permission of category: end
+ }
+
+ if ($cat_id == 0) {
+ $cat_hierarchy = Array(0);
+ }
+ else {
+ $sql = 'SELECT ParentPath
+ FROM '.$this->Application->getUnitOption('c', 'TableName').'
+ WHERE CategoryId = '.$cat_id;
+ $cat_hierarchy = $this->Conn->GetOne($sql);
+ $cat_hierarchy = explode('|', $cat_hierarchy);
+ array_shift($cat_hierarchy);
+ array_pop($cat_hierarchy);
+ $cat_hierarchy = array_reverse($cat_hierarchy);
+ array_push($cat_hierarchy, 0);
+ }
+
+ $perm_value = 0;
+ $groups = $this->Application->RecallVar('UserGroups');
+ foreach ($cat_hierarchy as $category_id) {
+ $sql = 'SELECT SUM(PermissionValue)
+ FROM '.TABLE_PREFIX.'Permissions
+ WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
+ $res = $this->Conn->GetOne($sql);
+ if ($res !== false && !is_null($res)) {
+ $perm_value = $res ? 1 : 0;
+ break;
+ }
+ }
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ }
+ }
+
+?>
\ No newline at end of file
Property changes on: branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php
___________________________________________________________________
Added: cvs2svn:cvs-rev
## -0,0 +1 ##
+1.17
\ No newline at end of property
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php
===================================================================
--- branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php (nonexistent)
+++ branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php (revision 5516)
@@ -0,0 +1,377 @@
+<?php
+
+ class kPermissionsHelper extends kHelper {
+
+ /**
+ * Current set of permissions for group being edited
+ *
+ * @var Array
+ */
+ var $Permissions = Array();
+
+ function LoadPermissions($group_id, $cat_id, $type = 1, $temp_mode = false)
+ {
+ $perm_table = $this->Application->getUnitOption('perm', 'TableName');
+ if ($temp_mode) {
+ $perm_table = $this->Application->GetTempName($perm_table);
+ }
+ $sql = 'SELECT *
+ FROM '.$perm_table.'
+ WHERE (GroupId = '.$group_id.') AND (CatId = '.$cat_id.') AND (Type = '.$type.')';
+ $permissions = $this->Conn->Query($sql, 'Permission');
+
+ $this->Permissions = Array();
+ foreach ($permissions as $perm_name => $perm_options) {
+ $perm_record['value'] = $perm_options['PermissionValue'];
+ $perm_record['id'] = $perm_options['PermissionId'];
+ $this->Permissions[$perm_name] = $perm_record;
+ }
+ }
+
+ function getPermissionValue($perm_name)
+ {
+ return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['value'] : 0;
+ }
+
+ function getPermissionID($perm_name)
+ {
+ return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['id'] : 0;
+ }
+
+ /**
+ * This is old permission like ADMIN or LOGIN
+ *
+ * @param string $section_name
+ * @param string $perm_name
+ * @return bool
+ */
+ function isOldPermission($section_name, $perm_name)
+ {
+ return $section_name == 'in-portal:root' && $perm_name != 'view';
+ }
+
+ /**
+ * Returns permission names to check based on event name and item prefix (main item or subitem)
+ *
+ * @param kEvent $event
+ * @return Array
+ */
+ function getPermissionByEvent(&$event, $perm_mapping)
+ {
+ $top_prefix = $event->getEventParam('top_prefix');
+
+ $pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
+ $perm_mapping = getArrayValue($perm_mapping, $event->Name);
+
+ if (!$perm_mapping[$pefix_type]) {
+ trigger_error('Permission mappings not defined for event <b>'.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'</b>', E_USER_ERROR);
+ }
+
+ if ($perm_mapping[$pefix_type] === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ return explode('|', $perm_mapping[$pefix_type]);
+ }
+
+ /**
+ * Common event permission checking method
+ *
+ * @param kEvent $event
+ */
+ function CheckEventPermission(&$event, $perm_mapping)
+ {
+ $section = $event->getSection();
+ if (preg_match('/^CATEGORY:(.*)/', $section)) {
+ return $this->CheckEventCategoryPermission($event, $perm_mapping);
+ }
+
+ $top_prefix = $event->getEventParam('top_prefix');
+ $check_perms = $this->getPermissionByEvent($event, $perm_mapping);
+
+ if ($check_perms === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ $perm_status = false;
+ foreach ($check_perms as $perm_name) {
+ // check if at least one of required permissions is set
+ $perm_name = $section.'.'.$perm_name;
+ $perm_status = $this->CheckPermission($perm_name, 1);
+ if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
+ // main item, add permission allowed, but ID is > 0, then deny permission
+ // how to get id here
+ }
+ if ($perm_status) {
+ return $perm_status;
+ }
+ }
+
+ if (!$perm_status) {
+ if ($this->Application->isDebugMode()) {
+ // for debugging purposes
+ $event->SetRedirectParam('section', $section);
+ $event->SetRedirectParam('main_prefix', $top_prefix);
+ $event->SetRedirectParam('event_name', $event->Name);
+ $event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
+ }
+ $event->status = erPERM_FAIL;
+ }
+ return $perm_status;
+ }
+
+ /**
+ * Checks non-system permission on event per category basis
+ *
+ * @param kEvent $event
+ */
+ function CheckEventCategoryPermission(&$event, $event_perm_mapping)
+ {
+ // mapping between specific permissions and common permissions
+ $perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
+
+ $top_prefix = $event->getEventParam('top_prefix');
+ $event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
+ if ($event->Prefix != $top_prefix) {
+ $top_event = new kEvent($top_prefix.':'.$event->Name);
+ $id = $event_handler->getPassedID($top_event);
+ }
+ else {
+ $id = $event_handler->getPassedID($event);
+ }
+
+ $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+
+ // 1. get primary category of category item
+ $id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
+ $table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
+ $ci_table = $this->Application->getUnitOption('ci', 'TableName');
+
+ if (!$id) {
+ // item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
+ $category_id = $this->Application->RecallVar('m_cat_id');
+ }
+ else {
+ // item being edited -> check by it's primary category permissions
+ $sql = 'SELECT ci.CategoryId
+ FROM '.$table_name.' main_table
+ LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
+ WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
+ $category_id = $this->Conn->GetOne($sql);
+ }
+
+ if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
+ if ($event_handler->isNewItemCreate($event)) {
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ }
+ else {
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ }
+ }
+
+ $perm_status = false;
+ $check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
+
+ if ($check_perms === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ foreach ($check_perms as $perm_name) {
+ // check if at least one of required permissions is set
+ if (!isset($perm_mapping[$perm_name])) {
+ // not mapped permission (e.g. advanced:approve) -> skip
+ continue;
+ }
+ $perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
+ $this->showDebug('Event <b>'.$event->Name.'</b> permission(-s): <b>'.$perm_name.'</b>', Array());
+ $perm_status = $this->CheckPermission($perm_name, 0, $category_id);
+
+ if ($perm_status) {
+ return $perm_status;
+ }
+ }
+
+ if (!$perm_status) {
+ $event->SetRedirectParam('index_file', 'index.php'); // because called from browse.php
+ if ($this->Application->isDebugMode()) {
+ // for debugging purposes
+ $event->SetRedirectParam('section', $event->getSection());
+ $event->SetRedirectParam('main_prefix', $top_prefix);
+ $event->SetRedirectParam('event_name', $event->Name);
+ $event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
+ }
+ $event->status = erPERM_FAIL;
+ }
+ return $perm_status;
+ }
+
+ function showDebug($text, $params)
+ {
+ $is_ajax = $this->Application->GetVar('ajax') == 'yes' || isset($params['ajax']) || isset($params['tab_init']);
+ if (!$this->Application->isDebugMode() || $is_ajax) return true;
+ echo $text.'<br />';
+ }
+
+ function TagPermissionCheck($params, $tag_name)
+ {
+ $perm_event = getArrayValue($params, 'perm_event');
+ $permission_groups = getArrayValue($params, 'permissions');
+
+ if ($permission_groups) {
+ $this->showDebug('Tag <b>'.$tag_name.'</b> permission(-s): <b>'.$permission_groups.'</b>', $params);
+ $permission_groups = explode('|', $permission_groups);
+ $group_has_permission = false;
+ foreach ($permission_groups as $permission_group) {
+ $permissions = explode(',', $permission_group);
+ $has_permission = true;
+ foreach ($permissions as $permission) {
+ $has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
+ }
+ $group_has_permission = $group_has_permission || $has_permission;
+
+ if ($group_has_permission) {
+ return true;
+ }
+ }
+ return false;
+ }
+ elseif ($perm_event) {
+ $this->showDebug('Tag <b>'.$tag_name.'</b> permission_event: <b>'.$perm_event.'</b>', $params);
+ list($prefix, $event) = explode(':', $perm_event);
+ $event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
+ return $event_handler->CheckPermission( new kEvent($perm_event) );
+ }
+
+ return true;
+ }
+
+ /**
+ * Returns no permission template to redirect to
+ *
+ * @param Array $params
+ * @return Array
+ */
+ function getPermissionTemplate($params)
+ {
+ $t = $this->Application->GetVar('t');
+ if ($next_t = getArrayValue($params, 'next_template')) {
+ $t = $next_t;
+ }
+
+ if (!$this->Application->LoggedIn()) {
+ $redirect_template = $params['login_template'];
+ $redirect_params = Array('next_template' => $t);
+ }
+ else {
+ if (isset($params['no_permissions_template'])) {
+ $redirect_template = $params['no_permissions_template'];
+ }
+ else {
+ $redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
+ }
+
+ $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array();
+ }
+
+ if (isset($params['index_file']) && $params['index_file']) {
+ $redirect_params['index_file'] = $params['index_file'];
+ }
+
+ return Array($redirect_template, $redirect_params);
+ }
+
+ /**
+ * Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
+ *
+ * @param string $name permission name
+ * @param int $cat_id category id, current used if not specified
+ * @param int $type permission type {1 - system, 0 - per category}
+ * @return int
+ */
+ function CheckPermission($name, $type = 1, $cat_id = null)
+ {
+ if ($this->Application->GetVar('u_id') == -1) {
+ // "root" is allowed anywhere
+ return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
+ }
+
+ if ($type == 1) {
+ // "system" permission are always checked per "Home" category (ID = 0)
+ $cat_id = 0;
+ }
+
+ if (!isset($cat_id)) {
+ $cat_id = $this->Application->GetVar('m_cat_id');
+ }
+
+ $cache_key = $name.'|'.$type.'|'.$cat_id;
+ $perm_value = $this->Application->getCache('permissions', $cache_key);
+ if ($perm_value !== false) {
+ return $perm_value;
+ }
+
+ // perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
+ // that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
+ // return incorrect results
+
+ if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
+ // cached view permission of category: begin
+ $sql = 'SELECT PermissionConfigId
+ FROM '.TABLE_PREFIX.'PermissionConfig
+ WHERE PermissionName = '.$this->Conn->qstr($name);
+ $perm_id = $this->Conn->GetOne($sql);
+
+ $sql = 'SELECT PermId
+ FROM '.TABLE_PREFIX.'PermCache
+ WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
+
+ $view_filters = Array();
+ $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ foreach ($groups as $group) {
+ $view_filters[] = 'FIND_IN_SET('.$group.', ACL)';
+ }
+ $sql .= ' AND ('.implode(' OR ', $view_filters).')';
+ $perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ // cached view permission of category: end
+ }
+
+ if ($cat_id == 0) {
+ $cat_hierarchy = Array(0);
+ }
+ else {
+ $sql = 'SELECT ParentPath
+ FROM '.$this->Application->getUnitOption('c', 'TableName').'
+ WHERE CategoryId = '.$cat_id;
+ $cat_hierarchy = $this->Conn->GetOne($sql);
+ $cat_hierarchy = explode('|', $cat_hierarchy);
+ array_shift($cat_hierarchy);
+ array_pop($cat_hierarchy);
+ $cat_hierarchy = array_reverse($cat_hierarchy);
+ array_push($cat_hierarchy, 0);
+ }
+
+ $perm_value = 0;
+ $groups = $this->Application->RecallVar('UserGroups');
+ foreach ($cat_hierarchy as $category_id) {
+ $sql = 'SELECT SUM(PermissionValue)
+ FROM '.TABLE_PREFIX.'Permissions
+ WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
+ $res = $this->Conn->GetOne($sql);
+ if ($res !== false && !is_null($res)) {
+ $perm_value = $res ? 1 : 0;
+ break;
+ }
+ }
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ }
+ }
+
+?>
\ No newline at end of file
Property changes on: branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php
___________________________________________________________________
Added: cvs2svn:cvs-rev
## -0,0 +1 ##
+1.17
\ No newline at end of property
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property

Event Timeline

In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server