00001 <?php
00002 class GlobalPermission extends SObject {
00003 public static function getUser($userId, $name) {
00004 settype($userId, 'int');
00005 $name = mysql_escape_string($name);
00006 $query = 'SELECT Permission.value FROM UserToPermission ' .
00007 'LEFT JOIN Permission ON Permission.id = UserToPermission.permissionId ' .
00008 'WHERE UserToPermission.userId = ' . $userId . ' ' .
00009 'AND Permission.name = "' . $name . '" LIMIT 1';
00010 return self::getPermission($query);
00011
00012 }
00013 public static function getGroup($userId, $name) {
00014 settype($userId, 'int');
00015 $name = mysql_escape_string($name);
00016 $query = 'SELECT Permission.value FROM UserToGenGroup ' .
00017 'LEFT JOIN GenGroupToPermission ON GenGroupToPermission.genGroupId = UserToGenGroup.genGroupId ' .
00018 'LEFT JOIN Permission ON Permission.id = GenGroupToPermission.permissionId ' .
00019 'WHERE UserToGenGroup.userId = ' . $userId . ' ' .
00020 'AND Permission.name = "' . $name . '"';
00021 return self::getPermission($query);
00022 }
00023 public static function getEffective($userId, $name) {
00024 settype($userId, 'int');
00025 $name = mysql_escape_string($name);
00026 $query = 'SELECT IF((' .
00027 'SELECT count(Permission.value) FROM UserToPermission ' .
00028 'LEFT JOIN Permission ON Permission.id = UserToPermission.permissionId ' .
00029 'WHERE UserToPermission.userId = ' . $userId . ' ' .
00030 'AND Permission.name = "' . $name . '" LIMIT 1' .
00031 ') = 1, (' .
00032 'SELECT Permission.value FROM UserToPermission ' .
00033 'LEFT JOIN Permission ON Permission.id = UserToPermission.permissionId ' .
00034 'WHERE UserToPermission.userId = ' . $userId . ' ' .
00035 'AND Permission.name = "' . $name . '" LIMIT 1' .
00036 '), (' .
00037 'SELECT Permission.value FROM Permission ' .
00038 'LEFT JOIN UserToGenGroup ON UserToGenGroup.userId = ' . $userId . ' ' .
00039 'LEFT JOIN GenGroupToPermission ON GenGroupToPermission.genGroupId = UserToGenGroup.genGroupId ' .
00040 'WHERE Permission.id = GenGroupToPermission.permissionId ' .
00041 'AND Permission.name = "' . $name . '"' .
00042 '))';
00043 return self::getPermission($query);
00044 }
00045 public static function getEffectiveGroup($groupId, $name) {
00046 settype($groupId, 'int');
00047 $name = mysql_escape_string($name);
00048 $query = 'SELECT Permission.value FROM GenGroupToPermission ' .
00049 'LEFT JOIN Permission ON Permission.id = GenGroupToPermission.permissionId ' .
00050 'WHERE GenGroupToPermission.genGroupId = ' . $groupId . ' ' .
00051 'AND Permission.name = "' . $name . '"';
00052 return self::getPermission($query);
00053 }
00054 public static function userPermissionExists($userId, $name) {
00055 $trueId = self::getPermissionId($name, true);
00056 $falseId = self::getPermissionId($name, false);
00057
00058 settype($userId, 'int');
00059 $name = mysql_escape_string($name);
00060
00061 $query = 'SELECT count(*) FROM UserToPermission WHERE userId=' . $userId . ' AND ';
00062
00063 if($trueId && $falseId)
00064 $query .= '(permissionId=' . $trueId . ' OR permissionId=' . $falseId . ')';
00065 elseif($trueId)
00066 $query .= 'permissionId=' . $trueId;
00067 elseif($falseId)
00068 $query .= 'permissionId=' . $falseId;
00069 else
00070 return false;
00071
00072 return self::getFirstResult($query);
00073 }
00074 public static function groupPermissionExists($groupId, $name) {
00075 $trueId = self::getPermissionId($name, true);
00076 $falseId = self::getPermissionId($name, false);
00077
00078 settype($groupId, 'int');
00079 $name = mysql_escape_string($name);
00080
00081 $query = 'SELECT count(*) FROM GenGroupToPermission WHERE genGroupId=' . $groupId . ' AND ';
00082
00083 if($trueId && $falseId)
00084 $query .= '(permissionId=' . $trueId . ' OR permissionId=' . $falseId . ')';
00085 elseif($trueId)
00086 $query .= 'permissionId=' . $trueId;
00087 elseif($falseId)
00088 $query .= 'permissionId=' . $falseId;
00089 else
00090 return false;
00091
00092 return self::getFirstResult($query);
00093 }
00094
00095 public static function revokeUser($userId, $name) {
00096 self::unsetUser($userId, $name);
00097 return self::addUser($userId, $name, false);
00098
00099 }
00100 public static function grantUser($userId, $name) {
00101 self::unsetUser($userId, $name);
00102 return self::addUser($userId, $name, true);
00103 }
00104 public static function unsetUser($userId, $name) {
00105 $trueId = self::getPermissionId($name, true);
00106 $falseId = self::getPermissionId($name, false);
00107
00108 settype($userId, 'int');
00109 $name = mysql_escape_string($name);
00110
00111 $query = 'DELETE FROM UserToPermission WHERE userId=' . $userId . ' AND ';
00112
00113 if($trueId && $falseId)
00114 $query .= '(permissionId=' . $trueId . ' OR permissionId=' . $falseId . ')';
00115 elseif($trueId)
00116 $query .= 'permissionId=' . $trueId;
00117 elseif($falseId)
00118 $query .= 'permissionId=' . $falseId;
00119 else
00120 return false;
00121
00122 return self::query($query);
00123 }
00124
00125 public static function revokeGroup($groupId, $name) {
00126 self::unsetGroup($groupId, $name);
00127 return self::addGroup($groupId, $name, false);
00128
00129 }
00130 public static function grantGroup($groupId, $name) {
00131 self::unsetGroup($groupId, $name);
00132 return self::addGroup($groupId, $name, true);
00133 }
00134 public static function unsetGroup($groupId, $name) {
00135 $trueId = self::getPermissionId($name, true);
00136 $falseId = self::getPermissionId($name, false);
00137
00138 settype($groupId, 'int');
00139 $name = mysql_escape_string($name);
00140
00141 $query = 'DELETE FROM GenGroupToPermission WHERE genGroupId=' . $groupId . ' AND ';
00142
00143 if($trueId && $falseId)
00144 $query .= '(permissionId=' . $trueId . ' OR permissionId=' . $falseId . ')';
00145 elseif($trueId)
00146 $query .= 'permissionId=' . $trueId;
00147 elseif($falseId)
00148 $query .= 'permissionId=' . $falseId;
00149 else
00150 return false;
00151
00152 return self::query($query);
00153 }
00154
00155 public static function getPermissionId($name, $value) {
00156 $value = ($value ? 'true' : 'false');
00157 $name = mysql_escape_string($name);
00158 $query = 'SELECT id from Permission WHERE name = "' . $name . '" AND value=' . $value;
00159 return self::getFirstResult($query);
00160 }
00161
00162 private static function addGroup($groupId, $name, $value) {
00163 $permissionId = self::getPermissionId($name, $value);
00164 settype($groupId, 'int');
00165 $name = mysql_escape_string($name);
00166 $query = 'INSERT INTO GenGroupToPermission (genGroupId, permissionId) VALUES(' . $groupId . ', ' . $permissionId . ')';
00167 return self::query($query);
00168 }
00169 private static function addUser($userId, $name, $value) {
00170 $permissionId = self::getPermissionId($name, $value);
00171 settype($userId, 'int');
00172 $name = mysql_escape_string($name);
00173 $query = 'INSERT INTO UserToPermission (userId, permissionId) VALUES(' . $userId . ', ' . $permissionId . ')';
00174 return self::query($query);
00175 }
00176 private static function getPermission($query) {
00177 $result = self::query($query);
00178 if(!$result) {
00179 return false;
00180 }
00181
00182 while($r = $result->nextRow()) {
00183 $r = array_shift($r);
00184 if(!$r) {
00185 return false;
00186 }
00187 $x = $r;
00188 }
00189 return (isset($x) && $x);
00190 }
00191 private static function getFirstResult($query) {
00192 $result = self::query($query);
00193 if(!$result)
00194 return false;
00195 $row = $result->nextRow();
00196 if(!$row)
00197 return false;
00198 return array_shift($row);
00199 }
00200 private static function query($query) {
00201 $db = authDB::getDBI();
00202 $result = $db->query($query);
00203 return $result;
00204 }
00205 }
00206 ?>
