SnapPermission Class Reference
[Permissions Management Objects]

Primary interface for querying and managing permissions associated with Snap2 objects. More...

Inheritance diagram for SnapPermission:

Inheritance graph
[legend]

List of all members.

Public Member Functions

 __construct ($file)
 Constructs new permission object.
 cancel ()
 Cancels permission changes.
 canChangePermission ()
 Returns whether current user can actually change permissions on our file.
 commit ($cascade=false)
 Commit permission changes.
 getGroupAccess ($cap, $gid)
 Gets group access for a given group.
 getGroupsAccess ($cap, $uid= '')
 Get group-level access for all groups a user belongs to.
 getUserAccess ($cap, $uid= '')
 Gets effective access just considering the user-level permissions for this file.
 has ($cap, $uid= '')
 Returns whether user has a given permission set on our file.
 hasEx ($cap, $uid= '')
 Advanced form of has() that returns the derivation of the user's access.
 mayApproveForDev ($uid= '')
 Whether user can approve a version for dev.
 mayApproveForLive ($uid= '')
 Whether user can approve a version for live.
 mayChangeMetadata ($uid= '')
 Whether user has permission to change the metdata of a file.
 mayChangePermission ($uid= '')
 Returns whether specified user has permission to change permissions on our file.
 mayCreateDirectory ($uid= '')
 Whether user has permission to create a directory in our directory.
 mayCreateResource ($uid= '')
 Whether user has permission to create a resource in our directory.
 mayCreateVersion ($uid= '')
 Whether user has permission to create a version in our resource.
 mayDefunct ($status, $uid= '')
 Whether user can mark a version as defunct.
 mayDelete ($uid= '')
 Whether user has permission to delete our file.
 mayDeny ($uid= '')
 Whether user can return a Pending version to In Progress.
 mayDestroy ($uid= '')
 Whether user has permission to destroy our file from /DELETED/.
 mayDestroyVersion ($uid= '')
 Whether user can destroy (permanently delete) a version.
 mayLinkTo ($to, $uid= '')
 Whether user has permission to create link.
 mayMove ($newParent, $uid= '')
 Whether user has permission to move our file.
 mayRenameAt ($at, $uid= '')
 Whether user has permission to rename a link.
 mayRenameFiles ($uid= '')
 Determines whether files may be renamed in our directory.
 mayReorderFiles ($uid= '')
 Determines whether files may be reordered in our directory.
 mayReorderIn ($in, $uid= '')
 Whether user has permission to reorder a file in a directory.
 mayRestore ($uid= '')
 Whether user has permission to restore our file from /DELETED/.
 maySetCanonicalParent ($newParent, $uid= '')
 Whether user has permission to change our file's canonical path.
 maySteal ($uid= '')
 Whether user can grab ownership of a version that is In Progress.
 maySubmit ($uid= '')
 Whether user can submit a version (make it Pending).
 mayUnlinkFrom ($from, $uid= '')
 Whether user has permission to remove link.
 mayUpdate ($uid= '')
 Whether user can modify the content (update) a version.
 revokeGroup ($gid)
 Revoke all access to this file for given group.
 revokeUser ($uid= '')
 Revoke all access to this file for given user.
 setGroupAccess ($cap, $access, $gid)
 Grants or revokes a given permissions for a given group on our file.
 setUserAccess ($cap, $access, $uid= '')
 Grants or revokes a given permissions for a given user on our file.

Static Public Member Functions

static getCapabilities ($type)
 Get a list of capabilities (permissions) that apply to a given file type.
static getCapabilityDescriptions ($type)
 Get a list of capability descriptions for capabilities that apply to a given file type.
static grantPrivilege ($role, $uid)
 Gives a user a privilege.
static isSpecialUser ($role, $uid= '')
 Returns whether given user has a given privilege.
static listSpecialUsers ()
 Returns list of all users with one or more privileges.
static revokePrivilege ($role, $uid)
 Revoke privilege from user.

Public Attributes

const ACCESS_ADMIN
 Permission granted via the ADMIN privilege.
const ACCESS_DEFAULT_DENY
 Permission denied by default (no explicit ALLOWs or DENYs).
const ACCESS_DESTROY
 Permission granted via the DESTROY privilege (not used).
const ACCESS_GROUP_ALLOW
 Permission granted by a group with ALLOW set.
const ACCESS_GROUP_DENY
 Permission denied by a group with DENY set.
const ACCESS_RESTORE
 Permission granted via the RESTORE privilege (not used).
const ACCESS_USER_ALLOW
 Permission granted for the user by explicit ALLOW.
const ACCESS_USER_DENY
 Permission denied for the user by explicit DENY.
const CAP_ALLOW
 Explicit allow of capability.
const CAP_DEFAULT
 No explicit granting or denying of capability.
const CAP_DENY
 Explicity deny of capability.
const USER_ADMIN
 ADMIN privilege constant
const USER_DESTROY
 DESTROY privilege constant
const USER_RESTORE
 RESTORE privilege constant

Protected Member Functions

 clearPermObjects ()
 Deletes all cache objects in this object.
 getCachedAccess ($cap, $uid= '')
 Grab access from permission cache.
 getGroupKey ($gid)
 Generates key that is used when referencing DB permission objects for groups.
 getGroupPermObject ($gid)
 Retrieves database permission object for given group.
 getGroupPermObjects ($uid)
 Retreives database permission objects for all groups given user belongs to.
 getUserPermObject ($uid)
 Retrieves database permission object for a given user.
 loadParties ()
 Dynamic loader function that loads array listing all users who have permissions on this object.
 populate ()
 Just a no-op.

Private Member Functions

 doCommit ($parentId, $type, $updateTransaction, $cascade, &$committed)
 Recursive function to apply permission changes.
 getUserKey ($uid)
 Generates key that is used when referencing DB permission objects for users.
 hasImpl ($cap, $uid)
 Calculates whether user is granted given capabilitiy.
 saveToCache ($caps, $uid)
 Saves user's effective access to EA cache.

Static Private Member Functions

static loadSpecialUsers ()
 Loads list of special users, to be cached.

Private Attributes

 $updateTransaction

Static Private Attributes

static $BS
static $SPECIAL_USERS

Detailed Description

Primary interface for querying and managing permissions associated with Snap2 objects.

As an instance, this class represents the permissions associated with a single file (directory or resource). It also has class (static) methods for dealing with privileges, which are global permissions that are associated with users, but not with objects, and always override plain object-based permissions.

Fields:
  • file: File which this permission object is associated with
  • fileType: File's type ('Directory' or 'Resource')
  • permObjects: Array of database permission objects (not needed to be used outside the API)
  • parties: Array of users who have permissions on this object's file

Definition at line 19 of file SnapPermission.php5.

Constructor & Destructor Documentation

SnapPermission::__construct ( file  ) 

Constructs new permission object.

For internal use only.

Do not call directly; instead use SnapFile::getPermission().

Parameters:
$file [SnapFile]: file whose permissions this object represents

Definition at line 100 of file SnapPermission.php5.

References SObject::setError(), and SnapObject::setValid().

Member Function Documentation

SnapPermission::cancel (  ) 

Cancels permission changes.

This will nullify any permission changes initiated with setAccess() or revoke().

Definition at line 974 of file SnapPermission.php5.

SnapPermission::canChangePermission (  ) 

Returns whether current user can actually change permissions on our file.

The current user must have the necessary permissions on the file, but the file also cannot be a deleted file or a root directory.

Returns:
[boolean]: whether user can change permissions on this file

Definition at line 310 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::DELETED_DIR_ID, SnapObject::getType(), mayChangePermission(), and SnapObject::setReason().

Referenced by commit(), revokeGroup(), revokeUser(), setGroupAccess(), and setUserAccess().

SnapPermission::clearPermObjects (  )  [protected]

Deletes all cache objects in this object.

For internal use only.

This method is called indirectly by commit() to make sure that stale permissions don't hang around in permission objects after a big update has been done

Definition at line 964 of file SnapPermission.php5.

SnapPermission::commit ( cascade = false  ) 

Commit permission changes.

All permission changes with setUserAccess() (or setGroupAccess()) and revokeUser() (or revokeGroup()) are queued until this method is called. If you pass in true for the $cascade parameter, then the permission changes will be applied to all child files of this file. Any permissions that were not changed by the set*Access() or revoke*() calls will not be modified in any way.

Parameters:
$cascade [boolean]: whether to apply changes to child files
Returns:
[boolean]: success or failure

Definition at line 751 of file SnapPermission.php5.

References SnapDBI::cancelTransaction(), canChangePermission(), SnapCache::clearObjectCache(), SnapDBI::commitTransaction(), doCommit(), SnapObject::getId(), SnapCache::getObjectCache(), SnapObject::getReason(), SnapObject::getType(), SnapDBI::query(), SnapCache::setEnableCache(), SObject::setError(), SObject::setWarning(), SnapDBI::startTransaction(), and SnapCache::usingCache().

SnapPermission::doCommit ( parentId,
type,
updateTransaction,
cascade,
&$  committed 
) [private]

Recursive function to apply permission changes.

For internal use only.

This method is called by update() to apply changes to a particular file. It then calls itself for each child of the current file, if there are any. See comments inside function for more on how the operation works.

Parameters:
$parentId [int]: ID of file to apply permissions to
$type [string]: type of file to apply permissions to
$updateTransaction [array]: the $updateTransaction array containing the permissions changes
$cascade [boolean]: whether to cascade changes to children
$committed [array]: list of files which have already been updated (to prevent cycles from causing crashes)
Returns:
[array]: updated array of files which have been committed

Definition at line 813 of file SnapPermission.php5.

References $updateTransaction, SnapDBI::cancelTransaction(), SnapPermissionCache::clearCache(), Snap2::getCurrentUser(), SnapPermissionObject::isCapabilityForType(), and SnapDBI::query().

Referenced by commit().

SnapPermission::getCachedAccess ( cap,
uid = '' 
) [protected]

Grab access from permission cache.

For internal use only.

There is a cache object for each user. If there is no cache object for the requested user, a new one is created. That will cause the cache to be read from the DB, or generated if it doesn't exist

Parameters:
$cap [string]: name of capability to get access for
$uid [int]: user ID of user
Returns:
[mixed]: cached access for capability

Definition at line 271 of file SnapPermission.php5.

References Snap2::getCurrentUser(), SnapObject::getId(), and SnapPermissionCache::retrieve().

Referenced by has().

static SnapPermission::getCapabilities ( type  )  [static]

Get a list of capabilities (permissions) that apply to a given file type.

Parameters:
$type [string]: one of 'File', 'Directory', 'Resource', 'DirOnly', 'ResOnly', 'Version'
Returns:
[array]: associative array of capability ID => capability name entries

Definition at line 1750 of file SnapPermission.php5.

References SnapPermissionObject::getCapabilities().

Referenced by has(), and hasEx().

static SnapPermission::getCapabilityDescriptions ( type  )  [static]

Get a list of capability descriptions for capabilities that apply to a given file type.

Parameters:
$type [string]: one of 'File', 'Directory', 'Resource', 'DirOnly', 'ResOnly', 'Version'
Returns:
[array]: associative array of capability ID => capability description entries

Definition at line 1759 of file SnapPermission.php5.

References SnapPermissionObject::getCapabilityDescriptions().

SnapPermission::getGroupAccess ( cap,
gid 
)

Gets group access for a given group.

Parameters:
$cap [string]: name of capability
$gid [int]: group ID of group
Returns:
[int]: one of ACCESS_GROUP_ALLOW, ACCESS_GROUP_DENY or ACCESS_DEFAULT_DENY

Definition at line 547 of file SnapPermission.php5.

References SnapObject::checkValid(), and getGroupPermObject().

SnapPermission::getGroupKey ( gid  )  [protected]

Generates key that is used when referencing DB permission objects for groups.

For internal use only.

Parameters:
$gid [int]: group ID (used in generating key)
Returns:
[string]: returns key that referes to DB permission object for user and file

Definition at line 177 of file SnapPermission.php5.

References SnapObject::getType().

Referenced by getGroupPermObject().

SnapPermission::getGroupPermObject ( gid  )  [protected]

Retrieves database permission object for given group.

For internal use only.

Ihis function caches the permission object for the group/file, so multiple calls do not return multiple new DB objects (with associated DB queries).

Parameters:
$gid [int]: group ID of group for which we want to get the database permission object
Returns:
[Snap*GroupPermission]: permission object for group and file

Definition at line 217 of file SnapPermission.php5.

References getGroupKey(), and SnapObject::getId().

Referenced by getGroupAccess().

SnapPermission::getGroupPermObjects ( uid  )  [protected]

Retreives database permission objects for all groups given user belongs to.

For internal use only.

This function takes a user ID and returns group permission objects for all groups the user belongs to. It also performs caching like the other get*PermObject functions.

Parameters:
$uid [int]: user ID of user for whom we get the group permission objects
Returns:
[array]: array of group permissions objects for the user

Definition at line 242 of file SnapPermission.php5.

References SnapObject::getId(), getUserKey(), and getUserPermObject().

Referenced by getGroupsAccess(), hasEx(), and hasImpl().

SnapPermission::getGroupsAccess ( cap,
uid = '' 
)

Get group-level access for all groups a user belongs to.

This method checks all of the groups a user belongs to and determines the highest level of access granted among all the groups. The rankings are: default deny, allow and deny. If the highest any group has set for the given capability is default, then default deny will be returned. If the highest of any group is allow, then allow will be returned, etc. Note that deny is higher than allow. Thus, a single deny can override any number of allows.

Parameters:
$cap [string]: name of capability
$uid [int]: user ID of user whose groups are to be checked (defaults to current user)
Returns:
[int]: one of ACCESS_GROUP_ALLOW, ACCESS_GROUP_DENY or ACCESS_DEFAULT_DENY

Definition at line 572 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), getGroupPermObjects(), and SObject::setError().

SnapPermission::getUserAccess ( cap,
uid = '' 
)

Gets effective access just considering the user-level permissions for this file.

The user's effective access is computed only by looking at permissions set for the user on this file. Groups are ignored. Possible return values are ACCESS_DEFAULT_DENY.

Definition at line 519 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), getUserPermObject(), and SObject::setError().

SnapPermission::getUserKey ( uid  )  [private]

Generates key that is used when referencing DB permission objects for users.

For internal use only.

Parameters:
$uid [int]: user ID (used in generating key)
Returns:
[string]: returns key that refers to DB permission object for user and file

Definition at line 165 of file SnapPermission.php5.

References SnapObject::getType().

Referenced by getGroupPermObjects(), and getUserPermObject().

SnapPermission::getUserPermObject ( uid  )  [protected]

Retrieves database permission object for a given user.

For internal use only.

This function caches the permission object for the user/file, so multiple calls do not return multiple new DB objects (with associated DB queries).

Parameters:
$uid [int]: user ID of user for whom we want to get the database permission object
Returns:
[Snap*UserPermission]: permission object for user and file

Definition at line 192 of file SnapPermission.php5.

References SnapObject::getId(), and getUserKey().

Referenced by getGroupPermObjects(), getUserAccess(), hasEx(), and hasImpl().

static SnapPermission::grantPrivilege ( role,
uid 
) [static]

Gives a user a privilege.

You must have the ADMIN privilege to grant a privilege to another user. If you have the ADMIN privilege you can also grant yourself additional privileges.

Parameters:
$role [int]: privilege to grant (one of the USER_* constants)
$uid [int]: user ID of user to grant privilege to
Returns:
[boolean]: success or failure

Definition at line 1624 of file SnapPermission.php5.

References SnapDBI::cancelTransaction(), SnapPermissionCache::clearAll(), SnapCache::clearObjectCache(), SnapDBI::commitTransaction(), Snap2::getCurrentUser(), SnapCache::getObjectCache(), SnapDBI::query(), and SnapDBI::startTransaction().

SnapPermission::has ( cap,
uid = '' 
)

Returns whether user has a given permission set on our file.

Parameters:
$cap [string]: name of permission we are querying for
$uid [int]: user ID of user whose permissions we are checking, defaults to current user
Returns:
[boolean]: whether user has $cap on our file

Definition at line 405 of file SnapPermission.php5.

References SnapObject::checkValid(), getCachedAccess(), getCapabilities(), Snap2::getCurrentUser(), hasImpl(), saveToCache(), and SObject::setError().

Referenced by mayApproveForDev(), mayApproveForLive(), mayChangeMetadata(), mayChangePermission(), mayCreateDirectory(), mayCreateResource(), mayCreateVersion(), mayDefunct(), mayDelete(), mayDeny(), mayDestroyVersion(), mayLinkTo(), mayRenameAt(), mayRenameFiles(), mayReorderFiles(), mayReorderIn(), maySetCanonicalParent(), maySteal(), maySubmit(), mayUnlinkFrom(), and mayUpdate().

SnapPermission::hasEx ( cap,
uid = '' 
)

Advanced form of has() that returns the derivation of the user's access.

A user can "have" a permission by having it literally set on our file, or it can have it via having the ADMIN privilege. This method returns one of the ACCESS_* constants that indicates whether the user has a permission because they have ADMIN or because it is actually set (or unset) on our file either for the user, or one of the groups the user belongs to.

Parameters:
$cap [string]: permission to check for
$uid [int]: user ID of user whose permission we are checking
Returns:
[array]: first element is one of the ACCESS_* constants and the second is the group name if one of the groups generated the effective access; or two false's if an error occurred

Definition at line 447 of file SnapPermission.php5.

References SnapObject::checkValid(), getCapabilities(), Snap2::getCurrentUser(), getGroupPermObjects(), getUserPermObject(), and SObject::setError().

SnapPermission::hasImpl ( cap,
uid 
) [private]

Calculates whether user is granted given capabilitiy.

For internal use only.

The calculation process is complex. Essentially, we first check to see if the user has an explicity ALLOW or DENY for the given capability. If so, that is returned. If not, then we look through each of the groups that the user belongs to and see if any of those groups provide explicit access. If any of them do, then the highest access level (DENY is higher than ALLOW) among all the groups is used for the effective group access and thus in turn the effective user access. If no groups provide explicit access, then the overall effective access is Default Deny.

Parameters:
$cap [string]: name of capability to check access for
$uid [int]: user ID of user we are checking access for
Returns:
[boolean]: whether user has given capability

Definition at line 347 of file SnapPermission.php5.

References getGroupPermObjects(), and getUserPermObject().

Referenced by has(), and saveToCache().

static SnapPermission::isSpecialUser ( role,
uid = '' 
) [static]

Returns whether given user has a given privilege.

Parameters:
$role [int]: privilege to check for (one of the USER_* constants)
$uid [int]: user ID of user to check for, defaults to current user
Returns:
[boolean]: whether user has specified privilege

Definition at line 1594 of file SnapPermission.php5.

References Snap2::getCurrentUser().

static SnapPermission::listSpecialUsers (  )  [static]

Returns list of all users with one or more privileges.

Returns:
[array]: list of users with privileges

Definition at line 1608 of file SnapPermission.php5.

SnapPermission::loadParties (  )  [protected]

Dynamic loader function that loads array listing all users who have permissions on this object.

For internal use only.

Definition at line 131 of file SnapPermission.php5.

References SnapDBI::freeResult(), SnapDBI::getRow(), SnapDBI::query(), and SObject::setError().

static SnapPermission::loadSpecialUsers (  )  [static, private]

Loads list of special users, to be cached.

For internal use only.

Definition at line 1724 of file SnapPermission.php5.

References SnapDBI::freeResult(), SnapDBI::getNumRows(), SnapDBI::getRow(), and SnapDBI::query().

SnapPermission::mayApproveForDev ( uid = ''  ) 

Whether user can approve a version for dev.

Checks the AppoveVersionDev permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1430 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayApproveForLive ( uid = ''  ) 

Whether user can approve a version for live.

Checks the ApproveVersionLive permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1452 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayChangeMetadata ( uid = ''  ) 

Whether user has permission to change the metdata of a file.

Checks the ChangeFileMetadata permission. Changing metadata includes changing the name (not short name) and description of a file, as well as the valid date of a resource.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1292 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayChangePermission ( uid = ''  ) 

Returns whether specified user has permission to change permissions on our file.

Parameters:
$uid [int]: user ID of user, defaults to current user
Returns:
[boolean]: whether user has privilege or permission

Definition at line 291 of file SnapPermission.php5.

References SnapObject::checkValid(), and has().

Referenced by canChangePermission().

SnapPermission::mayCreateDirectory ( uid = ''  ) 

Whether user has permission to create a directory in our directory.

Checks the CreateDirectory permission.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1316 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayCreateResource ( uid = ''  ) 

Whether user has permission to create a resource in our directory.

Checks the CreateResource permission.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1338 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayCreateVersion ( uid = ''  ) 

Whether user has permission to create a version in our resource.

Checks the CreateVersion permission.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1362 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayDefunct ( status,
uid = '' 
)

Whether user can mark a version as defunct.

Checks the DefunctVersion permission on our resource. The user must also have the following permissions, depending on the state of the version:

  • STATUS_PRIVATE: UpdateVersion
  • STATUS_PENDING: SubmitVersion
  • STATUS_DEV: ApproveVersionDev
  • STATUS_LIVE: ApproveVersionLive
Parameters:
$status [int]: status of version that is to be defuncted
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1482 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), has(), SnapVersion::STATUS_DEV, SnapVersion::STATUS_LIVE, SnapVersion::STATUS_PENDING, and SnapVersion::STATUS_PRIVATE.

SnapPermission::mayDelete ( uid = ''  ) 

Whether user has permission to delete our file.

Checks for DeleteDirectory/DeleteResource on our file.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1139 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), SnapObject::getType(), and has().

SnapPermission::mayDeny ( uid = ''  ) 

Whether user can return a Pending version to In Progress.

Checks the DenyVersion permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1547 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayDestroy ( uid = ''  ) 

Whether user has permission to destroy our file from /DELETED/.

Only checks if the user has the DESTROY or ADMIN privilege.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1190 of file SnapPermission.php5.

References SnapObject::checkValid(), and Snap2::getCurrentUser().

SnapPermission::mayDestroyVersion ( uid = ''  ) 

Whether user can destroy (permanently delete) a version.

Checks the DestroyVersion permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1524 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayLinkTo ( to,
uid = '' 
)

Whether user has permission to create link.

Note: this only checks the permissions on $to, not our file. It checks for CreateDirectory/CreateResource on $to.

Parameters:
$to [mixed]: Snap reference to directory in which new link will be created
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 998 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), SnapObject::getType(), has(), and SObject::setError().

SnapPermission::mayMove ( newParent,
uid = '' 
)

Whether user has permission to move our file.

Note: this only checks the permissions on $newParent and the current parent, not our file. Currently, this method just calls maySetCanonicalParent(). That may change in the future, so do not depend on this behavior.

Parameters:
$newParent [mixed]: Snap reference to directory to which our file is to be moved
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1128 of file SnapPermission.php5.

References maySetCanonicalParent().

SnapPermission::mayRenameAt ( at,
uid = '' 
)

Whether user has permission to rename a link.

Note: this only checks the permissions on $at, not our file. It checks for RenameFile on $at.

Parameters:
$at [mixed]: Snap reference to directory in which link will be renamed
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1058 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), has(), and SObject::setError().

SnapPermission::mayRenameFiles ( uid = ''  ) 

Determines whether files may be renamed in our directory.

This function differs from mayRenameAt() in that it is called on the parent and determines whether files can be renamed in the parent, instead of whether the file itself can be renamed in one of its parents. The same permission, RenameFile is checked, this time on our file.

Parameters:
$uid [int]: user ID of user whose permissions are to be checked; defaults to current user
Returns:
[boolean]: whether operation can be performed

Definition at line 1268 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayReorderFiles ( uid = ''  ) 

Determines whether files may be reordered in our directory.

This function differs from mayReorderIn() in that it is called on the parent and determines whether files can be reordered in the parent, instead of whether the file itself can be reordered in one of its parents. The same permission, ReorderFile is checked, this time on our file.

Parameters:
$uid [int]: user ID of user whose permissions are to be checked; defaults to current user
Returns:
[boolean]: whether operation can be performed

Definition at line 1243 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayReorderIn ( in,
uid = '' 
)

Whether user has permission to reorder a file in a directory.

Note: this only checks the permissions on $in, not our file. It checks for ReorderFile on $in.

Parameters:
$in [mixed]: Snap reference to directory in which file will be reordered
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1212 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), has(), and SObject::setError().

SnapPermission::mayRestore ( uid = ''  ) 

Whether user has permission to restore our file from /DELETED/.

Only checks if the user has the RESTORE or ADMIN privilege.

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1170 of file SnapPermission.php5.

References SnapObject::checkValid(), and Snap2::getCurrentUser().

SnapPermission::maySetCanonicalParent ( newParent,
uid = '' 
)

Whether user has permission to change our file's canonical path.

Note: this only checks the permissions on $newParent and the current parent, not our file. It checks for MoveFile on both the old and new parent.

Parameters:
$newParent [mixed]: Snap reference to directory which will become the new parent of our file
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1088 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), has(), and SObject::setError().

Referenced by mayMove().

SnapPermission::maySteal ( uid = ''  ) 

Whether user can grab ownership of a version that is In Progress.

Checks the StealVersion permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1569 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::maySubmit ( uid = ''  ) 

Whether user can submit a version (make it Pending).

Checks the SubmitVersion permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1408 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::mayUnlinkFrom ( from,
uid = '' 
)

Whether user has permission to remove link.

Note: this only checks the permissions on $from, not our file. It checks for DeleteDirectory/DeleteResource on $from.

Parameters:
$from [mixed]: Snap reference to directory in which old link will be removed
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1028 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), SnapObject::getType(), has(), and SObject::setError().

SnapPermission::mayUpdate ( uid = ''  ) 

Whether user can modify the content (update) a version.

Checks the UpdateVersion permission on our resource

Parameters:
$uid [int]: user ID of user whose permission we are checking; defaults to current user
Returns:
[boolean]: whether user has permission to perform the operation

Definition at line 1386 of file SnapPermission.php5.

References SnapObject::checkValid(), Snap2::getCurrentUser(), and has().

SnapPermission::populate (  )  [protected]

Just a no-op.

For internal use only.

Reimplemented from SnapObject.

Definition at line 122 of file SnapPermission.php5.

References SnapObject::setValid().

SnapPermission::revokeGroup ( gid  ) 

Revoke all access to this file for given group.

You must have ChangeDirectoryPermission or ChangeResourcePermission on the file to revoke permissions. The ADMIN privilege will also suffice.

Parameters:
$gid [int]: group ID of group whose access we are revoking
Returns:
[boolean]: success or failure

Definition at line 720 of file SnapPermission.php5.

References canChangePermission(), SnapObject::checkValid(), SnapPermissionObject::getCapabilities(), SnapObject::getReason(), and SObject::setError().

static SnapPermission::revokePrivilege ( role,
uid 
) [static]

Revoke privilege from user.

You must have the ADMIN privilege to revoke privileges from users. You cannot revoke the ADMIN privilege from yourself. This is to prevent the situation where no user has the ADMIN privilege.

Parameters:
$role [int]: privilege to revoke (one of the USER_* constants)
$uid [int]: user ID of user to revoke privilege from
Returns:
[boolean]: success or failure

Definition at line 1675 of file SnapPermission.php5.

References SnapDBI::cancelTransaction(), SnapPermissionCache::clearAll(), SnapCache::clearObjectCache(), SnapDBI::commitTransaction(), Snap2::getCurrentUser(), SnapCache::getObjectCache(), SnapDBI::query(), and SnapDBI::startTransaction().

SnapPermission::revokeUser ( uid = ''  ) 

Revoke all access to this file for given user.

You must have ChangeDirectoryPermission or ChangeResourcePermission on the file to revoke permissions. The ADMIN privilege will also suffice.

Parameters:
$uid [int]: user ID of user whose access we are revoking, defaults to current user
Returns:
[boolean]: success or failure

Definition at line 684 of file SnapPermission.php5.

References canChangePermission(), SnapObject::checkValid(), SnapPermissionObject::getCapabilities(), Snap2::getCurrentUser(), SnapObject::getReason(), and SObject::setError().

SnapPermission::saveToCache ( caps,
uid 
) [private]

Saves user's effective access to EA cache.

For internal use only.

Parameters:
$caps [array]: all of the user's capabilities
$uid [int]: user ID of user whose capabilities are being saved

Definition at line 387 of file SnapPermission.php5.

References hasImpl().

Referenced by has().

SnapPermission::setGroupAccess ( cap,
access,
gid 
)

Grants or revokes a given permissions for a given group on our file.

You must have ChangeDirectoryPermission or ChangeResourcePermission on this file to change its permissions. The ADMIN privilege will also suffice.

Parameters:
$cap [string]: name of permission to change
$access [boolean]: whether to grant or revoke permission
$gid [int]: group ID of group to change permission for
Returns:
[boolean]: success or failure

Definition at line 659 of file SnapPermission.php5.

References canChangePermission(), SnapObject::checkValid(), SnapObject::getReason(), and SObject::setError().

SnapPermission::setUserAccess ( cap,
access,
uid = '' 
)

Grants or revokes a given permissions for a given user on our file.

You must have ChangeDirectoryPermission or ChangeResourcePermission on this file to change its permissions. The ADMIN privilege will also suffice.

Parameters:
$cap [string]: name of permission to change
$access [boolean]: whether to grant or revoke permission
$uid [int]: user ID of user to change permission for, defaults to current user
Returns:
[boolean]: success or failure

Definition at line 624 of file SnapPermission.php5.

References canChangePermission(), SnapObject::checkValid(), Snap2::getCurrentUser(), SnapObject::getReason(), and SObject::setError().

Member Data Documentation

SnapPermission::$BS [static, private]

For internal use only.

Used when building bit strings during permission updates

Definition at line 66 of file SnapPermission.php5.

SnapPermission::$SPECIAL_USERS [static, private]

For internal use only.

List of special users and their privileges

Definition at line 54 of file SnapPermission.php5.

SnapPermission::$updateTransaction [private]

For internal use only.

Builds up a list of changes to permissions that will be committed with a call to update()

Definition at line 60 of file SnapPermission.php5.

Referenced by doCommit().

The documentation for this class was generated from the following file:
Generated on Wed Nov 24 02:06:28 2010 for Common by  doxygen 1.5.6