Permission.inc
5.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<?php
/**
* $Id$
*
* Contains static functions used to determine whether the current user:
* o has permission to perform certain actions
* o has a certain role
* o is assigned to a certain group
* o has read/write access for a specific folder/directory
*
* Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @version $Revision$
* @author Rob Cherry, Jam Warehouse (Pty) Ltd, South Africa
* @package lib.security
*/
require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
class Permission {
/**
* Checks if the current user has write permission for a specific document.
*
* @param $oDocument Document to check
*
* @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasDocumentWritePermission($oDocument) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.write');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oDocument);
}
/**
* Checks if the current user has read permission for a specific
* document
*
* @param $oFolder Document object to check
*
* @return boolean true if the user has document write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasDocumentReadPermission($oDocument) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.read');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oDocument);
}
/**
* Checks if the current user has write permission for a specific folder
*
* @param $oFolder Folder object to check
*
* @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasFolderWritePermission($oFolder) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.write');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oFolder);
}
/**
* Checks if the current user has read permission for a specific folder
*
* @param $oFolder Folder object to check
*
* @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasFolderReadPermission($oFolder) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.read');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oFolder);
}
/**
* Check if the current user is a system administrator
*
* @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"]
*
*/
function userIsSystemAdministrator($iUserID = "") {
global $default, $lang_err_database;
if ($iUserID == "") {
$iUserID = $_SESSION["userID"];
}
$sql = $default->db;
$sql->query(array("SELECT UGL.group_id " . /*ok*/
"FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " .
"WHERE UGL.user_id = ? " .
"AND is_sys_admin = ?", array($iUserID, true)));
if ($sql->next_record()) {
return true;
}
return false;
}
/**
* Checks if the current user is a unit administrator
*
* @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
*/
function userIsUnitAdministrator($iUserID = "") {
global $default;
if ($iUserID == "") {
$iUserID = $_SESSION["userID"];
}
$sql = $default->db;
$sql->query(array("SELECT UGL.group_id " ./*ok*/
"FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " .
"INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " .
"WHERE UGL.user_id = ? " .
"AND GL.is_unit_admin = ?", array($iUserID, true)));
return $sql->next_record();
}
/**
* Checks if the current user is a guest user
*
* @return boolean true if the user is in the Anonymous group, else false
*/
function userIsGuest($iUserID = "") {
global $default;
if ($iUserID == "") {
$iUserID = $_SESSION["userID"];
}
$sql = $default->db;
// you're a guest user if you're in the Anonymous group
$sql->query(array("SELECT UGL.group_id " ./*ok*/
"FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " .
"WHERE GL.name = 'Anonymous' " .
"AND UGL.user_id = ?", $iUserID));
return $sql->next_record();
}
}
?>