From 8474dc92482e5a8ce0d6346c940a9dff3dc64cb6 Mon Sep 17 00:00:00 2001 From: michaeljoseph Date: Mon, 26 Jul 2004 16:05:30 +0000 Subject: [PATCH] Corrected style convention violations. --- lib/security/Permission.inc | 849 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1 file changed, 422 insertions(+), 427 deletions(-) diff --git a/lib/security/Permission.inc b/lib/security/Permission.inc index 921cdba..874c427 100644 --- a/lib/security/Permission.inc +++ b/lib/security/Permission.inc @@ -3,10 +3,10 @@ * $Id$ * * Contains static functions used to determine whether the current user: - * o has permission to perform certain actions + * o has permission to perform certain actions * o has a certain role - * o is assigned to a certain group - * o has read/write access for a specific folder/directory + * o is assigned to a certain group + * o has read/write access for a specific folder/directory * * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com * @@ -29,441 +29,436 @@ * @package lib.security */ class Permission { - - /** - * Checks if the current user has write permission for a specific document. - * To have document write permission the user must satisfy ONE of the following conditions: - * o have write permission for the folder in which the document resides - * o be assigned a role which has write permission for the document - * - * @param $iDocumentID Primary key of document to check - * - * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasDocumentWritePermission($oDocument) { - global $default; - - if ($oDocument == null) { - $default->log->info("Failed to retrieve document with ID $iDocumentID from database"); - return false; - } - if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) || - Permission::userHasWriteRoleForDocument($oDocument)) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID; - return false; - } - - /** - * Checks if the current user has read permission for a specific document. - * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions: - * o have write permission for the document - * o have read permission for the folder in which the document resides - * o be assigned a role which has read permission for the document - * - * @param $iDocumentID Primary key of document to check - * - * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasDocumentReadPermission($oDocument) { - global $default; + + /** + * Checks if the current user has write permission for a specific document. + * To have document write permission the user must satisfy ONE of the following conditions: + * o have write permission for the folder in which the document resides + * o be assigned a role which has write permission for the document + * + * @param $iDocumentID Primary key of document to check + * + * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasDocumentWritePermission($oDocument) { + global $default; + + if ($oDocument == null) { + $default->log->info("Failed to retrieve document with ID $iDocumentID from database"); + return false; + } + if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) || + Permission::userHasWriteRoleForDocument($oDocument)) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID; + return false; + } + + /** + * Checks if the current user has read permission for a specific document. + * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions: + * o have write permission for the document + * o have read permission for the folder in which the document resides + * o be assigned a role which has read permission for the document + * + * @param $iDocumentID Primary key of document to check + * + * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasDocumentReadPermission($oDocument) { + global $default; - if ($oDocument == null) { - $default->log->info("Failed to retrieve document with ID " . $oDocument->getID() . " from database"); - return false; - } - if (Permission::userHasWriteRoleForDocument($oDocument) || - Permission::userHasReadRoleForDocument($oDocument) || - Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) || - Permission::documentIsTemplateForDependantDocument($oDocument)) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID(); - return false; - } - - /** - * Checks if the current user has write permission for a specific folder - * To have write permission on a folder the user must satisfy ONE of the following conditions: - * o be in the system administrator group - * o be in the unit administrator group for the unit to which the folder belongs - * o belong to a group that has write access to the folder - * o be assigned a role that has write access to the folder - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasFolderWritePermission($oFolder) { - global $lang_err_user_folder_write, $default; - if (Permission::userHasGroupWritePermissionForFolder($oFolder) || - Permission::userIsSystemAdministrator() || - Permission::userIsUnitAdministratorForFolder($oFolder)) { - $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission"); - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID(); - $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission"); - return false; - } - - - /** - * Checks if the current user has read permission for a specific folder - * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions - * o have write permission for the folder - * o belong to a group that has read access to the folder - * o be assigned a role that has read permission for the folder - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasFolderReadPermission($oFolder) { - global $lang_err_user_folder_write; - - if (Permission::folderIsPublic($oFolder) || - Permission::userHasFolderWritePermission($oFolder) || - Permission::userHasGroupReadPermissionForFolder($oFolder)) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID; - return false; - } - - /** - * Checks if a folder is public - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"] - */ - function folderIsPublic($oFolder) { - global $default, $lang_err_folder_not_public; - - if ($oFolder->getIsPublic()) - { - $default->log->debug("FOLDER PERMISSIONS: folder is public "); - return true; - } - else - { - $default->log->debug("FOLDER PERMISSIONS: folder NOT public "); - return false; - } - } - - /** - * Checks if the current user has write permission through group membership for a particular folder - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasGroupWritePermissionForFolder($oFolder) { - global $default, $lang_err_user_folder_write; - - if ($oFolder == null) { - $default->log->info("Failed to retrieve folder with ID $iFolderID from database"); - return false; - } - $sql = $default->db; - $sQuery = "SELECT GFL.folder_id " . - "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " . - "WHERE UGL.user_id = " . $_SESSION["userID"] . " " . - "AND GFL.can_write = 1 "; - if ($oFolder->getInheritParentPermission()) { - //if we use parent permissions, get the parent folder ids - $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")"; - } else { - //otherwise we just use the current folder id - $sQuery .= "AND GFL.folder_id IN (" . $oFolder->getID() . ")"; - } - - $sql->query($sQuery); - - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_folder_write; - return false; - } - - /** - * Generate a string to be used in a where clause - * that consists of a list of id that are a folders - * parent Used this because user has read/write permission for a folder if s/he - * has read/write permission for the folder's parent (have to recurse up - * entire hierarchy) - * - * @param int Primary key of folder to start at - * - */ - function generateParentFolderString($iFolderID) { - $sFolderIDString = $iFolderID; - //$iParentFolderID = $iFolderID; - //recurse up the hierarchy, building the string as we go - $iParentFolderID = Folder::getParentFolderID($iFolderID); - while ($iParentFolderID != 0) { - $sFolderIDString .= ", " . $iParentFolderID; - $iFolderID = $iParentFolderID; - $iParentFolderID = Folder::getParentFolderID($iFolderID); - } - return $sFolderIDString; - } - - /** - * Checks if the current user has read permission through group membership for a particular folder - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasGroupReadPermissionForFolder($oFolder) { - global $default, $lang_err_user_folder_read; - $sql = $default->db; - - if ($oFolder == null) { - $default->log->info("Failed to retrieve folder with ID $iFolderID from database"); - return false; - } - + if ($oDocument == null) { + $default->log->info("Failed to retrieve document with ID " . $oDocument->getID() . " from database"); + return false; + } + if (Permission::userHasWriteRoleForDocument($oDocument) || + Permission::userHasReadRoleForDocument($oDocument) || + Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) || + Permission::documentIsTemplateForDependantDocument($oDocument)) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID(); + return false; + } + + /** + * Checks if the current user has write permission for a specific folder + * To have write permission on a folder the user must satisfy ONE of the following conditions: + * o be in the system administrator group + * o be in the unit administrator group for the unit to which the folder belongs + * o belong to a group that has write access to the folder + * o be assigned a role that has write access to the folder + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasFolderWritePermission($oFolder) { + global $lang_err_user_folder_write, $default; + if (Permission::userHasGroupWritePermissionForFolder($oFolder) || + Permission::userIsSystemAdministrator() || + Permission::userIsUnitAdministratorForFolder($oFolder)) { + $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission"); + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID(); + $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission"); + return false; + } + + + /** + * Checks if the current user has read permission for a specific folder + * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions + * o have write permission for the folder + * o belong to a group that has read access to the folder + * o be assigned a role that has read permission for the folder + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasFolderReadPermission($oFolder) { + global $lang_err_user_folder_write; + + if (Permission::folderIsPublic($oFolder) || + Permission::userHasFolderWritePermission($oFolder) || + Permission::userHasGroupReadPermissionForFolder($oFolder)) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID; + return false; + } + + /** + * Checks if a folder is public + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"] + */ + function folderIsPublic($oFolder) { + global $default, $lang_err_folder_not_public; + + if ($oFolder->getIsPublic()) { + return true; + } else { + return false; + } + } + + /** + * Checks if the current user has write permission through group membership for a particular folder + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasGroupWritePermissionForFolder($oFolder) { + global $default, $lang_err_user_folder_write; + + if ($oFolder == null) { + $default->log->info("Failed to retrieve folder with ID $iFolderID from database"); + return false; + } + $sql = $default->db; + $sQuery = "SELECT GFL.folder_id " . + "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " . + "WHERE UGL.user_id = " . $_SESSION["userID"] . " " . + "AND GFL.can_write = 1 "; + if ($oFolder->getInheritParentPermission()) { + //if we use parent permissions, get the parent folder ids + $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")"; + } else { + //otherwise we just use the current folder id + $sQuery .= "AND GFL.folder_id IN (" . $oFolder->getID() . ")"; + } + + $sql->query($sQuery); + + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_folder_write; + return false; + } + + /** + * Generate a string to be used in a where clause + * that consists of a list of id that are a folders + * parent Used this because user has read/write permission for a folder if s/he + * has read/write permission for the folder's parent (have to recurse up + * entire hierarchy) + * + * @param int Primary key of folder to start at + * + */ + function generateParentFolderString($iFolderID) { + $sFolderIDString = $iFolderID; + //$iParentFolderID = $iFolderID; + //recurse up the hierarchy, building the string as we go + $iParentFolderID = Folder::getParentFolderID($iFolderID); + while ($iParentFolderID != 0) { + $sFolderIDString .= ", " . $iParentFolderID; + $iFolderID = $iParentFolderID; + $iParentFolderID = Folder::getParentFolderID($iFolderID); + } + return $sFolderIDString; + } + + /** + * Checks if the current user has read permission through group membership for a particular folder + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasGroupReadPermissionForFolder($oFolder) { + global $default, $lang_err_user_folder_read; + $sql = $default->db; + + if ($oFolder == null) { + $default->log->info("Failed to retrieve folder with ID $iFolderID from database"); + return false; + } + $sQuery = "SELECT GFL.folder_id " . "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " . "WHERE UGL.user_id = " . $_SESSION["userID"] . " " . "AND GFL.can_read = 1 "; - if ($oFolder->getInheritParentPermission()) { - //if we use parent permissions, get the parent folder ids - $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")"; - } else { - //otherwise we just use the current folder id - $sQuery .= "AND GFL.folder_id IN (" . $iFolderID . ")"; - } - $sql->query($sQuery); - - $default->log->debug("userHasGroupReadPermissionForFolder sql: " . $sQuery); - if ($sql->next_record()) { - $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder"); - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_folder_read; - $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder"); - return false; - } - - /** - * Checks if the current user is in the specified group using the group id - * - * @param $iGroupID Primary key of group to check - * - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"] - */ - function userIsInGroupID($iGroupID) { - global $default, $lang_err_user_group; - $sql = $default->db; - $sql->query("SELECT id FROM " . $default->users_groups_table . " WHERE group_id = " . $iGroupID . " AND user_id = " . $_SESSION["userID"]); - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID; - return false; - } - - /** - * Checks if the current user is in the specified group using the group name - * - * @param $sGroupName Name of group to check - * - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"] - */ - function userIsInGroupName($sGroupName) { - global $default, $lang_err_user_group; - $sql = $default->db; - $sql->query("SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = '" . $sGroupName . "' AND user_id = " . $_SESSION["userID"]); - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName; - return false; - - } - - /** - * Check is the user is assigned a specific role that has write permission for a folder - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasWriteRoleForDocument($oDocument) { - global $default, $lang_err_user_role; - $sql = $default->db; - $sql->query("SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " . - "WHERE FURL.user_id = " . $_SESSION["userID"] . " " . - "AND FURL.document_id = " . $oDocument->getID() . - " AND R.can_write = 1 " . - "AND R.active = 1"); - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_role; - return false; - } - - /** - * Check is the user is assigned a specific role that has read permission for a folder - * - * @param $iFolderID Primary key of folder to check - * - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] - */ - function userHasReadRoleForDocument($oDocument) { - global $default, $lang_err_user_role; - $sql = $default->db; - $sql->query("SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " . - "WHERE FURL.user_id = " . $_SESSION["userID"] . " " . - "AND FURL.document_id = " . $oDocument->getID() . - " AND R.can_read = 1"); - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_user_role; - return false; - } - - /** Static functions - * - * Checks if the document is a template for a depedant document - * that the user is responsible for creating - */ - function documentIsTemplateForDependantDocument($oDocument) { - global $default; - $sql = $default->db; - $sql->query("SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = " . $oDocument->getID() . " and user_id = " . $_SESSION["userID"]); - if ($sql->next_record()) { - return true; - } - return false; - } - - /** - * Checks if a given role exists using the role primary key - * - * @param $iRoleID Primary key of role to check for - * - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"] - */ - function roleIDExists($iRoleID) { - global $default, $lang_err_role_not_exist; - $sql = $default->db; - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE id = " . $iRoleID); - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName; - return false; - } - - /** - * Checks if a given role exists using the role name - * - * @param $sRoleName Name of role to check for - * - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"] - */ - function roleNameExists($sRoleName) { - global $default, $lang_err_role_not_exist; - $sql = $default->db; - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'"); - if ($sql->next_record()) { - return true; - } - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName; - return false; - } - - /** - * Get the primary key for a role - * - * @param $sRoleName Name of role to get primary key for - * - * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"] - */ - function getRoleID($sRoleName) { - global $default, $lang_err_database; - if (roleExists($sRoleName)) { - $sql = $default->db; - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'"); - $sql->next_record(); - return $sql->f("id"); - } - $_SESSION["errorMessage"] = $lang_err_database; - return false; - } - - /** - * Check if the current user is a system administrator - * - * @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"] - * - */ - function userIsSystemAdministrator($iUserID = "") { - global $default, $lang_err_database; + if ($oFolder->getInheritParentPermission()) { + //if we use parent permissions, get the parent folder ids + $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")"; + } else { + //otherwise we just use the current folder id + $sQuery .= "AND GFL.folder_id IN (" . $iFolderID . ")"; + } + $sql->query($sQuery); + + $default->log->debug("userHasGroupReadPermissionForFolder sql: " . $sQuery); + if ($sql->next_record()) { + $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder"); + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_folder_read; + $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder"); + return false; + } + + /** + * Checks if the current user is in the specified group using the group id + * + * @param $iGroupID Primary key of group to check + * + * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"] + */ + function userIsInGroupID($iGroupID) { + global $default, $lang_err_user_group; + $sql = $default->db; + $sql->query("SELECT id FROM " . $default->users_groups_table . " WHERE group_id = " . $iGroupID . " AND user_id = " . $_SESSION["userID"]); + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID; + return false; + } + + /** + * Checks if the current user is in the specified group using the group name + * + * @param $sGroupName Name of group to check + * + * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"] + */ + function userIsInGroupName($sGroupName) { + global $default, $lang_err_user_group; + $sql = $default->db; + $sql->query("SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = '" . $sGroupName . "' AND user_id = " . $_SESSION["userID"]); + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName; + return false; + + } + + /** + * Check is the user is assigned a specific role that has write permission for a folder + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasWriteRoleForDocument($oDocument) { + global $default, $lang_err_user_role; + $sql = $default->db; + $sql->query("SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " . + "WHERE FURL.user_id = " . $_SESSION["userID"] . " " . + "AND FURL.document_id = " . $oDocument->getID() . + " AND R.can_write = 1 " . + "AND R.active = 1"); + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_role; + return false; + } + + /** + * Check is the user is assigned a specific role that has read permission for a folder + * + * @param $iFolderID Primary key of folder to check + * + * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] + */ + function userHasReadRoleForDocument($oDocument) { + global $default, $lang_err_user_role; + $sql = $default->db; + $sql->query("SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " . + "WHERE FURL.user_id = " . $_SESSION["userID"] . " " . + "AND FURL.document_id = " . $oDocument->getID() . + " AND R.can_read = 1"); + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_user_role; + return false; + } + + /** Static functions + * + * Checks if the document is a template for a depedant document + * that the user is responsible for creating + */ + function documentIsTemplateForDependantDocument($oDocument) { + global $default; + $sql = $default->db; + $sql->query("SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = " . $oDocument->getID() . " and user_id = " . $_SESSION["userID"]); + if ($sql->next_record()) { + return true; + } + return false; + } + + /** + * Checks if a given role exists using the role primary key + * + * @param $iRoleID Primary key of role to check for + * + * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"] + */ + function roleIDExists($iRoleID) { + global $default, $lang_err_role_not_exist; + $sql = $default->db; + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE id = " . $iRoleID); + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName; + return false; + } + + /** + * Checks if a given role exists using the role name + * + * @param $sRoleName Name of role to check for + * + * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"] + */ + function roleNameExists($sRoleName) { + global $default, $lang_err_role_not_exist; + $sql = $default->db; + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'"); + if ($sql->next_record()) { + return true; + } + $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName; + return false; + } + + /** + * Get the primary key for a role + * + * @param $sRoleName Name of role to get primary key for + * + * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"] + */ + function getRoleID($sRoleName) { + global $default, $lang_err_database; + if (roleExists($sRoleName)) { + $sql = $default->db; + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'"); + $sql->next_record(); + return $sql->f("id"); + } + $_SESSION["errorMessage"] = $lang_err_database; + return false; + } + + /** + * Check if the current user is a system administrator + * + * @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"] + * + */ + function userIsSystemAdministrator($iUserID = "") { + global $default, $lang_err_database; if ($iUserID == "") { $iUserID = $_SESSION["userID"]; } - $sql = $default->db; - $sql->query("SELECT UGL.group_id " . - "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " . - "WHERE UGL.user_id = $iUserID " . - "AND is_sys_admin = 1"); - if ($sql->next_record()) { - return true; - } - return false; - } - - /** - * Checks if the current user is a unit administrator - * - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise - */ - function userIsUnitAdministrator($iUserID = "") { + $sql = $default->db; + $sql->query("SELECT UGL.group_id " . + "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " . + "WHERE UGL.user_id = $iUserID " . + "AND is_sys_admin = 1"); + if ($sql->next_record()) { + return true; + } + return false; + } + + /** + * Checks if the current user is a unit administrator + * + * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise + */ + function userIsUnitAdministrator($iUserID = "") { global $default; if ($iUserID == "") { $iUserID = $_SESSION["userID"]; } - $sql = $default->db; - $sql->query("SELECT UGL.group_id " . - "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " . - "INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " . - "WHERE UGL.user_id = $iUserID " . - "AND GL.is_unit_admin = 1"); - return $sql->next_record(); - } + $sql = $default->db; + $sql->query("SELECT UGL.group_id " . + "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " . + "INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " . + "WHERE UGL.user_id = $iUserID " . + "AND GL.is_unit_admin = 1"); + return $sql->next_record(); + } - /** - * Checks if the current user is a unit administrator - * - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise - */ - function userIsUnitAdministratorForFolder($oFolder) { + /** + * Checks if the current user is a unit administrator + * + * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise + */ + function userIsUnitAdministratorForFolder($oFolder) { global $default; - $sql = $default->db; - + $sql = $default->db; + $sql->query("SELECT * " . - "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " . - "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " . - "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " . - "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " . - "WHERE GL.is_unit_admin = 1 " . - "AND GFL.folder_id = " . $oFolder->getID() . - " AND UGL.user_id = " . $_SESSION["userID"]); - return $sql->next_record(); - } + "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " . + "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " . + "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " . + "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " . + "WHERE GL.is_unit_admin = 1 " . + "AND GFL.folder_id = " . $oFolder->getID() . + " AND UGL.user_id = " . $_SESSION["userID"]); + return $sql->next_record(); + } /** * Checks if the current user is a guest user @@ -475,14 +470,14 @@ class Permission { if ($iUserID == "") { $iUserID = $_SESSION["userID"]; } - $sql = $default->db; + $sql = $default->db; // you're a guest user if you're in the Anonymous group - $sql->query("SELECT UGL.group_id + $sql->query("SELECT UGL.group_id FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id WHERE GL.name = 'Anonymous' AND UGL.user_id = $iUserID"); - return $sql->next_record(); + return $sql->next_record(); } } -?> +?> \ No newline at end of file -- libgit2 0.21.4