1: <?php
2: /*
3: You may not change or alter any portion of this comment or credits
4: of supporting developers from this source code or any supporting source code
5: which is considered copyrighted (c) material of the original comment or credit authors.
6:
7: This program is distributed in the hope that it will be useful,
8: but WITHOUT ANY WARRANTY; without even the implied warranty of
9: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10: */
11:
12: namespace Xmf\Module\Helper;
13:
14: use Xmf\Module\Helper;
15:
16: /**
17: * Methods to help manage permissions within a module
18: *
19: * @category Xmf\Module\Helper\Permission
20: * @package Xmf
21: * @author trabis <lusopoemas@gmail.com>
22: * @author Richard Griffith <richard@geekwright.com>
23: * @copyright 2011-2016 XOOPS Project (http://xoops.org)
24: * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
25: * @link http://xoops.org
26: */
27: class Permission extends AbstractHelper
28: {
29: /**
30: * @var int
31: */
32: protected $mid;
33:
34: /**
35: * @var string
36: */
37: protected $dirname;
38:
39: /**
40: * @var \XoopsGrouppermHandler
41: */
42: protected $permissionHandler;
43:
44: /**
45: * Initialize parent::__construct calls this after verifying module object.
46: *
47: * @return void
48: */
49: public function init()
50: {
51: $this->mid = $this->module->getVar('mid');
52: $this->dirname = $this->module->getVar('dirname');
53: /* @var $this->permissionHandler XoopsGroupPermHandler */
54: $this->permissionHandler = xoops_getHandler('groupperm');
55: }
56:
57: /**
58: * Check if the user has permission for an item
59: *
60: * @param string $gperm_name name of the permission to test
61: * @param int $gperm_itemid id of the object to check
62: * @param bool $trueifadmin true to always return true for admin groups
63: *
64: * @return bool true if user has access, false if not
65: **/
66: public function checkPermission($gperm_name, $gperm_itemid, $trueifadmin = true)
67: {
68: $gperm_itemid = (int) $gperm_itemid;
69: $gperm_groupid = $this->getUserGroups();
70:
71: return $this->permissionHandler->checkRight(
72: $gperm_name,
73: $gperm_itemid,
74: $gperm_groupid,
75: $this->mid,
76: (bool) $trueifadmin
77: );
78: }
79:
80: /**
81: * Redirect to a url if user does not have permission for an item
82: *
83: * @param string $gperm_name name of the permission to test
84: * @param int $gperm_itemid id of the object to check
85: * @param string $url module relative url to redirect to
86: * @param int $time time in seconds to delay
87: * @param string $message message to display with redirect
88: * @param bool $trueifadmin true to always return true for admin groups
89: *
90: * @return void
91: **/
92: public function checkPermissionRedirect(
93: $gperm_name,
94: $gperm_itemid,
95: $url,
96: $time = 3,
97: $message = '',
98: $trueifadmin = true
99: ) {
100: $gperm_itemid = (int) $gperm_itemid;
101: $gperm_groupid = $this->getUserGroups();
102: $permission = $this->permissionHandler->checkRight(
103: $gperm_name,
104: $gperm_itemid,
105: $gperm_groupid,
106: $this->mid,
107: (bool) $trueifadmin
108: );
109: if (!$permission) {
110: $helper = Helper::getHelper($this->dirname);
111: $helper->redirect($url, $time, $message);
112: }
113: }
114:
115: /**
116: * Get array of groups with named permission to an item
117: *
118: * @param string $gperm_name name of the permission to test
119: * @param int $gperm_itemid id of the object to check
120: *
121: * @return array groups with permission for item
122: **/
123: public function getGroupsForItem($gperm_name, $gperm_itemid)
124: {
125: $gperm_itemid = (int) $gperm_itemid;
126: return $this->permissionHandler->getGroupIds($gperm_name, $gperm_itemid, $this->mid);
127: }
128:
129: /**
130: * Save group permissions for an item
131: *
132: * @param string $gperm_name name of the permission to test
133: * @param int $gperm_itemid id of the object to check
134: * @param array $groups group ids to grant permission to
135: *
136: * @return bool true if no errors
137: **/
138: public function savePermissionForItem($gperm_name, $gperm_itemid, $groups)
139: {
140: $gperm_itemid = (int) $gperm_itemid;
141: foreach ($groups as $index => $group) {
142: $groups[$index] = (int) $group;
143: }
144:
145: $result = true;
146:
147: // First, delete any existing permissions for this name and id
148: $this->deletePermissionForItem($gperm_name, $gperm_itemid);
149:
150: // Save the new permissions
151: if (count($groups) > 0) {
152: foreach ($groups as $group_id) {
153: $this->permissionHandler->addRight(
154: $gperm_name,
155: $gperm_itemid,
156: $group_id,
157: $this->mid
158: );
159: }
160: }
161:
162: return $result;
163: }
164:
165: /**
166: * Delete all permissions for an item and a specific name or array of names
167: *
168: * @param string|string[] $gperm_name name(s) of the permission to delete
169: * @param int $gperm_itemid id of the object to check
170: *
171: * @return bool true if no errors
172: */
173: public function deletePermissionForItem($gperm_name, $gperm_itemid)
174: {
175: $gperm_itemid = (int) $gperm_itemid;
176: if (!is_array($gperm_name)) {
177: $gperm_name = (array) $gperm_name;
178: }
179: $return = true;
180: foreach ($gperm_name as $pname) {
181: $return = $return && $this->permissionHandler->deleteByModule($this->mid, $pname, $gperm_itemid);
182: }
183: return $return;
184: }
185:
186: /**
187: * Generate a XoopsFormElement to select groups to grant permission
188: * to a specific gperm_name and gperm_item. Field will be preset
189: * with existing permissions.
190: *
191: * @param string $gperm_name name of the permission to test
192: * @param int $gperm_itemid id of the object to check
193: * @param string $caption caption for form field
194: * @param string $name name/id of form field
195: * @param bool $include_anon true to include anonymous group
196: * @param int $size size of list
197: * @param bool $multiple true to allow multiple selections
198: *
199: * @return object XoopsFormSelectGroup
200: */
201: public function getGroupSelectFormForItem(
202: $gperm_name,
203: $gperm_itemid,
204: $caption,
205: $name = null,
206: $include_anon = false,
207: $size = 5,
208: $multiple = true
209: ) {
210: if (!class_exists('XoopsFormSelectGroup', true)) {
211: include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
212: }
213: if (empty($name)) {
214: $name = $this->defaultFieldName($gperm_name, $gperm_itemid);
215: }
216: $gperm_itemid = (int) $gperm_itemid;
217: $value = $this->getGroupsForItem($gperm_name, $gperm_itemid);
218: $element = new \XoopsFormSelectGroup(
219: $caption,
220: $name,
221: $include_anon,
222: $value,
223: $size,
224: $multiple
225: );
226:
227: return $element;
228:
229: }
230:
231: /**
232: * Generate a default name for a XoopsFormElement based on
233: * module, gperm_name and gperm_itemid
234: *
235: * @param string $gperm_name name of the permission to test
236: * @param int $gperm_itemid id of the object to check
237: *
238: * @return string
239: */
240: public function defaultFieldName($gperm_name, $gperm_itemid)
241: {
242: $gperm_itemid = (int) $gperm_itemid;
243: $name = $this->module->getVar('dirname') . '_' .
244: $gperm_name . '_' . $gperm_itemid;
245:
246: return $name;
247: }
248:
249: /**
250: * Get any groups associated with the current user
251: *
252: * @return int|int[] group id(s)
253: */
254: protected function getUserGroups()
255: {
256: global $xoopsUser;
257:
258: $groups = $xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;
259:
260: return $groups;
261: }
262: }
263: