Namespaces

Classes

1: <?php
2: /*
3: You may not change or alter any portion of this comment or credits
4: of supporting developers from this source code or any supporting source code
5: which is considered copyrighted (c) material of the original comment or credit authors.
6:
7: This program is distributed in the hope that it will be useful,
8: but WITHOUT ANY WARRANTY; without even the implied warranty of
9: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10: */
11:
12: namespace Xmf\Module\Helper;
13:
14: use Xmf\Module\Helper;
15:
16: /**
17: * Methods to help manage permissions within a module
18: *
19: * @category Xmf\Module\Helper\Permission
20: * @package Xmf
21: * @author trabis <lusopoemas@gmail.com>
22: * @author Richard Griffith <richard@geekwright.com>
23: * @copyright 2011-2023 XOOPS Project (https://xoops.org)
24: * @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
25: * @link https://xoops.org
26: */
27: class Permission extends AbstractHelper
28: {
29: /**
30: * @var int
31: */
32: protected $mid;
33:
34: /**
35: * @var string
36: */
37: protected $dirname;
38:
39: /**
40: * @var \XoopsGrouppermHandler
41: */
42: protected $permissionHandler;
43:
44: /**
45: * Initialize parent::__construct calls this after verifying module object.
46: *
47: * @return void
48: */
49: public function init()
50: {
51: $this->mid = $this->module->getVar('mid');
52: $this->dirname = $this->module->getVar('dirname');
53: /** @var $this->permissionHandler XoopsGroupPermHandler */
54: $this->permissionHandler = xoops_getHandler('groupperm');
55: }
56:
57: /**
58: * Check if the user has permission for an item
59: *
60: * @param string $gperm_name name of the permission to test
61: * @param int $gperm_itemid id of the object to check
62: * @param bool $trueifadmin true to always return true for admin groups
63: *
64: * @return bool true if user has access, false if not
65: **/
66: public function checkPermission($gperm_name, $gperm_itemid, $trueifadmin = true)
67: {
68: $gperm_itemid = (int) $gperm_itemid;
69: $gperm_groupid = $this->getUserGroups();
70:
71: if ($this->permissionHandler) {
72: return $this->permissionHandler->checkRight(
73: $gperm_name,
74: $gperm_itemid,
75: $gperm_groupid,
76: $this->mid,
77: (bool)$trueifadmin
78: );
79: } else {
80: return false;
81: }
82: }
83:
84: /**
85: * Get all item IDs for which a group (or set of groups) has a specific permission
86: * Return an array of items for which the specified groups have the named permission
87: *
88: * @param string $gperm_name Name of permission
89: * @param int|array $gperm_groupid A group ID or an array of group IDs
90: *
91: * @return array array of item IDs
92: */
93: public function getItemIds($gperm_name, $gperm_groupid)
94: {
95: return $this->permissionHandler->getItemIds(
96: $gperm_name,
97: $gperm_groupid,
98: $this->mid
99: );
100: }
101:
102: /**
103: * Redirect to a URL if user does not have permission for an item
104: *
105: * @param string $gperm_name name of the permission to test
106: * @param int $gperm_itemid id of the object to check
107: * @param string $url module relative url to redirect to
108: * @param int $time time in seconds to delay
109: * @param string $message message to display with redirect
110: * @param bool $trueifadmin true to always return true for admin groups
111: *
112: * @return void
113: **/
114: public function checkPermissionRedirect(
115: $gperm_name,
116: $gperm_itemid,
117: $url,
118: $time = 3,
119: $message = '',
120: $trueifadmin = true
121: ) {
122: $gperm_itemid = (int) $gperm_itemid;
123: $gperm_groupid = $this->getUserGroups();
124: $permission = $this->permissionHandler->checkRight(
125: $gperm_name,
126: $gperm_itemid,
127: $gperm_groupid,
128: $this->mid,
129: (bool) $trueifadmin
130: );
131: if (!$permission) {
132: $helper = Helper::getHelper($this->dirname);
133: $helper->redirect($url, $time, $message);
134: }
135: }
136:
137: /**
138: * Get array of groups with named permission to an item
139: *
140: * @param string $gperm_name name of the permission to test
141: * @param int $gperm_itemid id of the object to check
142: *
143: * @return array groups with permission for item
144: **/
145: public function getGroupsForItem($gperm_name, $gperm_itemid)
146: {
147: $gperm_itemid = (int) $gperm_itemid;
148: return $this->permissionHandler->getGroupIds($gperm_name, $gperm_itemid, $this->mid);
149: }
150:
151: /**
152: * Save group permissions for an item
153: *
154: * @param string $gperm_name name of the permission to test
155: * @param int $gperm_itemid id of the object to check
156: * @param array $groups group ids to grant permission to
157: *
158: * @return bool true if no errors
159: **/
160: public function savePermissionForItem($gperm_name, $gperm_itemid, $groups)
161: {
162: $gperm_itemid = (int) $gperm_itemid;
163: foreach ($groups as $index => $group) {
164: $groups[$index] = (int) $group;
165: }
166:
167: $result = true;
168:
169: // First, delete any existing permissions for this name and id
170: $this->deletePermissionForItem($gperm_name, $gperm_itemid);
171:
172: // Save the new permissions
173: if (count($groups) > 0) {
174: foreach ($groups as $group_id) {
175: $this->permissionHandler->addRight(
176: $gperm_name,
177: $gperm_itemid,
178: $group_id,
179: $this->mid
180: );
181: }
182: }
183:
184: return $result;
185: }
186:
187: /**
188: * Delete all permissions for an item and a specific name or array of names
189: *
190: * @param string|string[] $gperm_name name(s) of the permission to delete
191: * @param int $gperm_itemid id of the object to check
192: *
193: * @return bool true if no errors
194: */
195: public function deletePermissionForItem($gperm_name, $gperm_itemid)
196: {
197: $gperm_itemid = (int) $gperm_itemid;
198: if (!is_array($gperm_name)) {
199: $gperm_name = (array) $gperm_name;
200: }
201: $return = true;
202: foreach ($gperm_name as $pname) {
203: $return = $return && $this->permissionHandler->deleteByModule($this->mid, $pname, $gperm_itemid);
204: }
205: return $return;
206: }
207:
208: /**
209: * Generate a XoopsFormElement to select groups to grant permission
210: * to a specific gperm_name and gperm_item. Field will be preset
211: * with existing permissions.
212: *
213: * @param string $gperm_name name of the permission to test
214: * @param int $gperm_itemid id of the object to check
215: * @param string $caption caption for form field
216: * @param string $name name/id of form field
217: * @param bool $include_anon true to include anonymous group
218: * @param int $size size of list
219: * @param bool $multiple true to allow multiple selections
220: *
221: * @return object XoopsFormSelectGroup
222: */
223: public function getGroupSelectFormForItem(
224: $gperm_name,
225: $gperm_itemid,
226: $caption,
227: $name = null,
228: $include_anon = false,
229: $size = 5,
230: $multiple = true
231: ) {
232: if (!class_exists('XoopsFormSelectGroup', true)) {
233: include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
234: }
235: if (empty($name)) {
236: $name = $this->defaultFieldName($gperm_name, $gperm_itemid);
237: }
238: $gperm_itemid = (int) $gperm_itemid;
239: $value = $this->getGroupsForItem($gperm_name, $gperm_itemid);
240: $element = new \XoopsFormSelectGroup(
241: $caption,
242: $name,
243: $include_anon,
244: $value,
245: $size,
246: $multiple
247: );
248:
249: return $element;
250: }
251:
252: /**
253: * Generate a default name for a XoopsFormElement based on
254: * module, gperm_name and gperm_itemid
255: *
256: * @param string $gperm_name name of the permission to test
257: * @param int $gperm_itemid id of the object to check
258: *
259: * @return string
260: */
261: public function defaultFieldName($gperm_name, $gperm_itemid)
262: {
263: $gperm_itemid = (int) $gperm_itemid;
264: $name = $this->module->getVar('dirname') . '_' .
265: $gperm_name . '_' . $gperm_itemid;
266:
267: return $name;
268: }
269:
270: /**
271: * Get any groups associated with the current user
272: *
273: * @return int|int[] group id(s)
274: */
275: protected function getUserGroups()
276: {
277: global $xoopsUser;
278:
279: $groups = $xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;
280:
281: return $groups;
282: }
283: }
284:
API documentation generated by ApiGen v7.0.0-alpha.6