| [ Index ] | PHP Cross Reference of Mambo 4.6.5 |
|
| [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Main file for Mambo 4 * @package Mambo 5 * @author Mambo Foundation Inc see README.php 6 * @copyright (C) 2000 - 2009 Mambo Foundation Inc. 7 * See COPYRIGHT.php for copyright notices and details. 8 * @license GNU/GPL Version 2, see LICENSE.php 9 * 10 * Redistributions of files must retain the above copyright notice. 11 * 12 * Mambo is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 of the License. 15 */ 16 17 defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); 18 19 class mosAuthoriser { 20 var $connection = ''; 21 var $perm_found; 22 var $permissions = array(); 23 var $assignments = array(); 24 25 function mosAuthoriser () { 26 $this->connection =& mamboDatabase::getInstance(); 27 } 28 29 function &getInstance () { 30 static $instance; 31 if (!is_object($instance)) { 32 $instance =& new mosAuthoriser(); 33 } 34 return $instance; 35 } 36 37 function doSQL ($sql) { 38 $this->connection->setQuery($sql); 39 if (!$this->connection->query()) { 40 echo "<script> alert('".$this->connection->getErrorMsg()."'); window.history.go(-1); </script>\n"; 41 exit(); 42 } 43 } 44 45 function getAccessorData ($type, $id) { 46 if (isset($this->perm_found[$type][$id])) return; 47 $sql = "SELECT a.*, p.control, p.action, p.subject_type, p.subject_id, p.system FROM #__assignments AS a LEFT JOIN #__permissions AS p ON p.role=a.role WHERE a.access_type='$type'"; 48 if (isset($this->perm_found[$type])) $sql .= " AND a.access_id='$id'"; 49 else $sql .= " AND (a.access_id='$id' OR a.access_id='*' OR a.access_id='+')"; 50 $this->doSQL($sql); 51 $new_permissions = $this->connection->loadObjectList(); 52 if ($new_permissions) $this->permissions = array_merge($this->permissions, $new_permissions); 53 $this->perm_found[$type][$id] = 1; 54 } 55 56 function &getRoles ($type, $id) { 57 $this->getAccessorData ($type, $id); 58 $rolenames = array(); 59 foreach ($this->permissions as $role) { 60 if (strcasecmp($role->access_type, $type) == 0 61 AND ($role->access_id == $id OR $role->access_id == '*' OR ($role->access_id == '+' AND $id != 0)) 62 AND !in_array($role->role,$rolenames)) $rolenames[] = $role->role; 63 } 64 return $rolenames; 65 } 66 67 function accessorPermissionOrControl ($mask, $a_type, $a_id, $action, $s_type='*', $s_id='*') { 68 $this->getAccessorData ($a_type, $a_id); 69 foreach ($this->permissions as $permission) { 70 if ((strcasecmp($permission->access_type,$a_type) == 0 OR $permission->access_type == '*') 71 AND (strcasecmp($permission->access_id,$a_id) == 0 OR $permission->access_id == '*') 72 AND (strcasecmp($permission->action,$action)==0 OR $permission->action == '*' OR $action == '*') 73 AND (strcasecmp($permission->subject_type,$s_type)==0 OR $s_type=='*') 74 AND (strcasecmp($permission->subject_id,$s_id)==0 OR $permission->subject_id == '*') 75 AND ($permission->control&$mask)) return 1; 76 } 77 return 0; 78 } 79 80 function checkPermission ($a_type, $a_id, $action, $s_type='*', $s_id='*') { 81 return $this->accessorPermissionOrControl(2, $a_type, $a_id, $action, $s_type='*', $s_id='*'); 82 } 83 84 function checkControl ($a_type, $a_id, $action, $s_type='*', $s_id='*') { 85 return $this->accessorPermissionOrControl(1, $a_type, $a_id, $action, $s_type='*', $s_id='*'); 86 } 87 88 function checkGrant ($a_type, $a_id, $action, $s_type='*', $s_id='*') { 89 return $this->accessorPermissionOrControl(4, $a_type, $a_id, $action, $s_type='*', $s_id='*'); 90 } 91 92 function rolePermissionOrControl ($mask, $role, $action, $s_type, $s_id) { 93 $sql = "SELECT * FROM #__permissions WHERE role='$role'"; 94 $this->connection->setQuery($sql); 95 $permissions = $this->connection->loadObjectList(); 96 if ($permissions) { 97 foreach ($permissions as $permission) { 98 if (strcasecmp($permission->role,$role) == 0 99 AND (strcasecmp($permission->action,$action)==0 OR $permission->action == '*') 100 AND (strcasecmp($permission->subject_type,$s_type)==0) 101 AND (strcasecmp($permission->subject_id,$s_id)==0 OR $permission->subject_id == '*') 102 AND ($permission->control&$mask)) return 1; 103 } 104 } 105 return 0; 106 } 107 108 function checkRolePermission ($role, $action, $s_type, $s_id) { 109 return $this->rolePermissionOrControl(2, $role, $action, $s_type, $s_id); 110 } 111 112 function checkRoleControl ($role, $action, $s_type, $s_id) { 113 return $this->rolePermissionOrControl(1, $role, $action, $s_type, $s_id); 114 } 115 116 function checkRoleGrant ($role, $action, $s_type, $s_id) { 117 return $this->rolePermissionOrControl(4, $role, $action, $s_type, $s_id); 118 } 119 120 function &listPermissions ($a_type, $a_id, $action, $property) { 121 $this->getAccessorData ($a_type, $a_id); 122 $results = array(); 123 foreach ($this->permissions as $permission) { 124 if (strcasecmp($permission->access_type,$a_type) == 0 125 AND (strcasecmp($permission->access_id,$a_id) == 0 OR $permission->access_id == '*' OR ($permission->access_id == '+' AND $a_id != 0)) 126 AND (strcasecmp($permission->action,$action) == 0 OR $permission->action == '*') 127 AND $permission->subject_type != null AND $permission->subject_id != null) { 128 $results[] = $permission->$property; 129 } 130 } 131 return $results; 132 } 133 134 } 135 136 class mosAuthorisationAdmin { 137 var $connection; 138 var $roles = array(); 139 140 function mosAuthorisationAdmin () { 141 $this->connection =& mamboDatabase::getInstance(); 142 } 143 144 function &getInstance () { 145 static $instance; 146 if (!is_object($instance)) { 147 $instance =& new mosAuthorisationAdmin(); 148 } 149 return $instance; 150 } 151 152 function doSQL ($sql) { 153 $this->connection->setQuery($sql); 154 if (!$this->connection->query()) { 155 echo "<script> alert('".$this->connection->getErrorMsg()."'); window.history.go(-1); </script>\n"; 156 exit(); 157 } 158 } 159 160 function getRoles () { 161 if (count($this->roles) == 0) { 162 $sql = "SELECT DISTINCT role FROM #__assignments"; 163 $this->connection->setQuery($sql); 164 $this->roles = $this->connection->loadResultArray(); 165 $sql = "SELECT DISTINCT role FROM #__permissions"; 166 $this->connection->setQuery($sql); 167 $more = $this->connection->loadResultArray(); 168 foreach ($more as $role) $this->addRole($role); 169 } 170 return $this->roles; 171 } 172 173 function addRole ($role) { 174 if (!in_array($role, $this->roles)) $this->roles[] = $role; 175 } 176 177 function removeRole ($role) { 178 $key = array_search($role, $this->roles); 179 if ($key !== false) unset($this->roles[$key]); 180 } 181 182 function &permissionHolders ($subject_type, $subject_id) { 183 $sql = "SELECT role, action, control FROM #__permissions"; 184 if ($subject_type != '*') $where[] = "(subject_type='$subject_type' OR subject_type='*')"; 185 if ($subject_id != '*') $where[] = "(subject_id='$subject_id' OR subject_id='*')"; 186 if (isset($where)) $sql .= " WHERE ".implode(' AND ', $where); 187 $this->connection->setQuery($sql); 188 $result = $this->connection->loadObjectList(); 189 if (!$result) $result = array(); 190 return $result; 191 } 192 193 function &nonLocalPermissionHolders ($subject_type, $subject_id) { 194 $sql = "SELECT role, action, control FROM #__permissions WHERE (action='*' OR subject_type='*' OR subject_id='*') AND ((subject_type='$subject_type' OR subject_type='*') AND (subject_id='$subject_id' OR subject_id='*'))"; 195 $this->connection->setQuery($sql); 196 $result = $this->connection->loadObjectList(); 197 if (!$result) $result = array(); 198 return $result; 199 } 200 201 function permitSQL ($role, $control, $action, $subject_type, $subject_id) { 202 $sql = "REPLACE INTO #__permissions (role, control, action, subject_type, subject_id) VALUES ('$role', '$control', '$action', '$subject_type', '$subject_id');"; 203 return $sql; 204 } 205 206 function permit ($role, $control, $action, $subject_type, $subject_id) { 207 $sql = $this->permitSQL($role, $control, $action, $subject_type, $subject_id); 208 $this->doSQL($sql); 209 $this->addRole($role); 210 } 211 212 function assign ($role, $access_type, $access_id) { 213 $sql = "REPLACE INTO #__assignments (role, access_type, access_id) VALUES ('$role', '$access_type', '$access_id')"; 214 $this->doSQL($sql); 215 $this->addRole($role); 216 } 217 218 function dropAccess ($access_type, $access_id) { 219 $sql = "DELETE FROM #__assignments WHERE access_type='$access_type' AND access_id='$access_id'"; 220 $this->doSQL($sql); 221 } 222 223 function &getControllingRoles ($access_type, $access_id, $action, $subject_type, $subject_id) { 224 $sql = "SELECT a.role FROM #__permissions AS p, #__assignments AS a WHERE a.access_type='$access_type'" 225 ." AND a.access_id='$access_id' AND a.role=p.role AND (p.control&1)" 226 ." AND p.action='$action' AND p.subject_type='$subject_type' AND p.subject_id='$subject_id'"; 227 $this->doSQL($sql); 228 $roles = $this->connection->loadResultArray(); 229 return $roles; 230 } 231 232 function &getMyPermissions ($access_type, $access_id) { 233 $sql = 'SELECT p.action, p.subject_type, p.subject_id, control FROM #__permissions AS p, #__assignments AS a' 234 . " WHERE p.role=a.role AND a.access_type='$access_type' AND (a.access_id='$access_id' OR a.access_id='*')" 235 . ' AND (p.control&1)'; 236 $this->doSQL($sql); 237 $permissions =& $this->connection->loadObjectList(); 238 return $permissions; 239 } 240 241 function getJointPermissions ($access_type, $access_id, $role) { 242 $sql = "SELECT p2.control AS hiscontrol, p1.control AS mycontrol, p1.action, p1.subject_type, p1.subject_id" 243 ." FROM `#__assignments` AS a, `#__permissions` AS p1 LEFT JOIN `#__permissions` AS p2" 244 ." ON (p2.role='$role' AND p1.action=p2.action AND p1.subject_type=p2.subject_type AND p1.subject_id=p2.subject_id)" 245 ." WHERE (p1.control&1) AND p1.role=a.role AND a.access_type='$access_type' AND (a.access_id='$access_id' OR a.access_id='*')"; 246 $this->doSQL($sql); 247 $permissions =& $this->connection->loadObjectList(); 248 return $permissions; 249 } 250 251 function getAccessLists ($access_type, $access_id, $action, $subject_type, $subject_id) { 252 $authoriser =& mosAuthoriser::getInstance(); 253 if ($authoriser->checkControl($access_type, $access_id, $action, $subject_type, $subject_id)) { 254 $cangrant = $authoriser->checkGrant($access_type, $access_id, $action, $subject_type, $subject_id); 255 $permissions = $this->permissionHolders($subject_type, $subject_id); 256 $allroles = $this->getRoles(); 257 foreach ($allroles as $role) { 258 $itemc[] = $optionc = mosHTML::makeOption($role, $role); 259 $itema[] = $optiona = mosHTML::makeOption($role, $role); 260 if ($cangrant) $itemg[] = $optiong = mosHTML::makeOption($role, $role); 261 foreach ($permissions as $permission) { 262 if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) { 263 if ($permission->control & 1) $cselected[] = $optionc; 264 if ($permission->control & 2) $aselected[] = $optiona; 265 if ($cangrant AND $permission->control & 4) $gselected[] = $optiong; 266 } 267 } 268 } 269 $results[] = mosHTML::selectList($itema, $action.'_arole[]', 'multiple="multiple"', 'value', 'text', $aselected); 270 $results[] = mosHTML::selectList($itemc, $action.'_crole[]', 'multiple="multiple"', 'value', 'text', $cselected); 271 if ($cangrant) $results[] = mosHTML::selectList($itemg, $action.'_grole[]', 'multiple="multiple"', 'value', 'text', $gselected); 272 } 273 else $results = array(); 274 return $results; 275 } 276 277 function resetPermissions ($action, $subject_type, $subject_id) { 278 $control_types = array ('crole', 'arole', 'grole'); 279 $control_values = array (1,2,4); 280 $permissions = $this->nonLocalPermissionHolders($subject_type, $subject_id); 281 $this->dropPermissions($action, $subject_type, $subject_id); 282 foreach ($control_types as $i=>$type) { 283 $key = $action.'_'.$type; 284 if (isset($_POST[$key])) { 285 foreach ($_POST[$key] as $role) { 286 $value = isset($newpermits[$role]) ? $newpermits[$role] : 0; 287 $newpermits[$role] = $value | $control_values[$i]; 288 } 289 } 290 } 291 $sql = ''; 292 foreach ($newpermits as $role=>$value) { 293 $needed = true; 294 foreach ($permissions as $permission) { 295 if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) { 296 if (($value & $permission->control) === $value) { 297 $needed = false; 298 break; 299 } 300 } 301 } 302 if ($needed) $sql .= $this->permitSQL ($role, $value, $action, $subject_type, $subject_id); 303 } 304 if ($sql) $this->doSQL($sql); 305 } 306 307 function roleExists ($role) { 308 $sql = "SELECT COUNT(role) FROM #__permissions WHERE role='$role' GROUP BY role"; 309 $this->doSQL($sql); 310 if ($this->connection->loadResult()) return true; 311 $sql = "SELECT COUNT(role) FROM #__assignments WHERE role='$role' GROUP BY role"; 312 $this->doSQL($sql); 313 if ($this->connection->loadResult()) return true; 314 else return false; 315 } 316 317 function dropRole ($role) { 318 $sql = "DELETE FROM #__permissions WHERE action='administer' AND subject_type='$role' AND system=0"; 319 $this->doSQL($sql); 320 $sql = "DELETE a FROM #__assignments AS a LEFT JOIN #__permissions AS p ON a.role=p.role WHERE a.role='$role' AND (p.system=0 OR p.system=NULL)"; 321 $this->doSQL($sql); 322 $this->dropRolePermissions($role); 323 $this->removeRole($role); 324 } 325 326 function dropRolePermissions ($role) { 327 $sql = "DELETE FROM #__permissions WHERE role='$role' AND system=0"; 328 $this->doSQL($sql); 329 $this->roles = array(); 330 } 331 332 function dropPermissions ($action, $subject_type, $subject_id) { 333 $sql = "DELETE FROM #__permissions WHERE action='$action' AND subject_type='$subject_type'AND subject_id='$subject_id' AND system=0"; 334 $this->doSQL($sql); 335 $this->roles = array(); 336 } 337 338 } 339 340 /** 341 * Extended input filter that uses language character set in the decode() function - al warren 342 */ 343 // make sure Php Input Filter base class is loaded 344 require_once(mamboCore::get('mosConfig_absolute_path').'/includes/phpInputFilter/class.inputfilter.php'); 345 class mosInputFilter extends InputFilter { 346 var $charset=null; 347 function mosInputFilter() { 348 static $filter; 349 if (!isset($filter)) { 350 $filter = new InputFilter(); 351 foreach(get_object_vars($filter) as $key=>$value) { 352 $this->$key = $value; 353 } 354 $filter = null; 355 } 356 $configuration =& mamboCore::getMamboCore(); 357 $this->charset = $configuration->current_language->charset; // could handle this easier? 358 } 359 360 function getInstance() { 361 static $instance; 362 if (!isset($instance)) $instance = new mosInputFilter(); 363 return $instance; 364 } 365 366 function decode($source) { 367 // make sure were using a valid character set for html_entity_decode 368 $charset = $this->mosFilterCharset($this->charset); 369 370 // url decode 371 $source = html_entity_decode($source, ENT_QUOTES, $charset); 372 // convert decimal 373 $source = preg_replace('/&#(\d+);/me',"chr(\\1)", $source); // decimal notation 374 // convert hex 375 $source = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)", $source); // hex notation 376 return $source; 377 } 378 379 // make sure we're working with a valid character set. return default if not. 380 function mosFilterCharset($charset) { 381 static $validSets; 382 if (!isset($validSets)) { 383 $validSets = array( 384 'iso-8859-1','iso-8859-15','utf-8', 385 'cp866','ibm866','866', 386 'cp1251','windows-1251','win-1251','1251', 387 'cp1252','windows-1252','1252', 388 'koi8-r','koi8-ru','koi8r', 389 'big5','950', 390 'gb2312','936', 391 'big5-hkscs', 392 'shift_jis','sjis','932', 393 'euc-jp','eucjp' 394 ); 395 } 396 if(in_array(strtolower($charset), $validSets)) { 397 return $charset; 398 } 399 // php default for html_entity_decode 400 return 'ISO-8859-1'; 401 } 402 } 403 404 405 // ----- NO MORE CLASSES OR FUNCTIONS PASSED THIS POINT ----- 406 // Post class declaration initialisations 407 // some version of PHP don't allow the instantiation of classes 408 // before they are defined 409 410 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Feb 8 00:05:01 2012 | Cross-referenced by PHPXref 0.7 |
| Mambo API: Mambo is Free software released under the GNU/General Public License, Version 2 |