• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/permission.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00030 function renderArray($array) {
00031         $ret = '';
00032         foreach($array as $val)
00033                 $ret .= "'{$val}', ";
00034         $ret = rtrim($ret, ", ");
00035         return $ret;
00036 }
00037 
00038 function inner($smallobj) {
00039         $ret = '';
00040         foreach($smallobj as $key => $val) {
00041                 $temp = renderArray($val);
00042                 $ret .= "'{$key}' : [{$temp}], ";
00043         }
00044         $ret = rtrim($ret, ", ");
00045         return $ret;
00046 }
00047 
00048 function customjson($objDesc) {
00049         return "{'Y' : {" . inner($objDesc['Y']) . "}, 'N' : {" . inner($objDesc['N']) . "}}";
00050 }
00051 
00058 function getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions) {
00065 
00067         $groupIds = array(0, 1);
00068         $groupNames = array('0' => 'Everyone', '1' => 'Logged In Users'); 
00069         $groupCount = 2;
00070         $groupsQuery = 'SELECT `group_id`, `group_name` FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
00071         $groupsResult = mysql_query($groupsQuery);
00072         while($groupsRow = mysql_fetch_row($groupsResult)) {
00073                 $groupIds[] = $groupsRow[0];
00074                 $groupNames[$groupsRow[0]] = $groupsRow[1];
00075                 $groupCount++;
00076         }
00077         mysql_free_result($groupsResult);
00078 
00080         $userIds = array(0);
00081         $userNames = array('0' => 'Anonymous');
00082         $userCount = 1;
00083         $usersQuery = 'SELECT `user_id`, `user_name` FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
00084         $usersResult = mysql_query($usersQuery);
00085         while($usersRow = mysql_fetch_row($usersResult)) {
00086                 $userNames[$usersRow[0]] = $usersRow[1];
00087                 $userIds[] = $usersRow[0];
00088                 $userCount++;
00089         }
00090         mysql_free_result($usersResult);
00091 
00094         $permIds = array();
00095         $permCount = 0;
00096         $permList = array();
00097         foreach($grantableActions as $moduleName => $actionData) {
00098                 if(is_array($actionData) && ($actionCount = count($actionData)) > 0) {
00099                         for($i = 0; $i < $actionCount; $i++) {
00100                                 $permList[$actionData[$i][0]] = array($moduleName, $actionData[$i][1], $actionData[$i][2]);
00101                                 $permIds[] = $actionData[$i][0];
00102                                 $permCount++;
00103                         }
00104                 }
00105         }
00106 
00107         if(count($permList) <= 0 || count($pagepath) <= 0) {
00108                 displayerror('Fatal Error: Missing arguments to function.');
00109                 return;
00110         }
00111 
00116         $groupSetPermissions = array();
00117         $userSetPermissions = array();
00118 
00119         $userPermTable = '`' . MYSQL_DATABASE_PREFIX . 'userpageperm`';
00120         $permListTable = '`' . MYSQL_DATABASE_PREFIX . 'permissionlist`';
00121         $permQuery = "SELECT `perm_type`, $userPermTable.`perm_id` AS `perm_id`, `page_id`, `usergroup_id`, `perm_permission` " .
00122                      "FROM $userPermTable, $permListTable WHERE `page_id` IN (" . join($pagepath, ', ') . ") AND " .
00123                      "$userPermTable.`perm_id` IN (" . join($permIds, ', ') .
00124                      ") AND $userPermTable.`perm_id` = $permListTable.`perm_id`";
00125         $permResult = mysql_query($permQuery);
00126 
00127         while($permRow = mysql_fetch_assoc($permResult)) {
00128                 $pageId = $permRow['page_id'];
00129                 $permId = $permRow['perm_id'];
00130                 $usergroupId = $permRow['usergroup_id'];
00131 
00132                 $setPermissions = &$groupSetPermissions;
00133                 if($permRow['perm_type'] == 'user') {
00134                         $setPermissions = &$userSetPermissions;
00135                 }
00136 
00137                 if(!isset($setPermissions[$pageId])) {
00138                         $setPermissions[$pageId] = array();
00139                 }
00140                 if(!isset($setPermissions[$pageId][$usergroupId])) {
00141                         $setPermissions[$pageId][$usergroupId] = array();
00142                 }
00143                 $setPermissions[$pageId][$usergroupId][$permId] = $permRow['perm_permission'] == 'Y' ? true : false;
00144         }
00145 
00148         $groupEffectivePermissions = array();
00164         for($i = count($pagepath) - 1; $i >= 0; $i--) {
00165                 if(!isset($groupSetPermissions[$pagepath[$i]])) continue;
00166                 $pSP = &$groupSetPermissions[$pagepath[$i]];
00167 
00168                 for($j = 0; $j < $groupCount; $j++) {
00169                         if(!isset($pSP[$groupIds[$j]])) continue;
00170                         $gSP = &$pSP[$groupIds[$j]];
00171                         if(!isset($groupEffectivePermissions[$groupIds[$j]]))
00172                                 $groupEffectivePermissions[$groupIds[$j]] = array();
00173                         $gEP = &$groupEffectivePermissions[$groupIds[$j]];
00174 
00175                         for($k = 0; $k < $permCount; $k++) {
00176                                 if(isset($gSP[$permIds[$k]])) {
00177                                         if(!isset($gEP[$permIds[$k]]) || $gEP[$permIds[$k]] !== false) {
00178                                                 $gEP[$permIds[$k]] = $gSP[$permIds[$k]];
00179                                         }
00180                                 }
00181                         }
00182                 }
00183         }
00184 
00186         $userEffectivePermissions = array();
00187 
00188         for($i = count($pagepath) - 1; $i >= 0; $i--) {
00189                 if(!isset($userSetPermissions[$pagepath[$i]])) continue;
00190                 $pSP = &$userSetPermissions[$pagepath[$i]];
00191 
00192                 for($j = 0; $j < $userCount; $j++) {
00193                         if(!isset($pSP[$userIds[$j]])) continue;
00194                         $uSP = &$pSP[$userIds[$j]];
00195                         if(!isset($userEffectivePermissions[$userIds[$j]]))
00196                                 $userEffectivePermissions[$userIds[$j]] = array();
00197                         $uEP = &$userEffectivePermissions[$userIds[$j]];
00198 
00199                         for($k = 0; $k < $permCount; $k++) {
00200                                 if(isset($uSP[$permIds[$k]])) {
00201                                         if(!isset($uEP[$permIds[$k]]) || $uEP[$permIds[$k]] !== false) {
00202                                                 $uEP[$permIds[$k]] = $uSP[$permIds[$k]];
00203                                         }
00204                                 }
00205                         }
00206                 }
00207         }
00208 
00210         $userGroups = array();
00211         $groupsQuery = 'SELECT `user_id`, `group_id` FROM `'.MYSQL_DATABASE_PREFIX.'usergroup` ' .
00212                        'ORDER BY `user_id`';
00213         $groupsResult = mysql_query($groupsQuery);
00214         while($groupsRow = mysql_fetch_row($groupsResult)) {
00215                 if(!isset($userGroups[$groupsRow[0]])) $userGroups[$groupsRow[0]] = array();
00216                 $userGroups[$groupsRow[0]][] = $groupsRow[1];
00217         }
00218         mysql_free_result($groupsResult);
00219 
00220 
00222         for($i = 0; $i < $userCount; $i++) {
00223                 if(!isset($userGroups[$userIds[$i]])) {
00224                         if($userIds[$i] == 0)
00225                                 continue;
00226                         else
00227                                 $userGroups[$userIds[$i]] = array(0, 1);
00228                 }
00229                 if(!isset($userEffectivePermissions[$userIds[$i]]))
00230                         $userEffectivePermissions[$userIds[$i]] = array();
00231 
00232                 for($j = 0; $j < $permCount; $j++) {
00233                         $userGroupCount = count($userGroups[$userIds[$i]]);
00234 
00235                         for($k = 0; $k < $userGroupCount; $k++) {
00236                                 if (
00237                                                 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]]) &&
00238                                                 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]])
00239                                         ) {
00240 
00241                                         if(!isset($userEffectivePermissions[$userIds[$i]][$permIds[$j]]))
00242                                                 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] = false;
00243 
00244                                         $userEffectivePermissions[$userIds[$i]][$permIds[$j]] =
00245                                                                                                         $userEffectivePermissions[$userIds[$i]][$permIds[$j]] ||
00246                                                                                                         $groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]];
00247 
00248                                 }
00249                         }
00250                 }
00251         }
00252         
00253         $sortedGroupPerms = array('Y' => array(), 'N' => array());
00254         $sortedUserPerms = array('Y' => array(), 'N' => array());
00255         
00256         foreach($groupEffectivePermissions as $groupid => $data) {
00257                 foreach($groupEffectivePermissions[$groupid] as $permid => $value) {
00258                         if($value === true) {
00259                                 if(!isset($sortedGroupPerms['Y'][$groupid]))
00260                                         $sortedGroupPerms['Y'][$groupid] = array();
00261                                 $sortedGroupPerms['Y'][$groupid][] = $permid;
00262                         } else {
00263                                 if(!isset($sortedGroupPerms['N'][$groupid]))
00264                                         $sortedGroupPerms['N'][$groupid] = array();
00265                                 $sortedGroupPerms['N'][$groupid][] = $permid;
00266                         }
00267                 }
00268         }
00269         
00270         foreach($userEffectivePermissions as $userid => $data) {
00271                 foreach($userEffectivePermissions[$userid] as $permid => $value) {
00272                         if($value === true) {
00273                                 if(!isset($sortedUserPerms['Y'][$userid]))
00274                                         $sortedUserPerms['Y'][$userid] = array();
00275                                 $sortedUserPerms['Y'][$userid][] = $permid;
00276                         } else {
00277                                 if(!isset($sortedUserPerms['N'][$userid]))
00278                                         $sortedUserPerms['N'][$userid] = array();
00279                                 $sortedUserPerms['N'][$userid][] = $permid;
00280                         }
00281                 }
00282         }
00283         
00284         $groupReturnText = customjson($sortedGroupPerms);
00285         $userReturnText = customjson($sortedUserPerms);
00286         
00287         $ret = <<<RET
00288 permGroups = {$groupReturnText};
00289 permUsers = {$userReturnText};
00290 RET;
00291         return $ret;
00292 }
00293 
00294 
00295 function getPermissionId($module, $action) {
00296         $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00297                                                                 "`page_module` = '$module' AND `perm_action` = '$action'";
00298         $permResult = mysql_query($permQuery);
00299 
00300         if($permResult && ($permResultRow = mysql_fetch_array($permResult))) {
00301                 return $permResultRow[0];
00302         }
00303         else {
00304                 return -1;
00305         }
00306 }
00307 
00308 
00309 
00319 function getPagePermission(array $pagePath, $usergroupid, $action, $module, $permtype = 'group') {
00320         $userpermTable = MYSQL_DATABASE_PREFIX . "userpageperm";
00321         $permissionlistTable = MYSQL_DATABASE_PREFIX . "permissionlist";
00322 
00323         $pageids = join($pagePath, ', ');
00324 
00325         $permQuery = "SELECT $userpermTable.perm_permission, $userpermTable.page_id FROM $userpermTable, $permissionlistTable ";
00326         $permQuery .= "WHERE $userpermTable.perm_type = '$permtype' AND $userpermTable.page_id IN ($pageids) AND ";
00327         $permQuery .= "$userpermTable.usergroup_id = $usergroupid AND $permissionlistTable.page_module = '$module' AND ";
00328         $permQuery .= "$permissionlistTable.perm_action = '$action' AND $permissionlistTable.perm_id = $userpermTable.perm_id";
00329         $permissionsArray = array ();
00330         if ($permQueryResult = mysql_query($permQuery)) {
00331                 while ($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00332                         $permissionsArray[$permQueryResultRow['page_id']] = $permQueryResultRow['perm_permission'] == 'Y' ? true : false;
00333                 }
00334         }
00335 
00341         $permission = -1; 
00342         for ($i = count($pagePath) - 1; $i >= 0; $i--) {
00343                 if (isset ($permissionsArray[$pagePath[$i]])) {
00344                         $permission = $permissionsArray[$pagePath[$i]];
00345                         if($permission === false) break;
00346                 }
00347         }
00348 
00349         if($permission === -1) {
00350                 $permission = false;
00351         }
00352         return $permission;
00353 }
00354 
00355 
00356 
00365  //TODO : Make sure that when admin is granted, it gets granted only at pageid 0
00366 function getPermissions($userid, $pageid, $action, $module="") {
00367         if($action!="admin" && getPermissions($userid,0,"admin"))
00368                 return true;
00369         if($module=="") {
00370                 $query = "SELECT 1 FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE page_module=\"page\" AND perm_action=\"$action\"";
00371                 $result = mysql_query($query);
00372                 if(mysql_num_rows($result)>=1)
00373                         $module = 'page';
00374                 else
00375                         $module = getEffectivePageModule($pageid);
00376         }
00377         $permission = false;
00378 
00379         if($module=="menu" || $module=="external")      return getPermissions($userid,getParentPage($pageid),$action);
00382 
00383         $pagePath=array();
00384         parseUrlDereferenced($pageid, $pagePath);
00385         foreach(getGroupIds($userid) as $groupid) {
00386                 if($permission === true)        break;
00387                 $permission = getPagePermission($pagePath, $groupid, $action, $module);
00388         }
00389 
00390         if($permission === false) {
00391                 $permission = getPagePermission($pagePath, $userid, $action, $module, 'user');
00392         }
00393         return $permission;
00394 }
00395 
00396 
00401 function determineGrantTargetId(&$targettype) {
00402         $targetId = -1;
00403         $targettype = 'group';
00404         $idQuery = '';
00405 
00406         if($_POST['optusergroup'] == 'group') {
00407                 if($_POST['optgroup012'] == 'group0') {
00408                         $targetId = 0;
00409                 }
00410                 else if($_POST['optgroup012'] == 'group1') {
00411                         $targetId = 1;
00412                 }
00413                 else if($_POST['optgroup012'] == 'group3') {
00414                         $targettype = 'user';
00415                         $targetId = 0;
00416                 }
00417                 else {
00418                         $idQuery = "SELECT `group_id` FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `group_name` = '".escape($_POST['modifiablegroups'])."'";
00419                 }
00420         }
00421         else if($_POST['optusergroup'] == 'user') {
00422                 $hyphenPos = strpos($_POST['useremail'], '-');
00423                 if($hyphenPos >= 0) {
00424                         $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
00425                 }
00426                 else {
00427                         $userEmail = escape($_POST['useremail']);
00428                 }
00429 
00430                 $idQuery = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` = '$userEmail'";
00431                 $targettype = 'user';
00432         }
00433 
00434         if($targetId == -1 && $idQuery != '') {
00435                 $idResult = mysql_query($idQuery);
00436 
00437                 if($idResult) {
00438                         if($idResultRow = mysql_fetch_row($idResult)) {
00439                                 $targetId = $idResultRow[0];
00440                         }
00441                 }
00442         }
00443 
00444         return $targetId;
00445 }
00446 
00447 
00448 
00457 function grantPermissions($userid, $pageid) {
00458         //serving change permission requests
00459         if(isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
00460                 $permtype = escape($_GET['permtype']);
00461                 $pageid = escape($_GET['pageid']);
00462                 $usergroupid = escape($_GET['usergroupid']);
00463                 $permid = escape($_GET['permid']);
00464                 $perm = escape($_GET['perm']);
00465                 $flag = true;
00466                 if($perm == 'Y' || $perm == 'N') {
00467                         if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00468                                 if($permission['perm_permission'] != $perm) {
00469                                         mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00470                                         if(mysql_affected_rows() == 0)
00471                                                 $flag = false;
00472                                 }
00473                         } else {
00474                                 mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('$permtype','$pageid','$usergroupid','$permid','$perm')");
00475                                 if(mysql_affected_rows() == 0)
00476                                         $flag = false;
00477                         }
00478                 } else {
00479                         if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00480                                 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00481                                 if(mysql_affected_rows() == 0)
00482                                         $flag = false;
00483                         }
00484                 }
00485                 
00486                 if($flag)
00487                         echo "1";
00488                 else
00489                         echo "0";
00490                 disconnect();
00491                 exit();
00492         }
00493         //serving refresh permissions request
00494         if(isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
00495                 global $cmsFolder,$urlRequestRoot, $templateFolder;
00496                 $pageid = escape($_GET['pageid']);
00497                 if(mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
00498                 $pagepath = array();
00499                 parseUrlDereferenced($pageid, $pagepath);
00500                 $pageid = $pagepath[count($pagepath) - 1];
00501 
00502                 $groups = array_reverse(getGroupIds($userid));
00503                 $virtue = '';
00504                 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00505                 if($maxPriorityGroup == -1) {
00506                         return 'You do not have the required permissions to view this page.';
00507                 }
00508 
00509                 if($virtue == 'user') {
00510                         $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00511                 }
00512                 else {
00513                         $grantableActions = getGroupPermissions($groups, $pagepath);
00514                 }
00515 
00516                 $actionCount = count($_POST['permission']);
00517                 $checkedActions = array();
00518                 for($i = 0; $i < $actionCount; $i++) {
00519                         list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00520 
00521                         if(isset($_POST[$modTemp.$actTemp])) {
00522                                 if(isset($grantableActions[$modTemp])) {
00523                                         for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00524                                                 if($grantableActions[$modTemp][$j][1] == $actTemp) {
00525                                                         $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00526                                                         break;
00527                                                 }
00528                                         }
00529                                 }
00530                         }
00531                 }
00532                 if(count($checkedActions) > 0) {
00533                         $grantableActions = $checkedActions;
00534                 }
00535 
00536                 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00537                 $modifiableGroupIds = array(0, 1);
00538                 for($i = 0; $i < count($modifiableGroups); $i++) {
00539                         $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00540                 }
00541                 $permissions = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00542                         $ret =<<<RET
00543 pageid = {$pageid};
00544 {$permissions}
00545 RET;
00546                         echo $ret;
00547                 } else {
00548                         echo "Error: Invalid Pageid passed";
00549                 }
00550                 disconnect();
00551                 exit();
00552         }
00553         
00554         global $cmsFolder,$urlRequestRoot;
00555         $pagepath = array();
00556         parseUrlDereferenced($pageid, $pagepath);
00557         $pageid = $pagepath[count($pagepath) - 1];
00558 
00559         $groups = array_reverse(getGroupIds($userid));
00560         $virtue = '';
00561         $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00562         if($maxPriorityGroup == -1) {
00563                 return 'You do not have the required permissions to view this page.';
00564         }
00565 
00566         if($virtue == 'user') {
00567                 $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00568         }
00569         else {
00570                 $grantableActions = getGroupPermissions($groups, $pagepath);
00571         }
00572         if(isset($_POST['permission']))
00573         $actionCount = count($_POST['permission']);
00574         else $actionCount="";
00575         $checkedActions = array();
00576         for($i = 0; $i < $actionCount; $i++) {
00577                 list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00578 
00579                 if(isset($_POST[$modTemp.$actTemp])) {
00580                         if(isset($grantableActions[$modTemp])) {
00581                                 for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00582                                         if($grantableActions[$modTemp][$j][1] == $actTemp) {
00583                                                 $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00584                                                 break;
00585                                         }
00586                                 }
00587                         }
00588                 }
00589         }
00590         if(count($checkedActions) > 0) {
00591                 $grantableActions = $checkedActions;
00592         }
00593 
00594         $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00595         $modifiableGroupIds = array(0, 1);
00596         for($i = 0; $i < count($modifiableGroups); $i++) {
00597                 $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00598         }
00599         $perms = getAllPermissions();
00600         $permissions = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00601         $groups = customGetGroups($maxPriorityGroup);
00602         $users = customGetAllUsers();
00603         global $templateFolder;
00604         $smarttableconfig = array (
00605                         
00606                         'permtable' => array(
00607                                 
00608                                 'sPaginationType' => 'two_button',
00609                                 'bAutoWidth' => 'false',
00610                                 'aoColumns' => '{ "sWidth": "100px" }'
00611                         ),
00612                         'permtable2' => array(
00613                                 'sPaginationType' => 'two_button',
00614                                 'bAutoWidth' => 'false',
00615                                 'aoColumns' => '{ "sWidth": "100px" }'
00616                         )
00617         );
00618         $ret = smarttable::render(array('permtable','permtable2'),$smarttableconfig);
00619         $ret .= <<<RET
00620 <style type="text/css" title="currentStyle">
00621         div#permtable_filter input { width: 90px; }
00622         div#permtable2_filter input { width: 90px; }
00623 </style>
00624 <script type="text/javascript" language="javascript" src="$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts/permissionsTable.js"></script>
00625 <script type="text/javascript">
00626 var pageid = {$pageid};
00627 var permissions = {{$perms}};
00628 var permGroups;
00629 var permUsers;
00630 var groups = {{$groups}};
00631 var users = {{$users}};
00632 {$permissions}
00633 var selected = {'permissions' : [], 'users' : [], 'groups' : []};
00634 </script>
00635 <div id='info'></div>
00636 <INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
00637 <div id='permTable'>
00638 
00639 </div>
00640 <table width=100%>
00641 <tr>
00642 <td width=50%>
00643 <a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a><br>
00644 <table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>
00645 
00646 </tbody></table>
00647 </td>
00648 <td width=50%>
00649 <a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a><br>
00650 <table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>
00651 
00652 </tbody></table>
00653 </td>
00654 </tr>
00655 </table>
00656 
00657 <a href='javascript:populateList()'>Click here if the lists are empty</a>
00658 RET;
00659         global $STARTSCRIPTS;
00660         $STARTSCRIPTS .= " populateList();";
00661         return $ret;
00662 }
00663 
00664 function getPerms($pageId, $groupuser, $yesno) {
00665         $ret = "";
00666         $result = mysql_query("SELECT `usergroup_id`, `perm_id` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `page_id` = '{$pageId}' AND `perm_type` = '{$groupuser}' AND `perm_permission` = '{$yesno}'");
00667         while($row = mysql_fetch_array($result))
00668                 $perms[$row['usergroup_id']][] = $row['perm_id'];
00669         if(isset($perms)) 
00670                 foreach($perms as $group => $values) {
00671                         $ret .= "'" . $group . "' : [";
00672                         foreach($values as $value)
00673                                 $ret .= "'" . $value . "', ";
00674                         $ret = rtrim($ret, ", ");
00675                         $ret .= "], ";
00676                 }
00677         $ret = rtrim($ret, ", ");
00678         return $ret;
00679 }
00680 
00681 function customGetAllUsers() {
00682         $ret = "";
00683         $result = mysql_query("SELECT `user_name`,`user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users`");
00684         while($row = mysql_fetch_array($result))
00685                 $ret .= "'{$row['user_id']}' : '{$row['user_name']}', ";
00686         $ret = rtrim($ret,", ");
00687         return $ret;    
00688 }
00689 
00690 function customGetGroups($priority) {
00691         $ret = "'0' : 'Everyone', '1' : 'Logged in Users', ";
00692         $result = mysql_query("SELECT `group_name`,`group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` < {$priority}");
00693         while($row = mysql_fetch_array($result))
00694                 $ret .= "'{$row['group_id']}' : '{$row['group_name']}', ";
00695         $ret = rtrim($ret,", ");
00696         return $ret;
00697 }
00698 
00699 function getAllPermissions() {
00700         $ret = "";
00701         $result = mysql_query("SELECT `perm_id`,`page_module`,`perm_action` FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`");
00702         while($row = mysql_fetch_array($result))
00703                 $ret .= "'{$row['perm_id']}' : '{$row['page_module']} - {$row['perm_action']}', ";
00704         $ret = rtrim($ret,", ");
00705         return $ret;
00706 }
00707 
00708 
00718 function unsetPagePermission($usergroupid, $pageid, $action, $module, $permtype = 'group') {
00719         $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00720                                                          "`perm_action` = '$action' AND `page_module` = '$module'";
00721         $permQueryResult = mysql_query($permQuery);
00722 
00723         if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00724                 return false;
00725         }
00726 
00727         $permid = $permQueryResultRow['perm_id'];
00728 
00729         $removeQuery = "DELETE FROM `".MYSQL_DATABASE_PREFIX."userpageperm` " .
00730                                                                  "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00731                                                                  "`perm_type` = '$permtype' LIMIT 1";
00732         if(mysql_query($removeQuery)) {
00733                 return true;
00734         }
00735         else {
00736                 return false;
00737         }
00738 }
00739 
00740 
00741 
00752 function setPagePermission($usergroupid, $pageid, $action, $module, $permission, $permtype = 'group') {
00753         $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00754                                                                  "`perm_action` = '$action' AND `page_module` = '$module'";
00755         $permQueryResult = mysql_query($permQuery);
00756 
00757         if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00758                 return false;
00759         }
00760 
00761         $permid = $permQueryResultRow['perm_id'];
00762 
00763         $updateQuery = '';
00764         $permission = ($permission === true ? 'Y' : 'N');
00765         $permQuery = "SELECT `perm_permission` FROM `".MYSQL_DATABASE_PREFIX."userpageperm` WHERE " .
00766                                                          "`usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00767                                                          "`perm_type` = '$permtype'";
00768         $permQueryResult = mysql_query($permQuery);
00769 
00770         if($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00771                 if($permission != $permQueryResultRow['perm_permission']) {
00772                         $updateQuery = "UPDATE `".MYSQL_DATABASE_PREFIX."userpageperm` SET `perm_permission` = '$permission' " .
00773                                                                                  "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00774                                                                                  "`perm_type` = '$permtype' LIMIT 1";
00775                 }
00776         }
00777         else {
00778                 $updateQuery = "INSERT INTO `".MYSQL_DATABASE_PREFIX."userpageperm` (`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) " .
00779                                                                          "VALUES('$permtype', $pageid, $usergroupid, $permid, '$permission')";
00780         }
00781 
00782         if($updateQuery != '') {
00783                 $updateResult = mysql_query($updateQuery);
00784                 if(!$updateResult) {
00785                         return false;
00786                 }
00787         }
00788 
00789         return true;
00790 }
00791 
00792 
00801 function getMaxPriorityGroup(&$pagepath, $userid, &$groupids, &$virtue) {
00802         if(getPagePermission($pagepath, $userid, 'grant', 'page', 'user')) {
00803                 $virtue = 'user';
00804                 return $groupids[0];
00805         }
00806         else {
00807                 $l = count($groupids);
00808                 for($i = 0; $i < $l; $i++) {
00809                         if(getPagePermission($pagepath, $groupids[$i], 'grant', 'page')) {
00810                                 $virtue = 'group';
00811                                 return $groupids[$i];
00812                         }
00813                 }
00814         }
00815 
00816         return -1;
00817 }
00818 
00819 function getModifiableGroups($userId, $maxPriorityGroup, $ordering = 'asc') {
00820         if($ordering != 'asc') $ordering = 'desc';
00821         $modifiableGroups = array(
00822 //              array('group_id' => 0, 'group_name' => 'Guest', 'group_description' => 'All users who visit the site', 'group_priority' => 0),
00823 //              array('group_id' => 1, 'group_name' => 'Logged In', 'group_description' => 'All logged in users', 'group_priority' => 1)
00824         );
00825 
00826         $groupsTable = MYSQL_DATABASE_PREFIX.'groups';
00827         $usergroupTable = MYSQL_DATABASE_PREFIX.'usergroup';
00828 
00831 
00832         $groupPriority = "(SELECT `group_priority` FROM `$groupsTable` WHERE `group_id` = $maxPriorityGroup)";
00833         if($maxPriorityGroup == 1) $groupPriority = 1;
00834         $groupsQuery = "SELECT `$groupsTable`.`group_id`, `$groupsTable`.`group_name`, `$groupsTable`.`group_description`, `$groupsTable`.`group_priority` " .
00835                         "FROM `$groupsTable` WHERE `group_priority` <= $groupPriority ORDER BY `group_priority` $ordering";
00844         $groupsResult = mysql_query($groupsQuery) or die($groupsQuery . '<br />' . mysql_error());
00845 
00846         while($groupsRow = mysql_fetch_assoc($groupsResult)) {
00847                 $modifiableGroups[] = $groupsRow;
00848         }
00849 
00850         return $modifiableGroups;
00851 }
00852 
00859 function getGroupPermissions($groupids, $pagepath, $userid = -1) {
00860         // For a given user, return the set of modules and actions he has at that level
00861         $permQuery = "SELECT `perm_id`, `perm_action`, `page_module`, `perm_description` FROM `".MYSQL_DATABASE_PREFIX."permissionlist`";
00862         $permResult = mysql_query($permQuery);
00863         if(!$permResult) {
00864                 return '';
00865         }
00866 
00867         $permList = array();
00868         $groupCount = count($groupids);
00869 
00870         while($permResultRow = mysql_fetch_assoc($permResult)) {
00871                 $moduleName = $permResultRow['page_module'];
00872                 $actionName = $permResultRow['perm_action'];
00873                 $actionDescription = $permResultRow['perm_description'];
00874                 $permissionId = $permResultRow['perm_id'];
00875 
00876                 $permissionSet = false;
00877 
00878                 for($i = 0; $i < $groupCount; $i++) {
00879                         if(getPagePermission($pagepath, $groupids[$i], $actionName, $moduleName)) {
00880                                 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00881                                 $permissionSet = true;
00882                                 break;
00883                         }
00884                 }
00885 
00886                 if(!$permissionSet && $userid > -1) {
00887                         if(getPagePermission($pagepath, $userid, $actionName, $moduleName, 'user')) {
00888                                 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00889                         }
00890                 }
00891         }
00892 
00893         return $permList;
00894 }
00895 

Generated on Sun Jan 2 2011 04:55:32 for Pragyan CMS by  doxygen 1.7.1