aliroAuthorisationAdmin Class Reference

List of all members.

Public Member Functions

 getAllRoles ($addSpecial=false)
 getTranslatedRole ($role)
 permittedRoles ($actions, $subject_type, $subject_id, $excluding=null)
 permit ($role, $control, $action, $subject_type, $subject_id)
 assign ($role, $access_type, $access_id, $clear=true)
 unassign ($role, $access_type, $access_id)
 assignRoleSet ($roleset, $access_type, $access_id)
 dropAccess ($access_type, $access_id)
getMyControllingRoles ($action, $subject_type, $subject_id)
getMyPermissions ()
 getMyJointPermissions ($role)
 getAccessLists ($access_type, $access_id, $action, $subject_type, $subject_id)
 resetPermissions ($action, $subject_type, $subject_id)
 roleExists ($role)
 dropRole ($role)
 dropPermissions ($action, $subject_type, $subject_id)

Static Public Member Functions

static getInstance ()

Private Member Functions

 __construct ()
 __clone ()
 doSQL ($sql, $clear=false)
 clearCache ()
permissionHolders ($subject_type, $subject_id)
nonLocalPermissionHolders ($subject_type, $subject_id)
 permitSQL ($role, $control, $action, $subject_type, $subject_id)

Private Attributes

 $handler = null
 $authoriser = null
 $database = null

Static Private Attributes

static $instance = __CLASS__

Detailed Description

Definition at line 45 of file aliroAuthorisationAdmin.php.

Constructor & Destructor Documentation

aliroAuthorisationAdmin::__construct (  )  [private]

Definition at line 52 of file aliroAuthorisationAdmin.php.

References aliroCoreDatabase::getInstance(), aliroAuthoriser::getInstance(), and aliroAuthoriserCache::getInstance().

00052                                     {
00053         $this->handler = aliroAuthoriserCache::getInstance();
00054         $this->authoriser = aliroAuthoriser::getInstance();
00055         $this->database = aliroCoreDatabase::getInstance();
00056     }

Member Function Documentation

aliroAuthorisationAdmin::__clone (  )  [private]

Definition at line 58 of file aliroAuthorisationAdmin.php.

00058                                 {
00059         // Enforce singleton
00060     }

static aliroAuthorisationAdmin::getInstance (  )  [static]

Definition at line 62 of file aliroAuthorisationAdmin.php.

00062                                           {
00063         return is_object(self::$instance) ? self::$instance : (self::$instance = new self::$instance());
00064     }

aliroAuthorisationAdmin::doSQL ( sql,
clear = false 
) [private]

Definition at line 66 of file aliroAuthorisationAdmin.php.

References clearCache().

Referenced by assign(), dropAccess(), dropPermissions(), dropRole(), getMyControllingRoles(), getMyJointPermissions(), getMyPermissions(), permit(), and resetPermissions().

00066                                                 {
00067         $this->database->doSQL($sql);
00068         if ($clear) $this->clearCache();
00069     }

aliroAuthorisationAdmin::clearCache (  )  [private]

Definition at line 71 of file aliroAuthorisationAdmin.php.

Referenced by assignRoleSet(), and doSQL().

00071                                    {
00072         $this->handler->clearCache();
00073         $this->authoriser->clearCache();
00074     }

aliroAuthorisationAdmin::getAllRoles ( addSpecial = false  ) 

Definition at line 76 of file aliroAuthorisationAdmin.php.

Referenced by getAccessLists(), and roleExists().

00076                                                     {
00077         return $this->authoriser->getAllRoles($addSpecial);
00078     }

aliroAuthorisationAdmin::getTranslatedRole ( role  ) 

Definition at line 80 of file aliroAuthorisationAdmin.php.

Referenced by permittedRoles().

00080                                               {
00081         return $this->authoriser->getTranslatedRole($role);
00082     }

& aliroAuthorisationAdmin::permissionHolders ( subject_type,
subject_id 
) [private]

Definition at line 84 of file aliroAuthorisationAdmin.php.

Referenced by getAccessLists(), and permittedRoles().

00084                                                                      {
00085         $sql = "SELECT DISTINCT role, action, control, subject_type, subject_id FROM #__permissions";
00086         if ($subject_type != '*') $where[] = "(subject_type='$subject_type' OR subject_type='*')";
00087         if ($subject_id != '*') $where[] = "(subject_id='$subject_id' OR subject_id='*')";
00088         if (isset($where)) $sql .= " WHERE ".implode(' AND ', $where);
00089         $result = $this->database->doSQLget($sql);
00090         return $result;
00091     }

aliroAuthorisationAdmin::permittedRoles ( actions,
subject_type,
subject_id,
excluding = null 
)

Definition at line 93 of file aliroAuthorisationAdmin.php.

References getTranslatedRole(), permissionHolders(), and role.

00093                                                                                            {
00094         $nonspecific = true;
00095         foreach ($this->permissionHolders ($subject_type, $subject_id) as $possible) {
00096             if ('*' == $possible->action OR in_array($possible->action, (array) $actions)) {
00097                 $result[$possible->role] = $this->getTranslatedRole($possible->role);
00098                 if ('*' != $possible->subject_type AND '*' != $possible->subject_id) $nonspecific = false;
00099             }
00100         }
00101         if (!isset($result) OR $nonspecific) $result['Visitor'] = $this->getTranslatedRole('Visitor');
00102         foreach ((array) $excluding as $exclude) if (isset($result[$exclude])) unset($result[$exclude]);
00103         return $result;
00104     }

& aliroAuthorisationAdmin::nonLocalPermissionHolders ( subject_type,
subject_id 
) [private]

Definition at line 106 of file aliroAuthorisationAdmin.php.

Referenced by resetPermissions().

00106                                                                              {
00107         $sql = "SELECT role, action, control FROM #__permissions WHERE (action='*' OR subject_type='*' OR subject_id='*') AND ((subject_type='$subject_type' OR subject_type='*') AND (subject_id='$subject_id' OR subject_id='*'))";
00108         return $this->database->doSQLget($sql);
00109     }

aliroAuthorisationAdmin::permitSQL ( role,
control,
action,
subject_type,
subject_id 
) [private]

Definition at line 111 of file aliroAuthorisationAdmin.php.

Referenced by permit(), and resetPermissions().

00111                                                                                       {
00112         $this->database->setQuery("SELECT id FROM #__permissions WHERE role='$role' AND action='$action' AND subject_type='$subject_type' AND subject_id='$subject_id'");
00113         $id = $this->database->loadResult();
00114         if ($id) return "UPDATE #__permissions SET control=$control WHERE id=$id";
00115         else return "INSERT INTO #__permissions (role, control, action, subject_type, subject_id) VALUES ('$role', '$control', '$action', '$subject_type', '$subject_id')";
00116     }

aliroAuthorisationAdmin::permit ( role,
control,
action,
subject_type,
subject_id 
)

Definition at line 118 of file aliroAuthorisationAdmin.php.

References doSQL(), and permitSQL().

00118                                                                                   {
00119         $sql = $this->permitSQL($role, $control, $action, $subject_type, $subject_id);
00120         $this->doSQL($sql, true);
00121     }

aliroAuthorisationAdmin::assign ( role,
access_type,
access_id,
clear = true 
)

Definition at line 123 of file aliroAuthorisationAdmin.php.

References doSQL().

Referenced by assignRoleSet().

00123                                                                           {
00124         if ($this->handler->barredRole($role)) return false;
00125         $this->database->setQuery("SELECT id FROM #__assignments WHERE role='$role' AND access_type='$access_type' AND access_id='$access_id'");
00126         if ($this->database->loadResult()) return true;
00127         $sql = "INSERT INTO #__assignments (role, access_type, access_id) VALUES ('$role', '$access_type', '$access_id')";
00128         $this->doSQL($sql, $clear);
00129         return true;
00130     }

aliroAuthorisationAdmin::unassign ( role,
access_type,
access_id 
)

Definition at line 132 of file aliroAuthorisationAdmin.php.

00132                                                                {
00133         $this->database->doSQL("DELETE FROM #__assignments WHERE role='$role' AND access_type='$access_type' AND access_id='$access_id'", true);
00134         return true;
00135     }

aliroAuthorisationAdmin::assignRoleSet ( roleset,
access_type,
access_id 
)

Definition at line 137 of file aliroAuthorisationAdmin.php.

References assign(), clearCache(), and dropAccess().

00137                                                                        {
00138         $this->dropAccess ($access_type, $access_id);
00139         $roleset = $this->authoriser->minimizeRoleSet($roleset);
00140         foreach ($roleset as $role) $this->assign ($role, $access_type, $access_id, false);
00141         $this->clearCache();
00142     }

aliroAuthorisationAdmin::dropAccess ( access_type,
access_id 
)

Definition at line 144 of file aliroAuthorisationAdmin.php.

References doSQL().

Referenced by assignRoleSet().

00144                                                           {
00145         $sql = "DELETE FROM #__assignments WHERE access_type='$access_type' AND access_id='$access_id'";
00146         $this->doSQL($sql, true);
00147     }

& aliroAuthorisationAdmin::getMyControllingRoles ( action,
subject_type,
subject_id 
)

Definition at line 149 of file aliroAuthorisationAdmin.php.

References doSQL(), and aliroUser::getInstance().

00149                                                                                  {
00150         $user = aliroUser::getInstance();
00151         $sql = "SELECT a.role FROM #__permissions AS p INNER JOIN #__assignments AS a ON a.role=p.role"
00152         ." WHERE a.access_type='aUser'"
00153         ." AND a.access_id='$user->id' AND (p.control&1)"
00154         ." AND p.action='$action' AND p.subject_type='$subject_type' AND p.subject_id='$subject_id'";
00155         $this->doSQL($sql);
00156         $roles = $this->database->loadResultArray();
00157         return $roles;
00158     }

& aliroAuthorisationAdmin::getMyPermissions (  ) 

Definition at line 160 of file aliroAuthorisationAdmin.php.

References doSQL(), and aliroUser::getInstance().

00160                                          {
00161         $user = aliroUser::getInstance();
00162         $sql = 'SELECT p.action, p.subject_type, p.subject_id, control '
00163         . ' FROM #__permissions AS p INNER JOIN #__assignments AS a ON p.role=a.role '
00164         . " WHERE a.access_type='aUser' AND (a.access_id='$user->id' OR a.access_id='*')"
00165         . ' AND (p.control&1)';
00166         $this->doSQL($sql);
00167         $permissions = $this->database->loadObjectList();
00168         return $permissions;
00169     }

aliroAuthorisationAdmin::getMyJointPermissions ( role  ) 

Definition at line 171 of file aliroAuthorisationAdmin.php.

References doSQL(), and aliroUser::getInstance().

00171                                                   {
00172         $user = aliroUser::getInstance();
00173         $sql = "SELECT p2.control AS hiscontrol, p1.control AS mycontrol, p1.action, p1.subject_type, p1.subject_id"
00174         ." FROM `#__assignments` AS a INNER JOIN `#__permissions` AS p1 ON p1.role=a.role "
00175         ." LEFT JOIN `#__permissions` AS p2"
00176         ." ON (p2.role='$role' AND p1.action=p2.action AND p1.subject_type=p2.subject_type AND p1.subject_id=p2.subject_id)"
00177         ." WHERE  (p1.control&1) AND a.access_type='aUser' AND (a.access_id='$user->id' OR a.access_id='*')";
00178         $this->doSQL($sql);
00179         $permissions = $this->database->loadObjectList();
00180         return $permissions;
00181     }

aliroAuthorisationAdmin::getAccessLists ( access_type,
access_id,
action,
subject_type,
subject_id 
)

Definition at line 183 of file aliroAuthorisationAdmin.php.

References getAllRoles(), aliroHTML::getInstance(), permissionHolders(), and role.

00183                                                                                                    {
00184         if ($this->authoriser->checkControl($access_type, $access_id, $action, $subject_type, $subject_id)) {
00185             $cangrant = $this->authoriser->checkGrant($access_type, $access_id, $action, $subject_type, $subject_id);
00186             $permissions = $this->permissionHolders($subject_type, $subject_id);
00187             $allroles = $this->getAllRoles();
00188             $alirohtml = aliroHTML::getInstance();
00189             foreach ($allroles as $role) {
00190                 $itemc[] = $optionc = $alirohtml->makeOption($role, $role);
00191                 $itema[] = $optiona = $alirohtml->makeOption($role, $role);
00192                 if ($cangrant) $itemg[] = $optiong = $alirohtml->makeOption($role, $role);
00193                 foreach ($permissions as $permission) {
00194                     if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) {
00195                         if ($permission->control & 1) $cselected[] = $optionc;
00196                         if ($permission->control & 2) $aselected[] = $optiona;
00197                         if ($cangrant AND $permission->control & 4) $gselected[] = $optiong;
00198                     }
00199                 }
00200             }
00201             $results[] = $alirohtml->selectList($itema, $action.'_arole[]', 'multiple="multiple"', 'value', 'text', $aselected);
00202             $results[] = $alirohtml->selectList($itemc, $action.'_crole[]', 'multiple="multiple"', 'value', 'text', $cselected);
00203             if ($cangrant) $results[] = $alirohtml->selectList($itemg, $action.'_grole[]', 'multiple="multiple"', 'value', 'text', $gselected);
00204         }
00205         else $results = array();
00206         return $results;
00207     }

aliroAuthorisationAdmin::resetPermissions ( action,
subject_type,
subject_id 
)

Definition at line 209 of file aliroAuthorisationAdmin.php.

References doSQL(), dropPermissions(), nonLocalPermissionHolders(), permitSQL(), and role.

00209                                                                            {
00210         $control_types = array ('crole', 'arole', 'grole');
00211         $control_values = array (1,2,4);
00212         $permissions = $this->nonLocalPermissionHolders($subject_type, $subject_id);
00213         $this->dropPermissions($action, $subject_type, $subject_id);
00214         foreach ($control_types as $i=>$type) {
00215             $key = $action.'_'.$type;
00216             if (isset($_POST[$key])) {
00217                 foreach ($_POST[$key] as $role) {
00218                     $value = isset($newpermits[$role]) ? $newpermits[$role] : 0;
00219                     $newpermits[$role] = $value | $control_values[$i];
00220                 }
00221             }
00222         }
00223         $sql = '';
00224         foreach ($newpermits as $role=>$value) {
00225             $needed = true;
00226             foreach ($permissions as $permission) {
00227                 if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) {
00228                     if (($value & $permission->control) === $value) {
00229                         $needed = false;
00230                         break;
00231                     }
00232                 }
00233             }
00234             if ($needed) $sql .= $this->permitSQL ($role, $value, $action, $subject_type, $subject_id);
00235         }
00236         if ($sql) $this->doSQL($sql, true);
00237     }

aliroAuthorisationAdmin::roleExists ( role  ) 

Definition at line 239 of file aliroAuthorisationAdmin.php.

References getAllRoles().

00239                                        {
00240         return in_array($role, $this->getAllRoles());
00241     }

aliroAuthorisationAdmin::dropRole ( role  ) 

Definition at line 243 of file aliroAuthorisationAdmin.php.

References doSQL().

00243                                      {
00244         $sql = "DELETE FROM #__permissions WHERE action='administer' AND subject_type='$role' AND system=0";
00245         $this->doSQL($sql);
00246         $sql = "DELETE a FROM #__assignments AS a LEFT JOIN #__permissions AS p ON a.role=p.role WHERE a.role='$role' AND (p.system=0 OR p.system IS NULL)";
00247         $this->doSQL($sql);
00248         $sql = "DELETE FROM #__permissions WHERE role='$role' AND system=0";
00249         $this->doSQL($sql, true);
00250     }

aliroAuthorisationAdmin::dropPermissions ( action,
subject_type,
subject_id 
)

Definition at line 252 of file aliroAuthorisationAdmin.php.

References doSQL().

Referenced by resetPermissions().

00252                                                                           {
00253         $sql = "DELETE FROM #__permissions WHERE action='$action' AND subject_type='$subject_type'AND subject_id='$subject_id' AND system=0";
00254         $this->doSQL($sql, true);
00255     }

Member Data Documentation

aliroAuthorisationAdmin::$instance = __CLASS__ [static, private]

Definition at line 46 of file aliroAuthorisationAdmin.php.

aliroAuthorisationAdmin::$handler = null [private]

Definition at line 48 of file aliroAuthorisationAdmin.php.

aliroAuthorisationAdmin::$authoriser = null [private]

Definition at line 49 of file aliroAuthorisationAdmin.php.

aliroAuthorisationAdmin::$database = null [private]

Definition at line 50 of file aliroAuthorisationAdmin.php.

The documentation for this class was generated from the following file:
Generated on Wed May 14 13:01:58 2008 for ALIRO by  doxygen 1.5.5