• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/permission.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00030 function renderArray($array) {
00031         $ret = '';
00032         foreach($array as $val)
00033                 $ret .= "'{$val}', ";
00034         $ret = rtrim($ret, ", ");
00035         return $ret;
00036 }
00037 
00038 function inner($smallobj) {
00039         $ret = '';
00040         foreach($smallobj as $key => $val) {
00041                 $temp = renderArray($val);
00042                 $ret .= "'{$key}' : [{$temp}], ";
00043         }
00044         $ret = rtrim($ret, ", ");
00045         return $ret;
00046 }
00047 
00048 function customjson($objDesc) {
00049         return "{'Y' : {" . inner($objDesc['Y']) . "}, 'N' : {" . inner($objDesc['N']) . "}}";
00050 }
00051 
00058 function getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions) {
00065 
00067         $groupIds = array(0, 1);
00068         $groupNames = array('0' => 'Everyone', '1' => 'Logged In Users'); 
00069         $groupCount = 2;
00070         $groupsQuery = 'SELECT `group_id`, `group_name` FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
00071         $groupsResult = mysql_query($groupsQuery);
00072         while($groupsRow = mysql_fetch_row($groupsResult)) {
00073                 $groupIds[] = $groupsRow[0];
00074                 $groupNames[$groupsRow[0]] = $groupsRow[1];
00075                 $groupCount++;
00076         }
00077         mysql_free_result($groupsResult);
00078 
00080         $userIds = array(0);
00081         $userNames = array('0' => 'Anonymous');
00082         $userCount = 1;
00083         $usersQuery = 'SELECT `user_id`, `user_name` FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
00084         $usersResult = mysql_query($usersQuery);
00085         while($usersRow = mysql_fetch_row($usersResult)) {
00086                 $userNames[$usersRow[0]] = $usersRow[1];
00087                 $userIds[] = $usersRow[0];
00088                 $userCount++;
00089         }
00090         mysql_free_result($usersResult);
00091 
00094         $permIds = array();
00095         $permCount = 0;
00096         $permList = array();
00097         foreach($grantableActions as $moduleName => $actionData) {
00098                 if(is_array($actionData) && ($actionCount = count($actionData)) > 0) {
00099                         for($i = 0; $i < $actionCount; $i++) {
00100                                 $permList[$actionData[$i][0]] = array($moduleName, $actionData[$i][1], $actionData[$i][2]);
00101                                 $permIds[] = $actionData[$i][0];
00102                                 $permCount++;
00103                         }
00104                 }
00105         }
00106 
00107         if(count($permList) <= 0 || count($pagepath) <= 0) {
00108                 displayerror('Fatal Error: Missing arguments to function.');
00109                 return;
00110         }
00111 
00116         $groupSetPermissions = array();
00117         $userSetPermissions = array();
00118 
00119         $userPermTable = '`' . MYSQL_DATABASE_PREFIX . 'userpageperm`';
00120         $permListTable = '`' . MYSQL_DATABASE_PREFIX . 'permissionlist`';
00121         $permQuery = "SELECT `perm_type`, $userPermTable.`perm_id` AS `perm_id`, `page_id`, `usergroup_id`, `perm_permission` " .
00122                      "FROM $userPermTable, $permListTable WHERE `page_id` IN (" . join($pagepath, ', ') . ") AND " .
00123                      "$userPermTable.`perm_id` IN (" . join($permIds, ', ') .
00124                      ") AND $userPermTable.`perm_id` = $permListTable.`perm_id`";
00125         $permResult = mysql_query($permQuery);
00126 
00127         while($permRow = mysql_fetch_assoc($permResult)) {
00128                 $pageId = $permRow['page_id'];
00129                 $permId = $permRow['perm_id'];
00130                 $usergroupId = $permRow['usergroup_id'];
00131 
00132                 $setPermissions = &$groupSetPermissions;
00133                 if($permRow['perm_type'] == 'user') {
00134                         $setPermissions = &$userSetPermissions;
00135                 }
00136 
00137                 if(!isset($setPermissions[$pageId])) {
00138                         $setPermissions[$pageId] = array();
00139                 }
00140                 if(!isset($setPermissions[$pageId][$usergroupId])) {
00141                         $setPermissions[$pageId][$usergroupId] = array();
00142                 }
00143                 $setPermissions[$pageId][$usergroupId][$permId] = $permRow['perm_permission'] == 'Y' ? true : false;
00144         }
00145 
00148         $groupEffectivePermissions = array();
00164         for($i = count($pagepath) - 1; $i >= 0; $i--) {
00165                 if(!isset($groupSetPermissions[$pagepath[$i]])) continue;
00166                 $pSP = &$groupSetPermissions[$pagepath[$i]];
00167 
00168                 for($j = 0; $j < $groupCount; $j++) {
00169                         if(!isset($pSP[$groupIds[$j]])) continue;
00170                         $gSP = &$pSP[$groupIds[$j]];
00171                         if(!isset($groupEffectivePermissions[$groupIds[$j]]))
00172                                 $groupEffectivePermissions[$groupIds[$j]] = array();
00173                         $gEP = &$groupEffectivePermissions[$groupIds[$j]];
00174 
00175                         for($k = 0; $k < $permCount; $k++) {
00176                                 if(isset($gSP[$permIds[$k]])) {
00177                                         if(!isset($gEP[$permIds[$k]]) || $gEP[$permIds[$k]] !== false) {
00178                                                 $gEP[$permIds[$k]] = $gSP[$permIds[$k]];
00179                                         }
00180                                 }
00181                         }
00182                 }
00183         }
00184 
00186         $userEffectivePermissions = array();
00187 
00188         for($i = count($pagepath) - 1; $i >= 0; $i--) {
00189                 if(!isset($userSetPermissions[$pagepath[$i]])) continue;
00190                 $pSP = &$userSetPermissions[$pagepath[$i]];
00191 
00192                 for($j = 0; $j < $userCount; $j++) {
00193                         if(!isset($pSP[$userIds[$j]])) continue;
00194                         $uSP = &$pSP[$userIds[$j]];
00195                         if(!isset($userEffectivePermissions[$userIds[$j]]))
00196                                 $userEffectivePermissions[$userIds[$j]] = array();
00197                         $uEP = &$userEffectivePermissions[$userIds[$j]];
00198 
00199                         for($k = 0; $k < $permCount; $k++) {
00200                                 if(isset($uSP[$permIds[$k]])) {
00201                                         if(!isset($uEP[$permIds[$k]]) || $uEP[$permIds[$k]] !== false) {
00202                                                 $uEP[$permIds[$k]] = $uSP[$permIds[$k]];
00203                                         }
00204                                 }
00205                         }
00206                 }
00207         }
00208 
00210         $userGroups = array();
00211         $groupsQuery = 'SELECT `user_id`, `group_id` FROM `'.MYSQL_DATABASE_PREFIX.'usergroup` ' .
00212                        'ORDER BY `user_id`';
00213         $groupsResult = mysql_query($groupsQuery);
00214         while($groupsRow = mysql_fetch_row($groupsResult)) {
00215                 if(!isset($userGroups[$groupsRow[0]])) $userGroups[$groupsRow[0]] = array();
00216                 $userGroups[$groupsRow[0]][] = $groupsRow[1];
00217         }
00218         mysql_free_result($groupsResult);
00219 
00220 
00222         for($i = 0; $i < $userCount; $i++) {
00223                 if(!isset($userGroups[$userIds[$i]])) {
00224                         if($userIds[$i] == 0)
00225                                 continue;
00226                         else
00227                                 $userGroups[$userIds[$i]] = array(0, 1);
00228                 }
00229                 if(!isset($userEffectivePermissions[$userIds[$i]]))
00230                         $userEffectivePermissions[$userIds[$i]] = array();
00231 
00232                 for($j = 0; $j < $permCount; $j++) {
00233                         $userGroupCount = count($userGroups[$userIds[$i]]);
00234 
00235                         for($k = 0; $k < $userGroupCount; $k++) {
00236                                 if (
00237                                                 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]]) &&
00238                                                 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]])
00239                                         ) {
00240 
00241                                         if(!isset($userEffectivePermissions[$userIds[$i]][$permIds[$j]]))
00242                                                 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] = false;
00243 
00244                                         $userEffectivePermissions[$userIds[$i]][$permIds[$j]] =
00245                                                                                                         $userEffectivePermissions[$userIds[$i]][$permIds[$j]] ||
00246                                                                                                         $groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]];
00247 
00248                                 }
00249                         }
00250                 }
00251         }
00252         
00253         $sortedGroupPerms = array('Y' => array(), 'N' => array());
00254         $sortedUserPerms = array('Y' => array(), 'N' => array());
00255         
00256         foreach($groupEffectivePermissions as $groupid => $data) {
00257                 foreach($groupEffectivePermissions[$groupid] as $permid => $value) {
00258                         if($value === true) {
00259                                 if(!isset($sortedGroupPerms['Y'][$groupid]))
00260                                         $sortedGroupPerms['Y'][$groupid] = array();
00261                                 $sortedGroupPerms['Y'][$groupid][] = $permid;
00262                         } else {
00263                                 if(!isset($sortedGroupPerms['N'][$groupid]))
00264                                         $sortedGroupPerms['N'][$groupid] = array();
00265                                 $sortedGroupPerms['N'][$groupid][] = $permid;
00266                         }
00267                 }
00268         }
00269         
00270         foreach($userEffectivePermissions as $userid => $data) {
00271                 foreach($userEffectivePermissions[$userid] as $permid => $value) {
00272                         if($value === true) {
00273                                 if(!isset($sortedUserPerms['Y'][$userid]))
00274                                         $sortedUserPerms['Y'][$userid] = array();
00275                                 $sortedUserPerms['Y'][$userid][] = $permid;
00276                         } else {
00277                                 if(!isset($sortedUserPerms['N'][$userid]))
00278                                         $sortedUserPerms['N'][$userid] = array();
00279                                 $sortedUserPerms['N'][$userid][] = $permid;
00280                         }
00281                 }
00282         }
00283         
00284         return array($sortedGroupPerms,$sortedUserPerms);
00285 }
00286 
00287 function formattedPermissions($pagepath, $modifiableGroups, $grantableActions) {
00288 
00289         list($sortedGroupPerms,$sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions);
00290         
00291         $groupReturnText = customjson($sortedGroupPerms);
00292         $userReturnText = customjson($sortedUserPerms);
00293         
00294         $ret = <<<RET
00295 permGroups = {$groupReturnText};
00296 permUsers = {$userReturnText};
00297 RET;
00298         return $ret;
00299 }
00300 
00301 function getPermissionId($module, $action) {
00302         $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00303                                                                 "`page_module` = '$module' AND `perm_action` = '$action'";
00304         $permResult = mysql_query($permQuery);
00305 
00306         if($permResult && ($permResultRow = mysql_fetch_array($permResult))) {
00307                 return $permResultRow[0];
00308         }
00309         else {
00310                 return -1;
00311         }
00312 }
00313 
00314 
00315 
00325 function getPagePermission(array $pagePath, $usergroupid, $action, $module, $permtype = 'group') {
00326         $userpermTable = MYSQL_DATABASE_PREFIX . "userpageperm";
00327         $permissionlistTable = MYSQL_DATABASE_PREFIX . "permissionlist";
00328 
00329         $pageids = join($pagePath, ', ');
00330 
00331         $permQuery = "SELECT $userpermTable.perm_permission, $userpermTable.page_id FROM $userpermTable, $permissionlistTable ";
00332         $permQuery .= "WHERE $userpermTable.perm_type = '$permtype' AND $userpermTable.page_id IN ($pageids) AND ";
00333         $permQuery .= "$userpermTable.usergroup_id = $usergroupid AND $permissionlistTable.page_module = '$module' AND ";
00334         $permQuery .= "$permissionlistTable.perm_action = '$action' AND $permissionlistTable.perm_id = $userpermTable.perm_id";
00335         $permissionsArray = array ();
00336         if ($permQueryResult = mysql_query($permQuery)) {
00337                 while ($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00338                         $permissionsArray[$permQueryResultRow['page_id']] = $permQueryResultRow['perm_permission'] == 'Y' ? true : false;
00339                 }
00340         }
00341 
00347         $permission = -1; 
00348         for ($i = count($pagePath) - 1; $i >= 0; $i--) {
00349                 if (isset ($permissionsArray[$pagePath[$i]])) {
00350                         $permission = $permissionsArray[$pagePath[$i]];
00351                         if($permission === false) break;
00352                 }
00353         }
00354 
00355         if($permission === -1) {
00356                 $permission = false;
00357         }
00358         return $permission;
00359 }
00360 
00361 
00362 
00371  //TODO : Make sure that when admin is granted, it gets granted only at pageid 0
00372 function getPermissions($userid, $pageid, $action, $module="") {
00373         if($action!="admin" && getPermissions($userid,0,"admin"))
00374                 return true;
00375         if($module=="") {
00376                 $query = "SELECT 1 FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE page_module=\"page\" AND perm_action=\"$action\"";
00377                 $result = mysql_query($query);
00378                 if(mysql_num_rows($result)>=1)
00379                         $module = 'page';
00380                 else
00381                         $module = getEffectivePageModule($pageid);
00382         }
00383         $permission = false;
00384 
00385         if($module=="menu" || $module=="external")      return getPermissions($userid,getParentPage($pageid),$action);
00388 
00389         $pagePath=array();
00390         parseUrlDereferenced($pageid, $pagePath);
00391         foreach(getGroupIds($userid) as $groupid) {
00392                 if($permission === true)        break;
00393                 $permission = getPagePermission($pagePath, $groupid, $action, $module);
00394         }
00395 
00396         if($permission === false) {
00397                 $permission = getPagePermission($pagePath, $userid, $action, $module, 'user');
00398         }
00399         return $permission;
00400 }
00401 
00402 
00407 function determineGrantTargetId(&$targettype) {
00408         $targetId = -1;
00409         $targettype = 'group';
00410         $idQuery = '';
00411 
00412         if($_POST['optusergroup'] == 'group') {
00413                 if($_POST['optgroup012'] == 'group0') {
00414                         $targetId = 0;
00415                 }
00416                 else if($_POST['optgroup012'] == 'group1') {
00417                         $targetId = 1;
00418                 }
00419                 else if($_POST['optgroup012'] == 'group3') {
00420                         $targettype = 'user';
00421                         $targetId = 0;
00422                 }
00423                 else {
00424                         $idQuery = "SELECT `group_id` FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `group_name` = '".escape($_POST['modifiablegroups'])."'";
00425                 }
00426         }
00427         else if($_POST['optusergroup'] == 'user') {
00428                 $hyphenPos = strpos($_POST['useremail'], '-');
00429                 if($hyphenPos >= 0) {
00430                         $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
00431                 }
00432                 else {
00433                         $userEmail = escape($_POST['useremail']);
00434                 }
00435 
00436                 $idQuery = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` = '$userEmail'";
00437                 $targettype = 'user';
00438         }
00439 
00440         if($targetId == -1 && $idQuery != '') {
00441                 $idResult = mysql_query($idQuery);
00442 
00443                 if($idResult) {
00444                         if($idResultRow = mysql_fetch_row($idResult)) {
00445                                 $targetId = $idResultRow[0];
00446                         }
00447                 }
00448         }
00449 
00450         return $targetId;
00451 }
00452 
00453 
00454 
00463 function grantPermissions($userid, $pageid) {
00464         //serving change permission requests
00465         if(isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
00466                 $permtype = escape($_GET['permtype']);
00467                 $pageid = escape($_GET['pageid']);
00468                 $usergroupid = escape($_GET['usergroupid']);
00469                 $permid = escape($_GET['permid']);
00470                 $perm = escape($_GET['perm']);
00471                 $flag = true;
00472                 if($perm == 'Y' || $perm == 'N') {
00473                         if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00474                                 if($permission['perm_permission'] != $perm) {
00475                                         mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00476                                         if(mysql_affected_rows() == 0)
00477                                                 $flag = false;
00478                                 }
00479                         } else {
00480                                 mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('$permtype','$pageid','$usergroupid','$permid','$perm')");
00481                                 if(mysql_affected_rows() == 0)
00482                                         $flag = false;
00483                         }
00484                 } else {
00485                         if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00486                                 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00487                                 if(mysql_affected_rows() == 0)
00488                                         $flag = false;
00489                         }
00490                 }
00491                 
00492                 if($flag)
00493                         echo "1";
00494                 else
00495                         echo "0";
00496                 disconnect();
00497                 exit();
00498         }
00499         //serving refresh permissions request
00500         if(isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
00501                 global $cmsFolder,$urlRequestRoot, $templateFolder;
00502                 $pageid = escape($_GET['pageid']);
00503                 if(mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
00504                 $pagepath = array();
00505                 parseUrlDereferenced($pageid, $pagepath);
00506                 $pageid = $pagepath[count($pagepath) - 1];
00507 
00508                 $groups = array_reverse(getGroupIds($userid));
00509                 $virtue = '';
00510                 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00511                 if($maxPriorityGroup == -1) {
00512                         return 'You do not have the required permissions to view this page.';
00513                 }
00514 
00515                 if($virtue == 'user') {
00516                         $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00517                 }
00518                 else {
00519                         $grantableActions = getGroupPermissions($groups, $pagepath);
00520                 }
00521 
00522                 $actionCount = count($_POST['permission']);
00523                 $checkedActions = array();
00524                 for($i = 0; $i < $actionCount; $i++) {
00525                         list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00526 
00527                         if(isset($_POST[$modTemp.$actTemp])) {
00528                                 if(isset($grantableActions[$modTemp])) {
00529                                         for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00530                                                 if($grantableActions[$modTemp][$j][1] == $actTemp) {
00531                                                         $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00532                                                         break;
00533                                                 }
00534                                         }
00535                                 }
00536                         }
00537                 }
00538                 if(count($checkedActions) > 0) {
00539                         $grantableActions = $checkedActions;
00540                 }
00541 
00542                 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00543                 $modifiableGroupIds = array(0, 1);
00544                 for($i = 0; $i < count($modifiableGroups); $i++) {
00545                         $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00546                 }
00547                 $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
00548                         $ret =<<<RET
00549 pageid = {$pageid};
00550 {$permissions}
00551 RET;
00552                         echo $ret;
00553                 } else {
00554                         echo "Error: Invalid Pageid passed";
00555                 }
00556                 disconnect();
00557                 exit();
00558         }
00559         
00560         global $cmsFolder,$urlRequestRoot;
00561         $pagepath = array();
00562         parseUrlDereferenced($pageid, $pagepath);
00563         $pageid = $pagepath[count($pagepath) - 1];
00564 
00565         $groups = array_reverse(getGroupIds($userid));
00566         $virtue = '';
00567         $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00568         if($maxPriorityGroup == -1) {
00569                 return 'You do not have the required permissions to view this page.';
00570         }
00571 
00572         if($virtue == 'user') {
00573                 $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00574         }
00575         else {
00576                 $grantableActions = getGroupPermissions($groups, $pagepath);
00577         }
00578         if(isset($_POST['permission']))
00579         $actionCount = count($_POST['permission']);
00580         else $actionCount="";
00581         $checkedActions = array();
00582         for($i = 0; $i < $actionCount; $i++) {
00583                 list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00584 
00585                 if(isset($_POST[$modTemp.$actTemp])) {
00586                         if(isset($grantableActions[$modTemp])) {
00587                                 for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00588                                         if($grantableActions[$modTemp][$j][1] == $actTemp) {
00589                                                 $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00590                                                 break;
00591                                         }
00592                                 }
00593                         }
00594                 }
00595         }
00596         if(count($checkedActions) > 0) {
00597                 $grantableActions = $checkedActions;
00598         }
00599 
00600         $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00601         $modifiableGroupIds = array(0, 1);
00602         for($i = 0; $i < count($modifiableGroups); $i++) {
00603                 $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00604         }
00605         $perms = json_encode(formatPermissions($grantableActions));
00606         $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
00607         $groups = customGetGroups($maxPriorityGroup);
00608         $users = customGetAllUsers();
00609         global $templateFolder;
00610         $smarttableconfig = array (
00611                         'permtable' => array(
00612                                 'sPaginationType' => 'two_button',
00613                                 'bAutoWidth' => 'false',
00614                                 'aoColumns' => '{ "sWidth": "100px" }'
00615                         ),
00616                         'permtable2' => array(
00617                                 'sPaginationType' => 'two_button',
00618                                 'bAutoWidth' => 'false',
00619                                 'aoColumns' => '{ "sWidth": "100px" }'
00620                         )
00621         );
00622         $ret = smarttable::render(array('permtable','permtable2'),$smarttableconfig);
00623         $globals = getGlobalSettings();
00624         $baseURL = "./+grant&doaction=changePerm";
00625         if($globals['url_rewrite']=='false')
00626                 $baseURL = prettyurl($baseURL);
00627         $selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};";
00628         if(isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') {
00629                 $get_selectedPerms = array();
00630                 $get_selectedGroups = array();
00631                 $get_selectedUsers = array();
00632                 foreach($_POST as $key => $var)
00633                         if(substr($key,0,12)=="permissions_")
00634                                 $get_selectedPerms[] = (int)substr($key,12);
00635                 list($get_sortedGroupPerms,$get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00636                 $save = 0;
00637                 foreach($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
00638                         $found = false;
00639                         foreach($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
00640                                 foreach($get_selectedPerms as $selected_perm)
00641                                         if($selected_perm == $get_permId) {
00642                                                 $get_selectedGroups[] = (int)$get_groupId;
00643                                                 $found = true;
00644                                         }
00645                                 if($found)
00646                                         break;
00647                         }
00648                         if($get_groupId==0&&$found)
00649                                 $save += 1;
00650                         if($get_groupId==1&&$found)
00651                                 $save += 2;
00652                 }
00653                 foreach($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
00654                         $found = false;
00655                         foreach($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
00656                                 foreach($get_selectedPerms as $selected_perm)
00657                                         if($selected_perm == $get_permId) {
00658                                                 $get_selectedUsers[] = (int)$get_userId;
00659                                                 $found = true;
00660                                         }
00661                                 if($found)
00662                                         break;
00663                         }
00664                 }
00665                 $get_selectedGroups = filterByPriority($maxPriorityGroup,$get_selectedGroups);
00666                 if($save%2==1)
00667                         $get_selectedGroups[] = 0;
00668                 if($save/2==1)
00669                         $get_selectedGroups[] = 1;
00670                 $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
00671         }
00672         if(isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') {
00673                 
00674                 $get_selectedPerms = array();
00675                 $get_selectedGroups = array();
00676                 $get_selectedUsers = array();
00677                 foreach($_POST as $key => $var)
00678                         if(substr($key,0,6)=="users_")
00679                                 $get_selectedUsers[] = (int)substr($key,6);
00680                         else if(substr($key,0,7)=="groups_")
00681                                 $get_selectedGroups[] = (int)substr($key,7);
00682                 list($get_sortedGroupPerms,$get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00683                 $save = 0;
00684                 foreach($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
00685                         if(isPresent($get_groupId,$get_selectedGroups)) {
00686                                 foreach($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
00687                                         if(!isPresent($get_permId,$get_selectedPerms))
00688                                                 $get_selectedPerms[] = $get_permId;
00689                                 }
00690                         }
00691                 }
00692                 foreach($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
00693                         if(isPresent($get_userId,$get_selectedUsers)) {
00694                                 foreach($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
00695                                         if(!isPresent($get_permId,$get_selectedPerms))
00696                                                 $get_selectedPerms[] = $get_permId;
00697                                 }
00698                         }
00699                 }
00700                 $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
00701         }
00702         $ret .= <<<RET
00703 <style type="text/css" title="currentStyle">
00704         div#permtable_filter input { width: 90px; }
00705         div#permtable2_filter input { width: 90px; }
00706 </style>
00707 <script type="text/javascript" language="javascript" src="$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts/permissionsTable.js"></script>
00708 <script type="text/javascript">
00709 var baseURL = "$baseURL";
00710 var pageid = {$pageid};
00711 var permissions = {$perms};
00712 var permGroups;
00713 var permUsers;
00714 var groups = {{$groups}};
00715 var users = {{$users}};
00716 {$permissions}
00717 {$selected}
00718 </script>
00719 <div id='info'></div>
00720 <INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
00721 <div id='permTable'>
00722 
00723 </div>
00724 <table width=100%>
00725 <tr>
00726 <td width=50%>
00727 <a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br>
00728 <form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'>
00729 <table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>
00730 
00731 </tbody></table>
00732 </form>
00733 </td>
00734 <td width=50%>
00735 <a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br>
00736 <form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'>
00737 <table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>
00738 
00739 </tbody></table>
00740 </form>
00741 </td>
00742 </tr>
00743 </table>
00744 
00745 <a href='javascript:populateList()'>Click here if the lists are empty</a>
00746 RET;
00747         global $STARTSCRIPTS;
00748         $STARTSCRIPTS .= " populateList();";
00749         return $ret;
00750 }
00751 
00752 function getPerms($pageId, $groupuser, $yesno) {
00753         $ret = "";
00754         $result = mysql_query("SELECT `usergroup_id`, `perm_id` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `page_id` = '{$pageId}' AND `perm_type` = '{$groupuser}' AND `perm_permission` = '{$yesno}'");
00755         while($row = mysql_fetch_array($result))
00756                 $perms[$row['usergroup_id']][] = $row['perm_id'];
00757         if(isset($perms)) 
00758                 foreach($perms as $group => $values) {
00759                         $ret .= "'" . $group . "' : [";
00760                         foreach($values as $value)
00761                                 $ret .= "'" . $value . "', ";
00762                         $ret = rtrim($ret, ", ");
00763                         $ret .= "], ";
00764                 }
00765         $ret = rtrim($ret, ", ");
00766         return $ret;
00767 }
00768 
00769 function customGetAllUsers() {
00770         $ret = "";
00771         $result = mysql_query("SELECT `user_email`, `user_name`, `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users`");
00772         while($row = mysql_fetch_array($result))
00773                 $ret .= "'{$row['user_id']}' : '{$row['user_name']} &lt;{$row['user_email']}&gt;', ";
00774         $ret = rtrim($ret,", ");
00775         return $ret;    
00776 }
00777 
00778 function customGetGroups($priority) {
00779         $ret = "'0' : 'Everyone', '1' : 'Logged in Users', ";
00780         $result = mysql_query("SELECT `group_name`,`group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` < {$priority}");
00781         while($row = mysql_fetch_array($result))
00782                 $ret .= "'{$row['group_id']}' : '{$row['group_name']}', ";
00783         $ret = rtrim($ret,", ");
00784         return $ret;
00785 }
00786 
00787 function filterByPriority($priority,$groups) {
00788         $return = array();
00789         $result = mysql_query("SELECT `group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` < {$priority}");
00790         while($row = mysql_fetch_assoc($result))
00791                 foreach($groups as $group)
00792                         if($group == $row['group_id'])
00793                                 $return[] = $group;
00794         return $return;
00795 }
00796 
00797 function getAllPermissions() {
00798         $ret = "";
00799         $result = mysql_query("SELECT `perm_id`,`page_module`,`perm_action` FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`");
00800         while($row = mysql_fetch_array($result))
00801                 $ret .= "'{$row['perm_id']}' : '{$row['page_module']} - {$row['perm_action']}', ";
00802         $ret = rtrim($ret,", ");
00803         return $ret;
00804 }
00805 
00806 function formatPermissions($perms) {
00807         $return = array();
00808         foreach($perms as $modulename => $array)
00809                 foreach($array as $row)
00810                         $return[$row[0]] = "{$modulename} - {$row[1]}";
00811         return $return;
00812 }
00813 
00814 
00824 function unsetPagePermission($usergroupid, $pageid, $action, $module, $permtype = 'group') {
00825         $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00826                                                          "`perm_action` = '$action' AND `page_module` = '$module'";
00827         $permQueryResult = mysql_query($permQuery);
00828 
00829         if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00830                 return false;
00831         }
00832 
00833         $permid = $permQueryResultRow['perm_id'];
00834 
00835         $removeQuery = "DELETE FROM `".MYSQL_DATABASE_PREFIX."userpageperm` " .
00836                                                                  "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00837                                                                  "`perm_type` = '$permtype' LIMIT 1";
00838         if(mysql_query($removeQuery)) {
00839                 return true;
00840         }
00841         else {
00842                 return false;
00843         }
00844 }
00845 
00846 
00847 
00858 function setPagePermission($usergroupid, $pageid, $action, $module, $permission, $permtype = 'group') {
00859         $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00860                                                                  "`perm_action` = '$action' AND `page_module` = '$module'";
00861         $permQueryResult = mysql_query($permQuery);
00862 
00863         if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00864                 return false;
00865         }
00866 
00867         $permid = $permQueryResultRow['perm_id'];
00868 
00869         $updateQuery = '';
00870         $permission = ($permission === true ? 'Y' : 'N');
00871         $permQuery = "SELECT `perm_permission` FROM `".MYSQL_DATABASE_PREFIX."userpageperm` WHERE " .
00872                                                          "`usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00873                                                          "`perm_type` = '$permtype'";
00874         $permQueryResult = mysql_query($permQuery);
00875 
00876         if($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00877                 if($permission != $permQueryResultRow['perm_permission']) {
00878                         $updateQuery = "UPDATE `".MYSQL_DATABASE_PREFIX."userpageperm` SET `perm_permission` = '$permission' " .
00879                                                                                  "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00880                                                                                  "`perm_type` = '$permtype' LIMIT 1";
00881                 }
00882         }
00883         else {
00884                 $updateQuery = "INSERT INTO `".MYSQL_DATABASE_PREFIX."userpageperm` (`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) " .
00885                                                                          "VALUES('$permtype', $pageid, $usergroupid, $permid, '$permission')";
00886         }
00887 
00888         if($updateQuery != '') {
00889                 $updateResult = mysql_query($updateQuery);
00890                 if(!$updateResult) {
00891                         return false;
00892                 }
00893         }
00894 
00895         return true;
00896 }
00897 
00898 
00907 function getMaxPriorityGroup(&$pagepath, $userid, &$groupids, &$virtue) {
00908         if(getPagePermission($pagepath, $userid, 'grant', 'page', 'user')) {
00909                 $virtue = 'user';
00910                 return $groupids[0];
00911         }
00912         else {
00913                 $l = count($groupids);
00914                 for($i = 0; $i < $l; $i++) {
00915                         if(getPagePermission($pagepath, $groupids[$i], 'grant', 'page')) {
00916                                 $virtue = 'group';
00917                                 return $groupids[$i];
00918                         }
00919                 }
00920         }
00921 
00922         return -1;
00923 }
00924 
00925 function getModifiableGroups($userId, $maxPriorityGroup, $ordering = 'asc') {
00926         if($ordering != 'asc') $ordering = 'desc';
00927         $modifiableGroups = array(
00928 //              array('group_id' => 0, 'group_name' => 'Guest', 'group_description' => 'All users who visit the site', 'group_priority' => 0),
00929 //              array('group_id' => 1, 'group_name' => 'Logged In', 'group_description' => 'All logged in users', 'group_priority' => 1)
00930         );
00931 
00932         $groupsTable = MYSQL_DATABASE_PREFIX.'groups';
00933         $usergroupTable = MYSQL_DATABASE_PREFIX.'usergroup';
00934 
00937 
00938         $groupPriority = "(SELECT `group_priority` FROM `$groupsTable` WHERE `group_id` = $maxPriorityGroup)";
00939         if($maxPriorityGroup == 1) $groupPriority = 1;
00940         $groupsQuery = "SELECT `$groupsTable`.`group_id`, `$groupsTable`.`group_name`, `$groupsTable`.`group_description`, `$groupsTable`.`group_priority` " .
00941                         "FROM `$groupsTable` WHERE `group_priority` <= $groupPriority ORDER BY `group_priority` $ordering";
00950         $groupsResult = mysql_query($groupsQuery) or die($groupsQuery . '<br />' . mysql_error());
00951 
00952         while($groupsRow = mysql_fetch_assoc($groupsResult)) {
00953                 $modifiableGroups[] = $groupsRow;
00954         }
00955 
00956         return $modifiableGroups;
00957 }
00958 
00965 function getGroupPermissions($groupids, $pagepath, $userid = -1) {
00966         // For a given user, return the set of modules and actions he has at that level
00967         $permQuery = "SELECT `perm_id`, `perm_action`, `page_module`, `perm_description` FROM `".MYSQL_DATABASE_PREFIX."permissionlist`";
00968         $permResult = mysql_query($permQuery);
00969         if(!$permResult) {
00970                 return '';
00971         }
00972 
00973         $permList = array();
00974         $groupCount = count($groupids);
00975 
00976         while($permResultRow = mysql_fetch_assoc($permResult)) {
00977                 $moduleName = $permResultRow['page_module'];
00978                 $actionName = $permResultRow['perm_action'];
00979                 $actionDescription = $permResultRow['perm_description'];
00980                 $permissionId = $permResultRow['perm_id'];
00981 
00982                 $permissionSet = false;
00983 
00984                 for($i = 0; $i < $groupCount; $i++) {
00985                         if(getPagePermission($pagepath, $groupids[$i], $actionName, $moduleName)) {
00986                                 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00987                                 $permissionSet = true;
00988                                 break;
00989                         }
00990                 }
00991 
00992                 if(!$permissionSet && $userid > -1) {
00993                         if(getPagePermission($pagepath, $userid, $actionName, $moduleName, 'user')) {
00994                                 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00995                         }
00996                 }
00997         }
00998 
00999         return $permList;
01000 }
01001 
01002 function isPresent($needle,$haystack) {
01003         foreach($haystack as $hay) {
01004                 if($hay==$needle)
01005                         return true;
01006         }
01007         return false;
01008 }
01009 

Generated on Mon Mar 14 2011 05:35:30 for Pragyan CMS by  doxygen 1.7.1