Added support for permissions. Next is to implement some.

git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@798 97e9348a-65ac-dc4b-aefc-98561f571b83
2009-08-28 03:32:07 +00:00
parent 1d4dcbd2b0
commit 7904372dff
11 changed files with 270 additions and 18 deletions
--- a/build.cmd
+++ b/build.cmd
@@ -1,3 +1,4 @@
@echo off
-mysql --user=pmgr --password=pmgruser < %~dp0\db\property_manager.sql
+mysql --user=pmgr --password=pmgruser --database=property_manager < %~dp0\db\schema.sql
+mysql --user=pmgr --password=pmgruser --database=property_manager < %~dp0\db\extra.sql
 echo Done!
--- a/site/app_controller.php
+++ b/site/app_controller.php
@@ -35,6 +35,7 @@
 * @subpackage    cake.app
 */
 class AppController extends Controller {
+  var $uses = array('Option', 'Permission');
  var $helpers = array('Html', 'Form', 'Javascript', 'Format', 'Time', 'Grid');
  var $components = array('DebugKit.Toolbar');

@@ -295,6 +296,11 @@ class AppController extends Controller {
      if (empty($this->params['admin']))
 	$this->sideMenuEnable($area_name, $this->admin_area, false);
    }
+
+    $this->authorize("controller.{$this->params['controller']}");
+    $this->authorize("controller.{$this->params['controller']}");
+    $this->authorize("action.{$this->params['controller']}.{$this->params['action']}");
+    $this->authorize("action.{$this->params['controller']}.{$this->params['action']}");
  }


@@ -1147,14 +1153,26 @@ class AppController extends Controller {
      echo "  <cell><![CDATA[$data]]></cell>\n"; 
  }

+  function authorize($name) {
+    if ($this->Permission->deny($name))
+      $this->UNAUTHORIZED("Unauthorized: $name");
+  }
+
+  function UNAUTHORIZED($msg) {
+    //$this->redirect('controller' => '???', 'action' => 'login');
+    //$this->render('/unauthorized');
+    $this->set('message', '<H2>' . $msg . '</H2>');
+    $this->render_empty();
+  }
+
  function INTERNAL_ERROR($msg, $depth = 0) {
    INTERNAL_ERROR($msg, false, $depth+1);
    $this->render_empty();
-    $this->_stop();
  }

  function render_empty() {
-    $this->render('/empty');
+    echo $this->render('/empty');
+    $this->_stop();
  }

 }
--- a/site/controllers/accounts_controller.php
+++ b/site/controllers/accounts_controller.php
@@ -2,8 +2,6 @@

 class AccountsController extends AppController {

-  var $uses = array('Account', 'LedgerEntry');
-

  /**************************************************************************
   **************************************************************************
--- a/site/models/default_permission.php
+++ b/site/models/default_permission.php
@@ -0,0 +1,21 @@
+<?php
+class DefaultPermission extends AppModel {
+
+  var $belongsTo =
+    array('PermissionValue',
+	  );
+
+
+  function values($name = null) {
+    $this->prEnter(compact('name'));
+
+    $query = array();
+    $this->queryInit($query);
+
+    $query['link']['DefaultPermission'] = array();
+    $query['link']['DefaultPermission']['type'] = 'INNER';
+    $query['link']['DefaultPermission']['fields'] = array();
+    return $this->prReturn($this->PermissionValue->values($name, $query));
+  }
+
+}
--- a/site/models/group_permission.php
+++ b/site/models/group_permission.php
@@ -0,0 +1,25 @@
+<?php
+class GroupPermission extends AppModel {
+
+  var $belongsTo =
+    array('Group',
+	  'PermissionValue',
+	  );
+
+
+  function values($ids, $name = null) {
+    $this->prEnter(compact('id', 'name'));
+
+    $query = array();
+    $this->queryInit($query);
+
+    $query['link']['GroupPermission'] = array();
+    $query['link']['GroupPermission']['fields'] = array();
+    $query['link']['GroupPermission']['Group'] = array();
+    $query['link']['GroupPermission']['Group']['fields'] = array();
+    $query['conditions'][] = array('Group.id' => $ids);
+    $query['order'][] = 'Group.rank';
+    return $this->prReturn($this->PermissionValue->values($name, $query));
+  }
+
+}
--- a/site/models/option.php
+++ b/site/models/option.php
@@ -9,6 +9,8 @@ class Option extends AppModel {
    array('User', 'Site', 'Group');


+  static $option_set = array();
+
  function getAll($name) {
    $this->prClassLevel(30);
 /*     //$this->OptionValue->prClassLevel(30); */
@@ -19,6 +21,11 @@ class Option extends AppModel {
 /*     $this->OptionValue->DefaultOption->prClassLevel(30); */
    $this->prEnter(compact('name'));

+    if (!empty(self::$option_set[$name]) && !$force)
+      return $this->prReturn(self::$option_set[$name]);
+
+    self::$option_set[$name] = array();
+
    $site_id   = $this->Site->currentSiteId();
    $user_id   = $this->User->currentUserId();
    $group_ids = $this->Group->currentGroupIds();
@@ -27,28 +34,26 @@ class Option extends AppModel {
 /*     $user_id = 4; */
 /*     $group_ids = $this->Group->groupIds($user_id, $site_id); */

-    $values = array();
-
    if (!empty($site_id))
-      $values =
-	array_merge($values,
+      self::$option_set[$name] =
+	array_merge(self::$option_set[$name],
 		    $this->OptionValue->SiteOption->values($site_id, $name));

    if (!empty($user_id))
-      $values =
-	array_merge($values,
+      self::$option_set[$name] =
+	array_merge(self::$option_set[$name],
 		    $this->OptionValue->UserOption->values($user_id, $name));

    if (!empty($group_ids))
-      $values =
-	array_merge($values,
+      self::$option_set[$name] =
+	array_merge(self::$option_set[$name],
 		    $this->OptionValue->GroupOption->values($group_ids, $name));

-    $values =
-      array_merge($values,
+    self::$option_set[$name] =
+      array_merge(self::$option_set[$name],
 		  $this->OptionValue->DefaultOption->values($name));

-    return $this->prReturn($values);
+    return $this->prReturn(self::$option_set[$name]);
  }

  function get($name) {
--- a/site/models/permission.php
+++ b/site/models/permission.php
@@ -0,0 +1,102 @@
+<?php
+class Permission extends AppModel {
+
+  var $hasMany =
+    array('PermissionValue',
+	  );
+
+  var $knows =
+    array('User', 'Site', 'Group');
+
+  static $permission_set = array();
+
+  function getAll($name, $force = false) {
+    $this->prClassLevel(30);
+/*     $this->PermissionValue->prClassLevel(30); */
+/*     $this->Group->Membership->prClassLevel(30); */
+/*     $this->PermissionValue->SitePermission->prClassLevel(30); */
+/*     $this->PermissionValue->UserPermission->prClassLevel(30); */
+/*     $this->PermissionValue->GroupPermission->prClassLevel(30); */
+/*     $this->PermissionValue->DefaultPermission->prClassLevel(30); */
+    $this->prEnter(compact('name'));
+
+    if (!empty(self::$permission_set[$name]) && !$force)
+      return $this->prReturn(self::$permission_set[$name]);
+
+    self::$permission_set[$name] = array();
+
+    $site_id   = $this->Site->currentSiteId();
+    $user_id   = $this->User->currentUserId();
+    $group_ids = $this->Group->currentGroupIds();
+
+/*     $site_id = 1; */
+/*     $user_id = 2; */
+/*     $group_ids = $this->Group->groupIds($user_id, $site_id); */
+
+    if (empty($group_ids)) {
+      self::$permission_set[$name][$name][] = array('access' => 'DENY', 'level' => null);
+      $site_id = null;
+      $user_id = null;
+    }
+
+    if (!empty($site_id))
+      self::$permission_set[$name] =
+	array_merge(self::$permission_set[$name],
+		    $this->PermissionValue->SitePermission->values($site_id, $name));
+
+    if (!empty($user_id))
+      self::$permission_set[$name] =
+	array_merge(self::$permission_set[$name],
+		    $this->PermissionValue->UserPermission->values($user_id, $name));
+
+    if (!empty($group_ids)) {
+      self::$permission_set[$name] =
+	array_merge(self::$permission_set[$name],
+		    $this->PermissionValue->GroupPermission->values($group_ids, $name));
+
+      self::$permission_set[$name] =
+	array_merge(self::$permission_set[$name],
+		    $this->PermissionValue->DefaultPermission->values($name));
+
+      self::$permission_set[$name][] = array('access' => 'ALLOW', 'level' => null);
+    }
+
+    return $this->prReturn(self::$permission_set[$name]);
+  }
+
+  function get($name) {
+    $this->prEnter(compact('name'));
+
+    // REVISIT <AP>: 20090827
+    //  This is a pretty crappy algorithm.  How do we decide whether DENY really
+    //  means DENY, or whether an ALLOW has priority.  
+    //  Oh well, it works for now...
+    
+    $values = $this->getAll($name);
+    $result = array_shift($values);
+
+    foreach ($values AS $value)
+      if (empty($result['level']) || (!empty($value['level']) && $value['level'] < $result['level']))
+	$result['level'] = $value['level'];
+
+    return $this->prReturn($result);
+  }
+
+  function allow($name) {
+    $this->prEnter(compact('name'));
+    $result = $this->get($name);
+    return $this->prReturn($result['access'] === 'ALLOW');
+  }
+
+  function deny($name) {
+    $this->prEnter(compact('name'));
+    return $this->prReturn(!$this->allow($name));
+  }
+
+  function level($name) {
+    $this->prEnter(compact('name'));
+    $result = $this->get($name);
+    return $this->prReturn($result['level']);
+  }
+
+}
--- a/site/models/permission_value.php
+++ b/site/models/permission_value.php
@@ -0,0 +1,36 @@
+<?php
+class PermissionValue extends AppModel {
+
+  var $belongsTo =
+    array('Permission',
+	  );
+
+  var $hasMany =
+    array('UserPermission',
+	  'SitePermission',
+	  'GroupPermission',
+	  'DefaultPermission',
+	  );
+
+  function values($name = null, $query = null) {
+    $this->prEnter(compact('name', 'query'));
+    $this->queryInit($query);
+
+    $query['link']['Permission'] = array();
+
+    if (!empty($name)) {
+      $query['conditions'][] = array('Permission.name' => $name);
+      $query['link']['Permission']['fields'] = array();
+    }
+
+    $this->cacheQueries = true;
+    $values = array();
+    foreach ($this->find('all', $query) AS $result)
+      $values[] = array('access' => $result['PermissionValue']['access'],
+			'level'  => $result['PermissionValue']['level']);
+    $this->cacheQueries = false;
+
+    return $this->prReturn($values);
+  }
+
+}
--- a/site/models/site_permission.php
+++ b/site/models/site_permission.php
@@ -0,0 +1,24 @@
+<?php
+class SitePermission extends AppModel {
+
+  var $belongsTo =
+    array('Site',
+	  'PermissionValue',
+	  );
+
+
+  function values($id, $name = null) {
+    $this->prEnter(compact('id', 'name'));
+
+    $query = array();
+    $this->queryInit($query);
+
+    $query['link']['SitePermission'] = array();
+    $query['link']['SitePermission']['fields'] = array();
+    $query['link']['SitePermission']['Site'] = array();
+    $query['link']['SitePermission']['Site']['fields'] = array();
+    $query['conditions'][] = array('Site.id' => $id);
+    return $this->prReturn($this->PermissionValue->values($name, $query));
+  }
+
+}
--- a/site/models/user_permission.php
+++ b/site/models/user_permission.php
@@ -0,0 +1,24 @@
+<?php
+class UserPermission extends AppModel {
+
+  var $belongsTo =
+    array('User',
+	  'PermissionValue',
+	  );
+
+
+  function values($id, $name = null) {
+    $this->prEnter(compact('id', 'name'));
+
+    $query = array();
+    $this->queryInit($query);
+
+    $query['link']['UserPermission'] = array();
+    $query['link']['UserPermission']['fields'] = array();
+    $query['link']['UserPermission']['User'] = array();
+    $query['link']['UserPermission']['User']['fields'] = array();
+    $query['conditions'][] = array('User.id' => $id);
+    return $this->prReturn($this->PermissionValue->values($name, $query));
+  }
+
+}
--- a/site/views/empty.ctp
+++ b/site/views/empty.ctp
@@ -1,5 +1,3 @@
 <?php /* -*- mode:PHP -*- */
 if (!empty($message))
   echo $message;
-
-