abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added support for permissions. Next is to implement some.

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@798 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-28 03:32:07 +00:00
parent 1d4dcbd2b0
commit 7904372dff
11 changed files with 270 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
site/app_controller.php
View File

@@ -35,6 +35,7 @@
* @subpackage cake.app
*/
class AppController extends Controller {
var $uses = array('Option', 'Permission');
var $helpers = array('Html', 'Form', 'Javascript', 'Format', 'Time', 'Grid');
var $components = array('DebugKit.Toolbar');
@@ -295,6 +296,11 @@ class AppController extends Controller {
if (empty($this->params['admin']))
$this->sideMenuEnable($area_name, $this->admin_area, false);
}
$this->authorize("controller.{$this->params['controller']}");
$this->authorize("controller.{$this->params['controller']}");
$this->authorize("action.{$this->params['controller']}.{$this->params['action']}");
$this->authorize("action.{$this->params['controller']}.{$this->params['action']}");
}
@@ -1147,14 +1153,26 @@ class AppController extends Controller {
echo " <cell><![CDATA[$data]]></cell>\n";
}
function authorize($name) {
if ($this->Permission->deny($name))
$this->UNAUTHORIZED("Unauthorized: $name");
}
function UNAUTHORIZED($msg) {
//$this->redirect('controller' => '???', 'action' => 'login');
//$this->render('/unauthorized');
$this->set('message', '<H2>' . $msg . '</H2>');
$this->render_empty();
}
function INTERNAL_ERROR($msg, $depth = 0) {
INTERNAL_ERROR($msg, false, $depth+1);
$this->render_empty();
$this->_stop();
}
function render_empty() {
$this->render('/empty');
echo $this->render('/empty');
$this->_stop();
}
}

2
site/controllers/accounts_controller.php
View File

@@ -2,8 +2,6 @@
class AccountsController extends AppController {
var $uses = array('Account', 'LedgerEntry');
/**************************************************************************
**************************************************************************

21
site/models/default_permission.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
class DefaultPermission extends AppModel {
var $belongsTo =
array('PermissionValue',
);
function values($name = null) {
$this->prEnter(compact('name'));
$query = array();
$this->queryInit($query);
$query['link']['DefaultPermission'] = array();
$query['link']['DefaultPermission']['type'] = 'INNER';
$query['link']['DefaultPermission']['fields'] = array();
return $this->prReturn($this->PermissionValue->values($name, $query));
}
}

25
site/models/group_permission.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
class GroupPermission extends AppModel {
var $belongsTo =
array('Group',
'PermissionValue',
);
function values($ids, $name = null) {
$this->prEnter(compact('id', 'name'));
$query = array();
$this->queryInit($query);
$query['link']['GroupPermission'] = array();
$query['link']['GroupPermission']['fields'] = array();
$query['link']['GroupPermission']['Group'] = array();
$query['link']['GroupPermission']['Group']['fields'] = array();
$query['conditions'][] = array('Group.id' => $ids);
$query['order'][] = 'Group.rank';
return $this->prReturn($this->PermissionValue->values($name, $query));
}
}

27
site/models/option.php
View File

@@ -9,6 +9,8 @@ class Option extends AppModel {
array('User', 'Site', 'Group');
static $option_set = array();
function getAll($name) {
$this->prClassLevel(30);
/* //$this->OptionValue->prClassLevel(30); */
@@ -19,6 +21,11 @@ class Option extends AppModel {
/* $this->OptionValue->DefaultOption->prClassLevel(30); */
$this->prEnter(compact('name'));
if (!empty(self::$option_set[$name]) && !$force)
return $this->prReturn(self::$option_set[$name]);
self::$option_set[$name] = array();
$site_id = $this->Site->currentSiteId();
$user_id = $this->User->currentUserId();
$group_ids = $this->Group->currentGroupIds();
@@ -27,28 +34,26 @@ class Option extends AppModel {
/* $user_id = 4; */
/* $group_ids = $this->Group->groupIds($user_id, $site_id); */
$values = array();
if (!empty($site_id))
$values =
array_merge($values,
self::$option_set[$name] =
array_merge(self::$option_set[$name],
$this->OptionValue->SiteOption->values($site_id, $name));
if (!empty($user_id))
$values =
array_merge($values,
self::$option_set[$name] =
array_merge(self::$option_set[$name],
$this->OptionValue->UserOption->values($user_id, $name));
if (!empty($group_ids))
$values =
array_merge($values,
self::$option_set[$name] =
array_merge(self::$option_set[$name],
$this->OptionValue->GroupOption->values($group_ids, $name));
$values =
array_merge($values,
self::$option_set[$name] =
array_merge(self::$option_set[$name],
$this->OptionValue->DefaultOption->values($name));
return $this->prReturn($values);
return $this->prReturn(self::$option_set[$name]);
}
function get($name) {

102
site/models/permission.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
class Permission extends AppModel {
var $hasMany =
array('PermissionValue',
);
var $knows =
array('User', 'Site', 'Group');
static $permission_set = array();
function getAll($name, $force = false) {
$this->prClassLevel(30);
/* $this->PermissionValue->prClassLevel(30); */
/* $this->Group->Membership->prClassLevel(30); */
/* $this->PermissionValue->SitePermission->prClassLevel(30); */
/* $this->PermissionValue->UserPermission->prClassLevel(30); */
/* $this->PermissionValue->GroupPermission->prClassLevel(30); */
/* $this->PermissionValue->DefaultPermission->prClassLevel(30); */
$this->prEnter(compact('name'));
if (!empty(self::$permission_set[$name]) && !$force)
return $this->prReturn(self::$permission_set[$name]);
self::$permission_set[$name] = array();
$site_id = $this->Site->currentSiteId();
$user_id = $this->User->currentUserId();
$group_ids = $this->Group->currentGroupIds();
/* $site_id = 1; */
/* $user_id = 2; */
/* $group_ids = $this->Group->groupIds($user_id, $site_id); */
if (empty($group_ids)) {
self::$permission_set[$name][$name][] = array('access' => 'DENY', 'level' => null);
$site_id = null;
$user_id = null;
}
if (!empty($site_id))
self::$permission_set[$name] =
array_merge(self::$permission_set[$name],
$this->PermissionValue->SitePermission->values($site_id, $name));
if (!empty($user_id))
self::$permission_set[$name] =
array_merge(self::$permission_set[$name],
$this->PermissionValue->UserPermission->values($user_id, $name));
if (!empty($group_ids)) {
self::$permission_set[$name] =
array_merge(self::$permission_set[$name],
$this->PermissionValue->GroupPermission->values($group_ids, $name));
self::$permission_set[$name] =
array_merge(self::$permission_set[$name],
$this->PermissionValue->DefaultPermission->values($name));
self::$permission_set[$name][] = array('access' => 'ALLOW', 'level' => null);
}
return $this->prReturn(self::$permission_set[$name]);
}
function get($name) {
$this->prEnter(compact('name'));
// REVISIT <AP>: 20090827
// This is a pretty crappy algorithm. How do we decide whether DENY really
// means DENY, or whether an ALLOW has priority.
// Oh well, it works for now...
$values = $this->getAll($name);
$result = array_shift($values);
foreach ($values AS $value)
if (empty($result['level']) || (!empty($value['level']) && $value['level'] < $result['level']))
$result['level'] = $value['level'];
return $this->prReturn($result);
}
function allow($name) {
$this->prEnter(compact('name'));
$result = $this->get($name);
return $this->prReturn($result['access'] === 'ALLOW');
}
function deny($name) {
$this->prEnter(compact('name'));
return $this->prReturn(!$this->allow($name));
}
function level($name) {
$this->prEnter(compact('name'));
$result = $this->get($name);
return $this->prReturn($result['level']);
}
}

36
site/models/permission_value.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
class PermissionValue extends AppModel {
var $belongsTo =
array('Permission',
);
var $hasMany =
array('UserPermission',
'SitePermission',
'GroupPermission',
'DefaultPermission',
);
function values($name = null, $query = null) {
$this->prEnter(compact('name', 'query'));
$this->queryInit($query);
$query['link']['Permission'] = array();
if (!empty($name)) {
$query['conditions'][] = array('Permission.name' => $name);
$query['link']['Permission']['fields'] = array();
}
$this->cacheQueries = true;
$values = array();
foreach ($this->find('all', $query) AS $result)
$values[] = array('access' => $result['PermissionValue']['access'],
'level' => $result['PermissionValue']['level']);
$this->cacheQueries = false;
return $this->prReturn($values);
}
}

24
site/models/site_permission.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
class SitePermission extends AppModel {
var $belongsTo =
array('Site',
'PermissionValue',
);
function values($id, $name = null) {
$this->prEnter(compact('id', 'name'));
$query = array();
$this->queryInit($query);
$query['link']['SitePermission'] = array();
$query['link']['SitePermission']['fields'] = array();
$query['link']['SitePermission']['Site'] = array();
$query['link']['SitePermission']['Site']['fields'] = array();
$query['conditions'][] = array('Site.id' => $id);
return $this->prReturn($this->PermissionValue->values($name, $query));
}
}

24
site/models/user_permission.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
class UserPermission extends AppModel {
var $belongsTo =
array('User',
'PermissionValue',
);
function values($id, $name = null) {
$this->prEnter(compact('id', 'name'));
$query = array();
$this->queryInit($query);
$query['link']['UserPermission'] = array();
$query['link']['UserPermission']['fields'] = array();
$query['link']['UserPermission']['User'] = array();
$query['link']['UserPermission']['User']['fields'] = array();
$query['conditions'][] = array('User.id' => $id);
return $this->prReturn($this->PermissionValue->values($name, $query));
}
}

2
site/views/empty.ctp
View File

@@ -1,5 +1,3 @@
<?php /* -*- mode:PHP -*- */
if (!empty($message))
echo $message;