a3b376544c
git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@802 97e9348a-65ac-dc4b-aefc-98561f571b83
106 lines
3.2 KiB
PHP
106 lines
3.2 KiB
PHP
<?php
|
|
class Permission extends AppModel {
|
|
|
|
var $hasMany =
|
|
array('PermissionValue',
|
|
);
|
|
|
|
var $knows =
|
|
array('User', 'Site', 'Group');
|
|
|
|
static $permission_set = array();
|
|
|
|
function getAll($name, $force = false) {
|
|
/* $this->prClassLevel(30); */
|
|
/* $this->PermissionValue->prClassLevel(30); */
|
|
/* $this->Group->Membership->prClassLevel(30); */
|
|
/* $this->PermissionValue->SitePermission->prClassLevel(30); */
|
|
/* $this->PermissionValue->UserPermission->prClassLevel(30); */
|
|
/* $this->PermissionValue->GroupPermission->prClassLevel(30); */
|
|
/* $this->PermissionValue->DefaultPermission->prClassLevel(30); */
|
|
$this->prEnter(compact('name'));
|
|
|
|
if (!empty(self::$permission_set[$name]) && !$force)
|
|
return $this->prReturn(self::$permission_set[$name]);
|
|
|
|
self::$permission_set[$name] = array();
|
|
|
|
$site_id = $this->Site->currentSiteId();
|
|
$user_id = $this->User->currentUserId();
|
|
$group_ids = $this->Group->currentGroupIds();
|
|
|
|
/* $site_id = 1; */
|
|
/* $user_id = 2; */
|
|
/* $group_ids = $this->Group->groupIds($user_id, $site_id); */
|
|
|
|
if (empty($group_ids)) {
|
|
self::$permission_set[$name][$name][] = array('access' => 'DENY', 'level' => null);
|
|
$site_id = null;
|
|
$user_id = null;
|
|
}
|
|
|
|
if (!empty($site_id))
|
|
self::$permission_set[$name] =
|
|
array_merge(self::$permission_set[$name],
|
|
$this->PermissionValue->SitePermission->values($site_id, $name));
|
|
|
|
if (!empty($user_id))
|
|
self::$permission_set[$name] =
|
|
array_merge(self::$permission_set[$name],
|
|
$this->PermissionValue->UserPermission->values($user_id, $name));
|
|
|
|
if (!empty($group_ids)) {
|
|
self::$permission_set[$name] =
|
|
array_merge(self::$permission_set[$name],
|
|
$this->PermissionValue->GroupPermission->values($group_ids, $name));
|
|
|
|
self::$permission_set[$name] =
|
|
array_merge(self::$permission_set[$name],
|
|
$this->PermissionValue->DefaultPermission->values($name));
|
|
|
|
self::$permission_set[$name][] = array('access' => 'ALLOW', 'level' => null);
|
|
}
|
|
|
|
return $this->prReturn(self::$permission_set[$name]);
|
|
}
|
|
|
|
function get($name) {
|
|
$this->prEnter(compact('name'));
|
|
|
|
// REVISIT <AP>: 20090827
|
|
// This is a pretty crappy algorithm. How do we decide whether DENY really
|
|
// means DENY, or whether an ALLOW has priority.
|
|
// Oh well, it works for now...
|
|
|
|
$values = $this->getAll($name);
|
|
$result = array_shift($values);
|
|
|
|
foreach ($values AS $value)
|
|
if (empty($result['level']) || (!empty($value['level']) && $value['level'] < $result['level']))
|
|
$result['level'] = $value['level'];
|
|
|
|
if ($result['access'] !== 'ALLOW')
|
|
$result['level'] = 9999999;
|
|
|
|
return $this->prReturn($result);
|
|
}
|
|
|
|
function allow($name) {
|
|
$this->prEnter(compact('name'));
|
|
$result = $this->get($name);
|
|
return $this->prReturn($result['access'] === 'ALLOW');
|
|
}
|
|
|
|
function deny($name) {
|
|
$this->prEnter(compact('name'));
|
|
return $this->prReturn(!$this->allow($name));
|
|
}
|
|
|
|
function level($name) {
|
|
$this->prEnter(compact('name'));
|
|
$result = $this->get($name);
|
|
return $this->prReturn($result['level']);
|
|
}
|
|
|
|
}
|