[ros-diffs] [dgoette] 38696: * remove checks for users security level or membership checks and replace them with area protection which can be assigned per group. * Also implement a admin interface for this * update converter * minor bugfixes

Author: dgoette Date: Sun Jan 11 06:41:52 2009 New Revision: 38696 URL: http://svn.reactos.org/svn/reactos?rev=38696&view=rev Log: * remove checks for users security level or membership checks and replace them with area protection which can be assigned per group. * Also implement a admin interface for this * update converter * minor bugfixes Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php Modified: branches/danny-web/reactos.org/htdocs/roscms/config.php branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql branches/danny-web/reactos.org/htdocs/roscms/index.php branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php Modified: branches/danny-web/reactos.org/htdocs/roscms/config.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/config.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/config.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -42,4 +42,32 @@ $config->setPathGenerated('/reactos/'); // path to generated files $config->setPathRoscms('/reactos/roscms/'); // path to roscms files + + +// RosCMS Table Names +define('ROSCMST_ACCESS' , 'roscms_access'); +define('ROSCMST_AREA' , 'roscms_area'); +define('ROSCMST_USERS' , 'roscms_accounts'); +define('ROSCMST_FORBIDDEN' , 'roscms_accounts_forbidden'); +define('ROSCMST_SESSIONS' , 'roscms_accounts_sessions'); +define('ROSCMST_COUNTRIES' , 'roscms_countries'); +define('ROSCMST_ENTRIES' , 'roscms_entries'); +define('ROSCMST_REVISIONS' , 'roscms_entries_revisions'); +define('ROSCMST_STEXT' , 'roscms_entries_stext'); +define('ROSCMST_TAGS' , 'roscms_entries_tags'); +define('ROSCMST_TEXT' , 'roscms_entries_text'); +define('ROSCMST_FILTER' , 'roscms_filter'); +define('ROSCMST_GROUPS' , 'roscms_groups'); +define('ROSCMST_JOBS' , 'roscms_jobs'); +define('ROSCMST_LANGUAGES' , 'roscms_languages'); +define('ROSCMST_SUBSYS' , 'roscms_rel_accounts_subsys'); +define('ROSCMST_MEMBERSHIPS', 'roscms_rel_groups_accounts'); +define('ROSCMST_ENTRY_AREA' , 'roscms_rel_groups_acl'); +define('ROSCMST_AREA_ACCESS', 'roscms_rel_groups_area'); +define('ROSCMST_DEPENCIES' , 'roscms_rel_revisions_depencies'); +define('ROSCMST_ACL' , 'roscms_rel_rights_access'); +define('ROSCMST_RIGHTS' , 'roscms_rights'); +define('ROSCMST_TIMEZONES' , 'roscms_timezones'); + + ?> Modified: branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -124,7 +124,7 @@ -- -------------------------------------------------------- -- create and convert access lists (allowed groups are stored in rel_groups_access) -- -------------------------------------------------------- -CREATE TABLE roscms_access ( +CREATE TABLE roscms_entries_access ( id bigint(20) unsigned NOT NULL auto_increment, name varchar(100) collate utf8_unicode_ci NOT NULL, name_short varchar(50) collate utf8_unicode_ci NOT NULL, @@ -134,7 +134,7 @@ UNIQUE KEY name_short (name_short) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; -INSERT INTO roscms_access +INSERT INTO roscms_entries_access SELECT NULL, sec_fullname, @@ -146,7 +146,7 @@ -- -------------------------------------------------------- --- create access lists (need to run seperate script) +-- create access lists -- -------------------------------------------------------- CREATE TABLE roscms_rel_groups_access ( acl_id bigint(20) unsigned NOT NULL COMMENT '->access(id)', @@ -170,7 +170,7 @@ s.sec_lev1_add, s.sec_lev1_pub, s.sec_lev1_trans -FROM roscms_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 1 +FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 1 UNION SELECT a.id, @@ -181,7 +181,7 @@ s.sec_lev2_add, s.sec_lev2_pub, s.sec_lev2_trans -FROM roscms_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 2 +FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 2 UNION SELECT a.id, @@ -192,14 +192,97 @@ s.sec_lev3_add, s.sec_lev3_pub, s.sec_lev3_trans -FROM roscms_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 3; - -UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN roscms_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name +FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 3; + +UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name SET ga.can_read=TRUE, ga.can_write=TRUE, ga.can_add=TRUE, ga.can_delete=TRUE, ga.can_publish=TRUE, ga.can_translate=TRUE WHERE s.sec_allow LIKE CONCAT('%',g.name_short,'%'); -UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN roscms_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name +UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name SET ga.can_read=FALSE, ga.can_write=FALSE, ga.can_add=FALSE, ga.can_delete=FALSE, ga.can_publish=FALSE, ga.can_translate=FALSE WHERE s.sec_deny LIKE CONCAT('%',g.name_short,'%'); + + +-- -------------------------------------------------------- +-- create areas +-- -------------------------------------------------------- +CREATE TABLE roscms_area ( + id bigint(20) NOT NULL auto_increment, + `name` varchar(30) NOT NULL, + name_short varchar(15) NOT NULL, + description varchar(255) NOT NULL, + PRIMARY KEY (id), + UNIQUE KEY `name` (`name`), + UNIQUE KEY name_short (name_short) +) ENGINE=MyISAM DEFAULT CHARSET=utf8; + +INSERT INTO roscms_area VALUES +(1, 'System Tags', 'system_tags', 'Can the user modify/see system tags'), +(2, 'Content Management System', 'CMS', 'RosCMS Interface itself'), +(3, 'Entry Details', 'entry_details', 'Shows Entry Details such as Rev-ID'), +(4, 'New Entries', 'new_entry', 'Be able to create new entries'), +(5, 'Admin Branch', 'admin', 'Can Access Admin Branch'), +(6, 'Delete Files', 'delete_file', 'Able to delete files from generated content'), +(7, 'User Branch', 'user', 'Access user branch'), +(8, 'Add Translator', 'addtransl', 'add someone to translator group'), +(9, 'Add new membership', 'addmembership', 'add someone to new group'), +(10, 'Delete Membership', 'delmembership', 'removes someones membership to a group'), +(11, 'Disable Account', 'disableaccount', 'disable/enable user accounts'), +(12, 'User Details', 'user_details', 'Access to user details, such as user groups, user-id and contact data'), +(13, 'Foreign Drafts', 'other_drafts', 'beein able to view drafts of other people'), +(14, 'Maintain Branch', 'maintain', 'Access to Maintain branch'), +(15, 'Statistics Branch', 'stats', 'Access to Statistics branch'), +(16, 'Website Branch', 'website', 'Access to Website branch'), +(17, 'Pages', 'pages', 'View Pages'), +(18, 'Dynamic Pages', 'dynamic_pages', 'View Dynamic Pages'), +(19, 'Templates', 'templates', 'View Page Templates'), +(20, 'Scripts', 'scripts', 'View Scripts'), +(21, 'Delete Tags', 'deltag', 'Delete System Tags from entries'), +(22, 'Update Tags', 'updatetag', 'Update Tag value'), +(23, 'More Languages', 'more_lang', 'Can change things in more languages than the user has set in his profile'), +(24, 'Logs', 'logs', 'Can view Logs'), +(25, 'Delete Entries', 'del_entry', 'Delete Entries'), +(26, 'Delete without archiv', 'del_wo_archiv', 'delete entries without moving them to archiv'), +(27, 'add level 0 group', 'addlvl0group', 'Add memberships with group security level 0'), +(28, 'add level 1 groups', 'addlvl1group', 'Add memberships with group security level 1'), +(29, 'add level 2 groups', 'addlvl2group', 'Add memberships with group security level 2'), +(30, 'add level 3 groups', 'addlvl3group', 'Add memberships with group security level 3'), +(31, 'Mix private & public entries', 'mix_priv_pub', 'show private and public type entries together'), +(32, 'show system entries', 'show_sys_entry', 'show entries of type ''system'''); + + + +-- -------------------------------------------------------- +-- create area protection list +-- -------------------------------------------------------- +CREATE TABLE roscms_rel_groups_area ( + group_id bigint(20) NOT NULL, + area_id bigint(20) NOT NULL, + PRIMARY KEY (group_id,area_id) +) ENGINE=MyISAM DEFAULT CHARSET=utf8; + +INSERT INTO roscms_rel_groups_area +SELECT g.id, a.id +FROM roscms_area a JOIN roscms_groups g +WHERE ((a.name_short = 'system_tags' OR a.name_short = 'entry_details' OR a.name_short = 'new_entry' OR a.name_short = 'deltag' OR a.name_short = 'del_entry' OR a.name_short = 'mix_priv_pub' OR a.name_short = 'show_sys_entry' OR a.name_short = 'addlvl1group') +AND g.security_level > 1) + +OR ((a.name_short = 'delete_file' OR a.name_short = 'delmembership' OR a.name_short = 'disableaccount' OR a.name_short = 'user_details' OR a.name_short = 'other_drafts' OR a.name_short = 'stats' OR a.name_short = 'dynamic_pages' OR a.name_short = 'updatetag' OR a.name_short = 'del_wo_archiv' OR a.name_short = 'addlvl2group' OR a.name_short = 'user' OR a.name_short = 'addmembership' OR a.name_short = 'maintain') +AND g.security_level = 3) + +OR ((a.name_short = 'admin' OR a.name_short = 'logs' OR a.name_short = 'addlvl3group') +AND g.name_short = 'ros_sadmin') + +OR ((a.name_short='pages' OR a.name_short = 'templates' OR a.name_short = 'scripts') +AND g.security_level > 1 AND g.name_short != 'transmaint') + +OR ((a.name_short = 'CMS' OR a.name_short = 'website' OR a.name_short = 'addlvl0group') +AND g.security_level > 0) + +OR ((a.name_short = 'maintain' OR a.name_short = 'user' OR a.name_short = 'addmembership' OR a.name_short = 'addtransl' OR a.name_short = 'addlvl0group') +AND g.name_short = 'transmaint') + +OR ((a.name_short = 'more_lang') +AND g.name_short != 'translator' AND g.name_short != 'transmaint' AND g.security_level > 0); -- -------------------------------------------------------- @@ -227,7 +310,7 @@ s.id, d.data_id, 1 -FROM data_a d JOIN roscms_access s ON d.data_acl=s.name_short +FROM data_a d JOIN roscms_entries_access s ON d.data_acl=s.name_short UNION SELECT NULL, @@ -236,7 +319,7 @@ s.id, d.data_id, 0 -FROM data_ d JOIN roscms_access s ON d.data_acl=s.name_short; +FROM data_ d JOIN roscms_entries_access s ON d.data_acl=s.name_short; @@ -577,7 +660,6 @@ PRIMARY KEY (id), KEY name (name) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; - @@ -641,4 +723,4 @@ DROP TABLE users; DROP TABLE user_unsafenames; DROP TABLE user_unsafepwds; -DROP TABLE user_sessions; +DROP TABLE user_sessions; Modified: branches/danny-web/reactos.org/htdocs/roscms/index.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -32,7 +32,6 @@ require_once('config.php'); require_once('lib/RosCMS_Autoloader.class.php'); -require_once('lib/DBConnection.class.php'); // strips whitespace from sourcecode function echo_strip( $text ) { @@ -173,6 +172,9 @@ case 'lang': new Admin_Languages(); break; + case 'system': + new Admin_System(); + break; default: die(''); break; Modified: branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -82,6 +82,27 @@ if (uf==true) { makeRequest('?page=data_out&d_f=admin&d_u=' + subject + '&action=delete&submit=true', 'POST'); } + return false; +} + + + +/** + * @FILLME + */ +function showAreaProtection( ) +{ + makeRequest('?page=data_out&d_f=admin&d_u=system&action=apl', 'GET'); +} + + + +/** + * @FILLME + */ +function submitAreaProtection( ) +{ + makeRequest('?page=data_out&d_f=admin&d_u=system&action=apl&submit=true', 'POST'); return false; } Modified: branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -8,14 +8,18 @@ { var soptckd = ''; - // get request type - if (document.getElementById('searchopt1').checked) soptckd = 'accountname'; - if (document.getElementById('searchopt2').checked) soptckd = 'fullname'; - if (document.getElementById('searchopt3').checked) soptckd = 'email'; - if (document.getElementById('searchopt4').checked) soptckd = 'website'; - if (document.getElementById('searchopt5').checked) soptckd = 'language'; + // only start with more than two chars + if (document.getElementById('textfield').value.length > 2) { - makeRequest('?page=data_out&d_f=user&d_u=usrtbl&d_fl=list&d_val='+encodeURIComponent(document.getElementById('textfield').value)+'&d_val2='+encodeURIComponent(soptckd)); + // get request type + if (document.getElementById('searchopt1').checked) soptckd = 'accountname'; + if (document.getElementById('searchopt2').checked) soptckd = 'fullname'; + if (document.getElementById('searchopt3').checked) soptckd = 'email'; + if (document.getElementById('searchopt4').checked) soptckd = 'website'; + if (document.getElementById('searchopt5').checked) soptckd = 'language'; + + makeRequest('?page=data_out&d_f=user&d_u=usrtbl&d_fl=list&d_val='+encodeURIComponent(document.getElementById('textfield').value)+'&d_val2='+encodeURIComponent(soptckd)); + } } Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -33,7 +33,7 @@ // check if user has enough rights Login::required(); - if (ThisUser::getInstance()->securityLevel() < 3) { + if (!ThisUser::getInstance()->hasAccess('admin')) { die('Not enough rights to access this Area.'); } Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -116,7 +116,7 @@ if ($access_id !== false) { // prepare for usage in loop - $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_ACL." (acl_id, group_id, can_read, can_write, can_add, can_delete, can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete, :publish, :translate)"); + $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_ENTRY_AREA." (acl_id, group_id, can_read, can_write, can_add, can_delete, can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete, :publish, :translate)"); $stmt_ins->bindParam('acl_id',$access_id,PDO::PARAM_INT); // insert access rights for each group @@ -249,7 +249,7 @@ <th title="translate">T</th> </tr>'); - $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name, g.security_level, g.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish, a.can_translate FROM ".ROSCMST_ACL." a JOIN ".ROSCMST_GROUPS." g ON g.id=a.group_id WHERE a.acl_id=:acl_id ORDER BY g.security_level ASC, g.name ASC"); + $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name, g.security_level, g.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish, a.can_translate FROM ".ROSCMST_ENTRY_AREA." a JOIN ".ROSCMST_GROUPS." g ON g.id=a.group_id WHERE a.acl_id=:acl_id ORDER BY g.security_level ASC, g.name ASC"); $stmt->bindParam('acl_id',$access['id'],PDO::PARAM_INT); $stmt->execute(); while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) { @@ -294,7 +294,7 @@ $success = $success && $stmt->execute(); // prepare for usage in loop - $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_ACL." SET can_read=:read, can_write=:write, can_add=:add, can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id AND group_id=:group_id"); + $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_ENTRY_AREA." SET can_read=:read, can_write=:write, can_add=:add, can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id AND group_id=:group_id"); $stmt_ins->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT); // insert access rights for each group @@ -385,7 +385,7 @@ // delete rights list if ($success) { - $stmt=&DBConnection::getInstance()->prepare("DELETE FROM ".ROSCMST_ACL." WHERE acl_id=:acl_id"); + $stmt=&DBConnection::getInstance()->prepare("DELETE FROM ".ROSCMST_ENTRY_AREA." WHERE acl_id=:acl_id"); $stmt->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT); $success = $success && $stmt->execute(); } Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -124,7 +124,7 @@ if ($group_id !== false) { // prepare for usage in loop - $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_ACL." (acl_id, group_id, can_read, can_write, can_add, can_delete, can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete, :publish, :translate)"); + $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_ENTRY_AREA." (acl_id, group_id, can_read, can_write, can_add, can_delete, can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete, :publish, :translate)"); $stmt_ins->bindParam('group_id',$group_id,PDO::PARAM_INT); // insert access rights for each group @@ -265,7 +265,7 @@ <th title="translate">T</th> </tr>'); - $stmt=&DBConnection::getInstance()->prepare("SELECT s.id, s.name, s.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish, a.can_translate FROM ".ROSCMST_ACCESS." s JOIN ".ROSCMST_ACL." a ON a.acl_id=s.id WHERE a.group_id=:group_id ORDER BY name ASC"); + $stmt=&DBConnection::getInstance()->prepare("SELECT s.id, s.name, s.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish, a.can_translate FROM ".ROSCMST_ACCESS." s JOIN ".ROSCMST_ENTRY_AREA." a ON a.acl_id=s.id WHERE a.group_id=:group_id ORDER BY name ASC"); $stmt->bindParam('group_id',$group['id'],PDO::PARAM_INT); $stmt->execute(); while ($acl = $stmt->fetch(PDO::FETCH_ASSOC)) { @@ -310,7 +310,7 @@ $success = $success && $stmt->execute(); // prepare for usage in loop - $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_ACL." SET can_read=:read, can_write=:write, can_add=:add, can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id AND group_id=:group_id"); + $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_ENTRY_AREA." SET can_read=:read, can_write=:write, can_add=:add, can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id AND group_id=:group_id"); $stmt_ins->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT); // insert access rights for each group @@ -380,7 +380,7 @@ // delete rights list if ($success) { - $stmt=&DBConnection::getInstance()->prepare("DELETE FROM ".ROSCMST_ACL." WHERE group_id=:group_id"); + $stmt=&DBConnection::getInstance()->prepare("DELETE FROM ".ROSCMST_ENTRY_AREA." WHERE group_id=:group_id"); $stmt->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT); $success = $success && $stmt->execute(); } Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php (added) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -1,0 +1,166 @@ +<?php + /* + RosCMS - ReactOS Content Management System + Copyright (C) 2009 Danny Götte &lt;dangerground(a)web.de&gt; + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +/** + * class Admin_System + * + */ +class Admin_System +{ + + + + /** + * + * + * @access protected + */ + public function __construct() + { + // check if user has enough rights + Login::required(); + if (!ThisUser::getInstance()->hasAccess('admin')) { + die('Not enough rights to access this Area.'); + } + + // is an action given ? + if (empty($_GET['action'])) { + die('missing param'); + } + + // show requested form + if (empty($_GET['submit'])) { + switch ($_GET['action']) { + case 'apl': + $this->showAPL(); + break; + } + } + + // submit form data + else { + switch ($_GET['action']) { + case 'apl': + $this->submitAPL(); + break; + } + } + } + + + + /** + * + * + * @access protected + */ + protected function showAPL( ) + { + $stmt=&DBConnection::getInstance()->prepare("SELECT id, name_short, description FROM ".ROSCMST_AREA." ORDER BY name_short ASC"); + $stmt->execute(); + $areas=$stmt->fetchAll(PDO::FETCH_ASSOC); + + echo_strip(' + <h2>Create new Area Protection List (APL)</h2> + <form onsubmit="return false;"> + <fieldset> + <legend>Groups Access Rights</legend> + <table> + <tr> + <th style="vertical-align:bottom;" title="Security Level">SecLvl</th> + <th style="vertical-align:bottom;">Group Name</th>'); + foreach ($areas as $area) { + echo '<th style="width: 1em;font-family:monospace;vertical-align:bottom;line-height: 0.8em;" title="'.$area['name_short'].': '.$area['description'].'">'; + for ($i=0; $i<strlen($area['name_short']);$i++) { + echo substr($area['name_short'], $i, 1).'<br />'; + } + echo '</th>'; + } + echo '</tr>'; + + $stmt_is=&DBConnection::getInstance()->prepare("SELECT TRUE FROM ".ROSCMST_AREA." a JOIN ".ROSCMST_AREA_ACCESS." b ON a.id=b.area_id WHERE b.group_id=:group_id AND a.id=:area_id ORDER BY a.name_short LIMIT 1"); + + $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, security_level, description FROM ".ROSCMST_GROUPS." ORDER BY security_level ASC, name ASC"); + $stmt->execute(); + while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) { + $stmt_is->bindParam('group_id',$group['id'],PDO::PARAM_INT); + echo_strip(' + <tr title="'.htmlspecialchars($group['description']).'"> + <td style="text-align:center;">'.$group['security_level'].'</td> + <td>'.htmlspecialchars($group['name']).'</td>'); + foreach ($areas as $area) { + $stmt_is->bindParam('area_id',$area['id'],PDO::PARAM_INT); + $stmt_is->execute(); + $is = $stmt_is->fetchColumn(); + + echo '<td title="'.$group['name'].'--'.$area['name_short'].': '.$area['description'].'"><input type="checkbox" value="1" name="valid'.$group['id'].'_'.$area['id'].'" '.($is ? 'checked="checked"' : '').' /></td>'; + } + echo '</tr>'; + } + + echo_strip(' + </table> + </fieldset> + <button onclick="'."submitAreaProtection()".'">update APL</button> + </form> + '); + } // end of member function showNew + + + + /** + * + * + * @access protected + */ + protected function submitAPL( ) + { + $success = true; + + $stmt=&DBConnection::getInstance()->prepare("DELETE FROM ".ROSCMST_AREA_ACCESS); + $success = $success && $stmt->execute(); + + if ($success) { + $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_AREA_ACCESS." (area_id, group_id) VALUES (:area_id,:group_id)"); + foreach ($_POST as $item=>$val) { + if (strpos($item,'valid')===0) { + $item = substr($item, 5); + $id = explode('_',$item); + if($id[0] > 0 && $id[1] > 0 && $val=='true') { + $stmt->bindParam('area_id',$id[1],PDO::PARAM_INT); + $stmt->bindParam('group_id',$id[0],PDO::PARAM_INT); + $success = $success && $stmt->execute(); + } + } + } + } + + // give the user success message + if ($success) { + echo 'Success, Area Protection List was updated successfully'; + } + else { + echo 'Error, while updating Area Protection list'; + } + } // end of member function submitNew + +} // end of Admin_System +?> Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -17,28 +17,6 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - - -// RosCMS Table Names -define('ROSCMST_ACCESS' , 'roscms_access'); -define('ROSCMST_USERS' , 'roscms_accounts'); -define('ROSCMST_FORBIDDEN' , 'roscms_accounts_forbidden'); -define('ROSCMST_SESSIONS' , 'roscms_accounts_sessions'); -define('ROSCMST_COUNTRIES' , 'roscms_countries'); -define('ROSCMST_ENTRIES' , 'roscms_entries'); -define('ROSCMST_REVISIONS' , 'roscms_entries_revisions'); -define('ROSCMST_STEXT' , 'roscms_entries_stext'); -define('ROSCMST_TAGS' , 'roscms_entries_tags'); -define('ROSCMST_TEXT' , 'roscms_entries_text'); -define('ROSCMST_FILTER' , 'roscms_filter'); -define('ROSCMST_GROUPS' , 'roscms_groups'); -define('ROSCMST_JOBS' , 'roscms_jobs'); -define('ROSCMST_LANGUAGES' , 'roscms_languages'); -define('ROSCMST_SUBSYS' , 'roscms_rel_accounts_subsys'); -define('ROSCMST_MEMBERSHIPS', 'roscms_rel_groups_accounts'); -define('ROSCMST_ACL' , 'roscms_rel_groups_access'); -define('ROSCMST_DEPENCIES' , 'roscms_rel_revisions_depencies'); -define('ROSCMST_TIMEZONES' , 'roscms_timezones'); Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -40,7 +40,6 @@ $stmt->bindParam('type',$data_type,PDO::PARAM_STR); $stmt->bindParam('lang',$lang_id,PDO::PARAM_INT); $stmt->bindValue('archive',($mode == 'archive'),PDO::PARAM_BOOL); - echo ($mode == 'archive'); $stmt->execute(); $rev_id = $stmt->fetchColumn(); @@ -187,7 +186,7 @@ public static function deleteFile( $rev_id ) { // only for admins - if (ThisUser::getInstance()->securityLevel() < 3) { + if (!ThisUser::getInstance()->hasAccess('delete_file')) { return; } @@ -634,7 +633,7 @@ // mark as stable case 'ms': - if ($thisuser->securityLevel() > 1 && $thisuser->isMemberOfGroup('transmaint')) { + if (!$thisuser->hasAccess('more_lang')) { // check for user language if ($user_lang == '') { @@ -706,7 +705,7 @@ // mark as new case 'mn': - if ($thisuser->securityLevel() > 1 && $thisuser->isMemberOfGroup('transmaint')) { + if (!$thisuser->hasAccess('more_lang')) { // check for user language if ($user_lang == 0) { @@ -745,10 +744,10 @@ // delete entry case 'xe': - if ($thisuser->securityLevel() > 1 || $revision['user_id'] == $thisuser->id()) { + if ($thisuser->hasAccess('del_entry') || $revision['user_id'] == $thisuser->id()) { // copy to Archive if no admin - if ($thisuser->securityLevel() < 3) { + if (!$thisuser->hasAccess('del_wo_archiv')) { Data::copy($revision['id'], 0, $lang_id); } //Data::deleteFile($revision['id']); Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -78,7 +78,7 @@ case 'newentry': // add a new entry only with higher security level - if ($thisuser->securityLevel() > 1) { + if ($thisuser->hasAccess('new_entry')) { switch ($_GET['d_val']) { case 'dynamic': $this->showAddEntry(self::DYNAMIC); @@ -466,7 +466,7 @@ <option value="page">Page</option> <option value="content">Content</option> <option value="template">Template</option> - <option value="script">Script</option>'.(ThisUser::getInstance()->isMemberOfGroup('ros_sadmin') ? ' + <option value="script">Script</option>'.(ThisUser::getInstance()->hasAccess('dynamic_pages') ? ' <option value="dynamic">Dynamic Page Type</option>' : '').' </select> <br /> @@ -615,7 +615,7 @@ } // allowed only for someone with "add" rights - if (Security::hasRight($this->data_id, 'add')) { + if ($thisuser->hasAccess('entry_fields')) { echo '&nbsp;|&nbsp;'; // Fields @@ -625,6 +625,9 @@ else { echo '<span class="detailmenu" onclick="'."showEditorTabFields(".$this->rev_id.")".'">Fields</span>'; } + } + + if ($thisuser->hasAccess('entry_revs')) { echo '&nbsp;|&nbsp;'; if ($mode == self::REVISION) { @@ -636,7 +639,7 @@ } // allowed only for related super administrators - if ($thisuser->isMemberOfGroup('ros_sadmin') || (Security::hasRight($this->data_id, 'add') && $thisuser->isMemberOfGroup('ros_admin'))) { + if ($thisuser->hasAccess('entry_security')) { echo '&nbsp;|&nbsp;'; // Security @@ -689,7 +692,7 @@ // helper vars $last_user = null; // used in first while, to recognize the last type - if ($thisuser->securityLevel() > 1) { + if ($thisuser->hasAccess('system_tags')) { $stmt=&DBConnection::getInstance()->prepare("SELECT id, user_id, name, value FROM ".ROSCMST_TAGS." WHERE rev_id = :rev_id AND user_id IN(-1, 0,:user_id) ORDER BY user_id ASC, name ASC"); } else { @@ -726,7 +729,7 @@ // allow to delete label if SecLev > 1 // allow to delete sys metadata if user has the rights // allow someone to delete his metadata he set and the user-id > 0 - if (($thisuser->securityLevel() > 1 && $tag['user_id'] == 0) || (Security::hasRight($this->data_id, 'add') && $tag['user_id'] == -1) || ($tag['user_id'] == $thisuser->id() && $tag['user_id'] > 0)) { + if (($thisuser->hasAccess('system_tags') && $tag['user_id'] == -1) || $tag['user_id'] == $thisuser->id()) { echo_strip('&nbsp;&nbsp; <span class="frmeditbutton" onclick="'."delLabelOrTag('".$tag['id']."')".'"> <img src="images/remove.gif" alt="" style="width:11px; height:11px; border:0px;" /> @@ -746,10 +749,10 @@ <button type="button" onclick="'."addLabelOrTag(".$this->rev_id.",'tag','addtagn', '".$thisuser->id()."')".'">Add</button> <br />'); - if ($thisuser->securityLevel() > 1) { + if ($thisuser->hasAccess('system_tags')) { echo_strip(' <br /> - <h3>Add Label'.(Security::hasRight($this->data_id, 'add') ? ' or System Metadata' : '').'</h3> + <h3>Add Label'.(Security::hasAccess($this->data_id, 'add') ? ' or System Metadata' : '').'</h3> <label for="addtags1" class="normal">Name:</label>&nbsp; <input type="text" id="addtags1" size="15" maxlength="100" value="" />&nbsp; <label for="addtags2" class="normal">Value:</label>&nbsp; @@ -1163,7 +1166,7 @@ <li>Type: '.$revision1['type'].'</li> <li>Language: '.$revision1['language'].'</li> <li>User: '.$revision1['user_name'].'</li>'); - if (ThisUser::getInstance()->securityLevel() > 1) { + if (ThisUser::getInstance()->hasAccess('entry_details')) { echo '<li>Rev-ID: '.$revision1['id'].'</li>'; } echo_strip(' @@ -1175,7 +1178,7 @@ <li>Type: '.$revision2['type'].'</li> <li>Language: '.$revision2['language'].'</li> <li>User: '.$revision2['user_name'].'</li>'); - if (ThisUser::getInstance()->securityLevel() > 1) { + if (ThisUser::getInstance()->hasAccess('entry_details')) { echo '<li>ID: '.$revision2['id'].'</li>'; } echo_strip(' Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -53,7 +53,7 @@ { switch ($_GET['d_u']) { case 'optimize': - $stmt=&DBConnection::getInstance()->prepare("OPTIMIZE TABLE ".ROSCMST_ACCESS.",".ROSCMST_USERS.",".ROSCMST_FORBIDDEN.",".ROSCMST_SESSIONS.",".ROSCMST_COUNTRIES.",".ROSCMST_ENTRIES.",".ROSCMST_REVISIONS.",".ROSCMST_STEXT.",".ROSCMST_TAGS.",".ROSCMST_TEXT.",".ROSCMST_FILTER.",".ROSCMST_GROUPS.",".ROSCMST_JOBS.",".ROSCMST_LANGUAGES.",".ROSCMST_SUBSYS.",".ROSCMST_MEMBERSHIPS.",".ROSCMST_ACL.",".ROSCMST_DEPENCIES.",".ROSCMST_TIMEZONES); + $stmt=&DBConnection::getInstance()->prepare("OPTIMIZE TABLE ".ROSCMST_ACCESS.",".ROSCMST_USERS.",".ROSCMST_FORBIDDEN.",".ROSCMST_SESSIONS.",".ROSCMST_COUNTRIES.",".ROSCMST_ENTRIES.",".ROSCMST_REVISIONS.",".ROSCMST_STEXT.",".ROSCMST_TAGS.",".ROSCMST_TEXT.",".ROSCMST_FILTER.",".ROSCMST_GROUPS.",".ROSCMST_JOBS.",".ROSCMST_LANGUAGES.",".ROSCMST_SUBSYS.",".ROSCMST_MEMBERSHIPS.",".ROSCMST_ENTRY_AREA.",".ROSCMST_DEPENCIES.",".ROSCMST_TIMEZONES); $stmt->execute(); Log::writeHigh('optimize database tables: done by '.ThisUser::getInstance()->id().' {data_maintain_out}'); break; Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -78,7 +78,7 @@ } // show additional data for security level > 1 - if (ThisUser::getInstance()->securityLevel() > 1) { + if (ThisUser::getInstance()->hasAccess('entry_details')) { echo $t_s.'Rev-ID'.$t_e.$revision['id'].$t_lb; echo $t_s.'Data-ID'.$t_e.$revision['data_id'].$t_lb; echo $t_s.'ACL'.$t_e.$revision['acl'].$t_lb; Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -56,16 +56,16 @@ $display = ''; // list / user details $user_id = $_GET['d_val']; $search_string = $_GET['d_val']; - $group_id = $_GET['d_val2']; - $new_lang = $_GET['d_val2']; - $search_type = $_GET['d_Val2']; - - if (!$thisuser->isMemberOfGroup('transmaint') && $thisuser->securityLevel() > 3) { + $group_id = @$_GET['d_val2']; + $new_lang = @$_GET['d_val2']; + $search_type = @$_GET['d_Val2']; + + if (!$thisuser->hasAccess('user')) { return; } - if ($thisuser->isMemberOfGroup('transmaint')) { - $stmt=&DBConnection::getInstance()->prepare("SELECT lang_id FROM ".ROSCMST_LANGUAGES." WHERE id = :user_id LIMIT 1"); + if (!$thisuser->hasAccess('more_lang')) { + $stmt=&DBConnection::getInstance()->prepare("SELECT lang_id FROM ".ROSCMST_USERS." WHERE id = :user_id LIMIT 1"); $stmt->bindParam('user_id',$thisuser->id()); $stmt->execute(); $user_lang = $stmt->fetchColumn(); @@ -85,10 +85,9 @@ case 'addmembership': // check if user is already member, so we don't add him twice // also check that you don't give accounts a higher seclevel - $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM ".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON m.group_id = g.id WHERE m.user_id = :user_id AND m.group_id = :group_id AND g.security_level <= :security_level LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM ".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON m.group_id = g.id WHERE m.user_id = :user_id AND m.group_id = :group_id LIMIT 1"); $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT); $stmt->bindParam('group_id',$group_id,PDO::PARAM_STR); - $stmt->bindParam('security_level',$thisuser->securityLevel(),PDO::PARAM_INT); $stmt->execute(); if ($stmt->fetchColumn() === false) { @@ -121,7 +120,7 @@ case 'accountdisable': // only with admin rights - if ($thisuser->securityLevel() == 3) { + if ($thisuser->hasAccess('disableaccount')) { $stmt=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_USERS." SET disabled = TRUE WHERE id = :user_id"); $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT); $stmt->execute(); @@ -132,7 +131,7 @@ case 'accountenable': // enable account only with admin rights - if ($thisuser->securityLevel() == 3) { + if ($thisuser->hasAccess('disableaccount')) { // enable account only, if he has already activated his account $stmt=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_USERS." SET disabled = FALSE WHERE activation = '' AND id = :user_id"); $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT); @@ -188,7 +187,13 @@ break; } - $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name, u.fullname, l.name AS language FROM ".ROSCMST_USERS." u JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE ". $sql_search ." LIKE :value ORDER BY u.name ASC LIMIT 25"); + if ($user_lang === false) { + $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name, u.fullname, l.name AS language FROM ".ROSCMST_USERS." u JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE ". $sql_search ." LIKE :value ORDER BY u.name ASC LIMIT 25"); + } + else { + $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name, u.fullname, l.name AS language FROM ".ROSCMST_USERS." u JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE ". $sql_search ." LIKE :value AND u.lang_id=:user_lang ORDER BY u.name ASC LIMIT 25"); + $stmt->bindValue('user_lang',$user_lang,PDO::PARAM_INT); + } $stmt->bindValue('value','%'.$search_string.'%',PDO::PARAM_INT); $stmt->execute(); $users = $stmt->fetchAll(PDO::FETCH_ASSOC); @@ -223,7 +228,7 @@ <legend>Details for \''.$user['name'].'\'</legend> <p><strong>Name:</strong> '.$user['name'].' ('.$user['fullname'].') ['.$user['id'].']</p> <p><strong>Lang:</strong> '.$user['language'].'</p>'); - if ($thisuser->securityLevel() == 3) { + if ($thisuser->hasAccess('user_details')) { echo_strip(' <p><strong>E-Mail:</strong> '.$user['email'].'</p> <p><strong>Latest Login:</strong> '.$user['modified'].'; '.$user['logins'].' logins</p> @@ -245,7 +250,7 @@ while ($membership = $stmt->fetch(PDO::FETCH_ASSOC)) { echo '<li>'.$membership['name'].' '; - if ($thisuser->securityLevel() == 3) { + if ($thisuser->hasAccess('delmembership')) { echo_strip(' &nbsp; <span class="frmeditbutton" onclick="'."delMembership(".$user_id.", '".$membership['group_id']."')".'"> @@ -257,16 +262,15 @@ } // end while echo '</ul>'; - if ($thisuser->securityLevel() == 3) { + if ($thisuser->hasAccess('addmembership')) { echo '<select id="cbmmemb" name="cbmmemb">'; - $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name FROM ".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON g.id!=m.group_id WHERE g.security_level <= :sec_level AND m.user_id != :user-id ORDER BY g.name ASC"); - $stmt->bindParam('sec_level',$thisuser->securityLevel(),PDO::PARAM_INT); + $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name FROM ".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON g.id!=m.group_id WHERE m.user_id != :user-id ORDER BY g.name ASC"); $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT); $stmt->execute(); while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) { // only super admin can give super admin rights - if ($group['usrgroup_name'] != 'sadmin' || $thisuser->isMemberOfGroup('ros_sadmin')) { + if ($group['usrgroup_name'] != 'sadmin' || $thisuser->hasAccess('addLvl')) { echo '<option value="'.$group['id'].'">'.$group['name'].'</option>'; } } @@ -283,7 +287,7 @@ echo_strip('</select> <input type="button" name="addusrlang" id="addusrlang" value="Update User language" onclick="'."updateUserLang(".$user_id.", document.getElementById('cbmusrlang').value)".'" /><br />'); } - elseif ($thisuser->isMemberOfGroup('transmaint')) { + elseif ($thisuser->hasAccess('addtransl')) { echo_strip('<input type="button" name="addmemb" id="addmemb" value="Make this User a Translator" onclick="'."getUserDetails(".$user_id.", 'translator')".'" /> <br /> <br />'); Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -290,7 +290,7 @@ } break; case 'Rights': - $column_list_row .= Security::rightsOverview($row['id']); + $column_list_row .= 'Depracted'; break; case 'Version': $column_list_row .= $row['version'] ; @@ -664,18 +664,8 @@ // if no filter is set, construct a new one if ($entries_private <= 0 && $entries_system <= 0 && $entries_public <= 0) { - // everything except draft - if ($thisuser->securityLevel() == 3) { - $this->sql_where .= " AND (t.name = 'status' AND t.value != 'draft') "; - } - - // new, stable and unknown (if more than translator) - if ($thisuser->securityLevel() == 2) { - $this->sql_where .= " AND (t.name = 'status' AND (t.value = 'new' OR t.value = 'stable' OR t.value = 'unknown')) "; - } - else { - $this->sql_where .= " AND (t.name = 'status' AND (t.value = 'new' OR t.value = 'stable')) "; - } + // new, stable + $this->sql_where .= " AND (t.name = 'status' AND (t.value = 'new' OR t.value = 'stable')) "; // set additional needed sql $this->sql_select .= ", t.name AS tag_name, t.value AS tag_value "; @@ -685,7 +675,7 @@ // construct additioanl sql for tag-usage from filter if ($tag_counter > 0) { - $this->sql_select .= ", ".$tag_counter." AS tag_count"; + $this->sql_select .= ", ".$tag_counter." AS tag_count"; for ($i = 1; $i <= $tag_counter; $i++) { $this->sql_select .= ", t".$i.".name AS tag_name".$i.", t".$i.".value AS tag_value".$i." "; $this->sql_from .= " JOIN ".ROSCMST_TAGS." t".$i." ON t".$i.".rev_id = r.id "; @@ -694,12 +684,12 @@ } // make sure only private drafts are visible - if ($thisuser->securityLevel() < 3 && $entries_private > 0) { + if (!$thisuser->hasAccess('other_drafts') && $entries_private > 0) { $this->sql_where .= " AND r.user_id = '".$thisuser->id()."' "; } // either show draft (private) OR stable & new (public) entries, private AND public entries together are NOT allowed => block - if ($thisuser->securityLevel() < 2 && (($entries_private > 0 && $entries_public > 0) || $entries_system > 0)) { + if (($entries_private > 0 && $entries_public > 0 && $thisuser->hasAccess('mix_priv_pub')) || ($thisuser->hasAccess('show_sys_entry') && $entries_system > 0)) { $this->sql_select = ""; $this->sql_from = ""; $this->sql_where = " FALSE "; Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -38,7 +38,7 @@ { // need to have a logged in user with minimum security level 1 Login::required(); - if (ThisUser::getInstance()->securityLevel() == 0) { + if (!ThisUser::getInstance()->hasAccess('CMS')) { header('location:?page=nopermission'); } @@ -76,14 +76,10 @@ $group_list .= ($group_list!=''?',':'').$group['name']; } - // get security level - $security_level = $thisuser->securityLevel(); - // get selected navigation entry echo_strip(' <div id="myReactOS"> - <strong>'.$thisuser->name().'</strong> - '.(($security_level > 1) ? '| SecLev: '.$security_level.' ('. $group_list .')' : '').' + <strong>'.$thisuser->name().'</strong> ('. $group_list .') | <span onclick="refreshPage()" style="color:#006090; cursor:pointer;"> <img src="images/reload.gif" alt="reload page" width="16" height="16" /> @@ -103,8 +99,10 @@ </div> </div> </th> - <td>&nbsp;&nbsp;</td> - + <td>&nbsp;&nbsp;</td>'); + + if ($thisuser->hasAccess('website')) { + echo_strip(' <th class="int'.(($this->branch == 'website') ? '2' : '1').'" onclick="'."loadBranch('website')".'"> <div class="tcL"> <div class="tcR"> @@ -113,8 +111,9 @@ </div> </th> <td>&nbsp;&nbsp;</td>'); - - if ($thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin')) { + } + + if ($thisuser->hasAccess('user')) { echo_strip(' <th class="int'.(($this->branch == 'user') ? '2' : '1').'" onclick="'."loadBranch('user')".'"> <div class="tcL"> @@ -122,12 +121,11 @@ <div class="text">User</div> </div> </div> - - </th> - <td>&nbsp;&nbsp;</td>'); - } - - if ($thisuser->isMemberOfGroup('transmaint') || $thisuser->securityLevel() == 3) { + </th> + <td>&nbsp;&nbsp;</td>'); + } + + if ($thisuser->hasAccess('maintain')) { echo_strip(' <th class="int'.(($this->branch == 'maintain') ? '2' : '1').'" onclick="'."loadBranch('maintain')".'"> <div class="tcL"> @@ -137,27 +135,30 @@ </div> </th> <td>&nbsp;&nbsp;</td>'); - - if ($thisuser->securityLevel() == 3) { - echo_strip(' - <th class="int'.(($this->branch == 'admin') ? '2' : '1').'" onclick="'."loadBranch('admin')".'"> - <div class="tcL"> - <div class="tcR"> - <div class="text">Administration</div> - </div> - </div> - </th> - <td>&nbsp;&nbsp;</td> - - <th class="int'.(($this->branch == 'stats') ? '2' : '1').'" onclick="'."loadBranch('stats')".'"> - <div class="tcL"> - <div class="tcR"> - <div class="text">Statistics</div> - </div> - </div> - </th> - <td>&nbsp;&nbsp;</td>'); - } + } + + if ($thisuser->hasAccess('admin')) { + echo_strip(' + <th class="int'.(($this->branch == 'admin') ? '2' : '1').'" onclick="'."loadBranch('admin')".'"> + <div class="tcL"> + <div class="tcR"> + <div class="text">Administration</div> + </div> + </div> + </th> + <td>&nbsp;&nbsp;</td>'); + } + + if ($thisuser->hasAccess('stats')) { + echo_strip(' + <th class="int'.(($this->branch == 'stats') ? '2' : '1').'" onclick="'."loadBranch('stats')".'"> + <div class="tcL"> + <div class="tcR"> + <div class="text">Statistics</div> + </div> + </div> + </th> + <td>&nbsp;&nbsp;</td>'); } echo_strip(' Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -39,7 +39,7 @@ $this->register_css('cms_admin.css'); parent::__construct( $page_title, $page_css); - if (ThisUser::getInstance()->securityLevel() < 3) { + if (!ThisUser::getInstance()->hasAccess('admin')) { die('Not enough rights to get into this area'); } } @@ -54,7 +54,7 @@ { echo_strip(' <ul> - <li>Access Control Lists + <li>Entry Access Control Lists <ul> <li><a href="#" onclick="'."showNew('acl')".'">new</a></li> <li><a href="#" onclick="'."showSearch('acl','edit')".'">edit</a></li> @@ -74,6 +74,11 @@ <li><a href="#" onclick="'."showSearch('lang','edit')".'">edit</a></li> </ul> </li> + <li>System Settings + <ul> + <li><a href="#" onclick="'."showAreaProtection()".'">Area Protection</a></li> + </ul> + </li> </ul> <div id="adminarea" style="border: 1px dashed red;"> </div>'); Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -52,7 +52,7 @@ protected function body( ) { // check if user has rights for this area - if (ThisUser::getInstance()->securityLevel() < 3) { + if (!ThisUser::getInstance()->hasAccess('maintain')) { return; } @@ -96,7 +96,7 @@ <img id="ajaxloading" style="display:none;" src="images/ajax_loading.gif" width="13" height="13" alt="" /> <br />'); - if (ThisUser::getInstance()->isMemberOfGroup('ros_sadmin')) { + if (ThisUser::getInstance()->hasAccess('logs')) { // display logs echo_strip(' Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -53,7 +53,7 @@ { $thisuser = &ThisUser::getInstance(); - if (!$thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin')) { + if (!$thisuser->hasAccess('user')) { return; } @@ -63,18 +63,12 @@ <p style="font-weight: bold;">User Account Management Interface</p> <br />'); - if ($thisuser->isMemberOfGroup('ros_admin','ros_sadmin')) { - echo '<h3>Administrator</h3>'; + if ($thisuser->hasAccess('more_lang')) { + $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name, u.fullname, l.name AS language, COUNT(r.id) as editcounter FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_USERS." u ON r.user_id = u.id JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE r.version > 0 GROUP BY u.name ORDER BY editcounter DESC, u.name"); } - elseif ($thisuser->isMemberOfGroup('transmaint')) { - echo '<h3>Language Maintainer</h3>'; + else { $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name, u.fullname, l.name AS language, COUNT(r.id) as editcounter FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_USERS." u ON r.user_id = u.id JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE r.version > 0 AND r.lang_id = :lang GROUP BY u.name ORDER BY editcounter DESC, u.name"); $stmt->bindParam('lang',Language::getStandardId(),PDO::PARAM_INT); - } - - // for non language maintainers - if (!isset($stmt)) { - $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name, u.fullname, l.name AS language, COUNT(r.id) as editcounter FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_USERS." u ON r.user_id = u.id JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE r.version > 0 GROUP BY u.name ORDER BY editcounter DESC, u.name"); } echo_strip(' @@ -83,8 +77,8 @@ <input name="searchopt" type="radio" id="searchopt1" value="accountname" checked="checked" onclick="getUser()" /><label>account name</label> <input name="searchopt" type="radio" id="searchopt2" value="fullname" onclick="getUser()" /><label>full name </label> <input name="searchopt" type="radio" id="searchopt3" value="email" onclick="getUser()" /><label>email address</label> - <input name="searchopt" type="radio" id="searchopt4" value="website" onclick="getUser()" /><label>website</label> - <input name="searchopt" type="radio" id="searchopt5" value="language" onclick="getUser()" /><label>language</label> + <input name="searchopt" type="radio" id="searchopt4" value="website" onclick="getUser()" /><label>website</label>'.($thisuser->hasAccess('more_lang') ? ' + <input name="searchopt" type="radio" id="searchopt5" value="language" onclick="getUser()" /><label>language</label>' : '').' <img id="ajaxloading" style="display:none;" src="images/ajax_loading.gif" width="13" height="13" alt="" /><br /> <br /> </div> Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -97,8 +97,8 @@ var roscms_intern_webserver_roscms = '".RosCMS::getInstance()->pathRosCMS()."'; var roscms_intern_page_link = '".RosCMS::getInstance()->pathRosCMS()."?page='; var roscms_get_edit = '".(isset($_GET['edit']) ? $_GET['edit'] : '')."'; - var roscms_access_level = ".$thisuser->securityLevel()."; - var roscms_cbm_hide = '".(($thisuser->securityLevel() > 1) ? '' : ' disabled="disabled" style="color:#CCCCCC;"')."'; // disable combobox entries for novice user + var roscms_access_level = 3"./*$thisuser->securityLevel().*/"; + var roscms_cbm_hide = '"./*(($thisuser->securityLevel() > 1) ? '' : ' disabled="disabled" style="color:#CCCCCC;"').*/"'; // disable combobox entries for novice user // favorite user language "; @@ -137,7 +137,7 @@ <div id="roscms_container"> <div class="leftMenu" style="position: absolute; top: 0px; width: 150px; left: 0px; border: 0px; z-index:1;"> - <div id="smenutab1" class="submb" style="margin-bottom: 1.5em;" onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'> + <div id="smenutab1" class="submb" style="margin-bottom: 1.5em;" onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('new_entry') ? ' style="display:none;"' : '').'> <div class="subm1"> <div id="smenutabc1" class="subm2" style="font-weight: bold;">New Entry</div> </div> @@ -149,12 +149,12 @@ </div> </div> - <div id="smenutab3" class="submb" onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'> + <div id="smenutab3" class="submb" onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('pages') ? ' style="display:none;"' : '').'> <div class="subm1"> <div id="smenutabc3" class="subm2">Page</div> </div> </div> - <div id="smenutab13" class="submb" onclick="loadMenu(this.id)"'.((!$thisuser->isMemberOfGroup('ros_sadmin')) ? ' style="display:none;"' : '').'> + <div id="smenutab13" class="submb" onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('dynamic_pages') ? ' style="display:none;"' : '').'> <div class="subm1"> <div id="smenutabc13" class="subm2">Dynamic&nbsp;Page</div> </div> @@ -164,12 +164,12 @@ <div id="smenutabc4" class="subm2">Content</div> </div> </div> - <div id="smenutab5" class="submb" onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'> + <div id="smenutab5" class="submb" onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('templates') ? ' style="display:none;"' : '').'> <div class="subm1"> <div id="smenutabc5" class="subm2">Template</div> </div> </div> - <div id="smenutab6" class="submb" onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 || $thisuser->isMemberOfGroup('transmaint')) ? ' style="display:none;"' : '').'> + <div id="smenutab6" class="submb" onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('scripts') ? ' style="display:none;"' : '').'> <div class="subm1"> <div id="smenutabc6" class="subm2">Script</div> </div> Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -62,30 +62,27 @@ <p style="font-weight: bold;">');echo Data::getContent('web_news', 'system', Language::getStandardId(), 'heading', 'stext').'</p>'. Data::getContent('web_news', 'system', Language::getStandardId(), 'content', 'text').'<br />'; - if (ThisUser::getInstance()->isMemberOfGroup('translator', 'transmaint')) { - - $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE id = :user_id LIMIT 1"); - $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT); - $stmt->execute(); - $user_lang = $stmt->fetchColumn(); + $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE id = :user_id LIMIT 1"); + $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT); + $stmt->execute(); + $user_lang = $stmt->fetchColumn(); - if ($user_lang !== false) { - echo_strip(' - <a name="web_news_langgroup"></a> - <h3>Translator Information</h3>'); + if ($user_lang !== false) { + echo_strip(' + <a name="web_news_langgroup"></a> + <h3>Translator Information</h3>'); - // try to get content in local language, otherwise use standard language - $content = Data::getContent('web_news_langgroup', 'system', $user_lang, 'content', 'text'); - if ($content == '') { - $content = Data::getContent('web_news_langgroup', 'system', Language::getStandardId(), 'content', 'text'); - } - echo $content; + // try to get content in local language, otherwise use standard language + $content = Data::getContent('web_news_langgroup', 'system', $user_lang, 'content', 'text'); + if ($content == '') { + $content = Data::getContent('web_news_langgroup', 'system', Language::getStandardId(), 'content', 'text'); } - else { - echo_strip(' - <h2>Please set your favorite language in the '.RosCMS::siteName().' profile settings.</h2> - <p>This language will also be the default language to that you can translate content.</p>'); - } + echo $content; + } + else { + echo_strip(' + <h2>Please set your favorite language in the '.RosCMS::siteName().' profile settings.</h2> + <p>This language will also be the default language to that you can translate content.</p>'); } echo '<br />'; } Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -79,7 +79,7 @@ <li><a href="'.$config->pathRosCMS().'?page=my">My Profile</a></li> <li><a href="'.$config->pathRosCMS().'?page=search">User Search</a></li> <li><a href="'.$config->pathGenerated().'peoplemap/">User Map</a></li>'); - if ($thisuser->securityLevel() > 0) { + if ($thisuser->hasAccess('CMS')) { echo '<li><a href="'.$config->pathRosCMS().'?page=data&amp;branch=welcome">RosCMS Interface</a></li>'; } echo_strip(' Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -187,7 +187,7 @@ } // email only for the user itself or admins - if ($profile['id'] == $thisuser->id() || $thisuser->securityLevel() == 3) { + if ($profile['id'] == $thisuser->id() || $thisuser->hasAccess('user_details')) { echo_strip(' <div class="field"> <div class="key">E-Mail Address </div> @@ -231,7 +231,7 @@ } // Groups (only for user itself) and admins - if ($profile['id'] == $thisuser->id() || $thisuser->securityLevel() == 3) { + if ($profile['id'] == $thisuser->id() || $thisuser->hasAccess('user_details')) { echo_strip(' <div class="field"> <div class="key">User Groups</div> Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -44,7 +44,7 @@ */ public static function prepareInfo( $data_id = 'unknown', $rev_id = 'unknown' ) { - return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid: '.ThisUser::getInstance()->id().'; security: '.Security::rightsOverview($rev_id).'] '; + return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid: '.ThisUser::getInstance()->id(); } // end of member function prepare_info @@ -285,7 +285,7 @@ * @access private */ public static function read($level = 'medium', $log = '' ) { - return Data::getContent('log_website_'.($log!=''?$log.'_':'').date('Y-W'), 'system', Language::getStandardId(), $level.'_security_log', 'text', 'archive'); + return Data::getContent('log_website_'.($log!=''?$log.'_':'').date('Y-W'), 'system', Language::getStandardId(), $level.'_security_log', 'text'); } Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -162,6 +162,7 @@ */ public static function required( ) { + $thisuser=&ThisUser::getInstance(); // check if user wants to logout if (isset($_POST['logout'])) { @@ -195,15 +196,14 @@ } // collect memberships for current user - $stmt=&DBConnection::getInstance()->prepare("SELECT g.name_short, g.security_level FROM ".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON m.group_id = g.id WHERE user_id = :user_id"); + $stmt=&DBConnection::getInstance()->prepare(" SELECT a.name_short FROM ".ROSCMST_AREA." a JOIN ".ROSCMST_AREA_ACCESS." r ON r.area_id = a.id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = r.group_id WHERE m.user_id =:user_id"); $stmt->bindparam('user_id',$user['id'],PDO::PARAM_INT); $stmt->execute(); - $memberships = $stmt->fetchAll(PDO::FETCH_ASSOC); - foreach($memberships as $membership) { - ThisUser::getInstance()->addGroup($membership); - } - - ThisUser::getInstance()->setData($user); + while ($area = $stmt->fetch(PDO::FETCH_ASSOC)) { + $thisuser->addAccess($area['name_short']); + } + + $thisuser->setData($user); } // end of member function require } // end of Login Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -48,25 +48,21 @@ $acl = ''; $sec_access = false; // security access already granted ? - // only if user has rights to access the interface - if ($thisuser->securityLevel() > 0) { + // go through acl's + $stmt=&DBConnection::getInstance()->prepare("SELECT a.id, b.can_read, b.can_add, b.can_write, b.can_delete, b.can_publish, b.can_translate FROM ".ROSCMST_ACCESS." a JOIN ".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = b.group_id WHERE m.user_id = :user_id"); + $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT); + $stmt->execute(); + while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) { - // go through acl's - $stmt=&DBConnection::getInstance()->prepare("SELECT a.id, b.can_read, b.can_add, b.can_write, b.can_delete, b.can_publish, b.can_translate FROM ".ROSCMST_ACCESS." a JOIN ".ROSCMST_ACL." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = b.group_id WHERE m.user_id = :user_id"); - $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT); - $stmt->execute(); - while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) { - - // add entries, remove them if they're on the deny list - if ($access['can_'.$kind] == true) { - if ($sec_access) { - $acl .= " , "; - } - $acl .= DBConnection::getInstance()->quote($access['id'],PDO::PARAM_INT); - $sec_access = true; + // add entries, remove them if they're on the deny list + if ($access['can_'.$kind] == true) { + if ($sec_access) { + $acl .= " , "; } - } // while - } + $acl .= DBConnection::getInstance()->quote($access['id'],PDO::PARAM_INT); + $sec_access = true; + } + } // while // group our acl list, or fail because no rights to access if ($sec_access > 0) { @@ -82,49 +78,20 @@ /** - * - * - * @access public - */ - public static function getAccessId( $name_short ) - { - $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_ACCESS." WHERE name_short=:name_short LIMIT 1"); - $stmt->bindParam('name_short',$name_short,PDO::PARAM_STR); - $stmt->execute(); - return $stmt->fetchColumn(); - } - - - /** * Constructs a list of things the user can do * * @param int data_id * @return rights list * @access private */ - private function getRightsList( $rev_id, $is_rev = true ) + private function getRightsList( $data_id ) { $thisuser = &ThisUser::getInstance(); - // roscms interface access ? - if ($thisuser->securityLevel() < 1) { - return; - } - - // contains list with granted rights - $rights = array('read'=>false,'write'=>false,'add'=>false,'delete'=>false,'publish'=>false,'translate'=>false,); - // get rights - if ($is_rev) { - $stmt=&DBConnection::getInstance()->prepare("SELECT b.can_read, b.can_add, b.can_delete, b.can_translate, b.can_publish, b.can_write FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id=d.id JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN ".ROSCMST_ACL." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=b.group_id WHERE r.id = :rev_id AND m.user_id=:user_id"); - $stmt->bindParam('rev_id',$rev_id,PDO::PARAM_INT); - $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT); - } - else { - $stmt=&DBConnection::getInstance()->prepare("SELECT b.can_read, b.can_add, b.can_delete, b.can_translate, b.can_publish, b.can_write FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN ".ROSCMST_ACL." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=b.group_id WHERE d.id = :data_id AND m.user_id=:user_id"); - $stmt->bindParam('data_id',$rev_id,PDO::PARAM_INT); - $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT); - } + $stmt=&DBConnection::getInstance()->prepare("SELECT name_short FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN ".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=b.group_id WHERE d.id = :data_id AND m.user_id=:user_id"); + $stmt->bindParam('data_id',$rev_id,PDO::PARAM_INT); + $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT); $stmt->execute() or die('Rev-Entry "'.$rev_id.'" not found [usergroups].'); // create a list with rights @@ -151,49 +118,16 @@ * @return * @access public */ - public function hasRight( $data_id, $kind ) + public function hasRight( $data_id, $area ) { - // only if roscms interface access is granted - if (ThisUser::getInstance()->securityLevel() < 1) { - return false; - } - - // return if the requested kind of right is in the rights list for the user - $rights = self::getRightsList($data_id, false); - return $rights[$kind]; +return true; + $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACL." a ON a.acl_id=d.acl_id JOIN ".ROSCMST_ENTRY_AREA." e ON e.acl_id=a.id JOIN ".ROSCMST_RIGHTS." r ON r.id=e.right_id JOIN ".ROSCMST_GROUPS." g ON g.id=e.group_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id WHERE r.name_short=:area AND m.user_id=:user_id AND d.id=:data_id LIMIT 1"); + $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT); + $stmt->bindParam('area',$area,PDO::PARAM_STR); + $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT); + return $stmt->execute(); } // end of member function hasRight - - /** - * gives a short overview about user rights - * - * @param int data_id - * @return explanation - * @access public - */ - public function rightsOverview( $data_id ) - { - // only if roscms interface access is granted - if (ThisUser::getInstance()->securityLevel() < 1) { - return; - } - - $rights = self::getRightsList($data_id, false); // so we don't need to call the same function several times - $explanation = ''; // contains abbreviations for each right or a - (if missing) symbol instead - - // start to construct list - $explanation .= $rights['read'] ? '-' : 'r'; - $explanation .= $rights['write'] ? '-' : 'w'; - $explanation .= $rights['add'] ? '-' : 'a'; - $explanation .= $rights['delete'] ? '-' : 'd'; - $explanation .= $rights['publish'] ? '-' : 'p'; - $explanation .= $rights['translate'] ? '-' : 't'; - - // add also security level - $explanation .= ' '.ThisUser::getInstance()->securityLevel(); - - return $explanation; - } // end of member function rightsOverview } // end of Security Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -102,7 +102,7 @@ $tag = $stmt->fetchOnce(PDO::FETCH_ASSOC); // @unimplemented: account group membership check - if ($tag['user_id'] == ThisUser::getInstance()->id() || ThisUser::getInstance()->securityLevel() > 1) { + if ($tag['user_id'] == ThisUser::getInstance()->id() || ThisUser::getInstance()->hasAccess('deltag')) { // finally delete tag $stmt=&DBConnection::getInstance()->prepare("DELETE FROM ".ROSCMST_TAGS." WHERE id = :tag_id LIMIT 1"); @@ -166,7 +166,7 @@ $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM ".ROSCMST_TAGS." WHERE tag_id = :tag_id AND user_id IN(-1, 0, :user_id) LIMIT 1"); $stmt->bindParam('tag_id',$tag_id,PDO::PARAM_INT); $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT); - if ($stmt->fetchColumn() || ThisUser::getInstance()->securityLevel() == 3) { + if ($stmt->fetchColumn() || ThisUser::getInstance()->hasAccess('updatetag')) { // update value $stmt=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_TAGS." SET value = :new_value WHERE id=:tag_id"); Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro… ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php [iso-8859-1] Sun Jan 11 06:41:52 2009 @@ -27,60 +27,36 @@ private $security_level = 0; private $user = array('id'=>0,'name'=>''); private $groups = array(); + private $access = array(); /** - * adds a new membership for this user and registers maximum security level + * adds a access area to the allowed list of this user * * @access public */ - public function addGroup( $group ) + public function addAccess( $access_area ) { - $this->groups[$group['name_short']] = $group['security_level']; - if ($group['security_level'] > $this->security_level) $this->security_level = $group['security_level']; + $this->access[$access_area] = true; } // end of member function setId - /** - * adds a new membership for this user - * - * @return array - * @access public - */ - public function getGroups( ) - { - return $this->groups; - } // end of member function setId - /** - * checks if the user is member of at least in one of the groups + * checks if the user has access to a requested area * - * @param string group_name - * @param string group_name2 - * @param string group_name3 + * @param string access_area name of the area * @return bool * @access public */ - public function isMemberOfGroup( $group_name, $group_name2 = null, $group_name3 = null ) + public function hasAccess( $access_area ) { - if (@$this->groups[$group_name] > -1 || @$this->groups[$group_name2] > -1 || @$this->groups[$group_name3] > -1) { - return true; + if (isset($this->access[$access_area])) { + return $this->access[$access_area]; } return false; } // end of member isGroupMember - - /** - * returns highest security level of users group memberships - * - * @return int - * @access public - */ - public function securityLevel( ) - { - return $this->security_level; - } // end of member function securityLevel /**