[dgoette] 38749: rework entries acl handling to be more dynamic - Ros-diffs

13 Jan 2009

Author: dgoette
Date: Tue Jan 13 16:48:53 2009
New Revision: 38749
URL: http://svn.reactos.org/svn/reactos?rev=38749&view=rev
Log:
rework entries acl handling to be more dynamic
Removed:
    branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
Modified:
    branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql
    branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
Modified: branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================

--- branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -146,59 +146,81 @@
-- --------------------------------------------------------
--- create access lists
--- --------------------------------------------------------
-CREATE TABLE roscms_rel_groups_access (
-  acl_id bigint(20) unsigned NOT NULL COMMENT '->access(id)',
+-- table for entry areas
+-- --------------------------------------------------------
+CREATE TABLE roscms_entries_areas (
+  id bigint(20) unsigned NOT NULL auto_increment,
+  name varchar(30) NOT NULL,
+  name_short varchar(15) NOT NULL,
+  description varchar(255) NOT NULL,
+  PRIMARY KEY  (id),
+  UNIQUE KEY name_short (name_short),
+  UNIQUE KEY `name` (name)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO roscms_entries_areas VALUES
+(1, 'Translate', 'translate', 'user can translate this entry to the lang he has set in his profile'),
+(2, 'Edit', 'edit', 'modify content of this entry'),
+(3, 'View Metadata', 'metadata', 'view Metadata tab '),
+(4, 'View History', 'history', 'view History tab'),
+(5, 'View Fields', 'fields', 'view fields tab'),
+(6, 'View Entry Tab', 'entry', 'view entry tab'),
+(7, 'View Security', 'security', 'view security tab'),
+(8, 'View Depencies', 'depencies', 'view depencies tab'),
+(9, 'System metadata', 'system_meta', 'modify System metadata'),
+(10, 'Change ACL', 'acl', 'modify ACL for this entry'),
+(11, 'Add Fields', 'add_fields', 'add new text fields'),
+(12, 'Read', 'read', 'can view this entry');
+
+
+
+-- --------------------------------------------------------
+-- table for acl
+-- --------------------------------------------------------
+CREATE TABLE roscms_rel_acl (
+  id bigint(20) unsigned NOT NULL auto_increment,
+  right_id bigint(20) unsigned NOT NULL COMMENT '->entries_areas(id)',
+  access_id bigint(20) unsigned NOT NULL COMMENT '->entries_access(id)',
   group_id bigint(20) unsigned NOT NULL COMMENT '->groups(id)',
-  can_read tinyint(1) NOT NULL default '0',
-  can_write tinyint(1) NOT NULL default '0',
-  can_add tinyint(1) NOT NULL default '0',
-  can_delete tinyint(1) NOT NULL default '0',
-  can_publish tinyint(1) NOT NULL default '0',
-  can_translate tinyint(1) NOT NULL default '0',
-  PRIMARY KEY  (acl_id,group_id)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-
-INSERT INTO roscms_rel_groups_access
-SELECT
+  PRIMARY KEY  (id),
+  UNIQUE KEY right_id (right_id,access_id,group_id)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+-- convert table
+INSERT INTO roscms_rel_acl
+SELECT DISTINCT
+  NULL,
   a.id,
-  g.id,
-  s.sec_lev1_read,
-  s.sec_lev1_write,
-  s.sec_lev1_add,
-  s.sec_lev1_add,
-  s.sec_lev1_pub,
-  s.sec_lev1_trans
-FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 1
-UNION
-SELECT
-  a.id,
-  g.id,
-  s.sec_lev2_read,
-  s.sec_lev2_write,
-  s.sec_lev2_add,
-  s.sec_lev2_add,
-  s.sec_lev2_pub,
-  s.sec_lev2_trans
-FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 2
-UNION
-SELECT
-  a.id,
-  g.id,
-  s.sec_lev3_read,
-  s.sec_lev3_write,
-  s.sec_lev3_add,
-  s.sec_lev3_add,
-  s.sec_lev3_pub,
-  s.sec_lev3_trans
-FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g WHERE g.security_level = 3;
-
-UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
-SET ga.can_read=TRUE, ga.can_write=TRUE, ga.can_add=TRUE, ga.can_delete=TRUE, ga.can_publish=TRUE, ga.can_translate=TRUE WHERE s.sec_allow LIKE CONCAT('%',g.name_short,'%');
-
-UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
-SET ga.can_read=FALSE, ga.can_write=FALSE, ga.can_add=FALSE, ga.can_delete=FALSE, ga.can_publish=FALSE, ga.can_translate=FALSE WHERE s.sec_deny LIKE CONCAT('%',g.name_short,'%');
+  r.id,
+  g.id
+FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g JOIN roscms_entries_areas r WHERE (((
+   (g.security_level = 1 AND s.sec_lev1_read = 1 AND r.name_short='read')
+OR (g.security_level = 1 AND s.sec_lev1_write = 1 AND r.name_short='edit')
+OR (g.security_level = 1 AND s.sec_lev1_add = 1 AND r.name_short='add_fields')
+OR (g.security_level = 1 AND s.sec_lev1_trans = 1 AND r.name_short='translate')
+
+OR (g.security_level = 2 AND s.sec_lev2_read = 1 AND r.name_short='read')
+OR (g.security_level = 2 AND s.sec_lev2_write = 1 AND r.name_short='edit')
+OR (g.security_level = 2 AND s.sec_lev2_add = 1 AND r.name_short='add_fields')
+OR (g.security_level = 2 AND s.sec_lev2_trans = 1 AND r.name_short='translate')
+
+OR (g.security_level = 3 AND s.sec_lev3_read = 1 AND r.name_short='read')
+OR (g.security_level = 3 AND s.sec_lev3_write = 1 AND r.name_short='edit')
+OR (g.security_level = 3 AND s.sec_lev3_add = 1 AND (r.name_short='add_fields' OR r.name_short='fields' OR r.name_short='security' OR r.name_short='acl' OR r.name_short='entry'))
+OR (g.security_level = 3 AND s.sec_lev3_trans = 1 AND r.name_short='translate')
+
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND r.name_short='read')
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND r.name_short='edit')
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND r.name_short='add_fields')
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND r.name_short='translate')
+
+OR (g.security_level = 3 AND r.name_short='system_meta')
+OR (g.security_level > 1 AND r.name_short='depencies')
+
+OR r.name_short = 'metadata'
+OR r.name_short = 'history')
+AND NOT s.sec_deny LIKE CONCAT('%',g.name_short,'%'))
+OR s.sec_allow LIKE CONCAT('%',g.name_short,'%'));
@@ -292,11 +314,11 @@
   id bigint(20) unsigned NOT NULL auto_increment,
   type enum('page','content','dynamic','script','template','system') collate utf8_unicode_ci NOT NULL,
   name varchar(64) collate utf8_unicode_ci NOT NULL,
-  acl_id bigint(20) unsigned COMMENT '->access(id)',
+  access_id bigint(20) unsigned COMMENT '->access(id)',
   old_id int(11) NOT NULL,
   old_archive tinyint(1) NOT NULL,
   PRIMARY KEY  (id),
-  KEY acl_id (acl_id),
+  KEY access_id (access_id),
   KEY type (type),
   KEY name (name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
@@ -668,11 +690,11 @@
 -- --------------------------------------------------------
 UPDATE roscms_entries SET type = 'dynamic' WHERE type='page' AND (name='news_page' OR name='newsletter' OR name='interview');
-INSERT INTO roscms_entries (type, name, acl_id)
+INSERT INTO roscms_entries (type, name, access_id)
 SELECT DISTINCT
   'content',
   CONCAT(d.name,'_',t.value),
-  d.acl_id
+  d.access_id
 FROM roscms_entries d JOIN roscms_entries_revisions r ON r.data_id=d.id JOIN roscms_entries_tags t ON t.rev_id=r.id
 WHERE t.name='number' AND d.type='content';
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -363,7 +363,7 @@
    */
   public static function update( $data_id, $data_name, $data_type, $data_acl, $update_links )
   {
-    $stmt=&DBConnection::getInstance()->prepare("SELECT name, type, acl_id FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
+    $stmt=&DBConnection::getInstance()->prepare("SELECT name, type, access_id FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
     $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
     $stmt->execute();
     $data = $stmt->fetchOnce(PDO::FETCH_ASSOC);
@@ -446,12 +446,12 @@
     } // end data_name changes
// change ACL
-    if ($data_acl != '' && $data_acl != $data['acl_id']) {
-      $stmt=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_ENTRIES." SET acl_id = :acl_new WHERE id = :data_id LIMIT 1");
+    if ($data_acl != '' && $data_acl != $data['access_id']) {
+      $stmt=&DBConnection::getInstance()->prepare("UPDATE ".ROSCMST_ENTRIES." SET access_id = :acl_new WHERE id = :data_id LIMIT 1");
       $stmt->bindParam('acl_new',$data_acl);
       $stmt->bindParam('data_id',$data_id);
       $stmt->execute();
-      Log::writeMedium('data-acl changed: '.$data['acl_id'].' =&gt; '.$data_acl.Log::prepareInfo($data_id).'{altersecurityfields}');
+      Log::writeMedium('data-acl changed: '.$data['access_id'].' =&gt; '.$data_acl.Log::prepareInfo($data_id).'{altersecurityfields}');
     }
} // end of member function getCookieDomain
@@ -794,6 +794,48 @@
   /**
    *
    *
+   * @param int rev_id
+   * @return bool
+   * @access public
+   */
+  public static function hasAccess( $data_id, $area )
+  {
+    $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACL." a ON d.access_id=a.access_id JOIN ".ROSCMST_GROUPS." g ON g.id=a.group_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id JOIN ".ROSCMST_RIGHTS." r ON r.id=a.right_id WHERE d.id=:data_id AND m.user_id =:user_id AND r.name_short=:area LIMIT 1");
+    $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
+    $stmt->bindParam('area',$area,PDO::PARAM_STR);
+    $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
+    $stmt->execute();
+    return ($stmt->fetchColumn()!==false);
+  }
+
+
+
+  /**
+   *
+   *
+   * @param int rev_id
+   * @return bool
+   * @access public
+   */
+  public static function hasAccessAsList( $area )
+  {
+    $acl = 'NULL,';
+    $stmt=&DBConnection::getInstance()->prepare("SELECT DISTINCT a.access_id FROM ".ROSCMST_ACL." a JOIN ".ROSCMST_GROUPS." g ON g.id=a.group_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id JOIN ".ROSCMST_RIGHTS." r ON r.id=a.right_id WHERE m.user_id =:user_id AND r.name_short=:area");
+    $stmt->bindParam('area',$area,PDO::PARAM_STR);
+    $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
+    $stmt->execute();
+    while ($list = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      if ($acl != 'NULL,') $acl .= ',';
+      $acl .= $list['access_id'];
+    }
+    return $acl;
+  }
+
+
+
+  /**
+   *
+   *
    * @param int data_id
    * @param int rev_id
    * @param bool archive_mode
@@ -825,7 +867,7 @@
     }
// data_revision
-    $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name, d.type, d.acl_id, r.version, r.user_id, r.lang_id, r.datetime FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id=d.id WHERE r.id = :rev_id LIMIT 1");
+    $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name, d.type, d.access_id, r.version, r.user_id, r.lang_id, r.datetime FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id=d.id WHERE r.id = :rev_id LIMIT 1");
     $stmt->bindParam('rev_id',$rev_id,PDO::PARAM_INT);
     $stmt->execute();
     $revision = $stmt->fetchOnce(PDO::FETCH_ASSOC);
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -233,7 +233,7 @@
       $revision = $stmt->fetchOnce();
// check if user has translator access
-      if (Security::hasRight($revision['data_id'], 'translate')) {
+      if (Data::hasAccess($revision['data_id'], 'translate')) {
// copy existing entry to new language
         if (Data::copy($revision['id'], 1 /* copy mode */, $_GET['d_r_lang'])) {
@@ -330,7 +330,7 @@
       echo '<span id="elmcount" class="'.$text_num.'">&nbsp;</span>';
     }
-    if (Security::hasRight($this->data_id, 'write')) {
+    if (Data::hasAccess($this->data_id, 'edit')) {
       echo_strip('
         <button type="button" id="bsavedraft" onclick="'."saveAsDraft(".$this->data_id.",".$this->rev_id.")".'">Save as Draft</button> &nbsp;
         <input name="editautosavemode" type="hidden" value="true" />');
@@ -752,7 +752,7 @@
     if ($thisuser->hasAccess('system_tags')) {
       echo_strip('
         <br />
-        <h3>Add Label'.(Security::hasAccess($this->data_id, 'add') ? ' or System Metadata' : '').'</h3>
+        <h3>Add Label'.(Data::hasAccess($this->data_id, 'system_meta') ? ' or System Metadata' : '').'</h3>
         <label for="addtags1" class="normal">Name:</label>&nbsp;
         <input type="text" id="addtags1" size="15" maxlength="100" value="" />&nbsp;
         <label for="addtags2" class="normal">Value:</label>&nbsp;
@@ -760,7 +760,7 @@
         <button type="button" onclick="'."addLabelOrTag(".$this->rev_id.",'addtags1','addtags2','0')".'">Add Label</button>&nbsp;');
// add new system tags
-      if (Security::hasRight($this->data_id, 'add')) { 
+      if (Data::hasAccess($this->data_id, 'system_meta')) { 
         echo '<button type="button" onclick="'."addLabelOrTag(".$this->rev_id.",'addtags1','addtags2',-1)".'">Add Sys</button>';
       }
     }
@@ -887,7 +887,7 @@
    */
   private function showEntryDetailsSecurity( )
   {
-    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, type, acl_id FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, type, access_id FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
     $stmt->bindParam('data_id',$this->data_id,PDO::PARAM_INT);
     $stmt->execute();
     $data = $stmt->fetchOnce();
@@ -917,7 +917,7 @@
     $stmt=&DBConnection::getInstance()->prepare("SELECT id, name FROM ".ROSCMST_ACCESS." ORDER BY name ASC");
     $stmt->execute();
     while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
-      echo '<option value="'.$access['id'].'"'.(($access['id'] == $data['acl_id']) ? ' selected="selected"' : '').'>'.$access['name'].'</option>';
+      echo '<option value="'.$access['id'].'"'.(($access['id'] == $data['access_id']) ? ' selected="selected"' : '').'>'.$access['name'].'</option>';
     }
     echo_strip('
       </select>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php [iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -46,7 +46,7 @@
   private function getInfo( )
   {
     // get current revision
-    $stmt=&DBConnection::getInstance()->prepare("SELECT u.name AS user_name, l.name AS language, r.data_id, d.name, d.type, a.name AS acl, r.id, r.version, datetime FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_REVISIONS." r ON r.data_id = d.id JOIN ".ROSCMST_USERS." u ON r.user_id=u.id JOIN ".ROSCMST_LANGUAGES." l ON l.id=r.lang_id JOIN ".ROSCMST_ACCESS." a ON a.id=d.acl_id WHERE r.id = :rev_id LIMIT 1");
+    $stmt=&DBConnection::getInstance()->prepare("SELECT u.name AS user_name, l.name AS language, r.data_id, d.name, d.type, a.name AS acl, r.id, r.version, datetime FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_REVISIONS." r ON r.data_id = d.id JOIN ".ROSCMST_USERS." u ON r.user_id=u.id JOIN ".ROSCMST_LANGUAGES." l ON l.id=r.lang_id JOIN ".ROSCMST_ACCESS." a ON a.id=d.access_id WHERE r.id = :rev_id LIMIT 1");
     $stmt->bindParam('rev_id',$_GET['d_r_id'],PDO::PARAM_INT);
     $stmt->execute();
     $revision = $stmt->fetchOnce(PDO::FETCH_ASSOC);
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -131,9 +131,8 @@
     }
// check if there are entries which are found by filter settings
-    $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id = d.id ".$this->sql_from." WHERE r.version >= 0 AND r.archive = :archive ".Security::getACL('read')." ".$this->sql_where);
+    $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id = d.id ".$this->sql_from." WHERE r.version >= 0 AND r.archive = :archive AND d.access_id IN(".Data::hasAccessAsList('read').") ".$this->sql_where);
     $stmt->bindParam('archive',$this->archive_mode,PDO::PARAM_BOOL);
-
     $stmt->execute();
     $ptm_entries = $stmt->fetchColumn();
@@ -155,7 +154,7 @@
       $stmt_stext=&DBConnection::getInstance()->prepare("SELECT content FROM ".ROSCMST_STEXT." WHERE rev_id = :rev_id AND name = 'title' LIMIT 1");
       $stmt_lang=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_LANGUAGES." WHERE id = :lang LIMIT 1");
       $stmt_user=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_USERS." WHERE id = :user_id LIMIT 1");
-      $stmt_acl=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_ACCESS." WHERE id = :acl_id LIMIT 1");
+      $stmt_acl=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_ACCESS." WHERE id = :access_id LIMIT 1");
// make the order command ready for usage
       if ($this->sql_order == '') {
@@ -166,7 +165,7 @@
       }
// proceed entries
-      $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name, d.type, d.acl_id, r.id, r.version, r.lang_id, r.datetime, r.user_id ".$this->sql_select." FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id = d.id ".$this->sql_from." WHERE r.version >= 0 AND r.archive = :archive ".Security::getACL('read')." ".$this->sql_where." ".$this->sql_order." LIMIT :limit OFFSET :offset");
+      $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name, d.type, d.access_id, r.id, r.version, r.lang_id, r.datetime, r.user_id ".$this->sql_select." FROM ".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id = d.id ".$this->sql_from." WHERE r.version >= 0 AND r.archive = :archive AND d.access_id IN(".Data::hasAccessAsList('read').") ".$this->sql_where." ".$this->sql_order." LIMIT :limit OFFSET :offset");
       $stmt->bindParam('archive',$this->archive_mode,PDO::PARAM_BOOL);
       $stmt->bindValue('limit',0+$this->page_limit,PDO::PARAM_INT);
       $stmt->bindValue('offset',0+$page_offset,PDO::PARAM_INT);
@@ -208,7 +207,7 @@
             $line_status = 'transb';
// figure out if user can translate things
-            if (Security::hasRight($row['data_id'], 'translate')) {
+            if (Data::hasAccess($row['data_id'], 'translate')) {
               $row['data_id2'] = 'tr'.$row['data_id'];
               $row['id'] = 'tr'.$row['id'];
               $row['datetime'] = 'translate!';
@@ -279,7 +278,7 @@
               $column_list_row .= $row['type'];
               break;
             case 'Security':
-              $stmt_acl->bindParam('acl_id',$row['acl_id'],PDO::PARAM_INT);
+              $stmt_acl->bindParam('access_id',$row['access_id'],PDO::PARAM_INT);
               $stmt_acl->execute();
               $acl = $stmt_acl->fetchColumn();
               if ($acl != '') {
@@ -303,7 +302,7 @@
         $column_list_row .= '|';
// has person right to write / edit entries ?
-        if (Security::hasRight($row['data_id'], 'write')) {
+        if (Data::hasAccess($row['data_id'], 'edit')) {
           $security = 'write';
         }
@@ -427,7 +426,7 @@
                 $this->sql_order .= "d.type ";
                 break;
               case 'security': // security (ACL)
-                $this->sql_order .= "d.acl_id ";
+                $this->sql_order .= "d.access_id ";
                 break;
               case 'revid': // revision-id
                 $this->sql_order .= "r.id ";
@@ -592,7 +591,7 @@
// security (ACL)
           case 'i': 
-            $this->sql_where .= "d.acl_id".($type_b=='is' ? '=':'!=').DBConnection::getInstance()->quote($type_c,PDO::PARAM_STR);
+            $this->sql_where .= "d.access_id".($type_b=='is' ? '=':'!=').DBConnection::getInstance()->quote($type_c,PDO::PARAM_STR);
             break;
// metadata
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -176,7 +176,7 @@
// if no log is started yet, create a new log id
     if ($log_id === false) {
-      $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_ENTRIES." ( id, name, type, acl_id ) VALUES ( NULL, :data_name, 'system', NULL )");
+      $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_ENTRIES." ( id, name, type, access_id ) VALUES ( NULL, :data_name, 'system', NULL )");
       $stmt->bindParam('data_name',$log_entry,PDO::PARAM_STR);
       $stmt->execute();
Removed: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php (removed)
@@ -1,134 +1,0 @@
-<?php
-    /*
-    RosCMS - ReactOS Content Management System
-    Copyright (C) 2007  Klemens Friedl <frik85@reactos.org>
-                  2008  Danny Götte <dangerground@web.de>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-    */
-
-
-/**
- * class Security
- * 
- */
-class Security
-{
-
-  /** Aggregations: */
-
-  /** Compositions: */
-
-   /*** Attributes: ***/
-
-
-  /**
-   * 
-   *
-   * @param string kind kind of access is asked for
-   * @return ACL
-   * @access public
-   */
-  public function getACL( $kind )
-  {
-    $thisuser = &ThisUser::getInstance();
-
-    $acl = '';
-    $sec_access = false;  // security access already granted ?
-
-    // go through acl's
-    $stmt=&DBConnection::getInstance()->prepare("SELECT a.id, b.can_read, b.can_add, b.can_write, b.can_delete, b.can_publish, b.can_translate FROM ".ROSCMST_ACCESS." a JOIN ".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = b.group_id WHERE m.user_id = :user_id");
-    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
-    $stmt->execute();
-    while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
-
-      // add entries, remove them if they're on the deny list
-      if ($access['can_'.$kind] == true) {
-        if ($sec_access) {
-          $acl .= " , ";
-        }
-        $acl .= DBConnection::getInstance()->quote($access['id'],PDO::PARAM_INT);
-        $sec_access = true;
-      }
-    } // while
-
-    // group our acl list, or fail because no rights to access
-    if ($sec_access > 0) {
-      $acl = " AND d.acl_id IN(". $acl .", NULL) ";
-    }
-    else {
-      $acl = " AND FALSE ";
-    }
-
-    return $acl;
-  } // end of member function getACL
-
-
-
-  /**
-   * Constructs a list of things the user can do
-   *
-   * @param int data_id 
-   * @return rights list
-   * @access private
-   */
-  private function getRightsList( $data_id )
-  {
-    $thisuser = &ThisUser::getInstance();
-
-    // get rights
-    $stmt=&DBConnection::getInstance()->prepare("SELECT name_short FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN ".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=b.group_id WHERE d.id = :data_id AND m.user_id=:user_id");
-    $stmt->bindParam('data_id',$rev_id,PDO::PARAM_INT);
-    $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
-    $stmt->execute() or die('Rev-Entry "'.$rev_id.'" not found [usergroups].');
-
-    // create a list with rights
-    while($list = $stmt->fetch(PDO::FETCH_ASSOC)) {
-      $rights['read'] |= ($list['can_read'] == true);
-      $rights['write'] |= ($list['can_write'] == true);
-      $rights['add'] |= ($list['can_add'] == true);
-      $rights['delete'] |= ($list['can_delete'] == true);
-      $rights['publish'] |= ($list['can_publish'] == true);
-      $rights['translate'] |= ($list['can_translate'] == true);
-    }
-
-
-
-    return $rights;
-  } // end of member function getRightsList
-
-
-  /**
-   * checks if the user has the given right to do things
-   *
-   * @param int data_id 
-   * @param string kind kind of rights e.g. 'read' 
-   * @return 
-   * @access public
-   */
-  public function hasRight( $data_id, $area )
-  {
-return true;
-    $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACL." a ON a.acl_id=d.acl_id JOIN ".ROSCMST_ENTRY_AREA." e ON e.acl_id=a.id JOIN ".ROSCMST_RIGHTS." r ON r.id=e.right_id JOIN ".ROSCMST_GROUPS." g ON g.id=e.group_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id WHERE r.name_short=:area AND m.user_id=:user_id AND d.id=:data_id LIMIT 1");
-    $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
-    $stmt->bindParam('area',$area,PDO::PARAM_STR);
-    $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
-    return $stmt->execute();
-  } // end of member function hasRight
-
-
-
-} // end of Security
-?>

    