13 Jan
2009
13 Jan
'09
10:48 p.m.
Author: dgoette
Date: Tue Jan 13 16:48:53 2009
New Revision: 38749
URL: http://svn.reactos.org/svn/reactos?rev=38749&view=rev
Log:
rework entries acl handling to be more dynamic
Removed:
branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
Modified:
branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql
branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
Modified: branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] Tue Jan 13
16:48:53 2009
@@ -146,59 +146,81 @@
-- --------------------------------------------------------
--- create access lists
--- --------------------------------------------------------
-CREATE TABLE roscms_rel_groups_access (
- acl_id bigint(20) unsigned NOT NULL COMMENT '->access(id)',
+-- table for entry areas
+-- --------------------------------------------------------
+CREATE TABLE roscms_entries_areas (
+ id bigint(20) unsigned NOT NULL auto_increment,
+ name varchar(30) NOT NULL,
+ name_short varchar(15) NOT NULL,
+ description varchar(255) NOT NULL,
+ PRIMARY KEY (id),
+ UNIQUE KEY name_short (name_short),
+ UNIQUE KEY `name` (name)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO roscms_entries_areas VALUES
+(1, 'Translate', 'translate', 'user can translate this entry to the
lang he has set in his profile'),
+(2, 'Edit', 'edit', 'modify content of this entry'),
+(3, 'View Metadata', 'metadata', 'view Metadata tab '),
+(4, 'View History', 'history', 'view History tab'),
+(5, 'View Fields', 'fields', 'view fields tab'),
+(6, 'View Entry Tab', 'entry', 'view entry tab'),
+(7, 'View Security', 'security', 'view security tab'),
+(8, 'View Depencies', 'depencies', 'view depencies tab'),
+(9, 'System metadata', 'system_meta', 'modify System metadata'),
+(10, 'Change ACL', 'acl', 'modify ACL for this entry'),
+(11, 'Add Fields', 'add_fields', 'add new text fields'),
+(12, 'Read', 'read', 'can view this entry');
+
+
+
+-- --------------------------------------------------------
+-- table for acl
+-- --------------------------------------------------------
+CREATE TABLE roscms_rel_acl (
+ id bigint(20) unsigned NOT NULL auto_increment,
+ right_id bigint(20) unsigned NOT NULL COMMENT '->entries_areas(id)',
+ access_id bigint(20) unsigned NOT NULL COMMENT '->entries_access(id)',
group_id bigint(20) unsigned NOT NULL COMMENT '->groups(id)',
- can_read tinyint(1) NOT NULL default '0',
- can_write tinyint(1) NOT NULL default '0',
- can_add tinyint(1) NOT NULL default '0',
- can_delete tinyint(1) NOT NULL default '0',
- can_publish tinyint(1) NOT NULL default '0',
- can_translate tinyint(1) NOT NULL default '0',
- PRIMARY KEY (acl_id,group_id)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-
-INSERT INTO roscms_rel_groups_access
-SELECT
+ PRIMARY KEY (id),
+ UNIQUE KEY right_id (right_id,access_id,group_id)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+-- convert table
+INSERT INTO roscms_rel_acl
+SELECT DISTINCT
+ NULL,
a.id,
- g.id,
- s.sec_lev1_read,
- s.sec_lev1_write,
- s.sec_lev1_add,
- s.sec_lev1_add,
- s.sec_lev1_pub,
- s.sec_lev1_trans
-FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g WHERE g.security_level = 1
-UNION
-SELECT
- a.id,
- g.id,
- s.sec_lev2_read,
- s.sec_lev2_write,
- s.sec_lev2_add,
- s.sec_lev2_add,
- s.sec_lev2_pub,
- s.sec_lev2_trans
-FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g WHERE g.security_level = 2
-UNION
-SELECT
- a.id,
- g.id,
- s.sec_lev3_read,
- s.sec_lev3_write,
- s.sec_lev3_add,
- s.sec_lev3_add,
- s.sec_lev3_pub,
- s.sec_lev3_trans
-FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g WHERE g.security_level = 3;
-
-UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN
roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
-SET ga.can_read=TRUE, ga.can_write=TRUE, ga.can_add=TRUE, ga.can_delete=TRUE,
ga.can_publish=TRUE, ga.can_translate=TRUE WHERE s.sec_allow LIKE
CONCAT('%',g.name_short,'%');
-
-UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN
roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
-SET ga.can_read=FALSE, ga.can_write=FALSE, ga.can_add=FALSE, ga.can_delete=FALSE,
ga.can_publish=FALSE, ga.can_translate=FALSE WHERE s.sec_deny LIKE
CONCAT('%',g.name_short,'%');
+ r.id,
+ g.id
+FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g JOIN roscms_entries_areas r WHERE (((
+ (g.security_level = 1 AND s.sec_lev1_read = 1 AND r.name_short='read')
+OR (g.security_level = 1 AND s.sec_lev1_write = 1 AND r.name_short='edit')
+OR (g.security_level = 1 AND s.sec_lev1_add = 1 AND r.name_short='add_fields')
+OR (g.security_level = 1 AND s.sec_lev1_trans = 1 AND r.name_short='translate')
+
+OR (g.security_level = 2 AND s.sec_lev2_read = 1 AND r.name_short='read')
+OR (g.security_level = 2 AND s.sec_lev2_write = 1 AND r.name_short='edit')
+OR (g.security_level = 2 AND s.sec_lev2_add = 1 AND r.name_short='add_fields')
+OR (g.security_level = 2 AND s.sec_lev2_trans = 1 AND r.name_short='translate')
+
+OR (g.security_level = 3 AND s.sec_lev3_read = 1 AND r.name_short='read')
+OR (g.security_level = 3 AND s.sec_lev3_write = 1 AND r.name_short='edit')
+OR (g.security_level = 3 AND s.sec_lev3_add = 1 AND (r.name_short='add_fields' OR
r.name_short='fields' OR r.name_short='security' OR
r.name_short='acl' OR r.name_short='entry'))
+OR (g.security_level = 3 AND s.sec_lev3_trans = 1 AND r.name_short='translate')
+
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND
r.name_short='read')
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND
r.name_short='edit')
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND
r.name_short='add_fields')
+OR (s.sec_allow LIKE CONCAT('%',s.sec_allow,'%') AND
r.name_short='translate')
+
+OR (g.security_level = 3 AND r.name_short='system_meta')
+OR (g.security_level > 1 AND r.name_short='depencies')
+
+OR r.name_short = 'metadata'
+OR r.name_short = 'history')
+AND NOT s.sec_deny LIKE CONCAT('%',g.name_short,'%'))
+OR s.sec_allow LIKE CONCAT('%',g.name_short,'%'));
@@ -292,11 +314,11 @@
id bigint(20) unsigned NOT NULL auto_increment,
type
enum('page','content','dynamic','script','template','system')
collate utf8_unicode_ci NOT NULL,
name varchar(64) collate utf8_unicode_ci NOT NULL,
- acl_id bigint(20) unsigned COMMENT '->access(id)',
+ access_id bigint(20) unsigned COMMENT '->access(id)',
old_id int(11) NOT NULL,
old_archive tinyint(1) NOT NULL,
PRIMARY KEY (id),
- KEY acl_id (acl_id),
+ KEY access_id (access_id),
KEY type (type),
KEY name (name)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
@@ -668,11 +690,11 @@
-- --------------------------------------------------------
UPDATE roscms_entries SET type = 'dynamic' WHERE type='page' AND
(name='news_page' OR name='newsletter' OR name='interview');
-INSERT INTO roscms_entries (type, name, acl_id)
+INSERT INTO roscms_entries (type, name, access_id)
SELECT DISTINCT
'content',
CONCAT(d.name,'_',t.value),
- d.acl_id
+ d.access_id
FROM roscms_entries d JOIN roscms_entries_revisions r ON r.data_id=d.id JOIN
roscms_entries_tags t ON t.rev_id=r.id
WHERE t.name='number' AND d.type='content';
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Tue Jan
13 16:48:53 2009
@@ -363,7 +363,7 @@
*/
public static function update( $data_id, $data_name, $data_type, $data_acl,
$update_links )
{
- $stmt=&DBConnection::getInstance()->prepare("SELECT name, type, acl_id
FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT name, type, access_id
FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
$stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
$stmt->execute();
$data = $stmt->fetchOnce(PDO::FETCH_ASSOC);
@@ -446,12 +446,12 @@
} // end data_name changes
// change ACL
- if ($data_acl != '' && $data_acl != $data['acl_id']) {
- $stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ENTRIES." SET acl_id = :acl_new WHERE id = :data_id LIMIT 1");
+ if ($data_acl != '' && $data_acl != $data['access_id']) {
+ $stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ENTRIES." SET access_id = :acl_new WHERE id = :data_id LIMIT
1");
$stmt->bindParam('acl_new',$data_acl);
$stmt->bindParam('data_id',$data_id);
$stmt->execute();
- Log::writeMedium('data-acl changed: '.$data['acl_id'].'
=> '.$data_acl.Log::prepareInfo($data_id).'{altersecurityfields}');
+ Log::writeMedium('data-acl changed: '.$data['access_id'].'
=> '.$data_acl.Log::prepareInfo($data_id).'{altersecurityfields}');
}
} // end of member function getCookieDomain
@@ -794,6 +794,48 @@
/**
*
*
+ * @param int rev_id
+ * @return bool
+ * @access public
+ */
+ public static function hasAccess( $data_id, $area )
+ {
+ $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM
".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACL." a ON
d.access_id=a.access_id JOIN ".ROSCMST_GROUPS." g ON g.id=a.group_id JOIN
".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id JOIN ".ROSCMST_RIGHTS." r
ON r.id=a.right_id WHERE d.id=:data_id AND m.user_id =:user_id AND r.name_short=:area
LIMIT 1");
+ $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
+ $stmt->bindParam('area',$area,PDO::PARAM_STR);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
+ $stmt->execute();
+ return ($stmt->fetchColumn()!==false);
+ }
+
+
+
+ /**
+ *
+ *
+ * @param int rev_id
+ * @return bool
+ * @access public
+ */
+ public static function hasAccessAsList( $area )
+ {
+ $acl = 'NULL,';
+ $stmt=&DBConnection::getInstance()->prepare("SELECT DISTINCT a.access_id
FROM ".ROSCMST_ACL." a JOIN ".ROSCMST_GROUPS." g ON g.id=a.group_id
JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id JOIN
".ROSCMST_RIGHTS." r ON r.id=a.right_id WHERE m.user_id =:user_id AND
r.name_short=:area");
+ $stmt->bindParam('area',$area,PDO::PARAM_STR);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
+ $stmt->execute();
+ while ($list = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ if ($acl != 'NULL,') $acl .= ',';
+ $acl .= $list['access_id'];
+ }
+ return $acl;
+ }
+
+
+
+ /**
+ *
+ *
* @param int data_id
* @param int rev_id
* @param bool archive_mode
@@ -825,7 +867,7 @@
}
// data_revision
- $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name,
d.type, d.acl_id, r.version, r.user_id, r.lang_id, r.datetime FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id=d.id
WHERE r.id = :rev_id LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name,
d.type, d.access_id, r.version, r.user_id, r.lang_id, r.datetime FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id=d.id
WHERE r.id = :rev_id LIMIT 1");
$stmt->bindParam('rev_id',$rev_id,PDO::PARAM_INT);
$stmt->execute();
$revision = $stmt->fetchOnce(PDO::FETCH_ASSOC);
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1]
Tue Jan 13 16:48:53 2009
@@ -233,7 +233,7 @@
$revision = $stmt->fetchOnce();
// check if user has translator access
- if (Security::hasRight($revision['data_id'], 'translate')) {
+ if (Data::hasAccess($revision['data_id'], 'translate')) {
// copy existing entry to new language
if (Data::copy($revision['id'], 1 /* copy mode */,
$_GET['d_r_lang'])) {
@@ -330,7 +330,7 @@
echo '<span id="elmcount"
class="'.$text_num.'"> </span>';
}
- if (Security::hasRight($this->data_id, 'write')) {
+ if (Data::hasAccess($this->data_id, 'edit')) {
echo_strip('
<button type="button" id="bsavedraft"
onclick="'."saveAsDraft(".$this->data_id.",".$this->rev_id.")".'">Save
as Draft</button>
<input name="editautosavemode" type="hidden"
value="true" />');
@@ -752,7 +752,7 @@
if ($thisuser->hasAccess('system_tags')) {
echo_strip('
<br />
- <h3>Add Label'.(Security::hasAccess($this->data_id, 'add') ?
' or System Metadata' : '').'</h3>
+ <h3>Add Label'.(Data::hasAccess($this->data_id,
'system_meta') ? ' or System Metadata' : '').'</h3>
<label for="addtags1"
class="normal">Name:</label>
<input type="text" id="addtags1" size="15"
maxlength="100" value="" />
<label for="addtags2"
class="normal">Value:</label>
@@ -760,7 +760,7 @@
<button type="button"
onclick="'."addLabelOrTag(".$this->rev_id.",'addtags1','addtags2','0')".'">Add
Label</button> ');
// add new system tags
- if (Security::hasRight($this->data_id, 'add')) {
+ if (Data::hasAccess($this->data_id, 'system_meta')) {
echo '<button type="button"
onclick="'."addLabelOrTag(".$this->rev_id.",'addtags1','addtags2',-1)".'">Add
Sys</button>';
}
}
@@ -887,7 +887,7 @@
*/
private function showEntryDetailsSecurity( )
{
- $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, type,
acl_id FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, type,
access_id FROM ".ROSCMST_ENTRIES." WHERE id = :data_id LIMIT 1");
$stmt->bindParam('data_id',$this->data_id,PDO::PARAM_INT);
$stmt->execute();
$data = $stmt->fetchOnce();
@@ -917,7 +917,7 @@
$stmt=&DBConnection::getInstance()->prepare("SELECT id, name FROM
".ROSCMST_ACCESS." ORDER BY name ASC");
$stmt->execute();
while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
- echo '<option
value="'.$access['id'].'"'.(($access['id'] ==
$data['acl_id']) ? ' selected="selected"' :
'').'>'.$access['name'].'</option>';
+ echo '<option
value="'.$access['id'].'"'.(($access['id'] ==
$data['access_id']) ? ' selected="selected"' :
'').'>'.$access['name'].'</option>';
}
echo_strip('
</select>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
[iso-8859-1] Tue Jan 13 16:48:53 2009
@@ -46,7 +46,7 @@
private function getInfo( )
{
// get current revision
- $stmt=&DBConnection::getInstance()->prepare("SELECT u.name AS user_name,
l.name AS language, r.data_id, d.name, d.type, a.name AS acl, r.id, r.version, datetime
FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_REVISIONS." r ON r.data_id =
d.id JOIN ".ROSCMST_USERS." u ON r.user_id=u.id JOIN
".ROSCMST_LANGUAGES." l ON l.id=r.lang_id JOIN ".ROSCMST_ACCESS." a ON
a.id=d.acl_id WHERE r.id = :rev_id LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT u.name AS user_name,
l.name AS language, r.data_id, d.name, d.type, a.name AS acl, r.id, r.version, datetime
FROM ".ROSCMST_ENTRIES." d JOIN ".ROSCMST_REVISIONS." r ON r.data_id =
d.id JOIN ".ROSCMST_USERS." u ON r.user_id=u.id JOIN
".ROSCMST_LANGUAGES." l ON l.id=r.lang_id JOIN ".ROSCMST_ACCESS." a ON
a.id=d.access_id WHERE r.id = :rev_id LIMIT 1");
$stmt->bindParam('rev_id',$_GET['d_r_id'],PDO::PARAM_INT);
$stmt->execute();
$revision = $stmt->fetchOnce(PDO::FETCH_ASSOC);
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] Tue
Jan 13 16:48:53 2009
@@ -131,9 +131,8 @@
}
// check if there are entries which are found by filter settings
- $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id = d.id
".$this->sql_from." WHERE r.version >= 0 AND r.archive = :archive
".Security::getACL('read')." ".$this->sql_where);
+ $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id = d.id
".$this->sql_from." WHERE r.version >= 0 AND r.archive = :archive AND
d.access_id IN(".Data::hasAccessAsList('read').")
".$this->sql_where);
$stmt->bindParam('archive',$this->archive_mode,PDO::PARAM_BOOL);
-
$stmt->execute();
$ptm_entries = $stmt->fetchColumn();
@@ -155,7 +154,7 @@
$stmt_stext=&DBConnection::getInstance()->prepare("SELECT content FROM
".ROSCMST_STEXT." WHERE rev_id = :rev_id AND name = 'title' LIMIT
1");
$stmt_lang=&DBConnection::getInstance()->prepare("SELECT name FROM
".ROSCMST_LANGUAGES." WHERE id = :lang LIMIT 1");
$stmt_user=&DBConnection::getInstance()->prepare("SELECT name FROM
".ROSCMST_USERS." WHERE id = :user_id LIMIT 1");
- $stmt_acl=&DBConnection::getInstance()->prepare("SELECT name FROM
".ROSCMST_ACCESS." WHERE id = :acl_id LIMIT 1");
+ $stmt_acl=&DBConnection::getInstance()->prepare("SELECT name FROM
".ROSCMST_ACCESS." WHERE id = :access_id LIMIT 1");
// make the order command ready for usage
if ($this->sql_order == '') {
@@ -166,7 +165,7 @@
}
// proceed entries
- $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name,
d.type, d.acl_id, r.id, r.version, r.lang_id, r.datetime, r.user_id
".$this->sql_select." FROM ".ROSCMST_REVISIONS." r JOIN
".ROSCMST_ENTRIES." d ON r.data_id = d.id ".$this->sql_from." WHERE
r.version >= 0 AND r.archive = :archive ".Security::getACL('read')."
".$this->sql_where." ".$this->sql_order." LIMIT :limit OFFSET
:offset");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT r.data_id, d.name,
d.type, d.access_id, r.id, r.version, r.lang_id, r.datetime, r.user_id
".$this->sql_select." FROM ".ROSCMST_REVISIONS." r JOIN
".ROSCMST_ENTRIES." d ON r.data_id = d.id ".$this->sql_from." WHERE
r.version >= 0 AND r.archive = :archive AND d.access_id
IN(".Data::hasAccessAsList('read').") ".$this->sql_where."
".$this->sql_order." LIMIT :limit OFFSET :offset");
$stmt->bindParam('archive',$this->archive_mode,PDO::PARAM_BOOL);
$stmt->bindValue('limit',0+$this->page_limit,PDO::PARAM_INT);
$stmt->bindValue('offset',0+$page_offset,PDO::PARAM_INT);
@@ -208,7 +207,7 @@
$line_status = 'transb';
// figure out if user can translate things
- if (Security::hasRight($row['data_id'], 'translate')) {
+ if (Data::hasAccess($row['data_id'], 'translate')) {
$row['data_id2'] = 'tr'.$row['data_id'];
$row['id'] = 'tr'.$row['id'];
$row['datetime'] = 'translate!';
@@ -279,7 +278,7 @@
$column_list_row .= $row['type'];
break;
case 'Security':
-
$stmt_acl->bindParam('acl_id',$row['acl_id'],PDO::PARAM_INT);
+
$stmt_acl->bindParam('access_id',$row['access_id'],PDO::PARAM_INT);
$stmt_acl->execute();
$acl = $stmt_acl->fetchColumn();
if ($acl != '') {
@@ -303,7 +302,7 @@
$column_list_row .= '|';
// has person right to write / edit entries ?
- if (Security::hasRight($row['data_id'], 'write')) {
+ if (Data::hasAccess($row['data_id'], 'edit')) {
$security = 'write';
}
@@ -427,7 +426,7 @@
$this->sql_order .= "d.type ";
break;
case 'security': // security (ACL)
- $this->sql_order .= "d.acl_id ";
+ $this->sql_order .= "d.access_id ";
break;
case 'revid': // revision-id
$this->sql_order .= "r.id ";
@@ -592,7 +591,7 @@
// security (ACL)
case 'i':
- $this->sql_where .= "d.acl_id".($type_b=='is' ?
'=':'!=').DBConnection::getInstance()->quote($type_c,PDO::PARAM_STR);
+ $this->sql_where .= "d.access_id".($type_b=='is' ?
'=':'!=').DBConnection::getInstance()->quote($type_c,PDO::PARAM_STR);
break;
// metadata
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] Tue Jan 13
16:48:53 2009
@@ -176,7 +176,7 @@
// if no log is started yet, create a new log id
if ($log_id === false) {
- $stmt=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ENTRIES." ( id, name, type, acl_id ) VALUES ( NULL, :data_name,
'system', NULL )");
+ $stmt=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ENTRIES." ( id, name, type, access_id ) VALUES ( NULL, :data_name,
'system', NULL )");
$stmt->bindParam('data_name',$log_entry,PDO::PARAM_STR);
$stmt->execute();
Removed: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php (removed)
@@ -1,134 +1,0 @@
-<?php
- /*
- RosCMS - ReactOS Content Management System
- Copyright (C) 2007 Klemens Friedl <frik85(a)reactos.org>
- 2008 Danny Götte <dangerground(a)web.de>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-
-/**
- * class Security
- *
- */
-class Security
-{
-
- /** Aggregations: */
-
- /** Compositions: */
-
- /*** Attributes: ***/
-
-
- /**
- *
- *
- * @param string kind kind of access is asked for
- * @return ACL
- * @access public
- */
- public function getACL( $kind )
- {
- $thisuser = &ThisUser::getInstance();
-
- $acl = '';
- $sec_access = false; // security access already granted ?
-
- // go through acl's
- $stmt=&DBConnection::getInstance()->prepare("SELECT a.id, b.can_read,
b.can_add, b.can_write, b.can_delete, b.can_publish, b.can_translate FROM
".ROSCMST_ACCESS." a JOIN ".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id
JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = b.group_id WHERE m.user_id =
:user_id");
- $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
- $stmt->execute();
- while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
-
- // add entries, remove them if they're on the deny list
- if ($access['can_'.$kind] == true) {
- if ($sec_access) {
- $acl .= " , ";
- }
- $acl .=
DBConnection::getInstance()->quote($access['id'],PDO::PARAM_INT);
- $sec_access = true;
- }
- } // while
-
- // group our acl list, or fail because no rights to access
- if ($sec_access > 0) {
- $acl = " AND d.acl_id IN(". $acl .", NULL) ";
- }
- else {
- $acl = " AND FALSE ";
- }
-
- return $acl;
- } // end of member function getACL
-
-
-
- /**
- * Constructs a list of things the user can do
- *
- * @param int data_id
- * @return rights list
- * @access private
- */
- private function getRightsList( $data_id )
- {
- $thisuser = &ThisUser::getInstance();
-
- // get rights
- $stmt=&DBConnection::getInstance()->prepare("SELECT name_short FROM
".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN
".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS."
m ON m.group_id=b.group_id WHERE d.id = :data_id AND m.user_id=:user_id");
- $stmt->bindParam('data_id',$rev_id,PDO::PARAM_INT);
- $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
- $stmt->execute() or die('Rev-Entry "'.$rev_id.'" not found
[usergroups].');
-
- // create a list with rights
- while($list = $stmt->fetch(PDO::FETCH_ASSOC)) {
- $rights['read'] |= ($list['can_read'] == true);
- $rights['write'] |= ($list['can_write'] == true);
- $rights['add'] |= ($list['can_add'] == true);
- $rights['delete'] |= ($list['can_delete'] == true);
- $rights['publish'] |= ($list['can_publish'] == true);
- $rights['translate'] |= ($list['can_translate'] == true);
- }
-
-
-
- return $rights;
- } // end of member function getRightsList
-
-
- /**
- * checks if the user has the given right to do things
- *
- * @param int data_id
- * @param string kind kind of rights e.g. 'read'
- * @return
- * @access public
- */
- public function hasRight( $data_id, $area )
- {
-return true;
- $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM
".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACL." a ON a.acl_id=d.acl_id JOIN
".ROSCMST_ENTRY_AREA." e ON e.acl_id=a.id JOIN ".ROSCMST_RIGHTS." r ON
r.id=e.right_id JOIN ".ROSCMST_GROUPS." g ON g.id=e.group_id JOIN
".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id WHERE r.name_short=:area AND
m.user_id=:user_id AND d.id=:data_id LIMIT 1");
- $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
- $stmt->bindParam('area',$area,PDO::PARAM_STR);
-
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
- return $stmt->execute();
- } // end of member function hasRight
-
-
-
-} // end of Security
-?>
5784
days inactive
5784
days old
0 comments
1 participants
participants (1)
-
dgoette@svn.reactos.org