| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: authorization.php 14401 2010-01-26 14:10:00Z louis $ 4 * @package Joomla.Framework 5 * @subpackage User 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // Check to ensure this file is within the rest of the framework 16 defined('JPATH_BASE') or die(); 17 18 jimport('phpgacl.gacl'); 19 jimport('phpgacl.gacl_api'); 20 21 /** 22 * Class that handles all access authorization 23 * 24 * @package Joomla.Framework 25 * @subpackage User 26 * @since 1.5 27 */ 28 class JAuthorization extends gacl_api 29 { 30 /** 31 * Access control list 32 * @var array 33 */ 34 var $acl = null; 35 36 /** 37 * Internal counter 38 * @var int 39 */ 40 var $acl_count = 0; 41 42 /** 43 * The check mode. 0 = Joomla!, 1 = phpGACL 44 * @var int 45 */ 46 var $_checkMode = 0; 47 48 /** 49 * Constructor 50 * @param array An arry of options to oeverride the class defaults 51 */ 52 function JAuthorization($options = NULL) 53 { 54 parent::gacl( $options ); 55 56 // ARO value is currently the user type, 57 // this changes to user id in proper implementation 58 // No hierarchial inheritance so have to do that the long way 59 $this->acl = array(); 60 61 // special ACl with return value to edit user 62 $this->addACL( 'com_user', 'edit', 'users', 'super administrator', null, null, '' ); 63 $this->addACL( 'com_user', 'edit', 'users', 'administrator', null, null, '' ); 64 $this->addACL( 'com_user', 'edit', 'users', 'manager', null, null, '' ); 65 // return value defines xml setup file variant 66 $this->addACL( 'com_user', 'edit', 'users', 'author', null, null, 'author' ); 67 $this->addACL( 'com_user', 'edit', 'users', 'editor', null, null, 'author' ); 68 $this->addACL( 'com_user', 'edit', 'users', 'publisher', null, null, 'author' ); 69 $this->addACL( 'com_user', 'edit', 'users', 'registered', null, null, 'registered' ); 70 71 // backend login 72 $this->addACL( 'login', 'administrator', 'users', 'administrator' ); 73 $this->addACL( 'login', 'administrator', 'users', 'super administrator' ); 74 $this->addACL( 'login', 'administrator', 'users', 'manager' ); 75 76 $this->addACL( 'login', 'site', 'users', 'administrator' ); 77 $this->addACL( 'login', 'site', 'users', 'super administrator' ); 78 $this->addACL( 'login', 'site', 'users', 'manager' ); 79 80 $this->addACL( 'login', 'site', 'users', 'registered' ); 81 $this->addACL( 'login', 'site', 'users', 'author' ); 82 $this->addACL( 'login', 'site', 'users', 'editor' ); 83 $this->addACL( 'login', 'site', 'users', 'publisher' ); 84 // backend menus 85 86 $this->addACL( 'com_banners', 'manage', 'users', 'super administrator' ); 87 $this->addACL( 'com_banners', 'manage', 'users', 'administrator' ); 88 $this->addACL( 'com_banners', 'manage', 'users', 'manager' ); 89 90 $this->addACL( 'com_checkin', 'manage', 'users', 'super administrator' ); 91 $this->addACL( 'com_checkin', 'manage', 'users', 'administrator' ); 92 93 $this->addACL( 'com_cache', 'manage', 'users', 'super administrator' ); 94 $this->addACL( 'com_cache', 'manage', 'users', 'administrator' ); 95 96 $this->addACL( 'com_config', 'manage', 'users', 'super administrator' ); 97 //$this->addACL( 'com_config', 'manage', 'users', 'administrator' ); 98 99 $this->addACL( 'com_contact', 'manage', 'users', 'super administrator' ); 100 $this->addACL( 'com_contact', 'manage', 'users', 'administrator' ); 101 $this->addACL( 'com_contact', 'manage', 'users', 'manager' ); 102 103 $this->addACL( 'com_components', 'manage', 'users', 'super administrator' ); 104 $this->addACL( 'com_components', 'manage', 'users', 'administrator' ); 105 $this->addACL( 'com_components', 'manage', 'users', 'manager' ); 106 107 $this->addACL( 'com_frontpage', 'manage', 'users', 'super administrator' ); 108 $this->addACL( 'com_frontpage', 'manage', 'users', 'administrator' ); 109 $this->addACL( 'com_frontpage', 'manage', 'users', 'manager' ); 110 $this->addACL( 'com_frontpage', 'edit', 'users', 'manager' ); 111 112 // access to installers and base installer 113 $this->addACL( 'com_installer', 'installer', 'users', 'administrator' ); 114 $this->addACL( 'com_installer', 'installer', 'users', 'super administrator' ); 115 116 $this->addACL( 'com_installer', 'component', 'users', 'administrator' ); 117 $this->addACL( 'com_installer', 'component', 'users', 'super administrator' ); 118 119 $this->addACL( 'com_installer', 'language', 'users', 'super administrator' ); 120 $this->addACL( 'com_installer', 'language', 'users', 'administrator' ); 121 122 $this->addACL( 'com_installer', 'module', 'users', 'administrator' ); 123 $this->addACL( 'com_installer', 'module', 'users', 'super administrator' ); 124 125 $this->addACL( 'com_installer', 'plugin', 'users', 'administrator' ); 126 $this->addACL( 'com_installer', 'plugin', 'users', 'super administrator' ); 127 128 $this->addACL( 'com_installer', 'template', 'users', 'super administrator' ); 129 $this->addACL( 'com_installer', 'template', 'users', 'administrator' ); 130 131 $this->addACL( 'com_languages', 'manage', 'users', 'super administrator' ); 132 133 $this->addACL( 'com_plugins', 'manage', 'users', 'super administrator' ); 134 $this->addACL( 'com_plugins', 'manage', 'users', 'administrator' ); 135 // uncomment following to allow managers to edit modules 136 //array( 'administration', 'edit', 'users', 'manager', 'modules', 'all' ); 137 138 $this->addACL( 'com_massmail', 'manage', 'users', 'super administrator' ); 139 140 $this->addACL( 'com_media', 'manage', 'users', 'super administrator' ); 141 $this->addACL( 'com_media', 'manage', 'users', 'administrator' ); 142 $this->addACL( 'com_media', 'manage', 'users', 'manager' ); 143 $this->addACL( 'com_media', 'popup', 'users', 'super administrator' ); 144 $this->addACL( 'com_media', 'popup', 'users', 'administrator' ); 145 $this->addACL( 'com_media', 'popup', 'users', 'manager' ); 146 $this->addACL( 'com_media', 'popup', 'users', 'registered' ); 147 $this->addACL( 'com_media', 'popup', 'users', 'author' ); 148 $this->addACL( 'com_media', 'popup', 'users', 'editor' ); 149 $this->addACL( 'com_media', 'popup', 'users', 'publisher' ); 150 $this->addACL( 'com_media', 'upload', 'users', 'super administrator' ); 151 $this->addACL( 'com_media', 'upload', 'users', 'administrator' ); 152 $this->addACL( 'com_media', 'upload', 'users', 'manager' ); 153 154 $this->addACL( 'com_menus', 'manage', 'users', 'administrator' ); 155 $this->addACL( 'com_menus', 'manage', 'users', 'super administrator' ); 156 157 $this->addACL( 'com_modules', 'manage', 'users', 'super administrator' ); 158 $this->addACL( 'com_modules', 'manage', 'users', 'administrator' ); 159 160 $this->addACL( 'com_newsfeeds', 'manage', 'users', 'super administrator' ); 161 $this->addACL( 'com_newsfeeds', 'manage', 'users', 'administrator' ); 162 $this->addACL( 'com_newsfeeds', 'manage', 'users', 'manager' ); 163 164 $this->addACL( 'com_poll', 'manage', 'users', 'super administrator' ); 165 $this->addACL( 'com_poll', 'manage', 'users', 'administrator' ); 166 $this->addACL( 'com_poll', 'manage', 'users', 'manager' ); 167 168 $this->addACL( 'com_templates', 'manage', 'users', 'super administrator' ); 169 //$this->addACL( 'com_templates', 'manage', 'user', 'administrator' ) 170 171 $this->addACL( 'com_trash', 'manage', 'users', 'administrator' ); 172 $this->addACL( 'com_trash', 'manage', 'users', 'super administrator' ); 173 174 // email block users property 175 $this->addACL( 'com_users', 'block user', 'users', 'administrator' ); 176 $this->addACL( 'com_users', 'block user', 'users', 'super administrator' ); 177 178 $this->addACL( 'com_users', 'manage', 'users', 'administrator' ); 179 $this->addACL( 'com_users', 'manage', 'users', 'super administrator' ); 180 181 $this->addACL( 'com_weblinks', 'manage', 'users', 'super administrator' ); 182 $this->addACL( 'com_weblinks', 'manage', 'users', 'administrator' ); 183 $this->addACL( 'com_weblinks', 'manage', 'users', 'manager' ); 184 185 // email system events 186 $this->addACL( 'com_users', 'email_events', 'users', 'administrator' ); 187 $this->addACL( 'com_users', 'email_events', 'users', 'super administrator' ); 188 $this->addACL( 'workflow', 'email_events', 'users', 'administrator', null, null ); 189 $this->addACL( 'workflow', 'email_events', 'users', 'super administrator', null, null ); 190 191 // actions 192 $this->addACL( 'com_content', 'add', 'users', 'author', 'content', 'all' ); 193 $this->addACL( 'com_content', 'add', 'users', 'editor', 'content', 'all' ); 194 $this->addACL( 'com_content', 'add', 'users', 'publisher', 'content', 'all' ); 195 $this->addACL( 'com_content', 'edit', 'users', 'author', 'content', 'own' ); 196 $this->addACL( 'com_content', 'edit', 'users', 'editor', 'content', 'all' ); 197 $this->addACL( 'com_content', 'edit', 'users', 'publisher', 'content', 'all' ); 198 $this->addACL( 'com_content', 'publish', 'users', 'publisher', 'content', 'all' ); 199 200 $this->addACL( 'com_content', 'add', 'users', 'manager', 'content', 'all' ); 201 $this->addACL( 'com_content', 'edit', 'users', 'manager', 'content', 'all' ); 202 $this->addACL( 'com_content', 'publish', 'users', 'manager', 'content', 'all' ); 203 204 $this->addACL( 'com_content', 'add', 'users', 'administrator', 'content', 'all' ); 205 $this->addACL( 'com_content', 'edit', 'users', 'administrator', 'content', 'all' ); 206 $this->addACL( 'com_content', 'publish', 'users', 'administrator', 'content', 'all' ); 207 208 $this->addACL( 'com_content', 'add', 'users', 'super administrator', 'content', 'all' ); 209 $this->addACL( 'com_content', 'edit', 'users', 'super administrator', 'content', 'all' ); 210 $this->addACL( 'com_content', 'publish', 'users', 'super administrator', 'content', 'all' ); 211 } 212 213 /** 214 * This is a temporary function to allow 3PD's to add basic ACL checks for their 215 * modules and components. NOTE: this information will be compiled in the db 216 * in future versions 217 * 218 * @param string The ACO section value 219 * @param string The ACO value 220 * @param string The ARO section value 221 * @param string The ARO section 222 * @param string The AXO section value (optional) 223 * @param string The AXO section value (optional) 224 * @param string The return value for the ACL (optional) 225 */ 226 function addACL( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $return_value=NULL ) 227 { 228 $this->acl[] = array( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $return_value ); 229 $this->acl_count++; 230 } 231 232 /** 233 * Gets the chec mode 234 * @return int 235 */ 236 function getCheckMode() 237 { 238 return $this->_checkMode; 239 } 240 241 /** 242 * Sets the check mode. 243 * 244 * Only used if the full implementation of the phpGACL library is installed and configured 245 * 246 * @param int 0 = Joomla!, 1 = phpGACL native 247 * @return int The previous value 248 */ 249 function setCheckMode( $value ) 250 { 251 $old = $this->_checkMode; 252 $this->_checkMode = (int) $value; 253 return $old; 254 } 255 256 /** 257 * Wraps the actual acl_query() function. 258 * 259 * It is simply here to return TRUE/FALSE accordingly. 260 * @param string The ACO section value 261 * @param string The ACO value 262 * @param string The ARO section value 263 * @param string The ARO section 264 * @param string The AXO section value (optional) 265 * @param string The AXO section value (optional) 266 * @param integer The group id of the ARO ??Mike?? (optional) 267 * @param integer The group id of the AXO ??Mike?? (optional) 268 * @return mixed Generally a zero (0) or (1) or the extended return value of the ACL 269 */ 270 function acl_check( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL ) 271 { 272 if ($this->_checkMode === 1) { 273 return parent::acl_check( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $root_aro_group, $root_axo_group ); 274 } 275 276 $this->debug_text( "\n<br /> ACO=$aco_section_value:$aco_value, ARO=$aro_section_value:$aro_value, AXO=$axo_section_value|$axo_value" ); 277 278 $acl_result = 0; 279 for ($i=0; $i < $this->acl_count; $i++) 280 { 281 $acl =& $this->acl[$i]; 282 if (strcasecmp( $aco_section_value, $acl[0] ) == 0) { 283 if (strcasecmp( $aco_value, $acl[1] ) == 0) { 284 if (strcasecmp( $aro_section_value, $acl[2] ) == 0) { 285 if (strcasecmp( $aro_value, $acl[3] ) == 0) { 286 if ($axo_section_value && $acl[4]) { 287 if (strcasecmp( $axo_section_value, $acl[4] ) == 0) { 288 if (strcasecmp( $axo_value, $acl[5] ) == 0) { 289 $acl_result = @$acl[6] ? $acl[6] : 1; 290 break; 291 } 292 } 293 } else { 294 $acl_result = @$acl[6] ? $acl[6] : 1; 295 break; 296 } 297 } 298 } 299 } 300 } 301 } 302 return $acl_result; 303 } 304 305 /** 306 * Gets the 'name' of a group 307 * @param int The group id 308 * @param string The type: [ARO]|AXO 309 * @return string 310 */ 311 function get_group_name($group_id = null, $group_type = 'ARO') 312 { 313 $data = $this->get_group_data( $group_id, 'ARO' ); 314 return $data[3]; 315 } 316 317 /** 318 * @param string The value for the group 319 * @return object The row from the group table 320 */ 321 function getAroGroup( $value ) { 322 return $this->_getGroup( 'aro', $value ); 323 } 324 325 function _getGroup( $type, $value ) 326 { 327 $db =& JFactory::getDBO(); 328 329 $db->setQuery( 'SELECT g.*' 330 . ' FROM #__core_acl_'.$type.'_groups AS g' 331 . ' INNER JOIN #__core_acl_groups_'.$type.'_map AS gm ON gm.group_id = g.id' 332 . ' INNER JOIN #__core_acl_'.$type.' AS ao ON ao.id = gm.'.$type.'_id' 333 . ' WHERE ao.value='.$db->Quote($value) 334 . ' ORDER BY g.id' 335 ); 336 $obj = $db->loadObject(); 337 return $obj; 338 } 339 340 function _getBelow( $table, $fields, $groupby=null, $root_id=null, $root_name=null, $inclusive=true ) 341 { 342 $db =& JFactory::getDBO(); 343 344 $root = new stdClass(); 345 $root->lft = 0; 346 $root->rgt = 0; 347 348 if ($root_id) { 349 } else if ($root_name) { 350 $query = "SELECT lft, rgt FROM $table WHERE name = ".$db->Quote($root_name); 351 $db->setQuery( $query ); 352 $root = $db->loadObject(); 353 } 354 355 $where = ''; 356 if ($root->lft+$root->rgt <> 0) { 357 if ($inclusive) { 358 $where = ' WHERE g1.lft BETWEEN '.(int) $root->lft.' AND '.(int) $root->rgt; 359 } else { 360 $where = ' WHERE g1.lft > '.(int) $root->lft.' AND g1.lft <'.(int) $root->rgt; 361 } 362 } 363 364 $query = 'SELECT '. $fields 365 . ' FROM '. $table .' AS g1' 366 . ' INNER JOIN '. $table .' AS g2 ON g1.lft BETWEEN g2.lft AND g2.rgt' 367 . $where 368 . ($groupby ? ' GROUP BY ' . $groupby : '') 369 . ' ORDER BY g1.lft'; 370 $db->setQuery( $query ); 371 372 return $db->loadObjectList(); 373 } 374 375 /** 376 * @param int 377 * @param string 378 * @param boolean 379 * @param boolean Returns the complete html if true 380 * @return string|array String if html, otherwise an array 381 */ 382 function get_group_children_tree( $root_id=null, $root_name=null, $inclusive=true, $html=true ) 383 { 384 $db =& JFactory::getDBO(); 385 386 $tree = $this->_getBelow( '#__core_acl_aro_groups', 387 'g1.id, g1.name, COUNT(g2.name) AS level', 388 'g1.name', 389 $root_id, $root_name, $inclusive ); 390 391 // first pass get level limits 392 $n = count( $tree ); 393 $min = $tree[0]->level; 394 $max = $tree[0]->level; 395 for ($i=0; $i < $n; $i++) { 396 $min = min( $min, $tree[$i]->level ); 397 $max = max( $max, $tree[$i]->level ); 398 } 399 400 $indents = array(); 401 foreach (range( $min, $max ) as $i) { 402 $indents[$i] = ' '; 403 } 404 // correction for first indent 405 $indents[$min] = ''; 406 407 $list = array(); 408 for ($i=$n-1; $i >= 0; $i--) { 409 $shim = ''; 410 foreach (range( $min, $tree[$i]->level ) as $j) { 411 $shim .= $indents[$j]; 412 } 413 414 if (@$indents[$tree[$i]->level+1] == '. ') { 415 $twist = ' '; 416 } else { 417 $twist = "- "; 418 } 419 $groupName = JText::_( $tree[$i]->name ); 420 //$list[$i] = $tree[$i]->level.$shim.$twist.$tree[$i]->name; 421 if ($html) { 422 $list[$i] = JHTML::_('select.option', $tree[$i]->id, $shim.$twist.$groupName ); 423 } else { 424 $list[$i] = array( 'value'=>$tree[$i]->id, 'text'=>$shim.$twist.$groupName ); 425 } 426 if ($tree[$i]->level < @$tree[$i-1]->level) { 427 $indents[$tree[$i]->level+1] = '. '; 428 } 429 } 430 431 ksort($list); 432 return $list; 433 } 434 435 /*======================================================================*\ 436 Function: has_group_parent 437 Purpose: Checks whether the 'source' group is a child of the 'target' 438 \*======================================================================*/ 439 function is_group_child_of( $grp_src, $grp_tgt, $group_type='ARO' ) 440 { 441 $db =& JFactory::getDBO(); 442 443 $this->debug_text("has_group_parent(): Source=$grp_src, Target=$grp_tgt, Type=$group_type"); 444 445 switch(strtolower(trim($group_type))) { 446 case 'axo': 447 $table = $this->_db_table_prefix .'axo_groups'; 448 break; 449 default: 450 $table = $this->_db_table_prefix .'aro_groups'; 451 break; 452 } 453 454 $query = 'SELECT COUNT(*) '. 455 'FROM '.$table.' AS g1 '. 456 'LEFT JOIN '.$table.' AS g2 ON (g1.lft > g2.lft AND g1.lft < g2.rgt) '; 457 458 if (is_int( $grp_src ) && is_int($grp_tgt)) { 459 $query .= 'WHERE g1.id = '.$grp_src.' AND g2.id = '.$grp_tgt; 460 } else if (is_string( $grp_src ) && is_string($grp_tgt)) { 461 $query .= 'WHERE g1.name = '.$db->Quote($grp_src).' AND g2.name = '.$db->Quote($grp_tgt); 462 } else if (is_int( $grp_src ) && is_string($grp_tgt)) { 463 $query .= 'WHERE g1.id = '.$grp_src.' AND g2.name = '.$db->Quote($grp_tgt); 464 } else { 465 $query .= 'WHERE g1.name = '.$db->Quote($grp_src).' AND g2.id = '.(int) $grp_tgt; 466 } 467 468 $db->setQuery($query); 469 470 return $db->loadResult(); 471 } 472 473 /*======================================================================*\ 474 Function: get_group_children() 475 Purpose: Gets a groups child IDs 476 \*======================================================================*/ 477 function get_group_parents($group_id, $group_type = 'ARO', $recurse = 'NO_RECURSE') 478 { 479 $this->debug_text("get_group_parents(): Group_ID: $group_id Group Type: $group_type Recurse: $recurse"); 480 481 switch (strtolower(trim($group_type))) { 482 case 'axo': 483 $group_type = 'axo'; 484 $table = $this->_db_table_prefix .'axo_groups'; 485 break; 486 default: 487 $group_type = 'aro'; 488 $table = $this->_db_table_prefix .'aro_groups'; 489 } 490 491 if (empty($group_id)) { 492 $this->debug_text("get_group_parents(): ID ($group_id) is empty, this is required"); 493 return FALSE; 494 } 495 496 $query = ' 497 SELECT g2.id 498 FROM '. $table .' g1'; 499 500 //FIXME-mikeb: Why is group_id in quotes? 501 switch (strtoupper($recurse)) { 502 case 'RECURSE': 503 $query .= ' 504 LEFT JOIN '. $table .' g2 ON g1.lft > g2.lft AND g1.lft < g2.rgt 505 WHERE g1.id='.(int) $group_id; 506 break; 507 case 'RECURSE_INCL': 508 // inclusive resurse 509 $query .= ' 510 LEFT JOIN '. $table .' g2 ON g1.lft >= g2.lft AND g1.lft <= g2.rgt 511 WHERE g1.id='.(int) $group_id; 512 break; 513 default: 514 $query .= ' 515 WHERE g1.parent_id='.(int) $group_id; 516 } 517 518 $query .= ' 519 ORDER BY g2.lft'; 520 521 522 $this->db->setQuery( $query ); 523 return $this->db->loadResultArray(); 524 } 525 526 527 /** 528 * Deprecated, use JAuthorisation::addACL() instead. 529 * 530 * @since 1.0 531 * @deprecated As of version 1.5 532 * @see JAuthorisation::addACL() 533 */ 534 function _mos_add_acl( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $return_value=NULL ) { 535 $this->addACL($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $return_value); 536 } 537 538 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |