summaryrefslogtreecommitdiffstats
path: root/code/pages.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'code/pages.inc.php')
-rw-r--r--code/pages.inc.php64
1 files changed, 44 insertions, 20 deletions
diff --git a/code/pages.inc.php b/code/pages.inc.php
index 50ca2b7..c696836 100644
--- a/code/pages.inc.php
+++ b/code/pages.inc.php
@@ -15,9 +15,8 @@
'Pages:Edit.c' => null,
'Pages:Handle.c' => null,
'Pages:New.c' => null,
+ 'Pages:Privs.c' => null,
'Pages:Rename.c' => null,
- 'Privileges.c' => null,
- 'Privileges:Update.c' => null,
'Users.c' => null,
'Users:Delete.c' => null,
'Users:Group.c' => null,
@@ -35,7 +34,7 @@
return array('title' => $page,
'content' => ErrorMessage('PageNotFound', array('page' => $page)));
- if(!$this->HasAccess($page, $type))
+ if(!$this->HasReadAccess($page, $type))
return array('title' => $page,
'content' => ErrorMessage('Forbidden', array('page' => $page)));
@@ -54,7 +53,7 @@
return array('title' => $page,
'content' => ErrorMessage('PageNotFound', array('page' => $page)));
- if(!$GLOBALS['user']->IsAdmin())
+ if(!$this->HasWriteAccess($page, $type))
return array('title' => $page,
'content' => ErrorMessage('Forbidden', array('page' => $page)));
@@ -79,7 +78,7 @@
return ($res->RecordCount() > 0);
}
- function HasAccess($page, $type) {
+ function HasReadAccess($page, $type) {
if(!$this->Exists($page, $type)) return false;
if($GLOBALS['user']->IsAdmin()) return true;
@@ -87,7 +86,18 @@
$access = $this->GetAccess($page, $type);
- return ((hexdec($access[$gid/4]) & (1 << ($gid%4))) != 0);
+ return ((hexdec($access[0][$gid/4]) & (1 << ($gid%4))) != 0);
+ }
+
+ function HasWriteAccess($page, $type) {
+ if(!$this->Exists($page, $type)) return false;
+ if($GLOBALS['user']->IsAdmin()) return true;
+
+ $gid = $GLOBALS['user']->gid;
+
+ $access = $this->GetAccess($page, $type);
+
+ return ((hexdec($access[1][$gid/4]) & (1 << ($gid%4))) != 0);
}
function GetPageData($page, $type) {
@@ -123,7 +133,7 @@
if(!$access) return null;
if(count($access['children']) != 1) return;
if(!is_string($access['children'][0])) return;
- $access = $access['children'][0];
+ $access = explode(':', $access['children'][0]);
$rawdata = $GLOBALS['xmlparser']->FindTag($xmldata, 'data');
@@ -140,10 +150,10 @@
'access' => $access, 'data' => $data);
}
- $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type));
+ $res = $GLOBALS['db']->Execute('SELECT readaccess, writeaccess FROM privs WHERE name = ? AND type = ?', array($page, $type));
if($res->RecordCount())
- $this->pages[$page . '.' . $type]['access'] = $res->fields[0];
+ $this->pages[$page . '.' . $type]['access'] = array($res->fields[0], $res->fields[1]);
}
return $this->pages[$page . '.' . $type];
@@ -176,8 +186,8 @@
$pagedata = $this->GetPageData($page, $type);
- $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)',
- array($page, $type, $pagedata['access']));
+ $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess, writeaccess) VALUES (?, ?, ?, ?)',
+ array($page, $type, $pagedata['access'][0], $pagedata['access'][1]));
$GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)',
array($page, $pagedata['template'], $string, $type));
@@ -233,10 +243,10 @@
}
function GetAccess($page, $type) {
- $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type));
+ $res = $GLOBALS['db']->Execute('SELECT readaccess, writeaccess FROM privs WHERE name = ? AND type = ?', array($page, $type));
if($res->RecordCount())
- return $res->fields[0];
+ return array($res->fields[0], $res->fields[1]);
$pagedata = $this->GetPageData($page, $type);
@@ -247,24 +257,38 @@
$res = $GLOBALS['db']->Execute('SELECT id FROM privs WHERE name = ? AND type = ?', array($page, $type));
if($res->RecordCount()) {
- $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ? WHERE name = ? AND type = ?', array($access, $page, $type));
+ $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ?, writeaccess = ? WHERE name = ? AND type = ?', array($access[0], $access[1], $page, $type));
return true;
}
$pagedata = $this->GetPageData($page, $type);
- if(strlen($access) > strlen($pagedata['access'])) {
- if(eregi('^' . $pagedata['access'] . '0+$', $access)) return true;
+ $changed = false;
+
+ if(strlen($access[0]) > strlen($pagedata['access'][0])) {
+ if(!eregi('^' . $pagedata['access'][0] . '0+$', $access[0])) $changed = true;
}
- elseif(strlen($access) < strlen($pagedata['access'])) {
- if(eregi('^' . $access . '0+$', $pagedata['access'])) return true;
+ elseif(strlen($access[0]) < strlen($pagedata['access'][0])) {
+ if(!eregi('^' . $access[0] . '0+$', $pagedata['access'][0])) $changed = true;
}
else {
- if(strcasecmp($access, $pagedata['access']) == 0) return true;
+ if(strcasecmp($access[0], $pagedata['access'][0]) != 0) $changed = true;
+ }
+
+ if(!$changed) {
+ if(strlen($access[1]) > strlen($pagedata['access'][1])) {
+ if(eregi('^' . $pagedata['access'][1] . '0+$', $access[1])) return true;
+ }
+ elseif(strlen($access[1]) < strlen($pagedata['access'][1])) {
+ if(eregi('^' . $access[1] . '0+$', $pagedata['access'][1])) return true;
+ }
+ else {
+ if(strcasecmp($access[1], $pagedata['access'][1]) == 0) return true;
+ }
}
- $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', array($page, $type, $access));
+ $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess, writeaccess) VALUES (?, ?, ?, ?)', array($page, $type, $access[0], $access[1]));
return ($GLOBALS['db']->Affected_Rows() > 0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 04:32:39 +0200