From 9b75fe7dbb5d0facae0ad516b580886c3e5a7aec Mon Sep 17 00:00:00 2001
From: neoraider <devnull@localhost>
Date: Fri, 14 Apr 2006 00:20:03 +0000
Subject: Rechteverwaltung ?berarbeitet.

---
 code/pages.inc.php | 90 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 64 insertions(+), 26 deletions(-)

(limited to 'code')

diff --git a/code/pages.inc.php b/code/pages.inc.php
index d712242..50ca2b7 100644
--- a/code/pages.inc.php
+++ b/code/pages.inc.php
@@ -80,30 +80,28 @@
     }
     
     function HasAccess($page, $type) {
-      if($GLOBALS['user']->IsAdmin()) return $this->Exists($page, $type);
+      if(!$this->Exists($page, $type)) return false;
+      if($GLOBALS['user']->IsAdmin()) return true;
       
       $gid = $GLOBALS['user']->gid;
       
-      $pagedata = $this->GetPageData($page, $type);
-      
-      if(!$pagedata)
-        return false;
+      $access = $this->GetAccess($page, $type);
       
-      return ((hexdec(substr($pagedata['access'], ($gid/8)*2, 2)) & (1 << ($gid%8))) != 0);
+      return ((hexdec($access[$gid/4]) & (1 << ($gid%4))) != 0);
     }
     
     function GetPageData($page, $type) {
       if(!$this->Exists($page, $type)) return null;
       
       if(!$this->pages[$page . '.' . $type]) {
-        $res = $GLOBALS['db']->Execute('SELECT template, HEX(access), data FROM pages WHERE name = ? AND type = ?', array($page, $type));
+        $res = $GLOBALS['db']->Execute('SELECT template, data FROM pages WHERE name = ? AND type = ?', array($page, $type));
       
         if($res->RecordCount()) {
-          parse_str($res->fields[2], $data);
+          parse_str($res->fields[1], $data);
           $data = array_map('Unquote', $data);
           
           $this->pages[$page . '.' . $type] = array('name' => $page, 'type' => $type, 'template' => $res->fields[0],
-                                                    'access' => $res->fields[1], 'data' => $data);
+                                                    'access' => '', 'data' => $data);
         }
         else {
           $filename = $GLOBALS['modules']->pages[$page . '.' . $type];
@@ -141,6 +139,11 @@
           $this->pages[$page . '.' . $type] = array('name' => $page, 'type' => $type, 'template' => $template,
                                                     'access' => $access, 'data' => $data);
         }
+        
+        $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type));
+      
+        if($res->RecordCount())
+          $this->pages[$page . '.' . $type]['access'] = $res->fields[0];
       }
       
       return $this->pages[$page . '.' . $type];
@@ -149,7 +152,7 @@
     function Add($name, $type, $template) {
       if($this->Exists($name, $type)) return false;
       
-      $GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, "", "", ?)',
+      $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, "", ?)',
                               array($name, $template, $type));
       
       return ($GLOBALS['db']->Affected_Rows() > 0);
@@ -161,26 +164,22 @@
       foreach($data as $key => $val)
         $string .= urlencode($key) . '=' . urlencode($val) . '&';
       
-      $GLOBALS['db']->Execute('UPDATE pages SET data = ? WHERE name = ? AND type = ?',
+      $res = $GLOBALS['db']->Execute('SELECT id FROM pages WHERE name = ? AND type = ?',
+                                     array($page, $type));
+      
+      if($res->RecordCount()) {
+        $GLOBALS['db']->Execute('UPDATE pages SET data = ? WHERE name = ? AND type = ?',
                               array(substr($string, 0, -1), $page, $type));
       
-      if($GLOBALS['db']->Affected_Rows()) return true;
+        return true;
+      }
       
       $pagedata = $this->GetPageData($page, $type);
       
-      $string = '';
-      
-      foreach($pagedata['data'] as $key => $val)
-        $string .= urlencode($key) . '=' . urlencode($val) . '&';
-      
-      $access = '';
-      
-      for($i = 0; $i < strlen($pagedata['access']); $i+=2)
-        $access .= chr(hexdec(substr($pagedata['access'], $i, 2)));
-        
-      
-      $GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, ?, ?, ?)',
-                              array($page, $pagedata['template'], $access, $string, $type));
+      $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)',
+                              array($page, $type, $pagedata['access']));
+      $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)',
+                              array($page, $pagedata['template'], $string, $type));
       
       return ($GLOBALS['db']->Affected_Rows() > 0);
     }
@@ -188,6 +187,7 @@
     function Rename($page, $type, $new_name) {
       if($this->Exists($new_name, $type)) return false;
       
+      $GLOBALS['db']->Execute('UPDATE privs SET name = ? WHERE name = ? AND type = ?', array($new_name, $page, $type));
       $GLOBALS['db']->Execute('UPDATE pages SET name = ? WHERE name = ? AND type = ?', array($new_name, $page, $type));
       
       return ($GLOBALS['db']->Affected_Rows() > 0);
@@ -204,13 +204,14 @@
       foreach($pagedata['data'] as $key => $val)
         $string .= urlencode($key) . '=' . urlencode($val) . '&';
       
-      $GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, "", ?, ?)',
+      $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)',
                               array($new_name, $pagedata['template'], $string, $type));
       
       return ($GLOBALS['db']->Affected_Rows() > 0);
     }
     
     function Delete($page, $type) {
+      $GLOBALS['db']->Execute('DELETE FROM privs WHERE name = ? AND type = ?', array($page, $type));
       $GLOBALS['db']->Execute('DELETE FROM pages WHERE name = ? AND type = ?', array($page, $type));
       
       return ($GLOBALS['db']->Affected_Rows() > 0);
@@ -230,6 +231,43 @@
       
       return $pages;
     }
+    
+    function GetAccess($page, $type) {
+      $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type));
+      
+      if($res->RecordCount())
+        return $res->fields[0];
+      
+      $pagedata = $this->GetPageData($page, $type);
+      
+      return $pagedata['access'];
+    }
+    
+    function SetAccess($page, $type, $access) {
+      $res = $GLOBALS['db']->Execute('SELECT id FROM privs WHERE name = ? AND type = ?', array($page, $type));
+      
+      if($res->RecordCount()) {
+        $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ? WHERE name = ? AND type = ?', array($access, $page, $type));
+      
+        return true;
+      }
+      
+      $pagedata = $this->GetPageData($page, $type);
+      
+      if(strlen($access) > strlen($pagedata['access'])) {
+        if(eregi('^' . $pagedata['access'] . '0+$', $access)) return true;
+      }
+      elseif(strlen($access) < strlen($pagedata['access'])) {
+        if(eregi('^' . $access . '0+$', $pagedata['access'])) return true;
+      }
+      else {
+        if(strcasecmp($access, $pagedata['access']) == 0) return true;
+      }
+      
+      $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', array($page, $type, $access));
+      
+      return ($GLOBALS['db']->Affected_Rows() > 0);
+    }
   }
   
   $GLOBALS['pages'] = new Pages;
-- 
cgit v1.2.3