From bde164393aa3b8c59ee15c0ae80c4268b236fb47 Mon Sep 17 00:00:00 2001 From: neoraider Date: Sun, 16 Apr 2006 20:21:01 +0000 Subject: Rechteverwaltung ?berarbeitet. --- code/links.inc.php | 4 ++-- code/pages.inc.php | 64 +++++++++++++++++++++++++++++++++++++----------------- code/user.inc.php | 12 ++++++++++ 3 files changed, 58 insertions(+), 22 deletions(-) (limited to 'code') diff --git a/code/links.inc.php b/code/links.inc.php index b5ae18e..d65eea1 100644 --- a/code/links.inc.php +++ b/code/links.inc.php @@ -3,7 +3,7 @@ class Links { function GetNeonLink($page, $extra = '', $html = true) { - if($GLOBALS['pages']->HasAccess($page, 'c')) { + if($GLOBALS['pages']->HasReadAccess($page, 'c')) { if($GLOBALS['user']->login_type == 'url') $ret = 'index.php?page=' . $page . '&login=' . $GLOBALS['user']->login_key . ($extra ? '&' . $extra : ''); @@ -27,7 +27,7 @@ } function GetNavPage($page) { - if($GLOBALS['pages']->HasAccess($page, 'n')) { + if($GLOBALS['pages']->HasReadAccess($page, 'n')) { $page = $GLOBALS['pages']->Get($page, 'n'); return $page['content']; } diff --git a/code/pages.inc.php b/code/pages.inc.php index 50ca2b7..c696836 100644 --- a/code/pages.inc.php +++ b/code/pages.inc.php @@ -15,9 +15,8 @@ 'Pages:Edit.c' => null, 'Pages:Handle.c' => null, 'Pages:New.c' => null, + 'Pages:Privs.c' => null, 'Pages:Rename.c' => null, - 'Privileges.c' => null, - 'Privileges:Update.c' => null, 'Users.c' => null, 'Users:Delete.c' => null, 'Users:Group.c' => null, @@ -35,7 +34,7 @@ return array('title' => $page, 'content' => ErrorMessage('PageNotFound', array('page' => $page))); - if(!$this->HasAccess($page, $type)) + if(!$this->HasReadAccess($page, $type)) return array('title' => $page, 'content' => ErrorMessage('Forbidden', array('page' => $page))); @@ -54,7 +53,7 @@ return array('title' => $page, 'content' => ErrorMessage('PageNotFound', array('page' => $page))); - if(!$GLOBALS['user']->IsAdmin()) + if(!$this->HasWriteAccess($page, $type)) return array('title' => $page, 'content' => ErrorMessage('Forbidden', array('page' => $page))); @@ -79,7 +78,7 @@ return ($res->RecordCount() > 0); } - function HasAccess($page, $type) { + function HasReadAccess($page, $type) { if(!$this->Exists($page, $type)) return false; if($GLOBALS['user']->IsAdmin()) return true; @@ -87,7 +86,18 @@ $access = $this->GetAccess($page, $type); - return ((hexdec($access[$gid/4]) & (1 << ($gid%4))) != 0); + return ((hexdec($access[0][$gid/4]) & (1 << ($gid%4))) != 0); + } + + function HasWriteAccess($page, $type) { + if(!$this->Exists($page, $type)) return false; + if($GLOBALS['user']->IsAdmin()) return true; + + $gid = $GLOBALS['user']->gid; + + $access = $this->GetAccess($page, $type); + + return ((hexdec($access[1][$gid/4]) & (1 << ($gid%4))) != 0); } function GetPageData($page, $type) { @@ -123,7 +133,7 @@ if(!$access) return null; if(count($access['children']) != 1) return; if(!is_string($access['children'][0])) return; - $access = $access['children'][0]; + $access = explode(':', $access['children'][0]); $rawdata = $GLOBALS['xmlparser']->FindTag($xmldata, 'data'); @@ -140,10 +150,10 @@ 'access' => $access, 'data' => $data); } - $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); + $res = $GLOBALS['db']->Execute('SELECT readaccess, writeaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) - $this->pages[$page . '.' . $type]['access'] = $res->fields[0]; + $this->pages[$page . '.' . $type]['access'] = array($res->fields[0], $res->fields[1]); } return $this->pages[$page . '.' . $type]; @@ -176,8 +186,8 @@ $pagedata = $this->GetPageData($page, $type); - $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', - array($page, $type, $pagedata['access'])); + $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess, writeaccess) VALUES (?, ?, ?, ?)', + array($page, $type, $pagedata['access'][0], $pagedata['access'][1])); $GLOBALS['db']->Execute('INSERT INTO pages (name, template, data, type) VALUES (?, ?, ?, ?)', array($page, $pagedata['template'], $string, $type)); @@ -233,10 +243,10 @@ } function GetAccess($page, $type) { - $res = $GLOBALS['db']->Execute('SELECT readaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); + $res = $GLOBALS['db']->Execute('SELECT readaccess, writeaccess FROM privs WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) - return $res->fields[0]; + return array($res->fields[0], $res->fields[1]); $pagedata = $this->GetPageData($page, $type); @@ -247,24 +257,38 @@ $res = $GLOBALS['db']->Execute('SELECT id FROM privs WHERE name = ? AND type = ?', array($page, $type)); if($res->RecordCount()) { - $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ? WHERE name = ? AND type = ?', array($access, $page, $type)); + $GLOBALS['db']->Execute('UPDATE privs SET readaccess = ?, writeaccess = ? WHERE name = ? AND type = ?', array($access[0], $access[1], $page, $type)); return true; } $pagedata = $this->GetPageData($page, $type); - if(strlen($access) > strlen($pagedata['access'])) { - if(eregi('^' . $pagedata['access'] . '0+$', $access)) return true; + $changed = false; + + if(strlen($access[0]) > strlen($pagedata['access'][0])) { + if(!eregi('^' . $pagedata['access'][0] . '0+$', $access[0])) $changed = true; } - elseif(strlen($access) < strlen($pagedata['access'])) { - if(eregi('^' . $access . '0+$', $pagedata['access'])) return true; + elseif(strlen($access[0]) < strlen($pagedata['access'][0])) { + if(!eregi('^' . $access[0] . '0+$', $pagedata['access'][0])) $changed = true; } else { - if(strcasecmp($access, $pagedata['access']) == 0) return true; + if(strcasecmp($access[0], $pagedata['access'][0]) != 0) $changed = true; + } + + if(!$changed) { + if(strlen($access[1]) > strlen($pagedata['access'][1])) { + if(eregi('^' . $pagedata['access'][1] . '0+$', $access[1])) return true; + } + elseif(strlen($access[1]) < strlen($pagedata['access'][1])) { + if(eregi('^' . $access[1] . '0+$', $pagedata['access'][1])) return true; + } + else { + if(strcasecmp($access[1], $pagedata['access'][1]) == 0) return true; + } } - $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess) VALUES (?, ?, ?)', array($page, $type, $access)); + $GLOBALS['db']->Execute('INSERT INTO privs (name, type, readaccess, writeaccess) VALUES (?, ?, ?, ?)', array($page, $type, $access[0], $access[1])); return ($GLOBALS['db']->Affected_Rows() > 0); } diff --git a/code/user.inc.php b/code/user.inc.php index b9cab2d..4912bcc 100644 --- a/code/user.inc.php +++ b/code/user.inc.php @@ -136,6 +136,18 @@ return ($GLOBALS['db']->Affected_Rows() > 0); } + + function ListUsers() { + $res = $GLOBALS['db']->Execute('SELECT id, name FROM users ORDER BY id'); + + return $res->GetArray(); + } + + function ListGroups() { + $res = $GLOBALS['db']->Execute('SELECT id, name FROM groups ORDER BY id'); + + return $res->GetArray(); + } } $GLOBALS['user'] = new User; -- cgit v1.2.3