Squiz Matrix  4.12.2
 All Data Structures Namespaces Functions Variables Pages
permissions.inc
1 <?php
17 require_once SQ_LIB_PATH.'/html_form/html_form.inc';
18 
38 function paintInlinePermissions(Asset $owner, Backend_Outputter $o, Asset_Edit_Interface $ei, $cascades=TRUE)
39 {
40  $prefix = $owner->getPrefix();
41  $perms = Array('Read' => SQ_PERMISSION_READ, 'Write' => SQ_PERMISSION_WRITE, 'Administrator' => SQ_PERMISSION_ADMIN);
42 
43  $direct = Array();
44 
45  foreach ($perms as $title => $perm) {
46  $permissions = $GLOBALS['SQ_SYSTEM']->am->getAssetPermissionByCascade($owner->id, $perm, NULL, $cascades);
47 
48  foreach ($permissions as $userid => $perm_info) {
49  $granted = $perm_info['granted'];
50  if (!isset($direct[$perm][$granted])) {
51  $direct[$perm][$granted] = Array();
52  }
53  $direct[$perm][$granted][] = $perm_info['userid'];
54  }
55 
56  if (!empty($direct[$perm])) ksort($direct[$perm]);
57  }
58 
59  // No permissions set at all for this asset?
60  if (empty($direct)) return FALSE;
61 
62  $o->openSection(translate('permissions'));
63  $o->openField('&nbsp;');
64  ?>
65  <table class="sq-backend-table">
66  <tr>
67  <td class="sq-backend-table-header">
68  <?php echo translate('user'); ?>
69  </td>
70  <td class="sq-backend-table-header">
71  <?php echo translate('permissions'); ?>
72  </td>
73  <td class="sq-backend-table-header" align="right">
74  <?php echo translate('access'); ?>
75  </td>
76  </tr>
77  <?php
78 
79  // Print out the permissions, then
80  foreach ($perms as $title => $perm) {
81  if (!empty($direct[$perm])) {
82  foreach ($direct[$perm] as $granted => $userids) {
83  foreach ($userids as $userid) {
84  if ($userid) {
85  $user_info = $GLOBALS['SQ_SYSTEM']->am->getAssetInfo(Array($userid), Array('user', 'user_group'), FALSE);
86  if (empty($user_info)) continue;
87  }
88  ?>
89  <tr>
90  <td class="sq-backend-table-cell">
91  <?php
92  echo get_asset_tag_line($userid);
93  ?>
94  </td>
95  <td class="sq-backend-table-cell">
96  <?php echo $title.' Permission'?>
97  </td>
98  <td class="sq-backend-table-cell" align="right">
99  <span style="color: <?php echo (($granted == '0') ? 'red' : 'green'); ?>; font-weight:bold;"><?php echo (($granted == '0') ? translate('denied') : translate('granted')) ?></span>
100  </td>
101  </tr>
102  <?php
103  }// end foreach
104  }//end foreach
105  }// end if
106  }//end foreach
107 
108  ?>
109  </table>
110  <?php
111  $o->closeField();
112  $o->closeSection();
113 
114  return TRUE;
115 
116 }//end paintInlinePermissions()
117 
118 
130 function paintPermissions(&$owner, &$o, &$ei, $keywords=NULL)
131 {
132  $prefix = $owner->getPrefix();
133  $perms = Array('read' => SQ_PERMISSION_READ, 'write' => SQ_PERMISSION_WRITE, 'admin' => SQ_PERMISSION_ADMIN);
134 
135  $admin_access = $owner->adminAccess('permissions');
136  $public_userid = $GLOBALS['SQ_SYSTEM']->am->getSystemAssetid('public_user');
137 
138 
139  foreach ($perms as $title => $perm) {
140  $o->openSection(translate('permission_section', translate($title)));
141 
142  $permissions = $GLOBALS['SQ_SYSTEM']->am->getAssetPermissionByCascade($owner->id, $perm);
143 
144  $direct = Array();
145  foreach ($permissions as $perm_info) {
146  $granted = $perm_info['granted'];
147  $userid = $perm_info['userid'];
148 
149  if (!isset($direct[$granted])) {
150  $direct[$granted] = Array();
151  }
152  $direct[$granted][$userid] = $perm_info;
153  }
154  ksort($direct);
155 
156  if ($admin_access) {
157  $o->openField(translate('current'));
158  } else {
159  $o->openRaw();
160  }
161 
162  if (!empty($direct)) {
163  foreach ($direct as $granted => $perm_details) {
164  ?>
165  <table class="sq-backend-table">
166  <tr>
167  <td class="sq-backend-table-header">
168  <span style="color: <?php echo (($granted == '0') ? 'red' : 'green'); ?>"><?php echo (($granted == '0') ? translate('denied') : translate('granted')) ?></span>
169  </td>
170  <td align="center" width="100" class="sq-backend-table-header" style="font-weight: bold;"><?php echo translate('cascade_question'); ?></td>
171  <?php
172  if ($admin_access) {
173  ?><td align="center" width="100" class="sq-backend-table-header" style="font-weight: bold;"><?php echo translate('delete_question'); ?></td><?php
174  }
175  ?>
176  </tr>
177  <?php
178 
179  foreach ($perm_details as $userid => $perm_detail) {
180  ?>
181  <tr>
182  <td class="sq-backend-table-cell">
183  <?php
184  echo get_asset_tag_line($userid);
185  ?>
186  </td>
187  <td align="center" width="100" class="sq-backend-table-cell">
188  <?php
189  if ($admin_access) {
190  check_box($prefix.'_permissions['.$perm.'][cascades]['.rawurlencode($userid).']', 1, $perm_detail['cascades']);
191  } else {
192  ?><img src="<?php echo sq_web_path('lib'); ?>/web/images/<?php echo ($perm_detail['cascades'] ? 'tick' : 'cross'); ?>.gif" width="15" height="15" /><?php
193  }
194  ?>
195  </td>
196  <?php
197  if ($admin_access) {
198  ?><td align="center" width="100" class="sq-backend-table-cell"><?php
199  check_box($prefix.'_permissions['.$perm.'][delete]['.rawurlencode($userid).']');
200  ?></td><?php
201  }
202  ?>
203  </tr>
204  <?php
205  }// end foreach data
206  ?>
207  </table>
208  <br>
209  <?php
210  }//end foreach inherited
211 
212  } else {
213  echo translate('no_access_permissions_set', strtolower($title));
214  }//end if
215 
216  if ($admin_access) {
217  $o->closeField();
218  } else {
219  $o->closeRaw();
220  }
221 
222  if ($admin_access) {
223  $o->openField(translate('new'));
224  ?>
225  <table cellspacing="0">
226  <?php
227  // if Public Access isn't set
228  if (!in_array($public_userid, array_get_index($direct, 0, Array())) && !in_array($public_userid, array_get_index($direct, 1, Array()))) {
229  ?>
230  <tr>
231  <td colspan="2">
232  <?php
233  combo_box($prefix.'_permissions['.$perm.'][public_access][granted]', Array('' => '', '1' => translate('grant'), '0' => translate('deny')), FALSE, '');
234  echo ' '.translate('public_permission');
235  ?>
236  </td>
237  </tr>
238  <?php
239  }
240  ?>
241  <tr>
242  <td valign="top">
243  <?php
244  combo_box($prefix.'_permissions['.$perm.'][new][granted]', Array('' => '', '1' => translate('grant'), '0' => translate('deny')), FALSE, '');
245  echo ' '.translate('specific_permission');
246  ?>
247  &nbsp;
248  </td>
249  <td><?php multiple_asset_finder($prefix.'_permissions['.$perm.'][new][userid]', Array(), Array('user' => 'D', 'user_group' => 'D')); ?></td>
250  </tr>
251  </table>
252  <?php
253  $o->closeField();
254  $o->openField(translate('cascade_question'), 'new_line');
255  check_box($prefix.'_permissions['.$perm.'][new][cascades]', 1, TRUE);
256  ?> Automatically cascade this permission to new children<?php
257  //$o->note('If unchecked, the new permission(s) above will be applied or denied only to dependants of this asset, regardless of the Cascade Changes settings below. It will also not apply the workflow to any asset that becomes a new child of this asset (through creating a new asset, or moving an existing one, or creating a new link from one). This setting can be toggled after being applied.');
258  $o->closeField();
259  }//end if
260 
261  $o->closeSection();
262  }//end foreach $perms
263 
264  if ($admin_access) {
265  $kiddies = $GLOBALS['SQ_SYSTEM']->am->getChildren($owner->id);
266  if (count($kiddies)) {
267  $o->openSection(translate('cascade_permission_changes'));
268  $o->openField(translate('note'));
269  $o->note(translate('cascade_permissions_note', htmlspecialchars($owner->name, ENT_COMPAT, SQ_CONF_DEFAULT_CHARACTER_SET), count($kiddies)));
270  $o->closeField();
271  $o->openField('&nbsp;');
272  check_box($prefix.'_permissions[cascade_changes]', '1', TRUE);
273  label(translate('cascade_permissions'), $prefix.'_permissions[cascade_changes]');
274  $o->closeField();
275  $o->closeSection();
276 
277  $o->openSection(translate('manually_cascade_permissions'));
278  $o->openField(translate('note'));
279  $o->note(translate('manually_cascade_permissions_note', htmlspecialchars($owner->name, ENT_COMPAT, SQ_CONF_DEFAULT_CHARACTER_SET), count($kiddies)));
280  $o->closeField();
281  $o->openField('&nbsp;');
282  check_box($prefix.'_permissions[manual_cascade]');
283  label(translate('manually_cascade_permissions_option'), $prefix.'_permissions[manual_cascade]');
284  $o->closeField();
285  $o->closeSection();
286  }
287  }
288 
289  //FUTURE PERMISSION (SIMILAR TO FUTURE STATUS)
290  $o->openSection(translate('future_permission'));
291 
292  $GLOBALS['SQ_SYSTEM']->am->includeAsset('cron_job_future_permission');
293  $fp_jobs = Cron_Job_Future_Permission::getActiveJobs($owner);
294  if (!empty($fp_jobs)) {
295  $o->openField(translate('scheduled_future_permission_change'), 'new_line');
296  ?>
297  <table class="sq-backend-table">
298  <tr>
299  <td class="sq-backend-table-header"><?php echo translate('action'); ?></td>
300  <td class="sq-backend-table-header"><?php echo translate('permission'); ?></td>
301  <td class="sq-backend-table-header">
302  <span style="color:green"><?php echo translate('granted'); ?></span>
303  </td>
304  <td class="sq-backend-table-header">
305  <span style="color:red"><?php echo translate('denied'); ?></span>
306  </td>
307  <td class="sq-backend-table-header"><?php echo translate('when'); ?></td>
308  <td align="center" class="sq-backend-table-header" style="text-align: center;"><?php echo translate('cascade_question'); ?></td>
309  <td align="center" class="sq-backend-table-header" style="text-align: center;"><?php echo translate('update_all_question'); ?></td>
310  <?php
311  if ($admin_access) {
312  ?>
313  <td align="center" class="sq-backend-table-header" style="text-align: center;"><?php echo translate('delete_question'); ?></td>
314  <?php
315  }
316  ?>
317  </tr>
318  <?php
319  //sort the job by date
320  $sorted_fp_jobs = _sortCronJobsByDate($fp_jobs);
321  //print the active jobs
322  foreach ($sorted_fp_jobs as $fp_job) {
323  ?>
324  <tr>
325  <td class="sq-backend-table-cell">
326  <?php echo $fp_job->actionName(); ?>
327  </td>
328  <td class="sq-backend-table-cell">
329  <?php echo $fp_job->permissionName(); ?>
330  </td>
331  <td class="sq-backend-table-cell">
332  <?php
333  $granted_userids = $fp_job->getGrantedUsers(TRUE);
334  foreach ($granted_userids as $userid) {
335  echo get_asset_tag_line($userid);
336  echo '<br />';
337  }
338  ?>
339  </td>
340  <td class="sq-backend-table-cell">
341  <?php
342  $denied_userids = $fp_job->getGrantedUsers(FALSE);
343  foreach ($denied_userids as $userid) {
344  echo get_asset_tag_line($userid);
345  echo '<br />';
346  }
347  ?>
348  </td>
349  <td class="sq-backend-table-cell">
350  <?php echo $fp_job->readableWhen(); ?>
351  </td>
352  <td align="center" class="sq-backend-table-cell">
353  <?php
354  if ($fp_job->attr('cascade_to_new')) {
355  echo translate('yes');
356  } else {
357  echo translate('no');
358  }
359  ?>
360  </td>
361  <td align="center" class="sq-backend-table-cell">
362  <?php
363  if ($fp_job->attr('dependants_only')) {
364  echo translate('no');
365  } else {
366  echo translate('yes');
367  }
368 
369  if ($admin_access) {
370  ?>
371  </td>
372  <td align="center" class="sq-backend-table-cell">
373  <?php
374  if ($fp_job->canDelete()) {
375  check_box($prefix.'_remove_fp[]', $fp_job->id);
376  } else {
377  echo '&nbsp;';
378  }
379  }
380  ?>
381  </td>
382  </tr>
383  <?php
384  }//end for
385  ?>
386  </table>
387  <?php
388 
389  $o->closeField();
390  } else if (!$admin_access){
391  $o->openRaw();
392  echo translate('no_future_permissions_set');
393  $o->closeRaw();
394  }//end if
395 
396  if ($admin_access) {
397  $o->openField(translate('add_new_future_permission'), 'new_line');
398  $cron_mgr = $GLOBALS['SQ_SYSTEM']->am->getSystemAsset('cron_manager');
399  $cron_epoc = (int)$cron_mgr->attr('epoch');
400  $cron_refresh = (int)$cron_mgr->attr('refresh_time');
401  if ($cron_epoc > 0 && $cron_refresh > 0) {
402  require_once SQ_FUDGE_PATH.'/general/datetime.inc';
403  $GLOBALS['SQ_SYSTEM']->am->includeAsset('cron_job_future_permission');
404  $fp = new Cron_Job_Future_Permission();
405  $edit_fns = $fp->getEditFns();
406  $edit_fns->paintInLineBackend($fp, $o, $prefix.'_new_fp');
407  echo '<br /><br />';
408 
409  $o->note(translate('cron_manager_next_run', $cron_mgr->readableRefreshTime(), readable_datetime($cron_mgr->timeOfNextRun())));
410 
411  $print_commit_button = TRUE;
412  } else {
413  echo translate('cron_manager_not_configured');
414  }
415  $o->closeField();
416  $GLOBALS['SQ_SYSTEM']->am->forgetAsset($cron_mgr);
417  }//end if
418 
419  $o->closeSection();
420  //END FUTURE PERMISSION SECTION
421 
422  return $admin_access;
423 
424 }//end paintPermissions()
425 
426 
437 function processPermissions(&$owner, &$o, &$ei)
438 {
439  // if we dont have admin access, go away
440  if ($owner->id && !$owner->adminAccess('')) {
441  $GLOBALS['SQ_SYSTEM']->paintLogin(translate('login'), translate('cannot_access_asset', htmlspecialchars($owner->name, ENT_COMPAT, SQ_CONF_DEFAULT_CHARACTER_SET)));
442  exit();
443  }
444 
445  $admin_access = $owner->adminAccess('permissions');
446  // if we dont have the permissions lock, dont process anything
447  if (!$admin_access) return FALSE;
448 
449  $permission_vars = Array();
450  $prefix = $owner->getPrefix();
451  if (!isset($_POST[$prefix.'_permissions'])) {
452  return FALSE;
453  }
454 
455  $cascade_changes = !empty($_POST[$prefix.'_permissions']['cascade_changes']);
456 
457  $perms = Array('Administrator' => SQ_PERMISSION_ADMIN, 'Write' => SQ_PERMISSION_WRITE, 'Read' => SQ_PERMISSION_READ);
458  $public_userid = $GLOBALS['SQ_SYSTEM']->am->getSystemAssetid('public_user');
459 
460  //PROCESS FUTURE PERMISSION
461  $cron_mgr = $GLOBALS['SQ_SYSTEM']->am->getSystemAsset('cron_manager');
462  if (!is_null($cron_mgr)) {
463  $GLOBALS['SQ_SYSTEM']->am->includeAsset('cron_job_future_permission');
464 
465  if (!empty($_POST[$prefix.'_remove_fp'])) {
466  $fp_jobs = Cron_Job_Future_Permission::getActiveJobs($owner);
467  if (!empty($fp_jobs)) {
468 
469  if ($GLOBALS['SQ_SYSTEM']->am->acquireLock($cron_mgr->id, 'links')) {
470  for ($i = 0; $i < count($fp_jobs); $i++) {
471  if (in_array($fp_jobs[$i]->id, $_POST[$prefix.'_remove_fp'])) {
472  $cron_mgr->removeJob($fp_jobs[$i]);
473  }// end if
474  }// end for
475 
476  $GLOBALS['SQ_SYSTEM']->am->releaseLock($cron_mgr->id, 'links');
477 
478  } else {
479  trigger_localised_error('SYS0232', E_USER_NOTICE);
480 
481  }// end if
482 
483  }// end if
484  }// end if
485 
486 
487  if ($admin_access) {
488  $fp = new Cron_Job_Future_Permission();
489  $edit_fns = $fp->getEditFns();
490  if ($fp->setAssetToUpdate($owner) && $edit_fns->processInLineBackend($fp, $o, $prefix.'_new_fp')) {
491  $GLOBALS['SQ_SYSTEM']->changeDatabaseConnection('db2');
492  $GLOBALS['SQ_SYSTEM']->doTransaction('BEGIN');
493  if ($cron_mgr->addJob($fp, $GLOBALS['SQ_SYSTEM']->user)) {
494  $GLOBALS['SQ_SYSTEM']->doTransaction('COMMIT');
495  } else {
496  $GLOBALS['SQ_SYSTEM']->doTransaction('ROLLBACK');
497  }
498  $GLOBALS['SQ_SYSTEM']->restoreDatabaseConnection();
499  }
500 
501  }// end if
502 
503  }//end if is NULL cron mgr
504 
505  //END PROCESS FUTURE PERMISSION
506 
507  foreach ($perms as $title => $perm) {
508  // we need to check for write access each time because
509  // we may actually be revoking write access and then
510  // trying to put it back
511  if (!$owner->adminAccess('permissions')) continue;
512 
513  $post_data = $_POST[$prefix.'_permissions'][$perm];
514 
515  // grant public access
516  if (isset($post_data['public_access']['granted']) && $post_data['public_access']['granted'] != '') {
517  $permission_vars[] = Array(
518  'permission' => $perm,
519  'assetids' => Array($owner->id),
520  'granted' => (int)$post_data['public_access']['granted'],
521  'userid' => $public_userid,
522  'cascades' => (int)isset($post_data['new']['cascades']),
523  'previous_access' => NULL,
524  'dependants_only' => !($cascade_changes && isset($post_data['new']['cascades'])),
525  );
526  }
527 
528  // grant access to users
529  if (!empty($post_data['new'])) {
530  foreach ($post_data['new']['userid'] as $entry) {
531  if (!empty($entry['assetid'])) {
532  if (!isset($post_data['new']['granted']) || $post_data['new']['granted'] == '') {
533  trigger_localised_error('SYS0269', E_USER_NOTICE);
534  break;
535  } else {
536  $permission_vars[] = Array(
537  'permission' => $perm,
538  'assetids' => Array($owner->id),
539  'granted' => (int)$post_data['new']['granted'],
540  'userid' => $entry['assetid'],
541  'cascades' => (int)isset($post_data['new']['cascades']),
542  'previous_access' => NULL,
543  'dependants_only' => !($cascade_changes && isset($post_data['new']['cascades'])),
544  );
545  }
546  }
547  }
548  }
549 
550  // revoke [delete] access (grant or deny can be revoked)
551  if (!empty($post_data['delete'])) {
552  foreach ($post_data['delete'] as $userid => $on) {
553  $userid = rawurldecode($userid);
554  $current_access = $GLOBALS['SQ_SYSTEM']->am->getAssetPermissionByCascade($owner->id, $perm, $userid);
555  $current_access = $current_access[0];
556  $permission_vars[] = Array(
557  'permission' => $perm,
558  'assetids' => Array($owner->id),
559  'granted' => -1,
560  'userid' => $userid,
561  'previous_access' => $current_access['granted'],
562  'dependants_only' => !($cascade_changes && $current_access['cascades']),
563  );
564  }
565  }
566 
567  // Change of cascade status
568  $perm_infos = $GLOBALS['SQ_SYSTEM']->am->getAssetPermissionByCascade($owner->id, $perm);
569  foreach ($perm_infos as $perm_info) {
570  $userid = $perm_info['userid'];
571  $cascades = isset($post_data['cascades'][rawurlencode($userid)]);
572  if ((boolean)$cascades != (boolean)$perm_info['cascades']) {
573  // Cascade changes are only made to dependants
574  $permission_vars[] = Array(
575  'permission' => $perm,
576  'assetids' => Array($owner->id),
577  'granted' => $perm_info['granted'],
578  'userid' => $userid,
579  'previous_access' => NULL,
580  'cascades' => $cascades,
581  'dependants_only' => 1,
582  );
583  }
584  }
585 
586  if (!empty($_POST[$prefix.'_permissions']['manual_cascade'])) {
587  $current = $GLOBALS['SQ_SYSTEM']->am->getAssetPermissionByCascade($owner->id, $perm, NULL, TRUE);
588  foreach ($current as $perm_info) {
589  $permission_vars[] = Array(
590  'permission' => $perm,
591  'granted' => $perm_info['granted'],
592  'userid' => $perm_info['userid'],
593  'assetids' => Array($owner->id),
594  'previous_access' => NULL,
595  'cascades' => TRUE,
596  );
597  }
598  }
599 
600  }//end foreach perms
601 
602  if (!empty($permission_vars)) {
603  $hh = $GLOBALS['SQ_SYSTEM']->getHipoHerder();
604  $vars = Array(
605  'permission_changes' => $permission_vars,
606  'permission_screen_assetid' => $owner->id,
607  );
608  $hh->queueHipo('hipo_job_edit_permissions', $vars);
609  }
610 
611  return TRUE;
612 
613 }//end processPermissions()
614 
615 
622 function _sortCronJobsByDate($cron_jobs) {
623  //create an array that keeps assetid and date of the cron jobs
624  $assetid_date_arr = Array();
625  foreach ($cron_jobs as $cron_job) {
626  $assetid_date_arr[$cron_job->id] = $cron_job->attr('when');
627  }
628  //sort the array by date but keep the keys associated with them
629  asort($assetid_date_arr);
630 
631  //the sorted cron jobs array
632  $sorted_cron_jobs = Array();
633  foreach ($assetid_date_arr as $assetid => $date) {
634  //get the cron job that has the $assetid
635  $matched = NULL;
636  foreach ($cron_jobs as $cron_job) {
637  if ($assetid == $cron_job->id) {
638  $matched = $cron_job;
639  break;
640  }
641  }
642  $sorted_cron_jobs[] = $matched;
643  }
644 
645  return $sorted_cron_jobs;
646 
647 }//end _sortCronJobByDate()
648 
649 
650 ?>